[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[dm-devel] Re: "Enhanced" MD code avaible for review

From: Jeff Garzik <jgarzik pobox com>
To: "Justin T. Gibbs" <gibbs scsiguy com>
Cc: linux-raid vger kernel org, dm-devel redhat com, Kevin Corry <kevcorry us ibm com>, Neil Brown <neilb cse unsw edu au>, linux-kernel vger kernel org
Subject: [dm-devel] Re: "Enhanced" MD code avaible for review
Date: Tue, 30 Mar 2004 12:15:07 -0500

Justin T. Gibbs wrote:

The dm-raid1 module also appears to intrinsicly trust its mapping and the contents of its meta-data (simple magic number check). It seems to me that the kernel should validate all of its inputs regardless of whether the ioctls that are used to present them are only supposed to be used by a "trusted daemon".

The kernel should not be validating -trusted- userland inputs. Root is allowed to scrag the disk, violate limits, and/or crash his own machine.

A simple example is requiring userland, when submitting ATA taskfiles via an ioctl, to specify the data phase (pio read, dma write, no-data, etc.). If the data phase is specified incorrectly, you kill the OS driver's ATA host state machine, and the results are very unpredictable. Since this is a trusted operation, requiring CAP_RAW_IO, it's up to userland to get the required details right (just like following a spec).

I honestly don't care if the final solution is EMD, DM, or XYZ so long
as that solution is correct, supportable, and covers all of the scenarios
required for robust RAID support.  That is the crux of the argument, not
"please love my code".

hehe. I think we all agree here...

Jeff

Follow-Ups:
- [dm-devel] Re: "Enhanced" MD code avaible for review
  - From: Justin T. Gibbs

References:
- [dm-devel] Re: "Enhanced" MD code avaible for review
  - From: Kevin Corry
- [dm-devel] Re: "Enhanced" MD code avaible for review
  - From: Justin T. Gibbs

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]