Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7922393rwb; Wed, 23 Nov 2022 12:39:44 -0800 (PST) X-Google-Smtp-Source: AA0mqf4PmyKAK7DQbFGmSAkJBXnS9sqhum+55g3a6PyVDdq3ymZWwQ0P1O24+oIKumWl0DmoTY8p X-Received: by 2002:a63:544b:0:b0:477:6336:dddf with SMTP id e11-20020a63544b000000b004776336dddfmr10388707pgm.371.1669235984690; Wed, 23 Nov 2022 12:39:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669235984; cv=none; d=google.com; s=arc-20160816; b=m6nqs2lgLDYLUCTEJSpHCOr2FiM4IduQNj2s3eHWOrxmncrg/88IfvLRUdKYS9zdPB KgbguzeYbctJDVYkdTyIzY6uJkr0kf7QJyezfgLWxno0pTb2K5g3m7FDVr4bpplOQDMA BmeVvLgONcpDsfweO7tJ6fBgyX4HBn1SLVFZVmXFf3kWP1h53t1sEwZqAR5s1QKIfZRm gIa/smExm3mWN7O8fX+CCnQ5SpFqmue+gplYaeaWwR7twdpm3JeqP+lAzRwvo9NyUgMt 0Hn3ZjtK7Fqad43oPz6cHqFRONBcvVc2gJQGzTDwz7dztIkR3uU8MB2HaUyFE+B/Up/U NyZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=zjgLfIgymxMMYmWuqWPWGKjG2YLyiLx1k/rybg/+Fog=; b=RnuTR7LUNov2S3vBNxbUFnb/IR6g4O14doipINhbZJ/R9Ap1NA9pLauoCoD8mS7wer c1bmR5TJVpVzdaDMyugJPwJrwn7rqrSEIs5kl23VHzf7lKHeKZMtHMyax/W1UZJBHoqk h1zCAzz7+8CHyWRpKbjd5MSnyaNW3ENzoD+UecQ5/7UxY5gbUL6Xg+tL9IXsCwT4MH2m IG7a88WNYuD2b8dmX2sz+Jl91tuTr3sT09/reIpTcx0nlk5aSQ3dzToFkwytxP4De8+O 8TONnwEm0ME99BZgd+RDX54UWLgSMSY1JXOFZAkvN5eqy3oV8eBZ7aa6CzXApKq4eEF7 8YDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=emU5TDI2; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t10-20020a1709027fca00b001889ad48288si17168105plb.384.2022.11.23.12.39.31; Wed, 23 Nov 2022 12:39:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=emU5TDI2; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238741AbiKWUcH (ORCPT + 68 others); Wed, 23 Nov 2022 15:32:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239629AbiKWUbN (ORCPT ); Wed, 23 Nov 2022 15:31:13 -0500 Received: from mail-il1-x131.google.com (mail-il1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4570C24942 for ; Wed, 23 Nov 2022 12:27:50 -0800 (PST) Received: by mail-il1-x131.google.com with SMTP id h2so8364384ile.11 for ; Wed, 23 Nov 2022 12:27:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=zjgLfIgymxMMYmWuqWPWGKjG2YLyiLx1k/rybg/+Fog=; b=emU5TDI2MbojzF3Rj6h9/mvm8hyJXNIpA51tkz1gHiTfQayAEsPBQ8c57EjdSVqccs Xpq979Mpem08d0+/EvxAUPsR+Td15FmnKynt9RhYPWjx0E7slJCcosYZi9ctJgx1ibhP +fMSCtofTjP2GUS0UXEl/zFIlGfM9kvYGhVlAgeRCcT6GbRqa94SKJY+IVClsHzo+JQk KcKif6hEWTbot7A42BaIG/7YCGRlXEulSixW6AIArWBoMfkUCAVTT2s0WHP6oYcLE1co Sx7qud7gmKaHb/Yo7syu7hcKZAeY1zbeghQZqWoP5OT3X6K7Y/N1m0yKn6JPrWrLUWe+ M9Cg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zjgLfIgymxMMYmWuqWPWGKjG2YLyiLx1k/rybg/+Fog=; b=B5AEgatYfrUFSOez4qj+rO/OOYIAOsXmhM3nk4FawOuT1bw8TLtH8oaikqeOOXvS2h GUuoCRklm8o9r2O0LxL10xwFZuYtdhaNZZTPu+jGuc4Q+JU4JBgS4Za0FG5teOqT+hrq zyRJ1RAG5Lt6ifZAhP0zuZ5GiC5FSgakksRNXyyZPCxrfJk3CBh3kyfC2mKG2UJrDNFe ozHfEBiqh3pvevELHAnOVDfPlrCYA8cNMbhpySHRhlnI9gqzOTdeA0tEWvlWypp1r1mL A50PFxNq9giGcHfzseXs+5gyZPntkUBpbgkiWHkMKXzNQWtHBsQ/kSjCBrTbyeDBmOQd 61Dg== X-Gm-Message-State: ANoB5pmmvmUFdfdVs8QaZon3Bl0CssJ1rC4JbUByUq+ksRLQQb1MaVgI YF5XNJq/rdjLNZimDB/Ut7y23CU7DdejpUZvjnPrRA== X-Received: by 2002:a92:6e07:0:b0:300:1f82:73e5 with SMTP id j7-20020a926e07000000b003001f8273e5mr4494601ilc.85.1669235269478; Wed, 23 Nov 2022 12:27:49 -0800 (PST) MIME-Version: 1.0 References: <20221123124620.1387499-1-gregkh@linuxfoundation.org> In-Reply-To: <20221123124620.1387499-1-gregkh@linuxfoundation.org> From: =?UTF-8?Q?Maciej_=C5=BBenczykowski?