From: Sergei Shtepa <sergei.shtepa@veeam.com>
To: Bob Liu <bob.liu@oracle.com>
Cc: Jens Axboe <axboe@kernel.dk>, "steve@sk2.org" <steve@sk2.org>,
Mike Snitzer <snitzer@redhat.com>,
"johannes.thumshirn@wdc.com" <johannes.thumshirn@wdc.com>,
Pavel Tide <Pavel.TIde@veeam.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"josef@toxicpanda.com" <josef@toxicpanda.com>,
"ming.lei@redhat.com" <ming.lei@redhat.com>,
"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
"dm-devel@redhat.com" <dm-devel@redhat.com>,
"hch@lst.de" <hch@lst.de>, "koct9i@gmail.com" <koct9i@gmail.com>
Subject: Re: [dm-devel] [PATCH 0/3] block: blk_interposer - Block Layer Interposer
Date: Tue, 15 Dec 2020 18:57:15 +0300 [thread overview]
Message-ID: <20201215155715.GA2541@veeam.com> (raw)
In-Reply-To: <cdc3c792-17ac-de61-12ae-74691769fc3c@oracle.com>
The 12/15/2020 09:51, Bob Liu wrote:
> Hi Folks,
>
> On 12/12/20 12:56 AM, Hannes Reinecke wrote:
> > On 12/11/20 5:33 PM, Jens Axboe wrote:
> >> On 12/11/20 9:30 AM, Mike Snitzer wrote:
> >>> While I still think there needs to be a proper _upstream_ consumer of
> >>> blk_interposer as a condition of it going in.. I'll let others make the
> >>> call.
> >>
> >> That's an unequivocal rule.
> >>
> >>> As such, I'll defer to Jens, Christoph and others on whether your
> >>> minimalist blk_interposer hook is acceptable in the near-term.
> >>
> >> I don't think so, we don't do short term bandaids just to plan on
> >> ripping that out when the real functionality is there. IMHO, the dm
> >> approach is the way to go - it provides exactly the functionality that
> >> is needed in an appropriate way, instead of hacking some "interposer"
> >> into the core block layer.
> >>
> > Which is my plan, too.
> >
> > I'll be working with the Veeam folks to present a joint patchset (including the DM bits) for the next round.
> >
>
> Besides the dm approach, do you think Veeam's original requirement is a good
> use case of "block/bpf: add eBPF based block layer IO filtering"?
> https://lwn.net/ml/bpf/20200812163305.545447-1-leah.rumancik@gmail.com/
>
> Thanks,
> Bob
Hi Bob.
Thank you for your message.
I looked at your patch - it's interesting, but I have a few comments.
1.
#ifdef CONFIG_BPF_IO_FILTER
struct bpf_prog_array __rcu *progs;
struct mutex io_filter_lock;
#endif
For DM and blk-snap to work, it is necessary that there is always
the possibility of interception.
2.
We could get rid of the io_filter_lock lock if we do attach/detach while
the queue is stopped. And __rcu for *progs, can not use either.
3.
int io_filter_bpf_run(struct bio *bio)
{
struct bpf_io_request io_req = {
.sector_start = bio->bi_iter.bi_sector,
.sector_cnt = bio_sectors(bio),
.opf = bio->bi_opf,
};
return BPF_PROG_RUN_ARRAY_CHECK(bio->bi_disk->progs, &io_req, BPF_PROG_RUN);
}
Allows to get little information. It will not allow to work with the bios`s data.
blk_interposer allows to get full access to bio.
For use in the DM, we must also be able to add new bio's.
Summary:
For device-mapper purposes, bpf_io_filter is not suitable.
bpf_io_filter in this form is probably convenient to use for monitoring and
studying the block layer.
For the security task, I would suggest making a separate module and using
blk_interposer to intercept bio requests. This will give more flexible
functionality and better performance.
--
Sergei Shtepa
Veeam Software developer.
--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel
WARNING: multiple messages have this Message-ID (diff)
From: Sergei Shtepa <sergei.shtepa@veeam.com>
To: Bob Liu <bob.liu@oracle.com>
Cc: Hannes Reinecke <hare@suse.de>, Jens Axboe <axboe@kernel.dk>,
Mike Snitzer <snitzer@redhat.com>, "hch@lst.de" <hch@lst.de>,
"johannes.thumshirn@wdc.com" <johannes.thumshirn@wdc.com>,
"koct9i@gmail.com" <koct9i@gmail.com>,
"ming.lei@redhat.com" <ming.lei@redhat.com>,
"josef@toxicpanda.com" <josef@toxicpanda.com>,
"steve@sk2.org" <steve@sk2.org>,
"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Pavel Tide <Pavel.TIde@veeam.com>,
"dm-devel@redhat.com" <dm-devel@redhat.com>
Subject: Re: [PATCH 0/3] block: blk_interposer - Block Layer Interposer
Date: Tue, 15 Dec 2020 18:57:15 +0300 [thread overview]
Message-ID: <20201215155715.GA2541@veeam.com> (raw)
In-Reply-To: <cdc3c792-17ac-de61-12ae-74691769fc3c@oracle.com>
The 12/15/2020 09:51, Bob Liu wrote:
> Hi Folks,
>
> On 12/12/20 12:56 AM, Hannes Reinecke wrote:
> > On 12/11/20 5:33 PM, Jens Axboe wrote:
> >> On 12/11/20 9:30 AM, Mike Snitzer wrote:
> >>> While I still think there needs to be a proper _upstream_ consumer of
> >>> blk_interposer as a condition of it going in.. I'll let others make the
> >>> call.
