[MODERATED] Re: [PATCH v6 39/43] MDSv6

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andi Kleen <ak@linux.intel.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: [PATCH v6 39/43] MDSv6
Date: Mon, 25 Feb 2019 09:05:03 -0800	[thread overview]
Message-ID: <20190225170503.GU16922@tassilo.jf.intel.com> (raw)
In-Reply-To: <20190225164729.GA10883@kroah.com>

On Mon, Feb 25, 2019 at 05:47:29PM +0100, speck for Greg KH wrote:
> On Mon, Feb 25, 2019 at 08:28:25AM -0800, speck for Andi Kleen wrote:
> > > > Instead of marking all the USB interrupts and timers as clear cpu
> > > > only clear it when the user data touching actually happens.
> > > 
> > > Um, almost all irqs here _do_ receive data across the wire, and your
> > > patch shows this happening.  The text here is all wrong.
> > 
> > Just to be clear touching here it means "access with the CPU"
> > especially copying. Just manipulating data addresses is fine.
> > 
> > 
> > > Also, why are you classifying USB data as "user data"?  It's coming from
> > > some random piece of hardware.  I don't see a definition of what you are
> > > calling "user data" anywhere in this patchset, did I miss that
> > > somewhere?
> > 
> > user data includes IO data (but not metadata)
> 
> What is "metadata" when you are dealing with a stream of scsi data over
> a random physical layer?

Anything that's not the user visible data on disk.

(ok perhaps checksums too, but I didn't find any driver that handles those)

> 
> > USB could be key presses (e.g. your password) or mouse movements or block IO data
> > 
> > These are all considered sensitive.
> 
> So, all USB data is sensitive, great, document that crazyness!  What
> about thunderbolt data?  Unipro data?  amba bus data?

Only the payloads, not the metadata.

> Do you care about the physical layer (USB, unipro, amba, thunderbolt),
> or do you care about the "class" of data (keyboard, block, input, hid,
> camera)?  Right now you seem to be mixing the two up in horridly complex
> ways that is guaranteed to drive you, and us, crazy.

Please just use your common sense, on't play the lawyer.

Would an attacker care about e.g. a sequence number or flags bit in some 
USB header? Likely no.

Would an attacker care about the keypress containing parts of your password?
Yes

So we're trying to protect that part.

I'm trying to define a model that is secure enough, but still 
implementable. 

If everyone thinks we should just go with mds=full I'm happy 
to drop these patches. It certainly makes everything a lot simpler!
It's not that I like doing all of this personally.

But as long as people think the performance
benefits of the lazy approach are needed, we'll need some model
like this, and some variant of these patches.


-Andi

next prev parent reply	other threads:[~2019-02-25 17:05 UTC|newest]

Thread overview: 68+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-24 15:07 [MODERATED] [PATCH v6 00/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 01/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 02/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 03/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 04/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 05/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 06/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 07/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 08/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 09/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 10/43] MDSv6 Andi Kleen
2019-02-25 16:11   ` [MODERATED] " Greg KH
2019-02-25 16:42     ` Andi Kleen
2019-02-25 16:30   ` Greg KH
2019-02-25 16:41     ` [MODERATED] Encrypted Message Jon Masters
2019-02-25 16:58     ` [MODERATED] Re: [PATCH v6 10/43] MDSv6 Andi Kleen
2019-02-25 17:18   ` Dave Hansen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 11/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 12/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 13/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 14/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 15/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 16/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 17/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 18/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 19/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 20/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 21/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 22/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 23/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 24/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 25/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 26/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 27/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 28/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 29/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 30/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 31/43] MDSv6 Andi Kleen
2019-02-25 15:19   ` [MODERATED] " Greg KH
2019-02-25 15:34     ` Andi Kleen
2019-02-25 15:49       ` Greg KH
2019-02-25 15:52         ` [MODERATED] Encrypted Message Jon Masters
2019-02-25 16:00           ` [MODERATED] " Greg KH
2019-02-25 16:19             ` [MODERATED] " Jon Masters
2019-02-25 16:19         ` [MODERATED] Re: [PATCH v6 31/43] MDSv6 Andi Kleen
2019-02-25 16:24         ` mark gross
2019-02-25 16:24         ` Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 32/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 33/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 34/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 35/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [FROZEN] [PATCH v6 36/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 37/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 38/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 39/43] MDSv6 Andi Kleen
2019-02-25 15:26   ` [MODERATED] " Greg KH
2019-02-25 16:28     ` Andi Kleen
2019-02-25 16:47       ` Greg KH
2019-02-25 17:05         ` Andi Kleen [this message]
2019-02-25 17:49           ` Greg KH
2019-02-25 18:10             ` Andi Kleen
2019-02-25 20:11               ` Greg KH
2019-02-25 21:00                 ` Greg KH
2019-02-25 21:19                 ` Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 40/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 41/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 42/43] MDSv6 Andi Kleen
2019-02-24 15:07 ` [MODERATED] [PATCH v6 43/43] MDSv6 Andi Kleen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190225170503.GU16922@tassilo.jf.intel.com \
    --to=ak@linux.intel.com \
    --cc=speck@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.