From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1U07gl-0001VI-4Y
	for mharc-grub-devel@gnu.org; Tue, 29 Jan 2013 04:41:11 -0500
Received: from eggs.gnu.org ([208.118.235.92]:46501)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <prajnoha@redhat.com>) id 1U07gi-0001Sn-5v
	for grub-devel@gnu.org; Tue, 29 Jan 2013 04:41:10 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <prajnoha@redhat.com>) id 1U07gh-0008Tz-2W
	for grub-devel@gnu.org; Tue, 29 Jan 2013 04:41:08 -0500
Received: from mx1.redhat.com ([209.132.183.28]:43499)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <prajnoha@redhat.com>) id 1U07gg-0008Tq-RA
	for grub-devel@gnu.org; Tue, 29 Jan 2013 04:41:07 -0500
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
	(int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r0T9f5Ib026248
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <grub-devel@gnu.org>; Tue, 29 Jan 2013 04:41:05 -0500
Received: from alatyr.brq.redhat.com (vpn1-7-72.ams2.redhat.com [10.36.7.72])
	by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id r0T9f3xa023717
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Tue, 29 Jan 2013 04:41:04 -0500
Message-ID: <5107992E.60307@redhat.com>
Date: Tue, 29 Jan 2013 10:41:02 +0100
From: Peter Rajnoha <prajnoha@redhat.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20130110 Thunderbird/17.0.2
MIME-Version: 1.0
To: grub-devel@gnu.org
Subject: Hardening the LVM support
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 209.132.183.28
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jan 2013 09:41:10 -0000

Hi,

the LVM team would like to cooperate with you in hardening and cleaning up
the LVM support code (the "lvm" grub module). We would like to provide
full suport for having /boot on LVM...

Currently, the lvm module seems to recognize striped/linear, raid and mirror
segment types. As I was looking at the code, I noticed a few things that would
require looking at. Most notably, it's about LVM metadata handling where the
parser used in the grub module can handle only a subset of what the LVM metadata
parser can recognize and digest. If any changes are made in the LVM, this could
end up with errors on the grub module side as a consequence and thus causing
inability to boot such a system. The possible problems that might appear is
about handling whitespaces, metadata field order processing (the grub module
seems to be expecting the fields to be in one concrete order which might not be
the case all the time), also there's missing checksumming (to check whether
metadata are not corrupted in some way) or processing any new flags we might
add and which might be usefull when processing such devices and which might
help grub to process the metadata in a more reliable and effective way.

So the question is whether you are OK with reviewing this code with us
thouroughly and then doing all the necessary changes that would make this
solution more robust and error-prone?

Now, for starters, thinking about the metadata parser and all the checks
needed, we would like to provide a simple library that grub could use/link
with. Such a solution would remove the duplication of the work done on these
parts and we will always have the proper code to reflect any changes done in
the LVM code or any enhancements we might come up with and that grub can
directly make use of through the interface we would provide (and its use
won't be bound to grub only, it could be reused in other projects as well).

An alternative solution might be for the grub to export an interface for
creating modules "externally" so LVM upstream can make use of that and provide
the module based on this interface. As it seems there's no support for this
in grub yet (the modules are all created directly by grub team), is there any
plan for supporting externally built modules in the future, if possible at all?

The aim is simply to move the responsibility for the LVM metadata parsing and
checking to LVM directly so LVM would maintain that and take full responsibility
for it. At the moment, it seems the first suggestion would work the best (LVM team
providing the interface for processing LVM volumes and then the lvm grub module
linking with this interface).

This is just for starters, to get the ball rolling... Please, let me know any of
your opinions, suggestions and then I'd like to start working on this fully
based on your feedback.

Thanks

Peter