<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 11/21/2011 07:25 PM, Abhijit Pawar wrote:
<blockquote cite="mid:4ECA5841.8020208@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
On 11/18/2011 09:05 PM, Abhijit Pawar wrote:
<blockquote cite="mid:4EC67B54.1010102@gmail.com" type="cite">On
11/18/2011 08:16 PM, Greg KH wrote: <br>
<blockquote type="cite">On Fri, Nov 18, 2011 at 06:36:18PM
+0530, Abhijit Pawar wrote: <br>
<blockquote type="cite">On 11/17/2011 08:19 PM, Greg KH wrote:
<br>
<blockquote type="cite">On Thu, Nov 17, 2011 at 02:15:35PM
+0530, Abhijit Pawar wrote: <br>
<blockquote type="cite">Hi All, <br>
I need to filter the data written/read to and from the
USB storage <br>
disk. <br>
</blockquote>
Why? <br>
</blockquote>
I want to build a secure machine with data protection. I
want to <br>
have a security around the machine where anyone can attach a
usb <br>
disk and copy the data. but i want to make the copied data
useless <br>
unless it has the trust relation with the host to which its
<br>
connected. <br>
So if one has copied data from one secured machine and get
that usb <br>
disk to other machine, he should see the encrypted garbage
data. <br>
</blockquote>
Interesting idea. <br>
<br>
<blockquote type="cite">
<blockquote type="cite">What are you wanting to do at
"filter" time? <br>
</blockquote>
I want to encrypt the write data packets and decrypt the
read data packets. <br>
<blockquote type="cite">Why just USB disks? What makes them
special? <br>
</blockquote>
They are the one which can be attached to the system easily.
<br>
<blockquote type="cite">How are you going to determine if a
disk is a USB device or not? <br>
</blockquote>
</blockquote>
You forgot to answer this question :) <br>
</blockquote>
Yeah, I forgot that one. I am not very sure but if I can patch
the USB core before it attaches the speficied class driver to
the USB device. May be I can try and send some control request
and get the class of the device. I think its not required as
USB core itself will understand the class of the device and try
to attach the proper driver. At this point of time, I will have
some patch which will pass on the information to my module. <br>
I am not sure if there are any intercepting points or any
functions / structures exported in the USB core stack. <br>
</blockquote>
<br>
It seems that the Linux notification chain should give me
information whenever a USB device is added. I need to register for
a notification callback in my module.<br>
<br>
I have written a small module for this which uses the
usb_register_notify()<br>
<br>
Here is the debug trace from kernel when I add my logitech mouse
to the system. I get the device added notification.<br>
<br>
<br>
[30540.541134] usb 2-1.3: New USB device found, idVendor=046d,
idProduct=c018<br>
[30540.541143] usb 2-1.3: New USB device strings: Mfr=1,
Product=2, SerialNumber=0<br>
[30540.541150] usb 2-1.3: Product: USB Optical Mouse<br>
[30540.541155] usb 2-1.3: Manufacturer: Logitech<br>
[30540.541162] device: '2-1.3': device_add<br>
[30540.541172] kobject: '2-1.3' (ffff8800252b0898):
kobject_add_internal: parent: '2-1', set: 'devices'<br>
[30540.549243] bus: 'usb': add device 2-1.3<br>
[30540.549324] PM: Adding info for usb:2-1.3<br>
[30540.549372] kobject: '2-1.3' (ffff8800252b0898):
kobject_uevent_env<br>
[30540.549384] kobject: '2-1.3' (ffff8800252b0898):
fill_kobj_path: path =
'/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3'<br>
[30540.549473] bus: 'usb': driver_probe_device: matched device
2-1.3 with driver usb<br>
[30540.549482] bus: 'usb': really_probe: probing driver usb with
device 2-1.3<br>
[30540.549512] usb 2-1.3: rpm_resume flags 0x4<br>
[30540.549518] usb 2-1.3: rpm_resume returns 1<br>
[30540.550214] device: '2-1.3:1.0': device_add<br>
[30540.550232] kobject: '2-1.3:1.0' (ffff880100648040):
kobject_add_internal: parent: '2-1.3', set: 'devices'<br>
[30540.550553] bus: 'usb': add device 2-1.3:1.0<br>
[30540.550643] PM: Adding info for usb:2-1.3:1.0<br>
[30540.550661] kobject: '2-1.3:1.0' (ffff880100648040):
kobject_uevent_env<br>
[30540.550678] kobject: '2-1.3:1.0' (ffff880100648040):
fill_kobj_path: path =
'/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3:1.0'<br>
[30540.550905] bus: 'usb': driver_probe_device: matched device
2-1.3:1.0 with driver usbserial_generic<br>
[30540.550923] bus: 'usb': really_probe: probing driver
usbserial_generic with device 2-1.3:1.0<br>
[30540.551178] usb 2-1.3: rpm_resume flags 0x4<br>
[30540.551189] usb 2-1.3: rpm_resume returns 1<br>
[30540.551458] bus: 'usb': driver_probe_device: matched device
2-1.3:1.0 with driver usbhid<br>
[30540.551473] bus: 'usb': really_probe: probing driver usbhid
with device 2-1.3:1.0<br>
[30540.551513] usb 2-1.3: rpm_resume flags 0x4<br>
[30540.551523] usb 2-1.3: rpm_resume returns 1<br>
[30540.552922] device: '0003:046D:C018.0002': device_add<br>
[30540.552939] kobject: '0003:046D:C018.0002' (ffff88012b5b9898):
kobject_add_internal: parent: '2-1.3:1.0', set: 'devices'<br>
[30540.552981] bus: 'hid': add device 0003:046D:C018.0002<br>
[30540.553143] PM: Adding info for hid:0003:046D:C018.0002<br>
[30540.553159] kobject: '0003:046D:C018.0002' (ffff88012b5b9898):
kobject_uevent_env<br>
[30540.553176] kobject: '0003:046D:C018.0002' (ffff88012b5b9898):
fill_kobj_path: path =
'/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3:1.0/0003:046D:C018.0002'<br>
[30540.553352] bus: 'hid': driver_probe_device: matched device
0003:046D:C018.0002 with driver generic-usb<br>
[30540.553369] bus: 'hid': really_probe: probing driver
generic-usb with device 0003:046D:C018.0002<br>
[30540.555608] device: 'input17': device_add<br>
[30540.555628] kobject: 'input' (ffff8800619af5a0):
kobject_add_internal: parent: '2-1.3:1.0', set: '(null)'<br>
[30540.555677] kobject: 'input17' (ffff8800252b5b58):
kobject_add_internal: parent: 'input', set: 'devices'<br>
[30540.555879] PM: Adding info for No Bus:input17<br>
[30540.555888] kobject: 'input17' (ffff8800252b5b58):
kobject_uevent_env<br>
[30540.555899] kobject: 'input17' (ffff8800252b5b58):
fill_kobj_path: path =
'/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3:1.0/input/input17'<br>
[30540.556072] kobject: 'input17' (ffff8800252b5b58):
fill_kobj_path: path =
'/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3:1.0/input/input17'<br>
[30540.556087] input: Logitech USB Optical Mouse as
/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3:1.0/input/input17<br>
[30540.556140] device: 'mouse0': device_add<br>
[30540.556153] kobject: 'mouse0' (ffff8800252b41b8):
kobject_add_internal: parent: 'input17', set: 'devices'<br>
[30540.556907] PM: Adding info for No Bus:mouse0<br>
[30540.556924] kobject: 'mouse0' (ffff8800252b41b8):
kobject_uevent_env<br>
[30540.556940] kobject: 'mouse0' (ffff8800252b41b8):
fill_kobj_path: path =
'/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3:1.0/input/input17/mouse0'<br>
[30540.557125] device: 'event6': device_add<br>
[30540.557139] kobject: 'event6' (ffff8800252b21c0):
kobject_add_internal: parent: 'input17', set: 'devices'<br>
[30540.558939] PM: Adding info for No Bus:event6<br>
[30540.558953] kobject: 'event6' (ffff8800252b21c0):
kobject_uevent_env<br>
[30540.558969] kobject: 'event6' (ffff8800252b21c0):
fill_kobj_path: path =
'/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3:1.0/input/input17/event6'<br>
