Message ID | 20240105114956.30714-2-niko.mauno@vaisala.com |
---|---|
State | New |
Headers | show |
Series | [v2,1/2] usb: core: Amend initial authorized_default value | expand |
Hi Niko, On Fri, Jan 5, 2024 at 12:51 PM <niko.mauno@vaisala.com> wrote: > From: Niko Mauno <niko.mauno@vaisala.com> > > Make the default USB device authorization mode configurable at build > time. This is useful for systems that require a mode that is stricter > than the standard setting, as it avoids relying on the kernel command > line being properly set. > > Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Thanks for your patch, which is now commit bec7e43b162c5879 ("usb: core: Make default authorization mode configurable") in usb/usb-next. > --- a/drivers/usb/core/Kconfig > +++ b/drivers/usb/core/Kconfig > @@ -116,3 +116,20 @@ config USB_AUTOSUSPEND_DELAY > The default value Linux has always had is 2 seconds. Change > this value if you want a different delay and cannot modify > the command line or module parameter. > + > +config USB_DEFAULT_AUTHORIZATION_MODE > + int "Default authorization mode for USB devices" > + range 0 2 > + default 1 > + depends on USB > + help > + Select the default USB device authorization mode. Can be overridden > + with usbcore.authorized_default command line or module parameter. > + > + The available values have the following meanings: > + 0 is unauthorized for all devices > + 1 is authorized for all devices (default) > + 2 is authorized for internal devices > + > + If the default value is too permissive but you are unsure which mode > + to use, say 2. I'm sorry, but I don't have any clue about what to answer to this question. Usually, you are (or are not) authorized to do _something_, but the /something/ is not mentioned at all here. Can you please make this a bit more clear? Thanks! Gr{oetje,eeting}s, Geert
On 6.2.2024 16.33, Geert Uytterhoeven wrote: > On Fri, Jan 5, 2024 at 12:51 PM <niko.mauno@vaisala.com> wrote: ... >> + The available values have the following meanings: >> + 0 is unauthorized for all devices >> + 1 is authorized for all devices (default) >> + 2 is authorized for internal devices >> + >> + If the default value is too permissive but you are unsure which mode >> + to use, say 2. > > I'm sorry, but I don't have any clue about what to answer to this question. > Usually, you are (or are not) authorized to do _something_, but the > /something/ is not mentioned at all here. > Can you please make this a bit more clear? > Thanks! Thanks, submitted v3 which is hopefully better in this respect. -Niko
diff --git a/drivers/usb/core/Kconfig b/drivers/usb/core/Kconfig index 351ede4b5de2..f337aaea7604 100644 --- a/drivers/usb/core/Kconfig +++ b/drivers/usb/core/Kconfig @@ -116,3 +116,20 @@ config USB_AUTOSUSPEND_DELAY The default value Linux has always had is 2 seconds. Change this value if you want a different delay and cannot modify the command line or module parameter. + +config USB_DEFAULT_AUTHORIZATION_MODE + int "Default authorization mode for USB devices" + range 0 2 + default 1 + depends on USB + help + Select the default USB device authorization mode. Can be overridden + with usbcore.authorized_default command line or module parameter. + + The available values have the following meanings: + 0 is unauthorized for all devices + 1 is authorized for all devices (default) + 2 is authorized for internal devices + + If the default value is too permissive but you are unsure which mode + to use, say 2. diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c index 9aa5e6bf9b9d..d56597dc7d42 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -357,7 +357,7 @@ static const u8 ss_rh_config_descriptor[] = { #define USB_AUTHORIZE_ALL 1 #define USB_AUTHORIZE_INTERNAL 2 -static int authorized_default = USB_AUTHORIZE_ALL; +static int authorized_default = CONFIG_USB_DEFAULT_AUTHORIZATION_MODE; module_param(authorized_default, int, S_IRUGO|S_IWUSR); MODULE_PARM_DESC(authorized_default, "Default USB device authorization: 0 is not authorized, 1 is authorized (default), 2 is authorized for internal devices, -1 is authorized (same as 1)");