From: Peter Chen <peter.chen@freescale.com>
To: "Emilio López" <emilio.lopez@collabora.co.uk>
Cc: gregkh@linuxfoundation.org, stern@rowland.harvard.edu,
kborer@gmail.com, reillyg@chromium.org, keescook@chromium.org,
linux-api@vger.kernel.org, linux-usb@vger.kernel.org,
linux-kernel@vger.kernel.org, jorgelo@chromium.org,
dan.carpenter@oracle.com
Subject: Re: [PATCH v1] usb: devio: Add ioctl to disallow detaching kernel USB drivers.
Date: Thu, 26 Nov 2015 16:59:25 +0800 [thread overview]
Message-ID: <20151126085924.GD26397@shlinux2> (raw)
In-Reply-To: <1448466334-21346-2-git-send-email-emilio.lopez@collabora.co.uk>
On Wed, Nov 25, 2015 at 12:45:34PM -0300, Emilio López wrote:
> From: Reilly Grant <reillyg@chromium.org>
>
> The new USBDEVFS_DROP_PRIVILEGES ioctl allows a process to voluntarily
> relinquish the ability to issue other ioctls that may interfere with
> other processes and drivers that have claimed an interface on the
> device.
>
> Signed-off-by: Reilly Grant <reillyg@chromium.org>
> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
> Reviewed-by: Kees Cook <keescook@chromium.org>
> [emilio.lopez: fix build for v4.4-rc2 and adjust patch title prefix]
> Signed-off-by: Emilio López <emilio.lopez@collabora.co.uk>
>
> ---
>
> drivers/usb/core/devio.c | 50 +++++++++++++++++++++++++++++++++++----
> include/uapi/linux/usbdevice_fs.h | 1 +
> 2 files changed, 47 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
> index 38ae877c..a5ccc50 100644
> --- a/drivers/usb/core/devio.c
> +++ b/drivers/usb/core/devio.c
> @@ -77,6 +77,7 @@ struct usb_dev_state {
> unsigned long ifclaimed;
> u32 secid;
> u32 disabled_bulk_eps;
> + bool privileges_dropped;
> };
>
> struct async {
> @@ -878,7 +879,7 @@ static int usbdev_open(struct inode *inode, struct file *file)
> int ret;
>
> ret = -ENOMEM;
> - ps = kmalloc(sizeof(struct usb_dev_state), GFP_KERNEL);
> + ps = kzalloc(sizeof(struct usb_dev_state), GFP_KERNEL);
> if (!ps)
> goto out_free_ps;
>
> @@ -911,11 +912,8 @@ static int usbdev_open(struct inode *inode, struct file *file)
> INIT_LIST_HEAD(&ps->async_pending);
> INIT_LIST_HEAD(&ps->async_completed);
> init_waitqueue_head(&ps->wait);
> - ps->discsignr = 0;
> ps->disc_pid = get_pid(task_pid(current));
> ps->cred = get_current_cred();
> - ps->disccontext = NULL;
> - ps->ifclaimed = 0;
The above changes seem to be not related with this change.
> security_task_getsecid(current, &ps->secid);
> smp_wmb();
> list_add_tail(&ps->list, &dev->filelist);
> @@ -1215,6 +1213,35 @@ static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
>
> static int proc_resetdevice(struct usb_dev_state *ps)
> {
> + if (ps->privileges_dropped) {
> + struct usb_host_config *actconfig = ps->dev->actconfig;
> +
> + /* Don't touch the device if any interfaces are claimed. It
> + * could interfere with other drivers' operations and this
> + * process has dropped its privileges to do such things.
