From: ebiederm@xmission.com (Eric W. Biederman)
To: Tejun Heo <tj@kernel.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>,
serue@us.ibm.com, greg@kroah.com,
fuse-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 5/7] FUSE: implement ioctl support
Date: Wed, 03 Sep 2008 14:51:10 -0700 [thread overview]
Message-ID: <m1sksg6gq9.fsf@frodo.ebiederm.org> (raw)
In-Reply-To: <48BEA1D8.9040208@kernel.org> (Tejun Heo's message of "Wed, 03 Sep 2008 16:40:24 +0200")
Tejun Heo <tj@kernel.org> writes:
> Eric W. Biederman wrote:
>> I really think that if an ioctl is passing through the kernel we
>> should know how to parse and understand it's options. Otherwise
>> we won't have the option of doing backwards compatibility when something
>> changes, like we can with the 32->64bit ioctls.
>
> There's no reason 32->64bit can't be handled in userland? What's the
> difference?
Maintenance. What happens if I go 128bit, if I have some processes
that are big endian and some that are little endian. Or if I have
some processes that are running a completely different instruction
set with a completely different ABI than other processes. Or
perhaps different perhaps the processes is in a different network
namespace than your filesystem and so it's arguments refer
to something different entirely. Is it a userspace bug if userspace
does not anticipate how the kernel will change in the future?
If we don't look at ioctl as a set of system calls that should
be put into an appropriate format for a filesystem we have
a maintenance problem.
If we don't have an interface clean enough we can push data
out to a server on a remote machine have it processes the
arguments and send the data back. We actually have failed
to properly abstract the interface.
>> That seems to imply that you need a stub in the kernel to handle
>> really weird ioctls.
>>
>> The upside is that because you know what the inputs and outputs are
>> and where the inputs and output are you can support that ioctl well
>> into the future, and you can do it with an unprivileged file
>> system server.
>
> Well, kernel stub kind of beats a lot of benefits of FUSE - no
> specific kernel dependencies, easy development and distribution,
> etc...
Of course FUSE has specific kernel dependencies. It depends
on the implementation of fusefs in the kernel to talk to it.
The reason you don't need a specific kernel today is that
the kernel dependencies are well defined. You are talking
about using a very poorly defined interface to talk to the
filesystem. At which point it would be better to open
a separate channel and talk to the filsystem directly.
Being able to add a kernel system call (ioctl) with no review is a
total maintenance disaster. It is impossible to maintain because
there is not a process to even discover what is going on.
We have to have a kernel stub to support other system calls
and I don't see why individual ioctls should be different.
If you want to support forwards compatibility reserving
some ioctl numbers and saying these numbers will always
be parsed this way. Which would allow you to write
a common stub that can be implemented before the ioctls
are implemented.
If you really don't want new kernel dependencies you can hook up to
the process via ptrace and intercept the ioctls before they even get
to the kernel. If you can open /proc/<pid>/mem you have the rights
to ptrace the process.
