lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e7b55e2d-4bd1-eabe-43b6-ef00da69935a@suse.de>
Date:   Wed, 12 Apr 2023 08:02:45 +0200
From:   Hannes Reinecke <hare@...e.de>
To:     linux-scsi@...r.kernel.org, open-iscsi@...glegroups.com,
        Lee Duncan <leeman.duncan@...il.com>, netdev@...r.kernel.org
Subject: Re: [PATCH 11/11] iscsi: force destroy sesions when a network
 namespace exits

On 4/11/23 20:19, Chris Leech wrote:
> On Tue, Apr 11, 2023 at 08:21:22AM +0200, Hannes Reinecke wrote:
>> On 4/10/23 21:10, Chris Leech wrote:
>>> The namespace is gone, so there is no userspace to clean up.
>>> Force close all the sessions.
>>>
>>> This should be enough for software transports, there's no implementation
>>> of migrating physical iSCSI hosts between network namespaces currently.
>>>
>> Ah, you shouldn't have mentioned that.
>> (Not quite sure how being namespace-aware relates to migration, though.)
>> We should be checking/modifying the iSCSI offload drivers, too.
>> But maybe with a later patch.
> 
> I shouldn't have left that opening ;-)
> 
> The idea with this design is to keep everything rooted on the
> iscsi_host, and for physical HBAs those stay assigned to init_net.
> With this patch set, offload drivers remain unusable in a net namespace
> other than init_net. They simply are not visible.
> 
> By migration, I was implying the possibilty of assigment of an HBA
> iscsi_host into a namespace like you can do with a network interface.
> Such an iscsi_host would then need to be migrated back to init_net on
> namespace exit.
> 
> I don't think it works to try and share an iscsi_host across namespaces,
> and manage different sessions. The iSCSI HBAs have a limited number of
> network configurations, exposed as iscsi_iface objects, and I don't want
> to go down the road of figuring out how to share those.
> 
Ah, yes, indeed.

Quite some iSCSI offloads create the network session internally (or 
don't even have one), so making them namespace aware will be tricky.

But then I guess we should avoid creating offload sessions from other 
namespaces; preferably by a patch for the kernel such that userspace can 
run unmodified.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare@...e.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