From: "Emilio López" <emilio.lopez@collabora.co.uk>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: gregkh@linuxfoundation.org, kborer@gmail.com,
k.opasiak@samsung.com, reillyg@chromium.org,
keescook@chromium.org, linux-api@vger.kernel.org,
linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org,
jorgelo@chromium.org, dan.carpenter@oracle.com
Subject: Re: [PATCH v2] usb: devio: Add ioctl to disallow detaching kernel USB drivers.
Date: Sun, 24 Jan 2016 23:01:29 -0300 [thread overview]
Message-ID: <56A581F9.5070707@collabora.co.uk> (raw)
In-Reply-To: <Pine.LNX.4.44L0.1601221101490.1626-100000@iolanthe.rowland.org>
Hi Alan,
El 22/01/16 a las 13:10, Alan Stern escribió:
> On Thu, 21 Jan 2016, Emilio López wrote:
>
>> From: Reilly Grant <reillyg@chromium.org>
>>
>> The new USBDEVFS_DROP_PRIVILEGES ioctl allows a process to voluntarily
>> relinquish the ability to issue other ioctls that may interfere with
>> other processes and drivers that have claimed an interface on the
>> device.
>>
>> Signed-off-by: Reilly Grant <reillyg@chromium.org>
>> Signed-off-by: Emilio López <emilio.lopez@collabora.co.uk>
>
>
>> static int proc_resetdevice(struct usb_dev_state *ps)
>> {
>> + struct usb_host_config *actconfig = ps->dev->actconfig;
>> + struct usb_interface *interface;
>> + int i, number;
>> +
>> + /* Don't touch the device if any interfaces are claimed. It
>> + * could interfere with other drivers' operations and this
>> + * process has dropped its privileges to do such things.
>> + */
>
> This comment should be rephrased. It should say something like:
> "Don't allow if the process has dropped its privilege to do such
> things and any of the interfaces are claimed."
I have replaced it with the following now
/* Don't allow a device reset if the process has dropped the
* privilege to do such things and any of the interfaces are
* currently claimed.
*/
> You also might consider allowing the reset if the interfaces are
> claimed only by the current process (or more precisely, by ps).
>
>> +static int proc_drop_privileges(struct usb_dev_state *ps, void __user *arg)
>> +{
>> + struct usbdevfs_drop_privs data;
>> +
>> + if (copy_from_user(&data, arg, sizeof(data)))
>> + return -EFAULT;
>> +
>> + /* This is a one way operation. Once privileges were dropped,
>> + * you cannot do it again (Otherwise unprivileged processes
>> + * would be able to change their allowed interfaces mask)
>> + */
>
> If you're going to keep a mask of claimable interfaces then there's no
> reason this has to be a one-time operation. Processes should always be
> allowed to shrink the mask, just not to grow it.
Good point, I've changed this to look like the following
/* This is an one way operation. Once privileges are
* dropped, you cannot regain them. You may however reissue
* this ioctl to shrink the allowed interfaces mask.
*/
if (ps->privileges_dropped)
ps->interface_allowed_mask &= data.interface_allowed_mask;
else
ps->interface_allowed_mask = data.interface_allowed_mask;
ps->privileges_dropped = true;
Or maybe I could change the default mask to ~0 and simplify this a bit, hm.
Thank you for the review!
Emilio
next prev parent reply other threads:[~2016-01-25 2:01 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-25 15:45 [PATCH v1 0/1] ioctl to disallow detaching kernel USB drivers Emilio López
2015-11-25 15:45 ` Emilio López
2015-11-25 15:45 ` [PATCH v1] usb: devio: Add " Emilio López
2015-11-26 8:59 ` Peter Chen
2015-11-26 8:59 ` Peter Chen
2015-11-26 9:20 ` Dan Carpenter
[not found] ` <1448466334-21346-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2015-11-26 9:19 ` [PATCH v1 0/1] " Krzysztof Opasiak
2015-11-26 9:19 ` Krzysztof Opasiak
2015-11-26 17:29 ` Greg KH
[not found] ` <20151126172914.GA8671-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-11-27 8:44 ` Krzysztof Opasiak
2015-11-27 8:44 ` Krzysztof Opasiak
[not found] ` <565817FD.3090409-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-11-28 2:39 ` Greg KH
2015-11-28 2:39 ` Greg KH
[not found] ` <20151128023925.GA5177-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-11-30 9:08 ` Oliver Neukum
2015-11-30 9:08 ` Oliver Neukum
2015-11-30 16:16 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.1511301113120.1938-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2015-11-30 17:12 ` Krzysztof Opasiak
2015-11-30 17:12 ` Krzysztof Opasiak
[not found] ` <565C8376.6070505-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-11-30 17:20 ` Greg KH
2015-11-30 17:20 ` Greg KH
[not found] ` <20151130172028.GA1088-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-11-30 18:48 ` Krzysztof Opasiak
2015-11-30 18:48 ` Krzysztof Opasiak
[not found] ` <565C9A18.6000006-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2016-01-19 16:39 ` Emilio López
2016-01-19 16:39 ` Emilio López
[not found] ` <569E66DF.3050004-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-01-19 18:07 ` Greg KH
2016-01-19 18:07 ` Greg KH
[not found] ` <20160119180752.GA10487-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2016-01-21 23:54 ` [PATCH v2] usb: devio: Add " Emilio López
2016-01-21 23:54 ` Emilio López
[not found] ` <1453420476-26125-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-01-22 9:41 ` Bjørn Mork
2016-01-22 9:41 ` Bjørn Mork
[not found] ` <8760ymdk94.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-01-25 1:40 ` Emilio López
2016-01-25 1:40 ` Emilio López
2016-01-25 8:39 ` Bjørn Mork
[not found] ` <87powqrr1s.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-01-25 15:21 ` Alan Stern
2016-01-25 15:21 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.1601251016490.1849-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2016-01-25 15:32 ` Bjørn Mork
2016-01-25 15:32 ` Bjørn Mork
[not found] ` <8737tln08x.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-01-25 15:46 ` Alan Stern
2016-01-25 15:46 ` Alan Stern
2016-01-22 16:10 ` Alan Stern
2016-01-22 16:10 ` Alan Stern
2016-01-25 2:01 ` Emilio López [this message]
2016-02-04 3:20 ` [PATCH v3] " Emilio López
2016-02-04 3:20 ` Emilio López
[not found] ` <1454556057-18956-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-02-04 3:46 ` Greg KH
2016-02-04 3:46 ` Greg KH
2016-02-15 1:41 ` [PATCH v4] " Emilio López
2016-02-15 1:41 ` Emilio López
[not found] ` <1455500516-21590-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-02-18 18:44 ` Alan Stern
2016-02-18 18:44 ` Alan Stern
2016-02-04 16:27 ` [PATCH v3] " Alan Stern
2016-02-04 16:27 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.1602041122340.1515-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2016-02-08 1:56 ` Emilio López
2016-02-08 1:56 ` Emilio López
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56A581F9.5070707@collabora.co.uk \
--to=emilio.lopez@collabora.co.uk \
--cc=dan.carpenter@oracle.com \
--cc=gregkh@linuxfoundation.org \
--cc=jorgelo@chromium.org \
--cc=k.opasiak@samsung.com \
--cc=kborer@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=reillyg@chromium.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.