Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp68265rwp; Wed, 12 Jul 2023 09:46:52 -0700 (PDT) X-Google-Smtp-Source: APBJJlFjUO9Ha8wLBoVqjfUklCVvmVdbHUlI7TftSJaFtaayLTWuLm7FNtUdPUBUZtuXvvOGoC4G X-Received: by 2002:a2e:990f:0:b0:2b7:1c0f:f215 with SMTP id v15-20020a2e990f000000b002b71c0ff215mr10771191lji.2.1689180412146; Wed, 12 Jul 2023 09:46:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689180412; cv=none; d=google.com; s=arc-20160816; b=tjqsy3QPcuM25sfReMAiLFqtbE6ucux859bBaeQEmrj9gJfYkwdXuhCsuaoPA0zp6/ 55/M+0Qq5h1cHtqg+GYDc9oVqd92KAXnr9jeNQSRnF6eOSwen0KYTx89bAVYNCqa+XOw yjsQcV64UGMchhlKYXOk4ST9PfefkSZRWR3OJeUgnjtPqnj+xfyDB/0AMCr0Ij4wtt/3 yNRrFc02zikELpWHctr+tkYxXlGae21LhuN8cjKOJ1IN0C5NkbbPTXOuo4ogoPVxY5Zy a+YLix2DaJMTyFVrGd5qlNiok3Lpxmfx81+VjhPpI329Q15sOkwC7nnE17iZnDerpSVJ Q/cQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=EQYVI80CPNATjzB+ABNM7qqke7u45syV78HPPEO55ns=; fh=3IDe/joxMuc8fpr3HKJhd1jTxEekt5jKnr+TookX9Ug=; b=ASx/l5f0R5e2Rf/W4Oy2qhS9Oj7ZCEKchKJ0AAfwSVxyOGkm0zLvGEvAzm/oOyNrzc 8sjaT8s5fq1mIhbnsjLg8hyDGpbQ/3V9489RCGQaYwIGY6qQN2VkAboULlanBkllHVBb MWW2xRTcwkc2zQ6brBevkRBO4zgupuwECF0zWJBPHuV/Kykd9IOOHmUzfz18bGewGx7O FtTxp+5oVT0az8cAoXOYYLABw30QtsXdO/SP5GQeP04Ihus1P3YoqCQ6Pi0whCiI6vxm cWgyBog00FfYWSDjm6U73f7JrsRy5R2eC0Esw2amAMnYBZ/vEgh45Sq8QdPWzDTmZkgH oczA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=IqVy6+MB; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k13-20020a170906680d00b00992a0966793si4680111ejr.814.2023.07.12.09.46.32; Wed, 12 Jul 2023 09:46:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=IqVy6+MB; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232201AbjGLQj1 (ORCPT + 60 others); Wed, 12 Jul 2023 12:39:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230233AbjGLQj0 (ORCPT ); Wed, 12 Jul 2023 12:39:26 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F03A4106; Wed, 12 Jul 2023 09:39:25 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8DF7D6182F; Wed, 12 Jul 2023 16:39:25 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 717BEC433C9; Wed, 12 Jul 2023 16:39:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1689179965; bh=k8GGEKyGtTizvlzKcz2cYIOJibPG0QzEDyGItCmD5oA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=IqVy6+MBRaLQ+CT6RhF906zPEzT8zIKMMLX/+a9OvH90uVauwYkj+cLy4okFWihWG fSrphTswhdn1M5Q3GYr38bF0CjKCeKjqDs4mwsDtFG+bPbdVwVFGh6p1KgvFxqRf7u 6eudH1Atx5XQEDROI32UWKIrCV4dA7JTEhxk+6T4= Date: Wed, 12 Jul 2023 18:39:22 +0200 From: Greg Kroah-Hartman To: Johannes Berg Cc: Oliver Neukum , Enrico Mioso , Jan Engelhardt , linux-kernel@vger.kernel.org, "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Kalle Valo , Oleksij Rempel , Maciej =?utf-8?Q?=C5=BBenczykowski?= , Neil Armstrong , Mauro Carvalho Chehab , Andrzej Pietrasiewicz , Jacopo Mondi , =?utf-8?Q?=C5=81ukasz?= Stelmach , Laurent Pinchart , linux-usb@vger.kernel.org, netdev@vger.kernel.org, linux-wireless@vger.kernel.org, Ilja Van Sprundel , Joseph Tartaro Subject: Re: [PATCH] USB: disable all RNDIS protocol drivers Message-ID: <2023071222-asleep-vacancy-4cfa@gregkh> References: <20221123124620.1387499-1-gregkh@linuxfoundation.org> <2023070430-fragment-remember-2fdd@gregkh> <6a4a8980912380085ea628049b5e19e38bcd8e1d.camel@sipsolutions.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6a4a8980912380085ea628049b5e19e38bcd8e1d.camel@sipsolutions.net> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Wed, Jul 12, 2023 at 03:00:55PM +0200, Johannes Berg wrote: > On Wed, 2023-07-12 at 11:22 +0200, Oliver Neukum wrote: > > > > On 04.07.23 08:47, Greg Kroah-Hartman wrote: > > > On Mon, Jul 03, 2023 at 11:11:57PM +0200, Enrico Mioso wrote: > > > > Hi all!! > > > > > > > > I think the rndis_host USB driver might emit a warning in the dmesg, but disabling the driver wouldn't be a good idea. > > > > The TP-Link MR6400 V1 LTE modem and also some ZTE modems integrated in routers do use this protocol. > > > > > > > > We may also distinguish between these cases and devices you might plug in - as they pose different risk levels. > > > > > > Again, you have to fully trust the other side of an RNDIS connection, > > > any hints on how to have the kernel determine that? > > > it is a network protocol. So this statement is kind of odd. > > Are you saying that there are RNDIS messages that cannot be verified > > for some reason, that still cannot be disclosed? > > Agree, it's also just a USB device, so no special trickery with DMA, > shared buffers, etc. > > I mean, yeah, the RNDIS code is really old and almost certainly has a > severe lack of input validation, but that still doesn't mean it's > fundamentally impossible. You all are going to make me have to write some exploits aren't you... Ok, I'll put it on my todo list and do it before submitting this patch again. thanks, greg k-h