lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCETrXY90YAXA9-GLc0EowmRCtWZzh8br8seiqrzOkmNn8_Hw@mail.gmail.com>
Date:	Wed, 29 Oct 2014 16:55:57 -0700
From:	Andy Lutomirski <luto@...capital.net>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	Jiri Kosina <jkosina@...e.cz>,
	Linux API <linux-api@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	John Stultz <john.stultz@...aro.org>,
	Arnd Bergmann <arnd@...db.de>, Tejun Heo <tj@...nel.org>,
	Marcel Holtmann <marcel@...tmann.org>,
	Ryan Lortie <desrt@...rt.ca>,
	Bastien Nocera <hadess@...ess.net>,
	David Herrmann <dh.herrmann@...il.com>,
	Djalal Harouni <tixxdz@...ndz.org>,
	Simon McVittie <simon.mcvittie@...labora.co.uk>,
	daniel@...que.org, alban.crequy@...labora.co.uk,
	Javier Martinez Canillas <javier.martinez@...labora.co.uk>,
	Tom Gundersen <teg@...m.no>
Subject: Re: [PATCH 00/12] Add kdbus implementation

On Wed, Oct 29, 2014 at 4:40 PM, Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
> On Thu, Oct 30, 2014 at 12:24:02AM +0100, Jiri Kosina wrote:
>> On Wed, 29 Oct 2014, Greg Kroah-Hartman wrote:
>>
>> > > > kdbus is a kernel-level IPC implementation that aims for resemblance to
>> > > > the the protocol layer with the existing userspace D-Bus daemon while
>> > > > enabling some features that couldn't be implemented before in userspace.
>> > >
>> > > I'd be interested in the features that can't be implemented in userspace
>> > > (and therefore would justify existence of kdbus in the kernel). Could you
>> > > please point me to such list / documentation?
>> >
>> > Lennart has given whole talks about this in the past, here's a recent
>> > talk going into the details:
>> >     https://www.youtube.com/watch?v=HPbQzm_iz_k
>>
>> I think it's a reasonable expectation that kernel patch submissions should
>> be reasonably self-contained though. We've always been very strict about
>> pushing everybody to provide extensive cover letters, changelogs and
>> explanations, so this shouldn't really be an exception, I think.
>
> There is a 1815 line documentation file in this series, so we aren't
> trying to not provide this type of information here at all.  But yes,
> more background, about why this can't be done in userspace (zero copy,
> less context switches, proper credential passing, timestamping, availble
> at early-boot, LSM hooks for security models to tie into, race-free
> interfaces, container/namespace support, etc.) should be added to the
> docs as well.

It's worth noting that:

 - Proper credential passing could be added to UNIX sockets, and we
may want to do that anyway.  Also, the current kdbus semantics seem to
be "spew lots of credentials and other miscellaneous
potentially-sensitive and sometime spoofable information all over the
place", which isn't obviously an improvement.  (This is fixable, but
it will almost certainly not be compatible with current systemd kdbus
code if fixed.)

 - The current kdbus patches seem to be worse than UNIX sockets from a
namespace perspective, but maybe I'm misunderstanding how it's
supposed to work.  UNIX sockets work quite nicely in containers.

 - There's an obvious interface to add timestamping to UNIX sockets
(it could work exactly the way it does for UDP / PTP).

 - I'm unconvinced by this performance argument without numbers.  The
kdbus credential code, at least, looks to be quite heavy on allocation
and atomics.  This isn't to say that the current userspace D-Bus
daemon doesn't also serialize everything, but it could be made
multithreaded.

 - Race-free?  What are the races that are inherent to UNIX sockets?

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