From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?utf-8?Q?Bj=C3=B8rn_Mork?= Subject: Re: [PATCH v2] usb: devio: Add ioctl to disallow detaching kernel USB drivers. Date: Fri, 22 Jan 2016 10:41:11 +0100 Message-ID: <8760ymdk94.fsf@nemi.mork.no> References: <20160119180752.GA10487@kroah.com> <1453420476-26125-1-git-send-email-emilio.lopez@collabora.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: In-Reply-To: <1453420476-26125-1-git-send-email-emilio.lopez-ZGY8ohtN/8pPYcu2f3hruQ@public.gmane.org> ("Emilio =?utf-8?Q?L=C3=B3pez=22's?= message of "Thu, 21 Jan 2016 20:54:36 -0300") Sender: linux-usb-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Emilio =?utf-8?Q?L=C3=B3pez?= Cc: gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org, stern-nwvwT67g6+6dFdvTe/nMLpVzexx5G7lz@public.gmane.org, kborer-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org, k.opasiak-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org, reillyg-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org, keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org, linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, jorgelo-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org, dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org List-Id: linux-api@vger.kernel.org Emilio L=C3=B3pez writes: > diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c > index 38ae877c..bf40aa6 100644 > --- a/drivers/usb/core/devio.c > +++ b/drivers/usb/core/devio.c > @@ -77,6 +77,8 @@ struct usb_dev_state { > unsigned long ifclaimed; > u32 secid; > u32 disabled_bulk_eps; > + bool privileges_dropped; > + unsigned long interface_allowed_mask; > }; > =20 > struct async { > @@ -641,6 +643,14 @@ static int claimintf(struct usb_dev_state *ps, u= nsigned int ifnum) > if (test_bit(ifnum, &ps->ifclaimed)) > return 0; > =20 > + if (ps->privileges_dropped) { > + if (ifnum >=3D 8*sizeof(ps->interface_allowed_mask)) > + return -EINVAL; I don't think you need this runtime test. You can just make sure that sizeof(ps->interface_allowed_mask) =3D=3D sizeof(ps->ifclaimed) at buil= d time. I do find this variable and arbitrary limit a bit confusing, but that's not your fault - I guess it is an indication that ifnums > 31 are rare :) > diff --git a/include/uapi/linux/usbdevice_fs.h b/include/uapi/linux/u= sbdevice_fs.h > index 019ba1e..9abcb34 100644 > --- a/include/uapi/linux/usbdevice_fs.h > +++ b/include/uapi/linux/usbdevice_fs.h > @@ -154,6 +154,10 @@ struct usbdevfs_streams { > unsigned char eps[0]; > }; > =20 > +struct usbdevfs_drop_privs { > + unsigned long interface_allowed_mask; > +}; > + "unsigned long" isn't a very good choice here, is it? Bj=C3=B8rn -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753050AbcAVJl6 (ORCPT ); Fri, 22 Jan 2016 04:41:58 -0500 Received: from canardo.mork.no ([148.122.252.1]:42750 "EHLO canardo.mork.no" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752950AbcAVJlr convert rfc822-to-8bit (ORCPT ); Fri, 22 Jan 2016 04:41:47 -0500 From: =?utf-8?Q?Bj=C3=B8rn_Mork?= To: Emilio =?utf-8?Q?L=C3=B3pez?= Cc: gregkh@linuxfoundation.org, stern@rowland.harvard.edu, kborer@gmail.com, k.opasiak@samsung.com, reillyg@chromium.org, keescook@chromium.org, linux-api@vger.kernel.org, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, jorgelo@chromium.org, dan.carpenter@oracle.com Subject: Re: [PATCH v2] usb: devio: Add ioctl to disallow detaching kernel USB drivers. Organization: m References: <20160119180752.GA10487@kroah.com> <1453420476-26125-1-git-send-email-emilio.lopez@collabora.co.uk> Date: Fri, 22 Jan 2016 10:41:11 +0100 In-Reply-To: <1453420476-26125-1-git-send-email-emilio.lopez@collabora.co.uk> ("Emilio =?utf-8?Q?L=C3=B3pez=22's?= message of "Thu, 21 Jan 2016 20:54:36 -0300") Message-ID: <8760ymdk94.fsf@nemi.mork.no> User-Agent: Gnus/5.130013 (Ma Gnus v0.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Emilio López writes: > diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c > index 38ae877c..bf40aa6 100644 > --- a/drivers/usb/core/devio.c > +++ b/drivers/usb/core/devio.c > @@ -77,6 +77,8 @@ struct usb_dev_state { > unsigned long ifclaimed; > u32 secid; > u32 disabled_bulk_eps; > + bool privileges_dropped; > + unsigned long interface_allowed_mask; > }; > > struct async { > @@ -641,6 +643,14 @@ static int claimintf(struct usb_dev_state *ps, unsigned int ifnum) > if (test_bit(ifnum, &ps->ifclaimed)) > return 0; > > + if (ps->privileges_dropped) { > + if (ifnum >= 8*sizeof(ps->interface_allowed_mask)) > + return -EINVAL; I don't think you need this runtime test. You can just make sure that sizeof(ps->interface_allowed_mask) == sizeof(ps->ifclaimed) at build time. I do find this variable and arbitrary limit a bit confusing, but that's not your fault - I guess it is an indication that ifnums > 31 are rare :) > diff --git a/include/uapi/linux/usbdevice_fs.h b/include/uapi/linux/usbdevice_fs.h > index 019ba1e..9abcb34 100644 > --- a/include/uapi/linux/usbdevice_fs.h > +++ b/include/uapi/linux/usbdevice_fs.h > @@ -154,6 +154,10 @@ struct usbdevfs_streams { > unsigned char eps[0]; > }; > > +struct usbdevfs_drop_privs { > + unsigned long interface_allowed_mask; > +}; > + "unsigned long" isn't a very good choice here, is it? Bjørn