| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Oct 2012 10:41:06 +0900 From: Tejun Heo <tj@...nel.org> To: Kent Overstreet <koverstreet@...gle.com> Cc: Zach Brown <zab@...bo.net>, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, tytso@...gle.com, Dave Kleikamp <dave.kleikamp@...cle.com>, Dmitry Monakhov <dmonakhov@...nvz.org>, "Maxim V. Patlasov" <mpatlasov@...allels.com>, michael.mesnier@...el.com, jeffrey.d.skirvin@...el.com, Martin Petersen <martin.petersen@...cle.com> Subject: Re: [RFC, PATCH] Extensible AIO interface Hello, Kent. On Tue, Oct 02, 2012 at 02:41:13PM -0700, Kent Overstreet wrote: > Seems to me it'd be no different from security considerations when > introducing new ioctls. I.e., messy, ad hoc, easy to get wrong, but > sometimes no way around it. > > It really has to be ad hoc if it's extensible, unfortunately. > > The only way of getting around _that_ would be with some kind of > reflective type system, so that generic code could parse (in some > fashion) the types of the various attributes, and for pointers copy the > user data into the kernel and do whatever access controls in generic > code. I'm not userland API expert by any stretch of imagination but the basic mechanism to pass data around seems sane to me and aio as stinky as it is seems to be the only logical stuff for IOs w/ extra attributes although alignment is always painful with any form of concatenated opaque structures. However, I don't think it's a good idea to try to implement something which is a neutral transport of opaque data between userland and lower layers. Things like that sound attractive with unlimited possibilities but reality seems to have the tendancy to make a big mess out of setups like that. So, if we're gonna do this, let's define what attributes we want to have and let them be processed at the interface layer and fed to lower layers afterwards - e.g. for cgroup context association, associate the resulting bios with the target cgroup from the aio layer. I'm quite skeptical of general usefulness of having opaque knobs to lower IO stack which don't have proper generic abstraction. Nobody can make proper use of things like that. Well, not nobody, maybe if the lower stack, the interface and the application are implemented by a single organization over relatively short span of time, maybe it would be useful for them, but that isn't something which generic interface design should focus on. It's okay to allow some side channel thing for specific hacky uses but I really hope the general design were focused around properly abstracted attributes which can be understood and handled by the upper layer. Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists