From: Pete Wyckoff <pw@osc.edu>
To: Douglas Gilbert <dgilbert@interlog.com>
Cc: Peter Jones <pjones@redhat.com>,
FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>,
adel.gadllah@gmail.com, matthew@wil.cx,
linux-scsi@vger.kernel.org, jens.axboe@oracle.com
Subject: Re: [PATCH/RFC v3] allow userspace to modify scsi command filter on per device basis
Date: Tue, 17 Jun 2008 21:13:31 -0400 [thread overview]
Message-ID: <20080618011331.GA32633@osc.edu> (raw)
In-Reply-To: <48584252.5030901@interlog.com>
dgilbert@interlog.com wrote on Wed, 18 Jun 2008 01:01 +0200:
> IMO all command filtering should be dropped
To add fuel to the fire: I carry a patch to hack around the SCSI
filtering invoked by bsg to be able to use an object-based storage
device (OSD). These devices have a fairly comprehensive policy
framework that filters commands based on the object being accessed,
and how it is accessed. User-space applications acquire credentials
from a server somewhere on the network and craft SCSI commands that
present these credentials to the device, which also likely sits
remotely and is accessed via iSCSI or similar.
OSD commands all have the same opcode 0x7f (variable length CDB),
and the "service action" (read, write, create, flush, ...) is deeper
in the CDB, along with the credentials. Filtering on the single
byte 0x7f isn't useful, and the local kernel really has no role in
mediating device access. Linux provides SCSI initiator services
including discovery, transport, etc. but has no role in
authenticating how applications use OSDs.
-- Pete
next prev parent reply other threads:[~2008-06-18 1:13 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-13 19:33 [PATCH/RFC] allow userspace to modify scsi command filter on per device basis Adel Gadllah
2008-06-13 19:54 ` Matthew Wilcox
2008-06-13 20:22 ` Adel Gadllah
2008-06-13 20:23 ` Adel Gadllah
2008-06-14 6:51 ` [PATCH/RFC v2] " Adel Gadllah
2008-06-16 2:55 ` FUJITA Tomonori
2008-06-16 5:49 ` Adel Gadllah
2008-06-16 6:13 ` FUJITA Tomonori
2008-06-16 9:22 ` [PATCH/RFC v3] " Adel Gadllah
2008-06-17 20:14 ` FUJITA Tomonori
2008-06-17 21:45 ` Peter Jones
2008-06-17 22:40 ` FUJITA Tomonori
2008-06-17 22:49 ` FUJITA Tomonori
2008-06-17 23:01 ` Douglas Gilbert
2008-06-18 1:13 ` Pete Wyckoff [this message]
2008-06-18 7:33 ` Adel Gadllah
2008-06-18 14:55 ` James Smart
2008-06-18 14:56 ` Peter Jones
2008-06-26 10:10 ` Adel Gadllah
2008-06-26 10:13 ` Jens Axboe
2008-06-26 14:36 ` FUJITA Tomonori
2008-06-26 15:05 ` Adel Gadllah
2008-06-26 15:08 ` FUJITA Tomonori
2008-06-26 15:26 ` FUJITA Tomonori
2008-07-24 1:11 ` Dan Williams
2008-07-24 3:31 ` FUJITA Tomonori
2008-07-26 9:03 ` [PATCH 0/3] cmd_filter fixes FUJITA Tomonori
2008-07-26 9:03 ` [PATCH 1/3] move cmd_filter from gendisk to request_queue FUJITA Tomonori
2008-07-26 9:03 ` [PATCH 2/3] sg: restore command permission for TYPE_SCANNER FUJITA Tomonori
2008-07-26 9:03 ` [PATCH 3/3] rename blk_scsi_cmd_filter to blk_cmd_filter FUJITA Tomonori
2008-07-30 20:10 ` [PATCH 1/3] move cmd_filter from gendisk to request_queue Peter Jones
2008-07-31 5:13 ` FUJITA Tomonori
2008-08-16 5:47 ` FUJITA Tomonori
2008-07-27 19:59 ` [PATCH 0/3] cmd_filter fixes Adel Gadllah
2008-07-27 20:02 ` Adel Gadllah
2008-07-28 2:18 ` FUJITA Tomonori
2008-07-30 19:59 ` Adel Gadllah
2008-07-31 4:55 ` FUJITA Tomonori
2008-07-31 7:18 ` Matthew Wilcox
2008-07-31 7:24 ` FUJITA Tomonori
2008-07-31 13:04 ` Matthew Wilcox
2008-07-31 15:18 ` FUJITA Tomonori
2008-08-07 18:47 ` Adel Gadllah
2008-08-08 0:20 ` FUJITA Tomonori
2008-08-08 5:54 ` Jens Axboe
2008-08-08 6:11 ` FUJITA Tomonori
2008-08-08 6:15 ` Jens Axboe
2008-08-08 6:29 ` FUJITA Tomonori
2008-08-08 6:35 ` Jens Axboe
2008-08-08 16:53 ` [PATCH 1/2] drop vmerge accounting Mikulas Patocka
2008-08-08 17:07 ` [PATCH 2/2] " Mikulas Patocka
2008-08-15 9:48 ` Jens Axboe
2008-08-15 18:23 ` [PATCH 3/4] " Mikulas Patocka
2008-08-22 9:10 ` Jens Axboe
2008-08-22 9:17 ` Jens Axboe
2008-08-22 16:58 ` Mikulas Patocka
2008-08-22 17:05 ` Mikulas Patocka
2008-08-22 9:29 ` Pierre Ossman
2008-08-22 9:33 ` Jens Axboe
2008-08-22 21:34 ` Mikulas Patocka
2008-08-22 21:35 ` [PATCH 4/4] " Mikulas Patocka
2008-08-15 18:26 ` Mikulas Patocka
2008-08-21 9:26 ` [PATCH 0/3] cmd_filter fixes Adel Gadllah
2008-08-22 9:10 ` Jens Axboe
2008-06-14 20:26 ` [PATCH/RFC] allow userspace to modify scsi command filter on per device basis Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080618011331.GA32633@osc.edu \
--to=pw@osc.edu \
--cc=adel.gadllah@gmail.com \
--cc=dgilbert@interlog.com \
--cc=fujita.tomonori@lab.ntt.co.jp \
--cc=jens.axboe@oracle.com \
--cc=linux-scsi@vger.kernel.org \
--cc=matthew@wil.cx \
--cc=pjones@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.