Received: by 2002:ac0:a679:0:0:0:0:0 with SMTP id p54csp1303935imp; Fri, 22 Feb 2019 00:28:28 -0800 (PST) X-Google-Smtp-Source: AHgI3Ibnxm8eCW6l/quW0ieqLUDLY/Fm7T8RL9Ra98E4VbusVBgsTSxEc8NPrBiEQXINXLX1z/lk X-Received: by 2002:a62:a504:: with SMTP id v4mr3120454pfm.22.1550824108438; Fri, 22 Feb 2019 00:28:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550824108; cv=none; d=google.com; s=arc-20160816; b=HoctCnO9tuLstIz8rLXc4M2OTT9uvGPkqQUWlLEJXcNp0hafdO0qTZL38kGF3c5zdE vLkZsPxFrKc8J71etbXjnCcwnm9HukBQ2pYqIkdWZ5hRsoi7N2RbE+hu8+ym3Zli8CLi moIgurGQ29wUmFARTnJjQWNk0RWgrbr/6JFFKUNc6qtcREA92WscAYnC9JVDJTr/biVe vUJSwB+f6QCxr/yMEwxeSKzO9iISOeKBPSmn5vqccpX1UPjdn6P77zctC+toswpKHW2V QGYlVwfn71jUhUEodOIEN+InNfhSldMuEGS1Jt2kzmZOAyHDOJqRmcKT40TQcMrLKtyq A/kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=AVR6DGhje5KOMcstRnI/ukBmAUW/3qp+OXlV2cV7NOI=; b=Jd2VvmxjyF7PDURlLvrRAVGu8GH9y8j45AMSr81iU/pOohUySyS0LRXpEs14UGNAFE ZEdcqyPJJ6xbVCsrL/2acqgYVcKciBkQPaA2oaUUcTSvLpKL2BOn2x8OO6EJvSQpssTx QaQpkx8MHL/BaSWaE18C4bDKXpRwcovCFAOqsv8AKAIt1NWuhW/RKfUsoX0oDSefRFnt kCRUUqhvcbbnIseyzky1O2pMl49zsUE3j1GFCLsK2ZxyM8hMeKzO0Q9hMpOTyDukEHFP 3aYOeI6j2DAU2HOxt5PK0uUj/2cqX5uZGQ1gBTjPpOMVh9x3BiuCiumTpx5aeeo/QtzT 11DA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=YY7+ejk6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 128si868711pfd.19.2019.02.22.00.28.12; Fri, 22 Feb 2019 00:28:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=YY7+ejk6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726573AbfBVI1t (ORCPT + 99 others); Fri, 22 Feb 2019 03:27:49 -0500 Received: from mail.kernel.org ([198.145.29.99]:32834 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726313AbfBVI1t (ORCPT ); Fri, 22 Feb 2019 03:27:49 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D847A20700; Fri, 22 Feb 2019 08:27:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1550824068; bh=8edfktwJBuX3vEVcGO3bmC4PE498wHxd4TksCyJ72xs=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=YY7+ejk6GcXseVv8exsO3JbAQTxPjz+xmlakcjcRe+lq8hvGyW3jlPh0SAM9CfMAd Wlfgn7qGe1FVbrUtwrEMhIS0nF6WGD5OERKJ/cN1oekhp+69uFGvho7uhtOi82a5dR PcBhXWem0TmZATGTlYzjmnHtAlYsYNEDagcgN82Y= Date: Fri, 22 Feb 2019 09:27:44 +0100 From: Greg Kroah-Hartman To: Dmitry Torokhov Cc: Alan Stern , linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org Subject: Re: [PATCH] usb: core: add option of only authorizing internal devices Message-ID: <20190222082744.GA6963@kroah.com> References: <20190217072151.GA244815@dtor-ws> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190217072151.GA244815@dtor-ws> User-Agent: Mutt/1.11.3 (2019-02-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Feb 16, 2019 at 11:21:51PM -0800, Dmitry Torokhov wrote: > On Chrome OS we want to use USBguard to potentially limit access to USB > devices based on policy. We however to do not want to wait for userspace to > come up before initializing fixed USB devices to not regress our boot > times. > > This patch adds option to instruct the kernel to only authorize devices > connected to the internal ports. Previously we could either authorize > all or none (or, by default, we'd only authorize wired devices). > > The behavior is controlled via usbcore.authorized_default command line > option. > > Signed-off-by: Dmitry Torokhov > --- > .../admin-guide/kernel-parameters.txt | 3 +- > Documentation/usb/authorization.txt | 4 +- > drivers/usb/core/hcd.c | 51 +++++++++++-------- > drivers/usb/core/usb.c | 33 +++++++++--- > include/linux/usb/hcd.h | 10 ++-- > 5 files changed, 69 insertions(+), 32 deletions(-) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index aefd358a5ca3..4446919089b9 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -4675,7 +4675,8 @@ > usbcore.authorized_default= > [USB] Default USB device authorization: > (default -1 = authorized except for wireless USB, > - 0 = not authorized, 1 = authorized) > + 0 = not authorized, 1 = authorized, 2 = authorized > + if device connected to internal port) Oh nice, another "simple" flag modified over time to be more complex :( Anyway, that's fine, it's how APIs grow, just grumpy... This all looks good to me, I'll go queue it up now. greg k-h