From: Felipe Balbi <balbi@kernel.org>
To: Krzysztof Opasiak <k.opasiak@samsung.com>,
gregkh@linuxfoundation.org,
Alan Stern <stern@rowland.harvard.edu>
Cc: andrzej.p@samsung.com, linux-usb@vger.kernel.org
Subject: usb: gadget: configfs: Disallow empty function instance name
Date: Tue, 12 Dec 2017 15:16:42 +0200 [thread overview]
Message-ID: <87bmj4nl1h.fsf@linux.intel.com> (raw)
Hi,
Krzysztof Opasiak <k.opasiak@samsung.com> writes:
> On 12/12/2017 01:31 PM, Felipe Balbi wrote:
>>
>> Hi,
>>
>> Krzysztof Opasiak <k.opasiak@samsung.com> writes:
>>> Every function should have a type and instance name.
>>> Unfortunately in most cases instance name was left unused and unchecked.
>>> This may lead to situations like FunctionFS device name identified by ""
>>> or some misleading debug messages from TCM like:
>>>
>>> tcm: Activating
>>>
>>> To avoid this let's add a check that instance name should have at least
>>> one character.
>>>
>>> Reported-by: Stefan Agner <stefan@agner.ch>
>>> Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
>>> ---
>>> drivers/usb/gadget/configfs.c | 5 +++++
>>> 1 file changed, 5 insertions(+)
>>>
>>> diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c
>>> index aeb9f3c40521..bdc9ec597d6a 100644
>>> --- a/drivers/usb/gadget/configfs.c
>>> +++ b/drivers/usb/gadget/configfs.c
>>> @@ -548,6 +548,11 @@ static struct config_group *function_make(
>>> *instance_name = '\0';
>>> instance_name++;
>>>
>>> + if (*instance_name == '\0') {
>>> + pr_err("Instance name (after .) should not be empty\n");
>>> + return ERR_PTR(-EINVAL);
>>> + }
>>
>> aaaaaand just like that you break potentially existing scripts :-)
>>
>> We need to find a better way of enforcing a name which doesn't break
>> existing users.
>
> I'm really open for suggestions how to enforce this without breaking
> those scripts ;)
>
> The origin of this commit is github issue for libusbgx[1].
> So the problem is that library allows to create a function with empty
> name (because I mistakenly assumed that kernel rejects this) but then it
> is unable to reinitialize the ConfigFS state because there is a check
> that disallows this. From my point of view I'd be happy to disallow
> empty names because it causes some problems (f_fs) or weird debug
> messages (f_tcm) so is generally inconvenient and seems to be
> unintentional. But I would like to keep this consistent with kernel policy.
I think we need to first fix libusbgx to prevent empty names.
I don't want to be the one hearing from Linus that "we don't break
userspace". It's clear that empty names shouldn't be allowed, but they
_are_ allowed as of today, so how can we cause a regression all of a
sudden?
Alan, Greg, any suggestions?
next reply other threads:[~2017-12-12 13:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-12 13:16 Felipe Balbi [this message]
-- strict thread matches above, loose matches on Subject: below --
2017-12-13 10:14 usb: gadget: configfs: Disallow empty function instance name Krzysztof Opasiak
2017-12-13 9:29 Felipe Balbi
2017-12-12 15:54 Alan Stern
2017-12-12 14:04 Krzysztof Opasiak
2017-12-12 13:02 Krzysztof Opasiak
2017-12-12 12:31 Felipe Balbi
2017-12-12 12:26 Krzysztof Opasiak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bmj4nl1h.fsf@linux.intel.com \
--to=balbi@kernel.org \
--cc=andrzej.p@samsung.com \
--cc=gregkh@linuxfoundation.org \
--cc=k.opasiak@samsung.com \
--cc=linux-usb@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).