linux-raid.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jeff Garzik <jgarzik@pobox.com>
To: "Justin T. Gibbs" <gibbs@scsiguy.com>
Cc: Kevin Corry <kevcorry@us.ibm.com>,
	linux-kernel@vger.kernel.org, Neil Brown <neilb@cse.unsw.edu.au>,
	linux-raid@vger.kernel.org, dm-devel@redhat.com
Subject: Re: "Enhanced" MD code avaible for review
Date: Tue, 30 Mar 2004 12:15:07 -0500	[thread overview]
Message-ID: <4069AB1B.90108@pobox.com> (raw)
In-Reply-To: <842610000.1080666235@aslan.btc.adaptec.com>

Justin T. Gibbs wrote:
> The dm-raid1 module also appears to intrinsicly trust its mapping and the
> contents of its meta-data (simple magic number check).  It seems to me that 
> the kernel should validate all of its inputs regardless of whether the
> ioctls that are used to present them are only supposed to be used by a
> "trusted daemon".

The kernel should not be validating -trusted- userland inputs.  Root is 
allowed to scrag the disk, violate limits, and/or crash his own machine.

A simple example is requiring userland, when submitting ATA taskfiles 
via an ioctl, to specify the data phase (pio read, dma write, no-data, 
etc.).  If the data phase is specified incorrectly, you kill the OS 
driver's ATA host state machine, and the results are very unpredictable. 
  Since this is a trusted operation, requiring CAP_RAW_IO, it's up to 
userland to get the required details right (just like following a spec).


> I honestly don't care if the final solution is EMD, DM, or XYZ so long
> as that solution is correct, supportable, and covers all of the scenarios
> required for robust RAID support.  That is the crux of the argument, not
> "please love my code".

hehe.  I think we all agree here...

	Jeff





  reply	other threads:[~2004-03-30 17:15 UTC|newest]

Thread overview: 57+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-03-19 20:19 "Enhanced" MD code avaible for review Justin T. Gibbs
2004-03-23  5:05 ` Neil Brown
2004-03-23  6:23   ` Justin T. Gibbs
2004-03-24  2:26     ` Neil Brown
2004-03-24 19:09       ` Matt Domsch
2004-03-25  2:21       ` Jeff Garzik
2004-03-25 18:00         ` Kevin Corry
2004-03-25 18:42           ` Jeff Garzik
2004-03-25 18:48             ` Jeff Garzik
2004-03-25 23:46               ` Justin T. Gibbs
2004-03-26  0:01                 ` Jeff Garzik
2004-03-26  0:10                   ` Justin T. Gibbs
2004-03-26  0:14                     ` Jeff Garzik
2004-03-25 22:04             ` Lars Marowsky-Bree
2004-03-26 19:19               ` Kevin Corry
2004-03-31 17:07                 ` Randy.Dunlap
2004-03-25 23:35             ` Justin T. Gibbs
2004-03-26  0:13               ` Jeff Garzik
2004-03-26 17:43                 ` Justin T. Gibbs
2004-03-28  0:06                   ` Lincoln Dale
2004-03-30 17:54                     ` Justin T. Gibbs
2004-03-28  0:30                   ` Jeff Garzik
2004-03-26 19:15             ` Kevin Corry
2004-03-26 20:45               ` Justin T. Gibbs
2004-03-27 15:39                 ` Kevin Corry
2004-03-28  9:11                   ` [dm-devel] " christophe varoqui
2004-03-30 17:03                   ` Justin T. Gibbs
2004-03-30 17:15                     ` Jeff Garzik [this message]
2004-03-30 17:35                       ` Justin T. Gibbs
2004-03-30 17:46                         ` Jeff Garzik
2004-03-30 18:04                           ` Justin T. Gibbs
2004-03-30 21:47                             ` Jeff Garzik
2004-03-30 22:12                               ` Justin T. Gibbs
2004-03-30 22:34                                 ` Jeff Garzik
2004-03-30 18:11                         ` Bartlomiej Zolnierkiewicz
2004-03-25 22:59           ` Justin T. Gibbs
2004-03-25 23:44             ` Lars Marowsky-Bree
2004-03-26  0:03               ` Justin T. Gibbs
     [not found] <1AOTW-4Vx-7@gated-at.bofh.it>
     [not found] ` <1AOTW-4Vx-5@gated-at.bofh.it>
2004-03-18  1:33   ` Andi Kleen
2004-03-18  2:00     ` Jeff Garzik
2004-03-20  9:58       ` Jamie Lokier
  -- strict thread matches above, loose matches on Subject: below --
2004-03-17 18:14 Justin T. Gibbs
2004-03-17 19:18 ` Jeff Garzik
2004-03-17 19:32   ` Christoph Hellwig
2004-03-17 20:02     ` Jeff Garzik
2004-03-17 21:18   ` Scott Long
2004-03-17 21:35     ` Jeff Garzik
2004-03-17 21:45     ` Bartlomiej Zolnierkiewicz
2004-03-18  0:23       ` Scott Long
2004-03-18  1:55         ` Bartlomiej Zolnierkiewicz
2004-03-18  6:38         ` Stefan Smietanowski
2004-03-20 13:07         ` Arjan van de Ven
2004-03-21 23:42           ` Scott Long
2004-03-22  9:05             ` Arjan van de Ven
2004-03-22 21:59               ` Scott Long
2004-03-23  6:48                 ` Arjan van de Ven
2004-03-18  1:56     ` viro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4069AB1B.90108@pobox.com \
    --to=jgarzik@pobox.com \
    --cc=dm-devel@redhat.com \
    --cc=gibbs@scsiguy.com \
    --cc=kevcorry@us.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-raid@vger.kernel.org \
    --cc=neilb@cse.unsw.edu.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).