[PATCH v2 4/6] usb: Add environment based device blocklist

E Shattow lucent at gmail.com
Sun Mar 17 22:39:36 CET 2024


Should be usb_denylist, since "block devices" is ambiguous meaning if
it is a list of data chunks (blocks) or if it blocks (deny). There is
no question what a denylist is.

On Sun, Mar 17, 2024 at 4:07 AM Janne Grunau via B4 Relay
<devnull+j.jannau.net at kernel.org> wrote:
>
> From: Janne Grunau <j at jannau.net>
>
> Add the environment variable "usb_blocklist" to prevent USB devices
> listed in it from being used. This allows to ignore devices which
> trigger bugs in u-boot's USB stack or are undesirable for other reasons.
> Devices emulating keyboards are one example. U-boot currently supports
> only one USB keyboard device. Most commonly, people run into this with
> Yubikeys, so let's ignore those in the default environment.
>
> Based on previous USB keyboard specific patches for the same purpose.
>
> Link: https://lore.kernel.org/u-boot/7ab604fb-0fec-4f5e-8708-7a3a7e2cb568@denx.de/
> Signed-off-by: Janne Grunau <j at jannau.net>
> ---
>  common/usb.c              | 56 +++++++++++++++++++++++++++++++++++++++++++++++
>  doc/usage/environment.rst | 12 ++++++++++
>  include/env_default.h     | 11 ++++++++++
>  3 files changed, 79 insertions(+)
>
> diff --git a/common/usb.c b/common/usb.c
> index 836506dcd9..73af5be066 100644
> --- a/common/usb.c
> +++ b/common/usb.c
> @@ -1084,6 +1084,57 @@ static int usb_prepare_device(struct usb_device *dev, int addr, bool do_read,
>         return 0;
>  }
>
> +static int usb_blocklist_parse_error(const char *blocklist, size_t pos)
> +{
> +       printf("usb_blocklist parse error at char %zu in \"%s\"\n", pos,
> +              blocklist);
> +       return 0;
> +}
> +
> +static int usb_device_is_blocked(u16 id_vendor, u16 id_product)
> +{
> +       ulong vid, pid;
> +       char *end;
> +       const char *block_str = env_get("usb_blocklist");
> +       const char *cur = block_str;
> +
> +       /* parse "usb_blocklist" strictly */
> +       while (cur && cur[0] != '\0') {
> +               vid = simple_strtoul(cur, &end, 0);
> +               if (cur == end || end[0] != ':')
> +                       return usb_blocklist_parse_error(block_str,
> +                                                        cur - block_str);
> +
> +               cur = end + 1;
> +               pid = simple_strtoul(cur, &end, 0);
> +               if (cur == end && end[0] != '*')
> +                       return usb_blocklist_parse_error(block_str,
> +                                                        cur - block_str);
> +
> +               if (end[0] == '*') {
> +                       /* use out of range idProduct as wildcard indication */
> +                       pid = U16_MAX + 1;
> +                       end++;
> +               }
> +               if (end[0] != ',' && end[0] != '\0')
> +                       return usb_blocklist_parse_error(block_str,
> +                                                        cur - block_str);
> +
> +               if (id_vendor == vid && (pid > U16_MAX || id_product == pid)) {
> +                       printf("Ignoring USB device 0x%x:0x%x\n",id_vendor,
> +                             id_product);
> +                       debug("Ignoring USB device 0x%x:0x%x\n",id_vendor,
> +                             id_product);
> +                       return 1;
> +               }
> +               if (end[0] == '\0')
> +                       break;
> +               cur = end + 1;
> +       }
> +
> +       return 0;
> +}
> +
>  int usb_select_config(struct usb_device *dev)
>  {
>         unsigned char *tmpbuf = NULL;
> @@ -1099,6 +1150,11 @@ int usb_select_config(struct usb_device *dev)
>         le16_to_cpus(&dev->descriptor.idProduct);
>         le16_to_cpus(&dev->descriptor.bcdDevice);
>
> +       /* ignore devices from usb_blocklist */
> +       if (usb_device_is_blocked(dev->descriptor.idVendor,
> +                                 dev->descriptor.idProduct))
> +               return -ENODEV;
> +
>         /*
>          * Kingston DT Ultimate 32GB USB 3.0 seems to be extremely sensitive
>          * about this first Get Descriptor request. If there are any other
> diff --git a/doc/usage/environment.rst b/doc/usage/environment.rst
> index ebf75fa948..e42702adb2 100644
> --- a/doc/usage/environment.rst
> +++ b/doc/usage/environment.rst
> @@ -366,6 +366,18 @@ tftpwindowsize
>      This means the count of blocks we can receive before
>      sending ack to server.
>
> +usb_blocklist
> +    Block USB devices from being bound to an USB device driver. This can be used
> +    to ignore devices which causes crashes in u-boot's USB stack or are
> +    undesirable for other reasons.
> +    The default environment blocks Yubico devices since they emulate USB
> +    keyboards. U-boot currently supports only a single USB keyboard device and
> +    it is undesirable that a Yubikey is used as keyboard.
> +    Devices are matched by idVendor and idProduct. The variable contains a comma
> +    separated list of idVendor:idProduct pairs as hexadecimal numbers joined
> +    by a colon. '*' functions as a wildcard for idProduct to block all devices
> +    with the specified idVendor.
> +
>  vlan
>      When set to a value < 4095 the traffic over
>      Ethernet is encapsulated/received over 802.1q
> diff --git a/include/env_default.h b/include/env_default.h
> index 2ca4a087d3..ba4c7516b4 100644
> --- a/include/env_default.h
> +++ b/include/env_default.h
> @@ -99,6 +99,17 @@ const char default_environment[] = {
>  #ifdef CONFIG_SYS_SOC
>         "soc="          CONFIG_SYS_SOC                  "\0"
>  #endif
> +#ifdef CONFIG_USB_HOST
> +       "usb_blocklist="
> +#ifdef CONFIG_USB_KEYBOARD
> +       /* Ignore Yubico devices. Currently only a single USB keyboard device is
> +        * supported and the emulated HID keyboard Yubikeys present is useless
> +        * as keyboard.
> +        */
> +       "0x1050:*,"
> +#endif
> +       "\0"
> +#endif
>  #ifdef CONFIG_ENV_IMPORT_FDT
>         "env_fdt_path=" CONFIG_ENV_FDT_PATH             "\0"
>  #endif
>
> --
> 2.44.0
>


More information about the U-Boot mailing list