From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "Nicholas A. Bellinger" <nab@linux-iscsi.org>,
target-devel <target-devel@vger.kernel.org>,
linux-scsi <linux-scsi@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
Christoph Hellwig <hch@lst.de>, Andy Grover <agrover@redhat.com>,
Hannes Reinecke <hare@suse.de>,
Roland Dreier <roland@purestorage.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH 08/13] iscsi-target: Add CHAP Authentication support using libcrypto
Date: Sat, 23 Jul 2011 22:17:55 +0400 [thread overview]
Message-ID: <1311445075.17423.13.camel@mulgrave> (raw)
In-Reply-To: <CA+55aFzkEUbnoDg0KwXDRQMeCFeO5s6_4dWHTY59=hj3QHWL0w@mail.gmail.com>
On Sat, 2011-07-23 at 10:51 -0700, Linus Torvalds wrote:
> On Sat, Jul 23, 2011 at 9:39 AM, James Bottomley
> <James.Bottomley@hansenpartnership.com> wrote:
> >
> > I've asked you twice for input on the patch doing this in userspace,
> > which was posted five weeks ago. Just ignoring something is
> > unacceptable behaviour ... what do I have to do to get your attention?
> > NAK the patch set?
>
> So what's the advantage of user space?
>
> Traditionally, kernel/userspace splits have been:
> - fragile as hell
> - more code
> - slower
> - complicated to set up
> - problematic with backwards compatibility issues
> and these days when I see some kernel functionality that needs user
> space support, I just go "f*ck, that's going to be a pain".
>
> So I think the "that part can be done in user space" argument is
> fundamentally crap.
>
> Now, if it is an issue of "that can be done BETTER in user space
> BECAUSE xyz", then that's a different issue. I haven't seen that
> argument, though.
Well, this is essentially the argument. The iSCSI authentication code
follows a standard which originally had 4 different authentication
methods (of which CHAP is just one) but which is now up to about 8 I
think and rising. It would be a massive amount of code to put them all
in kernel, plus the authentication isn't a fast path thing; it's done
once at login. We already have the code to do this (although from the
client side, not the server side) in userspace in the initiator.
The prototype implementation, is very clean: it does the authenticated
login and then passes the connected socket to the kernel for operations,
so there's no real fragile state to pass across.
There are a couple of reasons why user space makes sense apart from the
existing code and the clean separation of setup from operation: some of
the auth methods involve complex algorithms and debugging them in
userspace is just easier, plus it allows easy backward compatible
addition of new authentication mechanisms without having to respin a
kernel.
Quite a few other authentication mechanisms (like wireless and ipsec)
are in userspace for the setup and negotiation and in-kernel for the
operation, so it's a well understood paradigm.
James
next prev parent reply other threads:[~2011-07-23 18:18 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-23 8:45 [PATCH 00/13] iscsi-target: Merge candidate for v3.1-rc1 Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 01/13] iscsi: Resolve iscsi_proto.h naming conflicts with drivers/target/iscsi Nicholas A. Bellinger
2011-07-23 13:34 ` Jesper Juhl
2011-07-23 21:23 ` Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 02/13] iscsi: Add Serial Number Arithmetic LT and GT into iscsi_proto.h Nicholas A. Bellinger
2011-07-23 14:25 ` Jesper Juhl
2011-07-23 21:29 ` Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 03/13] iscsi-target: Add iSCSI fabric support for target v4.1 Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 04/13] iscsi-target: Add target core v4.1 compatible ConfigFS control plane Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 05/13] iscsi-target: Add ConfigFS fabric dependent statistics Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 06/13] iscsi-target: Add TPG and device backend logic Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 07/13] iscsi-target: Add iSCSI Login Negotiation + Parameter logic Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 08/13] iscsi-target: Add CHAP Authentication support using libcrypto Nicholas A. Bellinger
2011-07-23 16:39 ` James Bottomley
2011-07-23 17:51 ` Linus Torvalds
2011-07-23 18:17 ` James Bottomley [this message]
2011-07-23 21:17 ` Nicholas A. Bellinger
2011-07-24 3:08 ` Mike Christie
2011-07-24 4:59 ` Nicholas A. Bellinger
[not found] ` <CAJAFBLCXQLvyLKR5ZD_foaPqU5X6VJfLQX_VAKeaWpDLLfPWnA@mail.gmail.com>
2011-07-24 16:32 ` Alex Couvrard
2011-07-24 3:52 ` James Bottomley
2011-07-24 4:41 ` Nicholas A. Bellinger
2011-07-24 5:50 ` James Bottomley
2011-07-24 7:52 ` Nicholas A. Bellinger
2011-07-25 19:31 ` Andy Grover
2011-07-25 20:42 ` Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 09/13] iscsi-target: Add Sequence/PDU list + DataIN response logic Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 10/13] iscsi-target: Add iSCSI Error Recovery Hierarchy support Nicholas A. Bellinger
2011-07-28 11:42 ` Fubo Chen
2011-07-28 20:30 ` Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 11/13] iscsi-target: Add support for task management operations Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 12/13] iscsi-target: Add misc utility logic Nicholas A. Bellinger
2011-07-28 11:30 ` Fubo Chen
2011-07-28 20:19 ` Nicholas A. Bellinger
2011-07-23 8:45 ` [PATCH 13/13] iscsi-target: Add Makefile/Kconfig and update TCM top level Nicholas A. Bellinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1311445075.17423.13.camel@mulgrave \
--to=james.bottomley@hansenpartnership.com \
--cc=agrover@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=nab@linux-iscsi.org \
--cc=roland@purestorage.com \
--cc=target-devel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox