From owner-freebsd-security@FreeBSD.ORG  Wed Oct  8 20:01:04 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 055B7D97;
 Wed,  8 Oct 2014 20:01:04 +0000 (UTC)
Received: from land.berklix.org (land.berklix.org [144.76.10.75])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 60AAA3D4;
 Wed,  8 Oct 2014 20:01:03 +0000 (UTC)
Received: from mart.js.berklix.net (p5DCBD7F1.dip0.t-ipconnect.de
 [93.203.215.241]) (authenticated bits=128)
 by land.berklix.org (8.14.5/8.14.5) with ESMTP id s98IwfxH059028;
 Wed, 8 Oct 2014 18:58:41 GMT (envelope-from jhs@berklix.com)
Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41])
 by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id s98J1aA1095608;
 Wed, 8 Oct 2014 21:01:37 +0200 (CEST) (envelope-from jhs@berklix.com)
Received: from fire.js.berklix.net (localhost [127.0.0.1])
 by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id s98J160W019899;
 Wed, 8 Oct 2014 21:01:24 +0200 (CEST) (envelope-from jhs@berklix.com)
Message-Id: <201410081901.s98J160W019899@fire.js.berklix.net>
To: Hans Petter Selasky <hps@selasky.org>
Subject: Re: BadUSB - On Accessories that Turn Evil,
 by Karsten Nohl + Jakob Lell
From: "Julian H. Stacey" <jhs@berklix.com>
Organization: http://berklix.com BSD Unix Linux Consultants, Munich Germany
User-agent: EXMH on FreeBSD http://berklix.com/free/
X-URL: http://www.berklix.com
In-reply-to: Your message "Wed, 08 Oct 2014 09:03:31 +0200."
 <5434E1C3.9090605@selasky.org>
Date: Wed, 08 Oct 2014 21:01:06 +0200
Cc: freebsd-security@freebsd.org, Poul-Henning Kamp <phk@phk.freebsd.dk>,
 freebsd-usb@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Oct 2014 20:01:04 -0000

Hans Petter Selasky wrote:
> Hi,
> 
> Can you test the following kernel patch and give some feedback:
> 
> https://svnweb.freebsd.org/changeset/base/272733
> 
> After the patch you will get something like:
> 
> hw.usb.disable_enumeration: 0
> dev.uhub.0.disable_enumeration: 0
> dev.uhub.1.disable_enumeration: 0
> ...
> 
> which is also settable through /boot/loader.conf (tunable)

Thanks, Quick work !
I downloaded, but before use,
I ran a make world as my current was maybe a week or 2 old,
I made a new generic kernel with CTM src-cur.11644.gz ie (latest
CVS as supplied by CTM)
But src/ make all failed so I ran make world, which also failed:
	-------------------
	/usr/obj/usr/src/tmp/usr/include/dev/usb/usb.h:154:16: note: forward declaration
	      of 'struct usb_device_request'
	typedef struct usb_device_request usb_device_request_t;
	               ^
	19 errors generated.
	*** Error code 1
	
	Stop.
	make[4]: stopped in /usr/src/lib/libusbhid
	-------------------

In parallel to make world I applied your patches to make & that failed:
	--------
	/sys/amd64/compile/GENERIC 
	../../../dev/usb/usbdi.h:301:5: warning: 'USB_HAVE_COMPAT_LINUX' is not defined, evaluates to 0 [-Wundef]
	#if USB_HAVE_COMPAT_LINUX
	    ^
	2 warnings generated.
	mkdep: compile failed
	*** Error code 1
	
	Stop.
	make: stopped in /usr/src/sys/amd64/compile/GENERIC
	--------
But that may be because my system is pehaps a couple of weeks old or so.

The latest generic src/ kernel booted OK 
	FreeBSD lapr.js.berklix.net 11.0-CURRENT FreeBSD 11.0-CURRENT #1: Wed Oct  8 17:26:13 CEST 2014     jhs@lapr.js.berklix.net:/usr/src/sys/amd64/compile/GENERIC  amd64
	(though I noticed a named: lock order reversal that I will ignore)

When I can get src/ to build (I'm using make -k all now :-),
I'll go back to compiling GENERIC kernel with your changeset/base/272733

Cheers,
Julian
-- 
Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com
 Indent previous with "> ".  Interleave reply paragraphs like a play script.
 Send plain text, not quoted-printable, HTML, base64, or multipart/alternative.