From bacad4b4cbe3cf7d0c4a11fe4e724b05b7c18e90 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Wed, 15 Jun 2016 06:11:48 -0400 Subject: [PATCH] add toggle for disabling newly added USB devices Based on the public grsecurity patches. Change-Id: I2cbea91b351cda7d098f4e1aa73dff1acbd23cce Signed-off-by: Daniel Micay Signed-off-by: Kevin F. Haggerty --- drivers/usb/core/hub.c | 7 +++++++ kernel/sysctl.c | 14 ++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 7fb2cf5d5bbc..943139620b74 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -111,6 +111,8 @@ struct usb_hub { void **port_owners; }; +int deny_new_usb = 0; + static inline int hub_is_superspeed(struct usb_device *hdev) { return (hdev->descriptor.bDeviceProtocol == USB_HUB_PR_SS); @@ -3648,6 +3650,11 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, return; } + if (deny_new_usb) { + dev_err(hub_dev, "denied insert of USB device on port %d\n", port1); + goto done; + } + for (i = 0; i < SET_CONFIG_TRIES; i++) { /* reallocate for each attempt, since references diff --git a/kernel/sysctl.c b/kernel/sysctl.c index e032e50941e4..d2524f10193a 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -93,6 +93,9 @@ #if defined(CONFIG_SYSCTL) /* External variables not in a header file. */ +#ifdef CONFIG_USB +extern int deny_new_usb; +#endif extern int sysctl_overcommit_memory; extern int sysctl_overcommit_ratio; extern int max_threads; @@ -722,6 +725,17 @@ static struct ctl_table kern_table[] = { .extra1 = &zero, .extra2 = &two, }, +#endif +#ifdef CONFIG_USB + { + .procname = "deny_new_usb", + .data = &deny_new_usb, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec_minmax_sysadmin, + .extra1 = &zero, + .extra2 = &one, + }, #endif { .procname = "ngroups_max",