From: "Emilio López" <emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
To: Alan Stern <stern-nwvwT67g6+6dFdvTe/nMLpVzexx5G7lz@public.gmane.org>
Cc: gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org,
kborer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
bjorn-yOkvZcmFvRU@public.gmane.org,
reillyg-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org,
keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
jorgelo-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org,
dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org
Subject: Re: [PATCH v3] usb: devio: Add ioctl to disallow detaching kernel USB drivers.
Date: Sun, 7 Feb 2016 22:56:35 -0300 [thread overview]
Message-ID: <56B7F5D3.6050009@collabora.co.uk> (raw)
In-Reply-To: <Pine.LNX.4.44L0.1602041122340.1515-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
Hello Alan,
El 04/02/16 a las 13:27, Alan Stern escribió:
> On Thu, 4 Feb 2016, Emilio López wrote:
>
>> From: Reilly Grant <reillyg-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
>>
>> The new USBDEVFS_DROP_PRIVILEGES ioctl allows a process to voluntarily
>> relinquish the ability to issue other ioctls that may interfere with
>> other processes and drivers that have claimed an interface on the
>> device.
>>
>> Signed-off-by: Reilly Grant <reillyg-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
>> Signed-off-by: Emilio López <emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
>>
>> ---
>>
>> Changes in v3:
>> - Switch ioctl to use a __u32 given the iface qty is capped at 32
>> - Reword comments as requested by Alan
>> - Allow callers to shrink the allowed interfaces mask
>
>> @@ -624,6 +626,10 @@ static int claimintf(struct usb_dev_state *ps, unsigned int ifnum)
>> if (test_bit(ifnum, &ps->ifclaimed))
>> return 0;
>>
>> + if (ps->privileges_dropped
>> + && !test_bit(ifnum, &ps->interface_allowed_mask))
>
> Continuation lines in this file are indented by 2 tab stops, not 1
> space.
Ok, I'll change it.
>> @@ -1198,6 +1202,27 @@ static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
>>
>> static int proc_resetdevice(struct usb_dev_state *ps)
>> {
>> + struct usb_host_config *actconfig = ps->dev->actconfig;
>> + struct usb_interface *interface;
>> + int i, number;
>> +
>> + /* Don't allow a device reset if the process has dropped the
>> + * privilege to do such things and any of the interfaces are
>> + * currently claimed.
>> + */
>> + if (ps->privileges_dropped && actconfig) {
>> + for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
>> + interface = actconfig->interface[i];
>> + number = interface->cur_altsetting->desc.bInterfaceNumber;
>> + if (usb_interface_claimed(interface)) {
>
> The test should be:
>
> if (usb_interface_claimed(interface) &&
> !test_bit(number, &ps->ifclaimed)) {
>
> We don't want to prevent people from resetting a device merely because
> they have claimed an interface. Only if someone else has claimed one.
Sounds sensible, now changed as well.
>> + dev_warn(&ps->dev->dev,
>> + "usbfs: interface %d claimed by %s while '%s' resets device\n",
>> + number, interface->dev.driver->name, current->comm);
>> + return -EACCES;
>> + }
>> + }
>> + }
>> +
>> return usb_reset_device(ps->dev);
>> }
>
> Also, it wouldn't hurt to change proc_get_capabilities() and
> include/uapi/linux/usbdevicefs.h to add a USBDEVFS_CAP_DROP_PRIVILEGES
> bit.
Good idea, I've added a bit now. I'm writing some docs and polishing a
program to test this as Greg requested and I'll submit v4 then.
Thanks!
Emilio
WARNING: multiple messages have this Message-ID (diff)
From: "Emilio López" <emilio.lopez@collabora.co.uk>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: gregkh@linuxfoundation.org, kborer@gmail.com, bjorn@mork.no,
reillyg@chromium.org, keescook@chromium.org,
linux-api@vger.kernel.org, linux-usb@vger.kernel.org,
linux-kernel@vger.kernel.org, jorgelo@chromium.org,
dan.carpenter@oracle.com
Subject: Re: [PATCH v3] usb: devio: Add ioctl to disallow detaching kernel USB drivers.
