From: Dan Carpenter <dan.carpenter@oracle.com>
To: Peter Chen <peter.chen@freescale.com>
Cc: "Emilio López" <emilio.lopez@collabora.co.uk>,
gregkh@linuxfoundation.org, stern@rowland.harvard.edu,
kborer@gmail.com, reillyg@chromium.org, keescook@chromium.org,
linux-api@vger.kernel.org, linux-usb@vger.kernel.org,
linux-kernel@vger.kernel.org, jorgelo@chromium.org
Subject: Re: [PATCH v1] usb: devio: Add ioctl to disallow detaching kernel USB drivers.
Date: Thu, 26 Nov 2015 12:20:14 +0300 [thread overview]
Message-ID: <20151126092014.GD7289@mwanda> (raw)
In-Reply-To: <20151126085924.GD26397@shlinux2>
On Thu, Nov 26, 2015 at 04:59:25PM +0800, Peter Chen wrote:
> On Wed, Nov 25, 2015 at 12:45:34PM -0300, Emilio López wrote:
> > From: Reilly Grant <reillyg@chromium.org>
> >
> > The new USBDEVFS_DROP_PRIVILEGES ioctl allows a process to voluntarily
> > relinquish the ability to issue other ioctls that may interfere with
> > other processes and drivers that have claimed an interface on the
> > device.
> >
> > Signed-off-by: Reilly Grant <reillyg@chromium.org>
> > Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
> > Reviewed-by: Kees Cook <keescook@chromium.org>
> > [emilio.lopez: fix build for v4.4-rc2 and adjust patch title prefix]
> > Signed-off-by: Emilio López <emilio.lopez@collabora.co.uk>
> >
> > ---
> >
> > drivers/usb/core/devio.c | 50 +++++++++++++++++++++++++++++++++++----
> > include/uapi/linux/usbdevice_fs.h | 1 +
> > 2 files changed, 47 insertions(+), 4 deletions(-)
> >
> > diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
> > index 38ae877c..a5ccc50 100644
> > --- a/drivers/usb/core/devio.c
> > +++ b/drivers/usb/core/devio.c
> > @@ -77,6 +77,7 @@ struct usb_dev_state {
> > unsigned long ifclaimed;
> > u32 secid;
> > u32 disabled_bulk_eps;
> > + bool privileges_dropped;
> > };
> >
> > struct async {
> > @@ -878,7 +879,7 @@ static int usbdev_open(struct inode *inode, struct file *file)
> > int ret;
> >
> > ret = -ENOMEM;
> > - ps = kmalloc(sizeof(struct usb_dev_state), GFP_KERNEL);
> > + ps = kzalloc(sizeof(struct usb_dev_state), GFP_KERNEL);
> > if (!ps)
> > goto out_free_ps;
> >
> > @@ -911,11 +912,8 @@ static int usbdev_open(struct inode *inode, struct file *file)
> > INIT_LIST_HEAD(&ps->async_pending);
> > INIT_LIST_HEAD(&ps->async_completed);
> > init_waitqueue_head(&ps->wait);
> > - ps->discsignr = 0;
> > ps->disc_pid = get_pid(task_pid(current));
> > ps->cred = get_current_cred();
> > - ps->disccontext = NULL;
> > - ps->ifclaimed = 0;
>
> The above changes seem to be not related with this change.
>
It is though. They added a new struct member and thought that now it
was cleaner to use kzalloc() instead of initializing the new member to
zero.
> > security_task_getsecid(current, &ps->secid);
> > smp_wmb();
> > list_add_tail(&ps->list, &dev->filelist);
> > @@ -1215,6 +1213,35 @@ static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
> >
> > static int proc_resetdevice(struct usb_dev_state *ps)
> > {
> > + if (ps->privileges_dropped) {
> > + struct usb_host_config *actconfig = ps->dev->actconfig;
> > +
> > + /* Don't touch the device if any interfaces are claimed. It
> > + * could interfere with other drivers' operations and this
> > + * process has dropped its privileges to do such things.
