| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Sep 2014 23:38:40 +0000
From: Maximilian Eschenbacher <maximilian@...henbacher.email>
To: linux-kernel@...r.kernel.org
Cc: valentina.manea.m@...il.com, shuah.kh@...sung.com,
gregkh@...uxfoundation.org, Dominik Paulus <dominik.paulus@....de>,
Maximilian Eschenbacher <maximilian@...henbacher.email>,
Fjodor Schelichow <fjodor.schelichow@...mail.com>,
Johannes Stadlinger <johannes.stadlinger@....de>,
Kurt Kanzenbach <ly80toro@....cs.fau.de>,
Tobias Polzer <tobias.polzer@....de>
Subject: [PATCH 03/18] usbip: Add kernel support for client ACLs
From: Dominik Paulus <dominik.paulus@....de>
This patch adds the possibility to stored ACLs for allowed clients for
each stub device in sysfs. It adds a new sysfs entry called "usbip_acl"
for each stub device, containing a list of CIDR masks of allowed
clients. This file will be used by usbip and usbipd to store the ACL.
Signed-off-by: Maximilian Eschenbacher <maximilian@...henbacher.email>
Signed-off-by: Fjodor Schelichow <fjodor.schelichow@...mail.com>
Signed-off-by: Johannes Stadlinger <johannes.stadlinger@....de>
Signed-off-by: Kurt Kanzenbach <ly80toro@....cs.fau.de>
Signed-off-by: Dominik Paulus <dominik.paulus@....de>
Signed-off-by: Tobias Polzer <tobias.polzer@....de>
---
drivers/usb/usbip/stub.h | 5 ++++
drivers/usb/usbip/stub_dev.c | 60 +++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 64 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/usbip/stub.h b/drivers/usb/usbip/stub.h
index 266e2b0..b2d3d55 100644
--- a/drivers/usb/usbip/stub.h
+++ b/drivers/usb/usbip/stub.h
@@ -60,6 +60,11 @@ struct stub_device {
struct list_head unlink_free;
wait_queue_head_t tx_waitq;
+
+ /* list of allowed IP addrs */
+ char *acls;
+ /* for locking list operations */
+ spinlock_t ip_lock;
};
/* private data into urb->priv */
diff --git a/drivers/usb/usbip/stub_dev.c b/drivers/usb/usbip/stub_dev.c
index fac20e0..e6624f1 100644
--- a/drivers/usb/usbip/stub_dev.c
+++ b/drivers/usb/usbip/stub_dev.c
@@ -119,6 +119,55 @@ err:
}
static DEVICE_ATTR(usbip_sockfd, S_IWUSR, NULL, store_sockfd);
+/*
+ * This function replaces the current ACL list
+ */
+static ssize_t store_acl(struct device *dev, struct device_attribute *attr,
+ const char *buf, size_t count)
+{
+ struct stub_device *sdev = dev_get_drvdata(dev);
+ int retval;
+
+ if (count >= PAGE_SIZE)
+ return -EINVAL;
+
+ spin_lock_irq(&sdev->ip_lock);
+ kfree(sdev->acls);
+ sdev->acls = kstrdup(buf, GFP_KERNEL);
+ if (!sdev->acls)
+ retval = -ENOMEM;
+ else
+ retval = strlen(sdev->acls);
+ spin_unlock_irq(&sdev->ip_lock);
+
+ return retval;
+}
+
+/*
+ * This functions prints all allowed IP addrs for this dev
+ */
+static ssize_t show_acl(struct device *dev, struct device_attribute *attr,
+ char *buf)
+{
+ struct stub_device *sdev = dev_get_drvdata(dev);
+ int retval = 0;
+
+ if (!sdev)
+ return -ENODEV;
+
+ spin_lock_irq(&sdev->ip_lock);
+ if (sdev->acls == NULL) {
+ retval = 0;
+ } else {
+ strcpy(buf, sdev->acls);
+ retval = strlen(buf);
+ }
+ spin_unlock_irq(&sdev->ip_lock);
+
+ return retval;
+}
+static DEVICE_ATTR(usbip_acl, S_IWUSR | S_IRUGO, show_acl, store_acl);
+
static int stub_add_files(struct device *dev)
{
int err = 0;
@@ -134,9 +183,13 @@ static int stub_add_files(struct device *dev)
err = device_create_file(dev, &dev_attr_usbip_debug);
if (err)
goto err_debug;
+ err = device_create_file(dev, &dev_attr_usbip_acl);
+ if (err)
+ goto err_ip;
return 0;
-
+err_ip:
+ device_remove_file(dev, &dev_attr_usbip_debug);
err_debug:
device_remove_file(dev, &dev_attr_usbip_sockfd);
err_sockfd:
@@ -150,6 +203,7 @@ static void stub_remove_files(struct device *dev)
device_remove_file(dev, &dev_attr_usbip_status);
device_remove_file(dev, &dev_attr_usbip_sockfd);
device_remove_file(dev, &dev_attr_usbip_debug);
+ device_remove_file(dev, &dev_attr_usbip_acl);
}
static void stub_shutdown_connection(struct usbip_device *ud)
@@ -287,6 +341,7 @@ static struct stub_device *stub_device_alloc(struct usb_device *udev)
INIT_LIST_HEAD(&sdev->priv_free);
INIT_LIST_HEAD(&sdev->unlink_free);
INIT_LIST_HEAD(&sdev->unlink_tx);
+ spin_lock_init(&sdev->ip_lock);
spin_lock_init(&sdev->priv_lock);
init_waitqueue_head(&sdev->tx_waitq);
@@ -453,6 +508,9 @@ static void stub_disconnect(struct usb_device *udev)
usb_put_dev(sdev->udev);
+ /* free ACL list */
+ kfree(sdev->acls);
+
/* free sdev */
busid_priv->sdev = NULL;
stub_device_free(sdev);
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists