redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/usb
History
Ingo Rohloff 48df48dc17 usb: usbfs: Suppress problematic bind and unbind uevents. 
[ Upstream commit abb0b3d96a ]

commit 1455cf8dbf ("driver core: emit uevents when device is bound
to a driver") added bind and unbind uevents when a driver is bound or
unbound to a physical device.

For USB devices which are handled via the generic usbfs layer (via
libusb for example), this is problematic:
Each time a user space program calls
   ioctl(usb_fd, USBDEVFS_CLAIMINTERFACE, &usb_intf_nr);
and then later
   ioctl(usb_fd, USBDEVFS_RELEASEINTERFACE, &usb_intf_nr);
The kernel will now produce a bind or unbind event, which does not
really contain any useful information.

This allows a user space program to run a DoS attack against programs
which listen to uevents (in particular systemd/eudev/upowerd):
A malicious user space program just has to call in a tight loop

   ioctl(usb_fd, USBDEVFS_CLAIMINTERFACE, &usb_intf_nr);
   ioctl(usb_fd, USBDEVFS_RELEASEINTERFACE, &usb_intf_nr);

With this loop the malicious user space program floods the kernel and
all programs listening to uevents with tons of bind and unbind
events.

This patch suppresses uevents for ioctls USBDEVFS_CLAIMINTERFACE and
USBDEVFS_RELEASEINTERFACE.

Signed-off-by: Ingo Rohloff <ingo.rohloff@lauterbach.com>
Link: https://lore.kernel.org/r/20191011115518.2801-1-ingo.rohloff@lauterbach.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2019-12-31 16:44:07 +01:00
..
atm USB: atm: ueagle-atm: add missing endpoint check 2019-12-17 19:55:44 +01:00
c67x00 USB: add SPDX identifiers to all remaining Makefiles 2017-11-07 15:53:48 +01:00
cdns3 usb: cdns3: gadget: Fix g_audio use case when connected to Super-Speed host 2019-10-30 14:39:07 +01:00
chipidea Add role switch class support for chipidea 2019-09-05 10:02:07 +02:00
class USB: usblp: fix use-after-free on disconnect 2019-10-15 20:19:19 +02:00
common usb: common: usb-conn-gpio: Don't log an error on probe deferral 2019-12-17 19:55:39 +01:00
core usb: usbfs: Suppress problematic bind and unbind uevents. 2019-12-31 16:44:07 +01:00
dwc2 usb: dwc2: use a longer core rest timeout in dwc2_core_reset() 2019-12-04 22:30:45 +01:00
dwc3 usb: dwc3: ep0: Clear started flag on completion 2019-12-17 19:55:58 +01:00
early drivers: Remove explicit invocations of mmiowb() 2019-04-08 12:01:02 +01:00
gadget USB: dummy-hcd: increase max number of devices to 32 2019-12-17 19:56:52 +01:00
host xhci: make sure interrupts are restored to correct state 2019-12-17 19:55:38 +01:00
image USB: microtek: fix info-leak at probe 2019-10-04 11:02:58 +02:00
isp1760 usb: add a HCD_DMA flag instead of guestimating DMA capabilities 2019-08-21 10:03:35 -07:00
misc USB: adutux: fix interface sanity check 2019-12-17 19:55:47 +01:00
mon usb: mon: Fix a deadlock in usbmon between mmap and read 2019-12-17 19:55:49 +01:00
mtu3 usb: mtu3: fix missing include of mtu3_dr.h 2019-10-27 08:58:44 +02:00
musb usb: add a HCD_DMA flag instead of guestimating DMA capabilities 2019-08-21 10:03:35 -07:00
phy USB: Changes for v5.4 merge window 2019-09-02 19:20:57 +02:00
renesas_usbhs usb: renesas_usbhs: add suspend event support in gadget mode 2019-12-31 16:43:37 +01:00
roles usb: roles: fix a potential use after free 2019-12-17 19:55:46 +01:00
serial USB: serial: io_edgeport: fix epic endpoint lookup 2019-12-17 19:55:46 +01:00
storage USB: Fix incorrect DMA allocations for local memory pool drivers 2019-12-21 11:04:21 +01:00
typec usb: typec: fix use after free in typec_register_port() 2019-12-17 19:56:00 +01:00
usbip usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() 2019-11-29 10:10:22 +01:00
Kconfig usb: common: create Kconfig file 2019-09-03 19:00:39 +02:00
Makefile USB: Changes for v5.4 merge window 2019-09-02 19:20:57 +02:00
usb-skeleton.c USB: usb-skeleton: drop redundant in-urb check 2019-10-10 12:41:19 +02:00