Date: Sun, 7 Feb 2016 22:56:35 -0300 [thread overview]
Message-ID: <56B7F5D3.6050009@collabora.co.uk> (raw)
In-Reply-To: <Pine.LNX.4.44L0.1602041122340.1515-100000@iolanthe.rowland.org>
Hello Alan,
El 04/02/16 a las 13:27, Alan Stern escribió:
> On Thu, 4 Feb 2016, Emilio López wrote:
>
>> From: Reilly Grant <reillyg@chromium.org>
>>
>> The new USBDEVFS_DROP_PRIVILEGES ioctl allows a process to voluntarily
>> relinquish the ability to issue other ioctls that may interfere with
>> other processes and drivers that have claimed an interface on the
>> device.
>>
>> Signed-off-by: Reilly Grant <reillyg@chromium.org>
>> Signed-off-by: Emilio López <emilio.lopez@collabora.co.uk>
>>
>> ---
>>
>> Changes in v3:
>> - Switch ioctl to use a __u32 given the iface qty is capped at 32
>> - Reword comments as requested by Alan
>> - Allow callers to shrink the allowed interfaces mask
>
>> @@ -624,6 +626,10 @@ static int claimintf(struct usb_dev_state *ps, unsigned int ifnum)
>> if (test_bit(ifnum, &ps->ifclaimed))
>> return 0;
>>
>> + if (ps->privileges_dropped
>> + && !test_bit(ifnum, &ps->interface_allowed_mask))
>
> Continuation lines in this file are indented by 2 tab stops, not 1
> space.
Ok, I'll change it.
>> @@ -1198,6 +1202,27 @@ static int proc_connectinfo(struct usb_dev_state *ps, void __user *arg)
>>
>> static int proc_resetdevice(struct usb_dev_state *ps)
>> {
>> + struct usb_host_config *actconfig = ps->dev->actconfig;
>> + struct usb_interface *interface;
>> + int i, number;
>> +
>> + /* Don't allow a device reset if the process has dropped the
>> + * privilege to do such things and any of the interfaces are
>> + * currently claimed.
>> + */
>> + if (ps->privileges_dropped && actconfig) {
>> + for (i = 0; i < actconfig->desc.bNumInterfaces; ++i) {
>> + interface = actconfig->interface[i];
>> + number = interface->cur_altsetting->desc.bInterfaceNumber;
>> + if (usb_interface_claimed(interface)) {
>
> The test should be:
>
> if (usb_interface_claimed(interface) &&
> !test_bit(number, &ps->ifclaimed)) {
>
> We don't want to prevent people from resetting a device merely because
> they have claimed an interface. Only if someone else has claimed one.
Sounds sensible, now changed as well.
>> + dev_warn(&ps->dev->dev,
>> + "usbfs: interface %d claimed by %s while '%s' resets device\n",
>> + number, interface->dev.driver->name, current->comm);
>> + return -EACCES;
>> + }
>> + }
>> + }
>> +
>> return usb_reset_device(ps->dev);
>> }
>
> Also, it wouldn't hurt to change proc_get_capabilities() and
> include/uapi/linux/usbdevicefs.h to add a USBDEVFS_CAP_DROP_PRIVILEGES
> bit.
Good idea, I've added a bit now. I'm writing some docs and polishing a
program to test this as Greg requested and I'll submit v4 then.
Thanks!
