usb: Do not re-read descriptors for wired devices in usb_authorize_device()
authorJosef Gajdusek <atx@atx.name>
Thu, 9 Oct 2014 13:47:54 +0000 (15:47 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 3 Nov 2014 23:34:00 +0000 (15:34 -0800)
This patch modifies the usb_authorize_device() function such as that it does
not reload the device descriptor for wired devices. The reasons for this
are as follows:

* Some devices dislike the master requesting the descriptor from them twice,
  failing on the usb_get_device_descriptor() call with -ETIMEOUT. Observed this
  on my Pretec 16GB flash drive (4146:ba65).

* Malicious device could send two different descriptors - one before
  authorization, used by userspace to determine whether to authorize it and
  second to be actually used by the kernel when determining which drivers to
  bind.

Signed-off-by: Josef Gajdusek <atx@atx.name>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/core/hub.c

index 11e80ac..c096a1a 100644 (file)
@@ -2543,11 +2543,14 @@ int usb_authorize_device(struct usb_device *usb_dev)
                        "can't autoresume for authorization: %d\n", result);
                goto error_autoresume;
        }
-       result = usb_get_device_descriptor(usb_dev, sizeof(usb_dev->descriptor));
-       if (result < 0) {
-               dev_err(&usb_dev->dev, "can't re-read device descriptor for "
-                       "authorization: %d\n", result);
-               goto error_device_descriptor;
+
+       if (usb_dev->wusb) {
+               result = usb_get_device_descriptor(usb_dev, sizeof(usb_dev->descriptor));
+               if (result < 0) {
+                       dev_err(&usb_dev->dev, "can't re-read device descriptor for "
+                               "authorization: %d\n", result);
+                       goto error_device_descriptor;
+               }
        }
 
        usb_dev->authorized = 1;