= Date: Wed, 23 Nov 2022 12:27:37 -0800 Message-ID: Subject: Re: [PATCH] USB: disable all RNDIS protocol drivers To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Kalle Valo , Oleksij Rempel , Neil Armstrong , Mauro Carvalho Chehab , Andrzej Pietrasiewicz , Jacopo Mondi , =?UTF-8?Q?=C5=81ukasz_Stelmach?= , Laurent Pinchart , linux-usb@vger.kernel.org, netdev@vger.kernel.org, linux-wireless@vger.kernel.org, Ilja Van Sprundel , Joseph Tartaro Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Wed, Nov 23, 2022 at 4:46 AM Greg Kroah-Hartman wrote: > > The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on > any system that uses it with untrusted hosts or devices. Because the > protocol is impossible to make secure, just disable all rndis drivers to > prevent anyone from using them again. > > Windows only needed this for XP and newer systems, Windows systems older > than that can use the normal USB class protocols instead, which do not > have these problems. > > Android has had this disabled for many years so there should not be any > real systems that still need this. > > Cc: "David S. Miller" > Cc: Eric Dumazet > Cc: Jakub Kicinski > Cc: Paolo Abeni > Cc: Kalle Valo > Cc: Oleksij Rempel > Cc: "Maciej =C5=BBenczykowski" > Cc: Neil Armstrong > Cc: Mauro Carvalho Chehab > Cc: Andrzej Pietrasiewicz > Cc: Jacopo Mondi > Cc: "=C5=81ukasz Stelmach" > Cc: Laurent Pinchart > Cc: linux-usb@vger.kernel.org > Cc: netdev@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Cc: linux-wireless@vger.kernel.org > Reported-by: Ilja Van Sprundel > Reported-by: Joseph Tartaro > Signed-off-by: Greg Kroah-Hartman > --- > Note, I'll submit patches removing the individual drivers for later, but > that is more complex as unwinding the interaction between the CDC > networking and RNDIS drivers is tricky. For now, let's just disable all > of this code as it is not secure. > > I can take this through the USB tree if the networking maintainers have > no objection. I thought I had done this months ago, when the last round > of "there are bugs in the protocol!" reports happened at the end of > 2021, but forgot to do so, my fault. > > drivers/net/usb/Kconfig | 1 + > drivers/net/wireless/Kconfig | 1 + > drivers/usb/gadget/Kconfig | 4 +--- > drivers/usb/gadget/legacy/Kconfig | 3 +++ > 4 files changed, 6 insertions(+), 3 deletions(-) > > diff --git a/drivers/net/usb/Kconfig b/drivers/net/usb/Kconfig > index 4402eedb3d1a..83f9c0632642 100644 > --- a/drivers/net/usb/Kconfig > +++ b/drivers/net/usb/Kconfig > @@ -401,6 +401,7 @@ config USB_NET_MCS7830 > config USB_NET_RNDIS_HOST > tristate "Host for RNDIS and ActiveSync devices" > depends on USB_USBNET > + depends on BROKEN > select USB_NET_CDCETHER > help > This option enables hosting "Remote NDIS" USB networking links, NACK. I'm perfectly okay with disabling the gadget (guest/client/device) side rndis drivers. New devices (ie. phones) moving to newer kernels should simply be switching to the NCM gadget drivers. Especially since AFAICT this won't land until 6.2 and thus will presumably not be in the 6.1 LTS and thus won't even end up in next year's Android 14/U, and instead will only be present on the absolutely freshest Android 15/V devices launching near the end of 2024 (or really in early 2025). Additionally the gadget side upstream RNDIS implementation simply isn't used by some chipset vendors - like Qualcomm (which AFAIK uses an out of tree driver to provide rndis