> + */
> + if (actconfig) {
> + int i;
> +
> + for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
> + if (usb_interface_claimed(
> + actconfig->interface[i])) {
> + dev_warn(&ps->dev->dev,
> + "usbfs: interface %d claimed by"
> + " %s while '%s'"
> + " resets device\n",
> + actconfig->interface[i]
> + ->cur_altsetting
> + ->desc.bInterfaceNumber,
The length of line is 80 characters
> + actconfig->interface[i]
> + ->dev.driver->name,
> + current->comm);
> + return -EACCES;
> + }
> + }
> + }
> + }
> +
> return usb_reset_device(ps->dev);
> }
>
> @@ -1922,6 +1949,9 @@ static int proc_ioctl(struct usb_dev_state *ps, struct usbdevfs_ioctl *ctl)
> struct usb_interface *intf = NULL;
> struct usb_driver *driver = NULL;
>
> + if (ps->privileges_dropped)
> + return -EACCES;
> +
> /* alloc buffer */
> size = _IOC_SIZE(ctl->ioctl_code);
> if (size > 0) {
> @@ -2084,6 +2114,9 @@ static int proc_disconnect_claim(struct usb_dev_state *ps, void __user *arg)
> sizeof(dc.driver)) == 0)
> return -EBUSY;
>
> + if (ps->privileges_dropped)
> + return -EACCES;
> +
> dev_dbg(&intf->dev, "disconnect by usbfs\n");
> usb_driver_release_interface(driver, intf);
> }
> @@ -2130,6 +2163,12 @@ static int proc_free_streams(struct usb_dev_state *ps, void __user *arg)
> return r;
> }
>
> +static int proc_drop_privileges(struct usb_dev_state *ps)
> +{
> + ps->privileges_dropped = true;
> + return 0;
> +}
> +
> /*
> * NOTE: All requests here that have interface numbers as parameters
> * are assuming that somehow the configuration has been prevented from
> @@ -2318,6 +2357,9 @@ static long usbdev_do_ioctl(struct file *file, unsigned int cmd,
> case USBDEVFS_FREE_STREAMS:
> ret = proc_free_streams(ps, p);
> break;
> + case USBDEVFS_DROP_PRIVILEGES:
> + ret = proc_drop_privileges(ps);
> + break;
> }
>
> done:
> diff --git a/include/uapi/linux/usbdevice_fs.h b/include/uapi/linux/usbdevice_fs.h
> index 019ba1e..99c296b 100644
> --- a/include/uapi/linux/usbdevice_fs.h
> +++ b/include/uapi/linux/usbdevice_fs.h
> @@ -187,5 +187,6 @@ struct usbdevfs_streams {
> #define USBDEVFS_DISCONNECT_CLAIM _IOR('U', 27, struct usbdevfs_disconnect_claim)
> #define USBDEVFS_ALLOC_STREAMS _IOR('U', 28, struct usbdevfs_streams)
> #define USBDEVFS_FREE_STREAMS _IOR('U', 29, struct usbdevfs_streams)
> +#define USBDEVFS_DROP_PRIVILEGES _IO('U', 30)
>
> #endif /* _UAPI_LINUX_USBDEVICE_FS_H */
> --
> 2.5.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-usb" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Best Regards,
Peter Chen
WARNING: multiple messages have this Message-ID (diff)
From: Peter Chen <peter.chen@freescale.com>
To: "Emilio López" <emilio.lopez@collabora.co.uk>
Cc: <gregkh@linuxfoundation.org>, <stern@rowland.harvard.edu>,
<kborer@gmail.com>, <reillyg@chromium.org>,
<keescook@chromium.org>, <linux-api@vger.kernel.org>,
<linux-usb@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<jorgelo@chromium.org>, <dan.carpenter@oracle.com>
Subject: Re: [PATCH v1] usb: devio: Add ioctl to disallow detaching kernel USB drivers.
Date: Thu, 26 Nov 2015 16:59:25 +0800 [thread overview]
Message-ID: <20151126085924.GD26397@shlinux2> (raw)
In-Reply-To: <1448466334-21346-2-git-send-email-emilio.lopez@collabora.co.uk>
On Wed, Nov 25, 2015 at 12:45:34PM -0300, Emilio López wrote:
> From: Reilly Grant <reillyg@chromium.org>
>
> The new USBDEVFS_DROP_PRIVILEGES ioctl allows a process to voluntarily
> relinquish the ability to issue other ioctls that may interfere with
> other processes and drivers that have claimed an interface on the
> device.