Emilio
next prev parent reply other threads:[~2016-02-08 1:56 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-25 15:45 [PATCH v1 0/1] ioctl to disallow detaching kernel USB drivers Emilio López
2015-11-25 15:45 ` Emilio López
2015-11-25 15:45 ` [PATCH v1] usb: devio: Add " Emilio López
2015-11-26 8:59 ` Peter Chen
2015-11-26 8:59 ` Peter Chen
2015-11-26 9:20 ` Dan Carpenter
[not found] ` <1448466334-21346-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2015-11-26 9:19 ` [PATCH v1 0/1] " Krzysztof Opasiak
2015-11-26 9:19 ` Krzysztof Opasiak
2015-11-26 17:29 ` Greg KH
[not found] ` <20151126172914.GA8671-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-11-27 8:44 ` Krzysztof Opasiak
2015-11-27 8:44 ` Krzysztof Opasiak
[not found] ` <565817FD.3090409-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-11-28 2:39 ` Greg KH
2015-11-28 2:39 ` Greg KH
[not found] ` <20151128023925.GA5177-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-11-30 9:08 ` Oliver Neukum
2015-11-30 9:08 ` Oliver Neukum
2015-11-30 16:16 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.1511301113120.1938-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2015-11-30 17:12 ` Krzysztof Opasiak
2015-11-30 17:12 ` Krzysztof Opasiak
[not found] ` <565C8376.6070505-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2015-11-30 17:20 ` Greg KH
2015-11-30 17:20 ` Greg KH
[not found] ` <20151130172028.GA1088-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-11-30 18:48 ` Krzysztof Opasiak
2015-11-30 18:48 ` Krzysztof Opasiak
[not found] ` <565C9A18.6000006-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2016-01-19 16:39 ` Emilio López
2016-01-19 16:39 ` Emilio López
[not found] ` <569E66DF.3050004-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-01-19 18:07 ` Greg KH
2016-01-19 18:07 ` Greg KH
[not found] ` <20160119180752.GA10487-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2016-01-21 23:54 ` [PATCH v2] usb: devio: Add " Emilio López
2016-01-21 23:54 ` Emilio López
[not found] ` <1453420476-26125-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-01-22 9:41 ` Bjørn Mork
2016-01-22 9:41 ` Bjørn Mork
[not found] ` <8760ymdk94.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-01-25 1:40 ` Emilio López
2016-01-25 1:40 ` Emilio López
2016-01-25 8:39 ` Bjørn Mork
[not found] ` <87powqrr1s.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-01-25 15:21 ` Alan Stern
2016-01-25 15:21 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.1601251016490.1849-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2016-01-25 15:32 ` Bjørn Mork
2016-01-25 15:32 ` Bjørn Mork
[not found] ` <8737tln08x.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-01-25 15:46 ` Alan Stern
2016-01-25 15:46 ` Alan Stern
2016-01-22 16:10 ` Alan Stern
2016-01-22 16:10 ` Alan Stern
2016-01-25 2:01 ` Emilio López
2016-02-04 3:20 ` [PATCH v3] " Emilio López
2016-02-04 3:20 ` Emilio López
2016-02-04 16:27 ` Alan Stern
2016-02-04 16:27 ` Alan Stern
[not found] ` <Pine.LNX.4.44L0.1602041122340.1515-100000-IYeN2dnnYyZXsRXLowluHWD2FQJk+8+b@public.gmane.org>
2016-02-08 1:56 ` Emilio López [this message]
2016-02-08 1:56 ` Emilio López
[not found] ` <1454556057-18956-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-02-04 3:46 ` Greg KH
2016-02-04 3:46 ` Greg KH
2016-02-15 1:41 ` [PATCH v4] " Emilio López
2016-02-15 1:41 ` Emilio López
[not found] ` <1455500516-21590-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org>
2016-02-18 18:44 ` Alan Stern
2016-02-18 18:44 ` Alan Stern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56B7F5D3.6050009@collabora.co.uk \
--to=emilio.lopez-zgy8ohtn/8ppycu2f3hruq@public.gmane.org \
--cc=bjorn-yOkvZcmFvRU@public.gmane.org \
--cc=dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=jorgelo-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=kborer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=reillyg-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=stern-nwvwT67g6+6dFdvTe/nMLpVzexx5G7lz@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.