lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1614878018-23278-1-git-send-email-sergei.shtepa@veeam.com>
Date:   Thu, 4 Mar 2021 20:13:37 +0300
From:   Sergei Shtepa <sergei.shtepa@...am.com>
To:     <snitzer@...hat.com>, <agk@...hat.com>, <hare@...e.de>,
        <dm-devel@...hat.com>, <linux-block@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>
CC:     <sergei.shtepa@...am.com>, <pavel.tide@...am.com>
Subject: [PATCH 0/1] device filter

Hi all.

I would like to discuss the idea of further extending the functionality
of device mapper and suggest the concept of device filters (DF).

The DM creates new block devices based on existing ones.
DF will not create new devices. Using blk_interposer, DF will intercept
bio requests, perform additional processing, and then pass (or skip)
the original request.

By analogy with the way DM implements various mapping algorithms through
additional modules, so DF will be the basis for the work of modules that
implement their own filtering algorithm.

Based on DF, it will be possible to create solutions for live migration,
continius data protection, and implement the backup on write algorithm.
For security systems, it will be possible to implement algorithms for
checking accesses to a block device.

Installing and removing such filters does not require changing
the configuration of the user's infrastructure or rebooting.
Connecting and disconnecting is possible "on the fly" using
blk-interposer.

In this patch, I propose to consider additional IOCTL for the dm-mod
module. The new IOCTL looks like a good starting point for developing
device filters.

It is technically possible to create a DF independently of the DM.
However, I think that DF can use a significant part of the code already
existing in the DM without creating duplication.

I look forward to your feedback on device filter.

Sergei Shtepa (1):
  dm: adds an IOCTL to work with device-filters

 drivers/md/Makefile           |  2 +-
 drivers/md/dm-ioctl.c         | 22 ++++++++++++++++++++++
 drivers/md/flt-ctl.c          | 25 +++++++++++++++++++++++++
 drivers/md/flt-ctl.h          | 10 ++++++++++
 include/uapi/linux/dm-ioctl.h | 18 ++++++++++++++++--
 5 files changed, 74 insertions(+), 3 deletions(-)
 create mode 100644 drivers/md/flt-ctl.c
 create mode 100644 drivers/md/flt-ctl.h

-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