> >>
> >> That's an unequivocal rule.
> >>
> >>> As such, I'll defer to Jens, Christoph and others on whether your
> >>> minimalist blk_interposer hook is acceptable in the near-term.
> >>
> >> I don't think so, we don't do short term bandaids just to plan on
> >> ripping that out when the real functionality is there. IMHO, the dm
> >> approach is the way to go - it provides exactly the functionality that
> >> is needed in an appropriate way, instead of hacking some "interposer"
> >> into the core block layer.
> >>
> > Which is my plan, too.
> >
> > I'll be working with the Veeam folks to present a joint patchset (including the DM bits) for the next round.
> >
>
> Besides the dm approach, do you think Veeam's original requirement is a good
> use case of "block/bpf: add eBPF based block layer IO filtering"?
> https://lwn.net/ml/bpf/20200812163305.545447-1-leah.rumancik@gmail.com/
>
> Thanks,
> Bob
Hi Bob.
Thank you for your message.
I looked at your patch - it's interesting, but I have a few comments.
1.
#ifdef CONFIG_BPF_IO_FILTER
struct bpf_prog_array __rcu *progs;
struct mutex io_filter_lock;
#endif
For DM and blk-snap to work, it is necessary that there is always
the possibility of interception.
2.
We could get rid of the io_filter_lock lock if we do attach/detach while
the queue is stopped. And __rcu for *progs, can not use either.
3.
int io_filter_bpf_run(struct bio *bio)
{
struct bpf_io_request io_req = {
.sector_start = bio->bi_iter.bi_sector,
.sector_cnt = bio_sectors(bio),
.opf = bio->bi_opf,
};
return BPF_PROG_RUN_ARRAY_CHECK(bio->bi_disk->progs, &io_req, BPF_PROG_RUN);
}
Allows to get little information. It will not allow to work with the bios`s data.
blk_interposer allows to get full access to bio.
For use in the DM, we must also be able to add new bio's.
Summary:
For device-mapper purposes, bpf_io_filter is not suitable.
bpf_io_filter in this form is probably convenient to use for monitoring and
studying the block layer.
For the security task, I would suggest making a separate module and using
blk_interposer to intercept bio requests. This will give more flexible
functionality and better performance.
--
Sergei Shtepa
Veeam Software developer.
next prev parent reply other threads:[~2021-01-04 19:03 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-09 13:01 [PATCH 0/3] block: blk_interposer - Block Layer Interposer Sergei Shtepa
2020-12-09 13:01 ` [PATCH 1/3] " Sergei Shtepa
2020-12-09 13:01 ` [PATCH 2/3] block: blk_interposer - sample Sergei Shtepa
2020-12-09 14:36 ` Mike Snitzer
2020-12-10 15:54 ` Sergei Shtepa
2020-12-10 15:58 ` Mike Snitzer
2020-12-09 13:01 ` [PATCH 3/3] block: blk_interposer - sample config Sergei Shtepa
2020-12-09 13:51 ` [PATCH 0/3] block: blk_interposer - Block Layer Interposer Mike Snitzer
2020-12-10 14:58 ` Sergei Shtepa
2020-12-10 16:32 ` Mike Snitzer
2020-12-11 16:30 ` [dm-devel] " Mike Snitzer
2020-12-11 16:30 ` Mike Snitzer
2020-12-11 16:33 ` [dm-devel] " Jens Axboe
2020-12-11 16:33 ` Jens Axboe
2020-12-11 16:56 ` [dm-devel] " Hannes Reinecke
2020-12-11 16:56 ` Hannes Reinecke
2020-12-11 17:04 ` [dm-devel] " Jens Axboe
2020-12-11 17:04 ` Jens Axboe
2020-12-11 18:03 ` [dm-devel] " Hannes Reinecke
2020-12-11 18:03 ` Hannes Reinecke
2020-12-12 18:14 ` [dm-devel] " Jens Axboe
2020-12-12 18:14 ` Jens Axboe
2020-12-15 6:51 ` [dm-devel] " Bob Liu
2020-12-15 6:51 ` Bob Liu
2020-12-15 7:41 ` [dm-devel] " Hannes Reinecke
2020-12-15 7:41 ` Hannes Reinecke
2020-12-15 15:57 ` Sergei Shtepa [this message]
2020-12-15 15:57 ` Sergei Shtepa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201215155715.GA2541@veeam.com \
--to=sergei.shtepa@veeam.com \
--cc=Pavel.TIde@veeam.com \
--cc=axboe@kernel.dk \
--cc=bob.liu@oracle.com \
--cc=dm-devel@redhat.com \
--cc=hch@lst.de \
--cc=johannes.thumshirn@wdc.com \
--cc=josef@toxicpanda.com \
--cc=koct9i@gmail.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ming.lei@redhat.com \
--cc=snitzer@redhat.com \
--cc=steve@sk2.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.