Eric
next prev parent reply other threads:[~2008-09-03 21:54 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-28 17:40 [PATCHSET] FUSE: extend FUSE to support more operations Tejun Heo
2008-08-28 17:40 ` [PATCH 1/7] FUSE: add include protectors Tejun Heo
2008-08-28 17:40 ` [PATCH 2/7] FUSE: pass nonblock flag to client Tejun Heo
2008-08-28 17:40 ` [PATCH 3/7] FUSE: implement nonseekable open Tejun Heo
2008-08-28 17:41 ` [PATCH 4/7] FUSE: implement direct lseek support Tejun Heo
2008-08-28 17:41 ` [PATCH 5/7] FUSE: implement ioctl support Tejun Heo
2008-08-28 17:51 ` Greg KH
2008-08-28 17:59 ` Tejun Heo
2008-08-28 18:01 ` Tejun Heo
2008-08-28 18:13 ` Miklos Szeredi
2008-08-28 18:17 ` Tejun Heo
2008-08-28 18:23 ` Miklos Szeredi
2008-08-28 18:34 ` Tejun Heo
2008-08-28 19:25 ` Miklos Szeredi
2008-08-28 19:42 ` Tejun Heo
2008-08-28 20:02 ` Miklos Szeredi
2008-08-29 2:19 ` Tejun Heo
2008-08-29 7:59 ` Miklos Szeredi
2008-08-29 8:12 ` Tejun Heo
2008-08-29 8:29 ` Miklos Szeredi
2008-08-29 9:03 ` Tejun Heo
2008-08-29 19:17 ` Eric W. Biederman
2008-08-29 19:47 ` Arnd Bergmann
2008-08-30 11:40 ` Tejun Heo
2008-09-01 11:57 ` Miklos Szeredi
2008-09-01 12:03 ` Tejun Heo
2008-09-03 14:32 ` Eric W. Biederman
2008-09-03 14:40 ` Tejun Heo
2008-09-03 21:51 ` Eric W. Biederman [this message]
2008-09-04 0:09 ` Tejun Heo
2008-08-29 11:31 ` [fuse-devel] " Roger Willcocks
2008-08-29 11:54 ` Tejun Heo
2008-08-28 20:48 ` Alan Cox
2008-08-28 18:02 ` Tejun Heo
2008-08-28 18:14 ` Greg KH
2008-08-28 18:25 ` Tejun Heo
2008-08-28 18:20 ` H. Peter Anvin
2008-08-28 18:28 ` Tejun Heo
2008-08-28 19:08 ` H. Peter Anvin
2008-08-28 19:18 ` Miklos Szeredi
2008-08-28 20:21 ` H. Peter Anvin
2008-08-28 20:55 ` Miklos Szeredi
2008-08-28 21:27 ` H. Peter Anvin
2008-08-29 7:32 ` Miklos Szeredi
2008-08-28 17:41 ` [PATCH 6/7] FUSE: implement unsolicited notification Tejun Heo
2008-08-28 17:41 ` [PATCH 7/7] FUSE: implement poll support Tejun Heo
2008-08-28 18:20 ` [PATCHSET] FUSE: extend FUSE to support more operations Miklos Szeredi
2008-08-28 18:23 ` Tejun Heo
2008-10-14 8:21 ` Tejun Heo
2008-10-14 9:37 ` Miklos Szeredi
2008-10-14 12:16 ` [fuse-devel] " Szabolcs Szakacsits
2008-10-14 12:43 ` Miklos Szeredi
[not found] ` <2cff7cb50810141032m5793a405h7425dfa122fb67ba@mail.gmail.com>
2008-10-14 21:04 ` Miklos Szeredi
2008-11-12 8:41 ` Tejun Heo
2008-11-12 9:14 ` Christoph Hellwig
2008-11-12 9:30 ` Tejun Heo
2008-11-12 9:36 ` Miklos Szeredi
2008-11-12 9:43 ` [fuse-devel] " Mike Hommey
2008-11-12 10:00 ` Miklos Szeredi
2008-11-13 5:54 ` Tejun Heo
2008-11-13 6:06 ` Tejun Heo
2008-11-13 11:19 ` Miklos Szeredi
2008-11-13 11:29 ` Tejun Heo
2008-11-13 11:57 ` Miklos Szeredi
2008-11-13 12:14 ` Tejun Heo
2008-11-13 6:26 ` Tejun Heo
2008-11-13 11:47 ` Miklos Szeredi
2008-11-13 11:54 ` Tejun Heo
2008-11-13 11:58 ` Miklos Szeredi
2008-11-13 12:34 ` Miklos Szeredi
2008-11-13 13:23 ` Tejun Heo
2008-11-13 13:42 ` Miklos Szeredi
2008-11-13 14:29 ` Tejun Heo
2008-11-13 14:48 ` Miklos Szeredi
2008-11-13 15:10 ` Tejun Heo
2008-11-13 15:52 ` Miklos Szeredi
2008-11-13 16:00 ` Tejun Heo
2008-11-17 9:17 ` Tejun Heo
2008-11-17 10:16 ` [fuse-devel] " Miklos Szeredi
2008-11-18 3:32 ` Tejun Heo
2008-11-18 9:33 ` Miklos Szeredi
2008-11-18 10:30 ` Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1sksg6gq9.fsf@frodo.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=fuse-devel@lists.sourceforge.net \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=serue@us.ibm.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.