lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 2 Feb 2023 12:24:51 -0500
From:   Demi Marie Obenour <demi@...isiblethingslab.com>
To:     Ming Lei <ming.lei@...hat.com>
Cc:     Christoph Hellwig <hch@...radead.org>,
        Jens Axboe <axboe@...nel.dk>,
        Marek Marczykowski-Górecki 
        <marmarek@...isiblethingslab.com>, linux-block@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 1/7] block: Support creating a struct file from a
 block device

On Thu, Feb 02, 2023 at 04:49:54PM +0800, Ming Lei wrote:
> On Tue, Jan 31, 2023 at 11:27:59AM -0500, Demi Marie Obenour wrote:
> > On Tue, Jan 31, 2023 at 12:53:03AM -0800, Christoph Hellwig wrote:
> > > On Mon, Jan 30, 2023 at 02:22:39PM -0500, Demi Marie Obenour wrote:
> > > > What do you recommend instead?  This solves a real problem for
> > > > device-mapper users and I am not aware of a better solution.
> > > 
> > > You could start with explaining the problem and what other methods
> > > you tried that failed.  In the end it's not my job to fix your problem.
> > 
> > I’m working on a “block not-script” (Xen block device hotplug script
> > written in C) for Qubes OS.  The current hotplug script is a shell
> > script that takes a global lock, which serializes all invocations and
> > significantly slows down VM creation and destruction.  My C program
> > avoids this problem.
> > 
> > One of the goals of the not-script is to never leak resources, even if
> > it dies with SIGKILL or is never called with the “remove” argument to
> 
> If it dies, you still can restart one new instance for handling the device
> leak by running one simple daemon to monitor if not-script is live.

This requires userspace to maintain state that persists across process
restarts, and is also non-compositional.  If there was a userspace
daemon that was responsible for all block device management in the
system, this would be more reasonable, but no such daemon exists.
Furthermore, the amount of code required in userspace dwarfs the amount
of code my patches add to the kernel, both in size and complexity.

> > destroy the devices it created.  Therefore, whenever possible, it relies
> > on automatic destruction of devices that are no longer used.  I have
> 
> This automatic destruction of devices is supposed to be done in
> userspace, cause only userspace knows when device is needed, when
> it is needed.

In my use-case, the last reference to the device is held by the blkback
driver in the kernel.  More generally, any case where a device is
created for a single purpose and should be destroyed when no longer
used will benefit from this.  Encrypted swap devices are a simple
example, as they can be destroyed with a single “swapoff” command.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