Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754061AbbGAScn (ORCPT ); Wed, 1 Jul 2015 14:32:43 -0400 Received: from mail.codeweavers.com ([216.251.189.131]:37558 "EHLO mail.codeweavers.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753463AbbGASbt (ORCPT ); Wed, 1 Jul 2015 14:31:49 -0400 Message-ID: <55943213.6040901@codeweavers.com> Date: Wed, 01 Jul 2015 13:31:47 -0500 From: Jeremy White User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.7.0 MIME-Version: 1.0 To: "Daniel P. Berrange" CC: hdegoede@redhat.com, spice-devel@lists.freedesktop.org, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [Spice-devel] [RFC PATCH 1/1] Add a usbredir kernel module to remotely connect USB devices over IP. References: <1435700650-640-1-git-send-email-jwhite@codeweavers.com> <1435700650-640-2-git-send-email-jwhite@codeweavers.com> <20150701090619.GB16822@redhat.com> In-Reply-To: <20150701090619.GB16822@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2555 Lines: 55 > Assuming that's correct, then this seems to imply that the socket has raw > plain text data being sent/received, and thus precludes the possibility > of running any security protocol like TLS unless the kernel wants to have > an impl of the TLS protocol. Good point. For completeness, I'll note that, in a Spice use case, the data would be encrypted by the normal Spice mechanisms. And it would be fairly straight forward to write a user space daemon that would accept TLS and then relay to the unencrypted socket (of course, it would rewrite everything, which would be inefficient). > > I don't really think it is sensible to be defining & implementing new > network services which can't support strong encryption and authentication. > Rather than passing the file descriptor to the kernel and having it do > the I/O directly, I think it would be better to dissassociate the kernel > from the network transport, and thus leave all sockets layer data I/O > to userspace daemons so they can layer in TLS or SASL or whatever else > is appropriate for the security need. And that would also eliminate the need to copy the parsing code, which would be a nice improvement. I considered this approach, but discarded it, perhaps wrongly, when my google fu suggested that netlink sockets were the best way to connect user space and a kernel module. (Because I perceived netlink sockets to be functionally equivalent to the relay daemon described, above). >From the user space perspective, the usbredir parser has an interface that exposes about 20 callback functions, which are invoked with pointers to a variety of structures. The ideal would be to have a mechanism to 'call into' kernel space with those varying interfaces. Would using ioctls be a reasonable way to achieve this? Is there a better way? In the other direction, the usbredir hc provides a range of functions; I think most interesting are the urb en/dequeue, hub control, and hub status calls. Some of that can be handled in the driver; some would need to be passed on to user space. My google fu did not lead me to an obvious way to pass this information to user space. The approach that comes to mind is to use a signal, or woken socket, to instruct user space to poll. I'd appreciate further comments and advice. Cheers, Jeremy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/