Am 31.05.2011 09:48 schrieb Greg KH: > On Tue, May 31, 2011 at 08:41:58AM +0200, Carl-Daniel Hailfinger wrote: > >> Am 31.05.2011 06:54 schrieb Greg KH: >> >>> On Mon, May 30, 2011 at 12:19:00PM -0400, Alan Stern wrote: >>> >>>> On Mon, 30 May 2011, Greg KH wrote: >>>> >>>>> On Mon, May 30, 2011 at 09:09:15AM +0200, Carl-Daniel Hailfinger wrote: >>>>> >>>>>> USB treats all devices attached to a wireless USB host controller as >>>>>> unauthorized by default and all devices attached to a wired USB host >>>>>> controller as authorized by default. This default setting can be changed >>>>>> manually per host controller by setting authorized_default in sysfs, but >>>>>> only after the host controller is already active. >>>>>> AFAICS there is a race between userspace setting authorized_default on >>>>>> startup and the USB subsystem enumerating devices on the USB bus. If a >>>>>> USB device is already plugged into a wired USB host controller on >>>>>> startup, it may be marked as authorized (and thus accessed by the >>>>>> kernel/userspace) before userspace has a chance to set >>>>>> authorized_default on that host controller. This is undesirable in kiosk >>>>>> situations where the user may have access to the USB ports of a machine >>>>>> during startup. >>>>>> >>>>>> Add an "authorized_default" parameter to the usbcore module >>>>>> >> >> What do you think about this one? >> > Much better, I like it. > > Any objections? > > Oh, one minor grammar nit: > >> The "authorized_default" module parameter of usbcore controls the default >> for the authorized_default variable of each USB host controller. >> -1 is authorized for all devices except wireless (default, old behaviour) >> 0 is not authorized for all devices >> > Shouldn't that read: > 0 is not authorized for any devices" > ? > Next try. Any chance to get this into Linux 3.0? It does fix a race condition for me, but I'm not sure whether that is a good enough reason for you. >From 3cfe9bf76263bbcf576d1b8e62d2b236249c8263 Mon Sep 17 00:00:00 2001 From: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@xxxxxxx> Date: Tue, 31 May 2011 08:28:19 +0200 Subject: [PATCH] Add "authorized_default" parameter to the usbcore module The "authorized_default" module parameter of usbcore controls the default for the authorized_default variable of each USB host controller. -1 is authorized for all devices except wireless (default, old behaviour) 0 is unauthorized for all devices 1 is authorized for all devices Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@xxxxxxx> --- Documentation/kernel-parameters.txt | 5 +++++ drivers/usb/core/hcd.c | 17 ++++++++++++++++- 2 files changed, 21 insertions(+), 1 deletions(-) diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index 5438a2d..ff1e35b 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -2535,6 +2535,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted. unknown_nmi_panic [X86] Cause panic on unknown NMI. + usbcore.authorized_default= + [USB] Default USB device authorization: + (default -1 = authorized except for wireless USB, + 0 = not authorized, 1 = authorized) + usbcore.autosuspend= [USB] The autosuspend time delay (in seconds) used for newly-detected USB devices (default 2). This diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c index ace9f84..8669ba3 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -337,6 +337,17 @@ static const u8 ss_rh_config_descriptor[] = { 0x02, 0x00 /* __le16 ss_wBytesPerInterval; 15 bits for max 15 ports */ }; +/* authorized_default behaviour: + * -1 is authorized for all devices except wireless (old behaviour) + * 0 is unauthorized for all devices + * 1 is authorized for all devices + */ +static int authorized_default = -1; +module_param(authorized_default, int, S_IRUGO|S_IWUSR); +MODULE_PARM_DESC(authorized_default, + "Default USB device authorization: 0 is not authorized, 1 is " + "authorized, -1 is authorized except for wireless USB (default, " + "old behaviour"); /*-------------------------------------------------------------------------*/ /** @@ -2371,7 +2382,11 @@ int usb_add_hcd(struct usb_hcd *hcd, dev_info(hcd->self.controller, "%s\n", hcd->product_desc); - hcd->authorized_default = hcd->wireless? 0 : 1; + /* Keep old behaviour if authorized_default is not in [0, 1]. */ + if (authorized_default < 0 || authorized_default > 1) + hcd->authorized_default = hcd->wireless? 0 : 1; + else + hcd->authorized_default = authorized_default; set_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags); /* HC is in reset state, but accessible. Now do the one-time init, -- 1.7.1 -- http://www.hailfinger.org/ -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html