>
> Signed-off-by: Reilly Grant <reillyg@chromium.org>
> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
> Reviewed-by: Kees Cook <keescook@chromium.org>
> [emilio.lopez: fix build for v4.4-rc2 and adjust patch title prefix]
> Signed-off-by: Emilio López <emilio.lopez@collabora.co.uk>
>
> ---
>
> drivers/usb/core/devio.c | 50 +++++++++++++++++++++++++++++++++++----
> include/uapi/linux/usbdevice_fs.h | 1 +
> 2 files changed, 47 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
> index 38ae877c..a5ccc50 100644
> --- a/drivers/usb/core/devio.c
> +++ b/drivers/usb/core/devio.c
> @@ -77,6 +77,7 @@ struct usb_dev_state {
> unsigned long ifclaimed;
> u32 secid;
> u32 disabled_bulk_eps;
> + bool privileges_dropped;
> };
>
> struct async {
> @@ -878,7 +879,7 @@ static int usbdev_open(struct inode *inode, struct file *file)
> int ret;
>
> ret = -ENOMEM;
> - ps = kmalloc(sizeof(struct usb_dev_state), GFP_KERNEL);
> + ps = kzalloc(sizeof(struct usb_dev_state), GFP_KERNEL);
> if (!ps)
> goto out_free_ps;
>
> @@ -911,11 +912,8 @@ static int usbdev_open(struct inode *inode, struct file *file)
> INIT_LIST_HEAD(&ps->async_pending);
> INIT_LIST_HEAD(&ps->async_completed);
> init_waitqueue_head(&ps->wait);
> - ps->discsignr = 0;
> ps->disc_pid = get_pid(task_pid(current));
> ps->cred = get_current_cred();
> - ps->disccontext = NULL;
> - ps->ifclaimed = 0;
The above changes seem to be not related with this change.
> security_task_getsecid(current, &ps->secid);
> smp_wmb();
> list_add_tail(&ps->list, &dev->filelist);
> @@ -1215,6 +1213,35 @@ static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
>
> static int proc_resetdevice(struct usb_dev_state *ps)
> {
> + if (ps->privileges_dropped) {
> + struct usb_host_config *actconfig = ps->dev->actconfig;
> +
> + /* Don't touch the device if any interfaces are claimed. It
> + * could interfere with other drivers' operations and this
> + * process has dropped its privileges to do such things.
> + */
> + if (actconfig) {
> + int i;
> +
> + for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
> + if (usb_interface_claimed(
> + actconfig->interface[i])) {
> + dev_warn(&ps->dev->dev,
> + "usbfs: interface %d claimed by"
> + " %s while '%s'"
> + " resets device\n",
> + actconfig->interface[i]
> + ->cur_altsetting
> + ->desc.bInterfaceNumber,
The length of line is 80 characters
> + actconfig->interface[i]
> + ->dev.driver->name,
> + current->comm);
> + return -EACCES;
> + }
> + }
> + }
> + }
> +
> return usb_reset_device(ps->dev);
> }
>
> @@ -1922,6 +1949,9 @@ static int proc_ioctl(struct usb_dev_state *ps, struct usbdevfs_ioctl *ctl)
> struct usb_interface *intf = NULL;
> struct usb_driver *driver = NULL;
>
> + if (ps->privileges_dropped)
> + return -EACCES;
> +
> /* alloc buffer */
> size = _IOC_SIZE(ctl->ioctl_code);
> if (size > 0) {
> @@ -2084,6 +2114,9 @@ static int proc_disconnect_claim(struct usb_dev_state *ps, void __user *arg)
> sizeof(dc.driver)) == 0)
> return -EBUSY;
>
> + if (ps->privileges_dropped)
> + return -EACCES;
> +
> dev_dbg(&intf->dev, "disconnect by usbfs\n");
> usb_driver_release_interface(driver, intf);
> }
> @@ -2130,6 +2163,12 @@ static int proc_free_streams(struct usb_dev_state *ps, void __user *arg)
> return r;
> }
>
> +static int proc_drop_privileges(struct usb_dev_state *ps)
> +{
> + ps->privileges_dropped = true;
> + return 0;
> +}
> +
> /*
> * NOTE: All requests here that have interface numbers as parameters
> * are assuming that somehow the configuration has been prevented from
> @@ -2318,6 +2357,9 @@ static long usbdev_do_ioctl(struct file *file, unsigned int cmd,
> case USBDEVFS_FREE_STREAMS:
> ret = proc_free_streams(ps, p);
> break;
> + case USBDEVFS_DROP_PRIVILEGES:
> + ret = proc_drop_privileges(ps);
> + break;
> }
>
> done:
> diff --git a/include/uapi/linux/usbdevice_fs.h b/include/uapi/linux/usbdevice_fs.h
> index 019ba1e..99c296b 100644
> --- a/include/uapi/linux/usbdevice_fs.h
> +++ b/include/uapi/linux/usbdevice_fs.h
> @@ -187,5 +187,6 @@ struct usbdevfs_streams {
> #define USBDEVFS_DISCONNECT_CLAIM _IOR('U', 27, struct usbdevfs_disconnect_claim)
> #define USBDEVFS_ALLOC_STREAMS _IOR('U', 28, struct usbdevfs_streams)
> #define USBDEVFS_FREE_STREAMS _IOR('U', 29, struct usbdevfs_streams)
> +#define USBDEVFS_DROP_PRIVILEGES _IO('U', 30)
>
> #endif /* _UAPI_LINUX_USBDEVICE_FS_H */
> --
> 2.5.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-usb" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Best Regards,
Peter Chen
next prev parent reply other threads:[~2015-11-26 8:59 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-25 15:45 [PATCH v1 0/1] ioctl to disallow detaching kernel USB drivers Emilio López
2015-11-25 15:45 ` Emilio López
2015-11-25 15:45 ` [PATCH v1] usb: devio: Add " Emilio López
2015-11-26 8:59 ` Peter Chen [this message]
2015-11-26 8:59 ` Peter Chen
2015-11-26 9:20 ` Dan Carpenter
[not found] ` <1448466334-21346-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2015-11-26 9:19 ` [PATCH v1 0/1] " Krzysztof Opasiak
2015-11-26 9:19 ` Krzysztof Opasiak
2015-11-26 17:29 ` Greg KH
[not found] ` <20151126172914.GA8671-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-11-27 8:44 ` Krzysztof Opasiak
2015-11-27 8:44 ` Krzysztof Opasiak
[not found] ` <565817FD.3090409-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-11-28 2:39 ` Greg KH
2015-11-28 2:39 ` Greg KH
[not found] ` <20151128023925.GA5177-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-11-30 9:08 ` Oliver Neukum
2015-11-30 9:08 ` Oliver Neukum
2015-11-30 16:16 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.1511301113120.1938-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2015-11-30 17:12 ` Krzysztof Opasiak
2015-11-30 17:12 ` Krzysztof Opasiak
[not found] ` <565C8376.6070505-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-11-30 17:20 ` Greg KH
2015-11-30 17:20 ` Greg KH
[not found] ` <20151130172028.GA1088-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-11-30 18:48 ` Krzysztof Opasiak
2015-11-30 18:48 ` Krzysztof Opasiak
[not found] ` <565C9A18.6000006-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2016-01-19 16:39 ` Emilio López
2016-01-19 16:39 ` Emilio López
[not found] ` <569E66DF.3050004-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-01-19 18:07 ` Greg KH
2016-01-19 18:07 ` Greg KH
[not found] ` <20160119180752.GA10487-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2016-01-21 23:54 ` [PATCH v2] usb: devio: Add " Emilio López
2016-01-21 23:54 ` Emilio López
[not found] ` <1453420476-26125-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-01-22 9:41 ` Bjørn Mork
2016-01-22 9:41 ` Bjørn Mork
[not found] ` <8760ymdk94.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-01-25 1:40 ` Emilio López
2016-01-25 1:40 ` Emilio López
2016-01-25 8:39 ` Bjørn Mork
[not found] ` <87powqrr1s.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-01-25 15:21 ` Alan Stern
2016-01-25 15:21 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.1601251016490.1849-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2016-01-25 15:32 ` Bjørn Mork
2016-01-25 15:32 ` Bjørn Mork
[not found] ` <8737tln08x.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-01-25 15:46 ` Alan Stern
2016-01-25 15:46 ` Alan Stern
2016-01-22 16:10 ` Alan Stern
2016-01-22 16:10 ` Alan Stern
2016-01-25 2:01 ` Emilio López
2016-02-04 3:20 ` [PATCH v3] " Emilio López
2016-02-04 3:20 ` Emilio López
2016-02-04 16:27 ` Alan Stern
2016-02-04 16:27 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.1602041122340.1515-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2016-02-08 1:56 ` Emilio López
2016-02-08 1:56 ` Emilio López
[not found] ` <1454556057-18956-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-02-04 3:46 ` Greg KH
2016-02-04 3:46 ` Greg KH
2016-02-15 1:41 ` [PATCH v4] " Emilio López
2016-02-15 1:41 ` Emilio López
[not found] ` <1455500516-21590-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-02-18 18:44 ` Alan Stern
2016-02-18 18:44 ` Alan Stern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151126085924.GD26397@shlinux2 \
--to=peter.chen@freescale.com \
--cc=dan.carpenter@oracle.com \
--cc=emilio.lopez@collabora.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jorgelo@chromium.org \
--cc=kborer@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=reillyg@chromium.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.