lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 25 Jan 2016 10:46:52 -0500 (EST)
From:	Alan Stern <stern@...land.harvard.edu>
To:	Bjørn Mork <bjorn@...k.no>
cc:	Emilio López <emilio.lopez@...labora.co.uk>,
	<gregkh@...uxfoundation.org>, <kborer@...il.com>,
	<k.opasiak@...sung.com>, <reillyg@...omium.org>,
	<keescook@...omium.org>, <linux-api@...r.kernel.org>,
	<linux-usb@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<jorgelo@...omium.org>, <dan.carpenter@...cle.com>
Subject: Re: [PATCH v2] usb: devio: Add ioctl to disallow detaching kernel
 USB drivers.

On Mon, 25 Jan 2016, Bjørn Mork wrote:

> Alan Stern <stern@...land.harvard.edu> writes:
> > On Mon, 25 Jan 2016, Bjørn Mork wrote:
> >
> >> I don't feel much like an expert here, but I can certainly make up an
> >> opinion anyway :)
> >> 
> >> Since 64bits kernels allow usb devio with interface numbers up to 63, I
> >> guess you need __u64 to avoid limiting the range?  Limiting will create
> >> all sorts of followup problems, so it's definitely easiest to just go
> >> with __u64.
> >
> > But the Linux USB stack only allows up to 32 interfaces (see
> > include/linux/usb.h):
> >
> > /* this maximum is arbitrary */
> > #define USB_MAXINTERFACES	32
> 
> 
> Ah, I totally missed that.  Thanks
> 
> 
> > So there's no point using a 64-bit value.
> >
> > On the other hand, this value is supposed to be the same size as 
> > ps->ifclaimed, which is used as an argument to clear_bit(), set_bit(), 
> > and test_bit().  Those routines require unsigned long.
> 
> Maybe the input to these should be clamped to USB_MAXINTERFACES?

If you want.  Right now it's clamped to 8 * sizeof(ps->ifclaimed),
which ought to be good enough.

Oh yes, there's one other thing to notice.  The value passed to these
routines is an interface number (as opposed to an index).  According to
the USB spec, interfaces are supposed to be numbered sequentially
starting from 0, but there may be some devices that mess this up.  So
it's possible we'll see an interface number which is larger than the
number of interfaces!  :-)

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