From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 25 Feb 2019 16:19:35 -0000 Received: from mga03.intel.com ([134.134.136.65]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gyIya-0001Xy-Ur for speck@linutronix.de; Mon, 25 Feb 2019 17:19:33 +0100 Date: Mon, 25 Feb 2019 08:19:29 -0800 From: Andi Kleen Subject: [MODERATED] Re: [PATCH v6 31/43] MDSv6 Message-ID: <20190225161929.GP16922@tassilo.jf.intel.com> References: <8d04705a73208de4bb4a4062bf3d977b5ee5c5f4.1551019522.git.ak@linux.intel.com> <20190225151935.GA19947@kroah.com> <20190225153411.GO16922@tassilo.jf.intel.com> <20190225154935.GA17057@kroah.com> MIME-Version: 1.0 In-Reply-To: <20190225154935.GA17057@kroah.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: > Then why are you messing around with the usbmon callback? It has > nothing to do with anything here. By hooking it here, you now have 2 > calls to this function on the USB urb callback path. Ok so where should it be hooked instead? > The fact that a root process happens to be watching the USB data flowing > through the system, or not, should have no affect on anything here, as > the data flow is still the same (with the exception an extra copy in the > irq could happen). My impression was that the usbmon copy is the only copy in interrupt context? Was that wrong? If there's another copy in interrupt context yes it would need to be instrumented too. > As I asked with the hcd change, what is "user data"? Here's the latest definition from clearcpu.txt In this case I assume it includes non header data, so would need to be protected. User data is sensitive, but only for other processes. User data is anything in the user address space, or data buffers directly copied from/to the user (e.g. read/write). It does not include metadata, or flag settings. For example packet headers or file names are not sensitive in this model. Block IO data (but not meta data) is sensitive. We consider data from input devices (such as key presses) sensitive. We also consider sound data or terminal data sensitive. -Andi