> > + */
> > + if (actconfig) {
> > + int i;
> > +
> > + for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
> > + if (usb_interface_claimed(
> > + actconfig->interface[i])) {
> > + dev_warn(&ps->dev->dev,
> > + "usbfs: interface %d claimed by"
> > + " %s while '%s'"
> > + " resets device\n",
> > + actconfig->interface[i]
> > + ->cur_altsetting
> > + ->desc.bInterfaceNumber,
>
> The length of line is 80 characters
>
> > + actconfig->interface[i]
> > + ->dev.driver->name,
> > + current->comm);
> > + return -EACCES;
> > + }
> > + }
> > + }
> > + }
Yeah. Better to flip this around:
static int proc_resetdevice(struct usb_dev_state *ps)
{
struct usb_host_config *actconfig = ps->dev->actconfig;
struct usb_interface *interface;
int i;
if (ps->privileges_dropped && actconfig) {
for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
interface = actconfig->interface[i];
if (usb_interface_claimed(interface)) {
dev_warn(&ps->dev->dev,
"usbfs: interface %d claimed by %s while '%s' resets device\n",
interface->cur_altsetting->desc.bInterfaceNumber,
interface->dev.driver->name,
current->comm);
return -EACCES;
}
}
}
return usb_reset_device(ps->dev);
}
It still goes over the 80 character limit, but that's cleaner than
breaking up the variable.
regards,
dan carpenter
next prev parent reply other threads:[~2015-11-26 9:20 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-25 15:45 [PATCH v1 0/1] ioctl to disallow detaching kernel USB drivers Emilio López
2015-11-25 15:45 ` Emilio López
2015-11-25 15:45 ` [PATCH v1] usb: devio: Add " Emilio López
2015-11-26 8:59 ` Peter Chen
2015-11-26 8:59 ` Peter Chen
2015-11-26 9:20 ` Dan Carpenter [this message]
[not found] ` <1448466334-21346-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2015-11-26 9:19 ` [PATCH v1 0/1] " Krzysztof Opasiak
2015-11-26 9:19 ` Krzysztof Opasiak
2015-11-26 17:29 ` Greg KH
[not found] ` <20151126172914.GA8671-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-11-27 8:44 ` Krzysztof Opasiak
2015-11-27 8:44 ` Krzysztof Opasiak
[not found] ` <565817FD.3090409-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-11-28 2:39 ` Greg KH
2015-11-28 2:39 ` Greg KH
[not found] ` <20151128023925.GA5177-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-11-30 9:08 ` Oliver Neukum
2015-11-30 9:08 ` Oliver Neukum
2015-11-30 16:16 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.1511301113120.1938-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2015-11-30 17:12 ` Krzysztof Opasiak
2015-11-30 17:12 ` Krzysztof Opasiak
[not found] ` <565C8376.6070505-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-11-30 17:20 ` Greg KH
2015-11-30 17:20 ` Greg KH
[not found] ` <20151130172028.GA1088-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-11-30 18:48 ` Krzysztof Opasiak
2015-11-30 18:48 ` Krzysztof Opasiak
[not found] ` <565C9A18.6000006-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2016-01-19 16:39 ` Emilio López
2016-01-19 16:39 ` Emilio López
[not found] ` <569E66DF.3050004-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-01-19 18:07 ` Greg KH
2016-01-19 18:07 ` Greg KH
[not found] ` <20160119180752.GA10487-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2016-01-21 23:54 ` [PATCH v2] usb: devio: Add " Emilio López
2016-01-21 23:54 ` Emilio López
[not found] ` <1453420476-26125-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-01-22 9:41 ` Bjørn Mork
2016-01-22 9:41 ` Bjørn Mork
[not found] ` <8760ymdk94.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-01-25 1:40 ` Emilio López
2016-01-25 1:40 ` Emilio López
2016-01-25 8:39 ` Bjørn Mork
[not found] ` <87powqrr1s.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-01-25 15:21 ` Alan Stern
2016-01-25 15:21 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.1601251016490.1849-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2016-01-25 15:32 ` Bjørn Mork
2016-01-25 15:32 ` Bjørn Mork
[not found] ` <8737tln08x.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-01-25 15:46 ` Alan Stern
2016-01-25 15:46 ` Alan Stern
2016-01-22 16:10 ` Alan Stern
2016-01-22 16:10 ` Alan Stern
2016-01-25 2:01 ` Emilio López
2016-02-04 3:20 ` [PATCH v3] " Emilio López
2016-02-04 3:20 ` Emilio López
[not found] ` <1454556057-18956-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-02-04 3:46 ` Greg KH
2016-02-04 3:46 ` Greg KH
2016-02-15 1:41 ` [PATCH v4] " Emilio López
2016-02-15 1:41 ` Emilio López
[not found] ` <1455500516-21590-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-02-18 18:44 ` Alan Stern
2016-02-18 18:44 ` Alan Stern
2016-02-04 16:27 ` [PATCH v3] " Alan Stern
2016-02-04 16:27 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.1602041122340.1515-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2016-02-08 1:56 ` Emilio López
2016-02-08 1:56 ` Emilio López
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151126092014.GD7289@mwanda \
--to=dan.carpenter@oracle.com \
--cc=emilio.lopez@collabora.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jorgelo@chromium.org \
--cc=kborer@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=peter.chen@freescale.com \
--cc=reillyg@chromium.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.