Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Fedora?] With recent kernel updates, USB root hubs changed ports #589

Open
genodeftest opened this issue Apr 15, 2023 · 0 comments
Open

Comments

@genodeftest
Copy link
Contributor

With recent kernels (at least on Fedora), I have seen the USB root hubs change ports. If you have DeviceRulesWithPort=true (not the default) set in usbguard-daemon.conf, your USB root hubs will be disabled after rebooting to newer kernels.

Steps I followed

  1. Have DeviceRulesWithPort=true (not the default) set in usbguard-daemon.conf
  2. Update from kernel 6.2.7 to a newer version (tested with 6.2.8 and 6.2.9)
  3. Reboot

What happens

Unable to use any USB root hub. If you have no other means (e.g. non-USB keyboard or SSH) to modify USBGuard configuration, you are locked out of your computer. It feels as if the login screen was frozen, but it is the USB devices (mouse, keyboard) not working.

On a technical level: The USB root hubs (EHCI Host Controller or xHCI Host Controller) get different ports assigned. The value of via-port changes between kernel versions, e.g. from usb1 to usb2 or vice versa.

What should happen

I'm not entirely sure as I think that this is intended behavior. One could discuss whether it makes sense to have the ports of USB root hubs (via-port) stored or not as this order is probably defined by software (kernel) only. This order might even be inconsistent between kernel sessions (reboots), as it might depend on timing, i.e., be non-deterministic.

Workarounds

I found workarounds while keeping the non-default setting DeviceRulesWithPort=true.

Option 1: Reboot into your older kernel

  1. Boot with older kernel (from grub menu)
  2. Open /etc/usbguard/rules.conf as root
  3. Remove via-port "usb[N]" from your host controllers, with N being any number
  4. Reboot into newer kernel

Option 2: Use a live media

(More complicated, will not list detailed steps here). Reboot into live media of your linux distribution, chroot into the filesystem and modify settings in usbguard-daemon.conf to allow all USB devices. Then reboot into your regular system and set up USBGuard again.

Affected software versions

Additional information

This issue may or may not be specific to Fedora's linux kernels as they are doing some patching. See Fedora 37's linux kernel changelog for details on the changes.

I have seen this issue on 2 different devices (different hardware, rather old devices), both running Fedora 37.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant