lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f911472c-c4a1-27ee-8671-037f330096f0@suse.com>
Date:   Wed, 8 Feb 2023 11:23:07 -0800
From:   Lee Duncan <lduncan@...e.com>
To:     Lee Duncan <leeman.duncan@...il.com>, linux-scsi@...r.kernel.org,
        open-iscsi@...glegroups.com, netdev@...r.kernel.org
Subject: Re: [RFC 0/9] Make iscsid-kernel communications namespace-aware
 (resent)

[Resent to include all mailing lists]

I wanted to mention some issues I've discovered as part of testing this:

- Currently, only some sysfs entries are going to be different
   per namespace
- This means that the Configuration and Initiator Name are going to
   be common to all running daemons (this is /etc/iscsi)
- This also means that the Node database (and discovery DB,
   and interface DB) are common to all running daemons

I'm really not sure all running daemons should have the same initiator 
name. If we think of them as separate initiators, then this seems wrong.

Sharing the Node database may not be a good idea, either. This assumes 
that nodes discovered (and saved) from one namespace can actually be 
reached from other namespaces, but this may not be true. Having the Node 
DB and initiatorname shared means the different iscsid instances must 
cooperate with each other, else their requests can collide. Also, I can 
imagine situations where different daemons may want to set different 
configuration values. Currently they cannot.

On 2/8/23 09:40, Lee Duncan wrote:
> From: Lee Duncan <lduncan@...e.com>
> 
> This is a request for comment on a set of patches that
> modify the kernel iSCSI initiator communications so that
> they are namespace-aware. The goal is to allow multiple
> iSCSI daemon (iscsid) to run at once as long as they
> are in separate namespaces, and so that iscsid can
> run in containers.
> 
> Comments and suggestions are more than welcome. I do not
> expect that this code is production-ready yet, and
> networking isn't my strongest suit (yet).
> 
> These patches were originally posted in 2015 by Chris
> Leech. There were some issues at the time about how
> to handle namespaces going away. I hope to address
> any issues raised with this patchset and then
> to merge these changes upstream to address working
> in working in containers.
> 
> My contribution thus far has been to update these patches
> to work with the current upstream kernel.
> 
> Chris Leech/Lee Duncan (9):
>    iscsi: create per-net iscsi netlink kernel sockets
>    iscsi: associate endpoints with a host
>    iscsi: sysfs filtering by network namespace
>    iscsi: make all iSCSI netlink multicast namespace aware
>    iscsi: set netns for iscsi_tcp hosts
>    iscsi: check net namespace for all iscsi lookup
>    iscsi: convert flashnode devices from bus to class
>    iscsi: rename iscsi_bus_flash_* to iscsi_flash_*
>    iscsi: filter flashnode sysfs by net namespace
> 
>   drivers/infiniband/ulp/iser/iscsi_iser.c |   7 +-
>   drivers/scsi/be2iscsi/be_iscsi.c         |   6 +-
>   drivers/scsi/bnx2i/bnx2i_iscsi.c         |   6 +-
>   drivers/scsi/cxgbi/libcxgbi.c            |   6 +-
>   drivers/scsi/iscsi_tcp.c                 |   7 +
>   drivers/scsi/qedi/qedi_iscsi.c           |   6 +-
>   drivers/scsi/qla4xxx/ql4_os.c            |  64 +--
>   drivers/scsi/scsi_transport_iscsi.c      | 625 ++++++++++++++++-------
>   include/scsi/scsi_transport_iscsi.h      |  63 ++-
>   9 files changed, 537 insertions(+), 253 deletions(-)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