gadget with IPA hardware offload acceleration). However, AFAICT this patch is also disabling *HOST* side RNDIS driver suppo= rt. ie. the RNDIS driver you'd use on a Linux laptop to usb tether off of an Android phone. AFAICT this will break usb tethering off of the *vast* majority of Android phones - likely including most of those currently being manufactured and sold. The only Android phones I'm actually aware of that have switched to NCM instead of RNDIS for usb tethering are Google Pixel 6+ (ie. 6/6pro/6a/7/7pro). Though it's possible there might be some relatively new hardware from other phone vendors that also uses NCM - I don't track this that closely... I do know Android 13/T doesn't require phones to use NCM for tethering, and I've not heard of any plans to change that with Android 14/U either... Note that NCM isn't natively supported by Windows <10 and it required a fair bit of 'guts' on our side to drop support for usb tethering Windows 8.1 devices prior to Win 8.1 EOL (which is only this coming January). Yes, AFAICT, this patch as currently written will break usb tethering off of a Google Pixel ../3/4/5, and I'd assume any and all qualcomm chipset derived devices, etc... ie. most likely the first of these two and possibly the second are required= : CONFIG_USB_NET_RNDIS_HOST=3Dm CONFIG_USB_NET_RNDIS_WLAN=3Dm (AFAIK the rndis host side driver is also used by various cell dongles and portable cell hotspots) [I also don't understand the commit description where it talks about Windows XP - how is XP relevant? AFAIK the issue is with Win<10 not WinXP] > diff --git a/drivers/net/wireless/Kconfig b/drivers/net/wireless/Kconfig > index cb1c15012dd0..f162b25123d7 100644 > --- a/drivers/net/wireless/Kconfig > +++ b/drivers/net/wireless/Kconfig > @@ -81,6 +81,7 @@ config USB_NET_RNDIS_WLAN > tristate "Wireless RNDIS USB support" > depends on USB > depends on CFG80211 > + depends on BROKEN > select USB_NET_DRIVERS > select USB_USBNET > select USB_NET_CDCETHER > diff --git a/drivers/usb/gadget/Kconfig b/drivers/usb/gadget/Kconfig > index 4fa2ddf322b4..2c99d4313064 100644 > --- a/drivers/usb/gadget/Kconfig > +++ b/drivers/usb/gadget/Kconfig > @@ -183,9 +183,6 @@ config USB_F_EEM > config USB_F_SUBSET > tristate > > -config USB_F_RNDIS > - tristate > - > config USB_F_MASS_STORAGE > tristate > > @@ -297,6 +294,7 @@ config USB_CONFIGFS_RNDIS > bool "RNDIS" > depends on USB_CONFIGFS > depends on NET > + depends on BROKEN > select USB_U_ETHER > select USB_F_RNDIS > help > diff --git a/drivers/usb/gadget/legacy/Kconfig b/drivers/usb/gadget/legac= y/Kconfig > index 0a7b382fbe27..03d6da63edf7 100644 > --- a/drivers/usb/gadget/legacy/Kconfig > +++ b/drivers/usb/gadget/legacy/Kconfig > @@ -153,6 +153,7 @@ config USB_ETH > config USB_ETH_RNDIS > bool "RNDIS support" > depends on USB_ETH > + depends on BROKEN > select USB_LIBCOMPOSITE > select USB_F_RNDIS > default y > @@ -247,6 +248,7 @@ config USB_FUNCTIONFS_ETH > config USB_FUNCTIONFS_RNDIS > bool "Include configuration with RNDIS (Ethernet)" > depends on USB_FUNCTIONFS && NET > + depends on BROKEN > select USB_U_ETHER > select USB_F_RNDIS > help > @@ -427,6 +429,7 @@ config USB_G_MULTI > config USB_G_MULTI_RNDIS > bool "RNDIS + CDC Serial + Storage configuration" > depends on USB_G_MULTI > + depends on BROKEN > select USB_F_RNDIS > default y > help > -- > 2.38.1 > Maciej =C5=BBenczykowski, Kernel Networking Developer @ Google