[30540.559198] device: 'hidraw0': device_add<br>
[30540.559221] kobject: 'hidraw' (ffff8800619afa20):
kobject_add_internal: parent: '0003:046D:C018.0002', set: '(null)'<br>
[30540.559252] kobject: 'hidraw0' (ffff88012bfbc810):
kobject_add_internal: parent: 'hidraw', set: 'devices'<br>
[30540.559281] usbhid 2-1.3:1.0: rpm_resume flags 0x4<br>
[30540.559293] usbhid 2-1.3:1.0: rpm_resume returns 1<br>
[30540.559655] PM: Adding info for No Bus:hidraw0<br>
[30540.559670] kobject: 'hidraw0' (ffff88012bfbc810):
kobject_uevent_env<br>
[30540.559687] kobject: 'hidraw0' (ffff88012bfbc810):
fill_kobj_path: path =
'/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/2-1.3:1.0/0003:046D:C018.0002/hidraw/hidraw0'<br>
[30540.559805] generic-usb 0003:046D:C018.0002: input,hidraw0: USB
HID v1.11 Mouse [Logitech USB Optical Mouse] on
usb-0000:00:1d.0-1.3/input0<br>
[30540.559820] driver: '0003:046D:C018.0002': driver_bound: bound
to device 'generic-usb'<br>
[30540.559833] bus: 'hid': really_probe: bound device
0003:046D:C018.0002 to driver generic-usb<br>
[30540.559859] driver: '2-1.3:1.0': driver_bound: bound to device
'usbhid'<br>
[30540.559874] bus: 'usb': really_probe: bound device 2-1.3:1.0 to
driver usbhid<br>
[30540.559892] usbhid 2-1.3:1.0: rpm_suspend flags 0x4<br>
[30540.559908] usbhid 2-1.3:1.0: rpm_suspend returns 0<br>
[30540.559939] device: 'ep_81': device_add<br>
[30540.559950] kobject: 'ep_81' (ffff88009613f820):
kobject_add_internal: parent: '2-1.3:1.0', set: 'devices'<br>
[30540.560175] PM: Adding info for No Bus:ep_81<br>
[30540.560189] kobject: 'ep_81' (ffff88009613f820):
kobject_uevent_env<br>
[30540.560198] kobject: 'ep_81' (ffff88009613f820):
kobject_uevent_env: filter function caused the event to drop!<br>
<big>[30540.561372] usb_notify_subscriber <br>
[30540.561378] usb_notify_subscriber:USB device added </big><br>
<br>
<br>
So this notification is raised when everything is done by the USB
core and it has already attached the driver to the device. In that
case I think this is not that important and will not solve the
purpose which I am looking for.<br>
<br>
<br>
<blockquote cite="mid:4EC67B54.1010102@gmail.com" type="cite">
<blockquote type="cite"> <br>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">Now the way USB is made known to
OS is through SCSI and then <br>
respective filesystem ( mostly usbfs). <br>
</blockquote>
Not really, usbfs is only one way, and it has nothing to
do with usb <br>
disks. <br>
<br>
<blockquote type="cite">So is there any way I can
intercept this stack and have my kernel module <br>
invoked so that I will get the data. <br>
</blockquote>
Not easily. <br>
</blockquote>
Even if its hard, can you please give details of how do I
achieve this? <br>
<blockquote type="cite">
<blockquote type="cite">I have been thinking on two
approaches: <br>
<br>
1. Use VFS and write a proxy filesystem for USB device
which will filter <br>
the data. <br>
2. checking SCSI and any intercepting point. <br>
</blockquote>
Again, what are you trying to "filter"? That will
determine where you <br>
make changes. <br>
</blockquote>
thanks, greg k-h <br>
So what choice do I have now for this? <br>
</blockquote>
Lots of work, best of luck with this task, it will not be
simple or <br>
easy. <br>
<br>
greg k-h <br>
</blockquote>
Thanks. Its not that simple. I need to check the sCSI family
code as well as USB core. Also VFS may be involved. :( :) <br>
<br>
Regards, <br>
Abhijit Pawar <br>
</blockquote>
<br>
</blockquote>
Hi ,<br>
I found a rather very simple solution to the problem. Stackable
filesystem. <br>
<br>
Regards,<br>
Abhijit Pawar<br>
</body>
</html>