drivers: usb: add toggle for disabling newly added USB devices
Based on the public grsecurity patches. Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
This commit is contained in:
parent
9b8f55709b
commit
27a7d44ba5
2 changed files with 22 additions and 0 deletions
|
@ -52,6 +52,8 @@
|
|||
#define USB_TP_TRANSMISSION_DELAY_MAX 65535 /* ns */
|
||||
#define USB_PING_RESPONSE_TIME 400 /* ns */
|
||||
|
||||
extern int deny_new_usb;
|
||||
|
||||
/* Protect struct usb_device->state and ->children members
|
||||
* Note: Both are also protected by ->dev.sem, except that ->state can
|
||||
* change to USB_STATE_NOTATTACHED even when the semaphore isn't held. */
|
||||
|
@ -5368,6 +5370,11 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
|
|||
if (unreliable_port == port1)
|
||||
unreliable_port = -1;
|
||||
|
||||
if (deny_new_usb) {
|
||||
dev_err(&port_dev->dev, "denied insert of USB device on port %d\n", port1);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (hub_is_superspeed(hub->hdev))
|
||||
unit_load = 150;
|
||||
else
|
||||
|
|
|
@ -112,6 +112,10 @@
|
|||
|
||||
/* External variables not in a header file. */
|
||||
extern int extra_free_kbytes;
|
||||
#if IS_ENABLED(CONFIG_USB)
|
||||
int deny_new_usb __read_mostly = 0;
|
||||
EXPORT_SYMBOL(deny_new_usb);
|
||||
#endif
|
||||
|
||||
/* Constants used for minimum and maximum */
|
||||
#ifdef CONFIG_LOCKUP_DETECTOR
|
||||
|
@ -2353,6 +2357,17 @@ static struct ctl_table kern_table[] = {
|
|||
.extra1 = SYSCTL_ZERO,
|
||||
.extra2 = SYSCTL_TWO,
|
||||
},
|
||||
#endif
|
||||
#if IS_ENABLED(CONFIG_USB)
|
||||
{
|
||||
.procname = "deny_new_usb",
|
||||
.data = &deny_new_usb,
|
||||
.maxlen = sizeof(int),
|
||||
.mode = 0644,
|
||||
.proc_handler = proc_dointvec_minmax_sysadmin,
|
||||
.extra1 = SYSCTL_ZERO,
|
||||
.extra2 = SYSCTL_ONE,
|
||||
},
|
||||
#endif
|
||||
{
|
||||
.procname = "ngroups_max",
|
||||
|
|
Loading…
Add table
Reference in a new issue