public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Oliver Neukum <oneukum@suse.com>
To: Jeremy White <jwhite@codeweavers.com>
Cc: Hans de Goede <hdegoede@redhat.com>,
	"Daniel P. Berrange" <berrange@redhat.com>,
	spice-devel@lists.freedesktop.org, linux-usb@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [Spice-devel] [RFC PATCH 1/1] Add a usbredir kernel module to remotely connect USB devices over IP.
Date: Thu, 02 Jul 2015 20:46:59 +0200	[thread overview]
Message-ID: <1435862819.1749.1.camel@suse.com> (raw)
In-Reply-To: <55955F4F.4050500@codeweavers.com>

On Thu, 2015-07-02 at 10:57 -0500, Jeremy White wrote:
> On 07/02/2015 07:10 AM, Oliver Neukum wrote:
> > On Thu, 2015-07-02 at 13:35 +0200, Hans de Goede wrote:
> >> Hi,
> >>
> >> On 02-07-15 10:45, Oliver Neukum wrote:
> >>> On Wed, 2015-07-01 at 10:06 +0100, Daniel P. Berrange wrote:
> >>>
> >>>> I don't really think it is sensible to be defining & implementing new
> >>>> network services which can't support strong encryption and authentication.
> >>>> Rather than passing the file descriptor to the kernel and having it do
> >>>> the I/O directly, I think it would be better to dissassociate the kernel
> >>>> from the network transport, and thus leave all sockets layer data I/O
> >>>> to userspace daemons so they can layer in TLS or SASL or whatever else
> >>>> is appropriate for the security need.
> >>>
> >>> Hi,
> >>>
> >>> this hits a fundamental limit. Block IO must be done entirely in kernel
> >>> space or the system will deadlock. The USB stack is part of the block
> >>> layer and the SCSI error handling. Thus if you involve user space you
> >>> cannot honor memory allocation with GFP_NOFS and you break all APIs
> >>> where we pass GFP_NOIO in the USB stack.
> >>>
> >>> Supposed you need to reset a storage device for error handling.
> >>> Your user space programm does a syscall, which allocates memory
> >>> and needs to launder pages. It proceeds to write to the storage device
> >>> you wish to reset.
> >>>
> >>> It is the same problem FUSE has with writable mmap. You cannot do
> >>> block devices in user space sanely.
> >>
> >> So how is this dealt with for usbip ?
> > 
> > As far as I can tell, it isn't. Running a storage device over usbip
> > is a bit dangerous.
> 
> I don't follow that analysis.  The usbip interactions with the usb stack
> all seem to be atomic, and never trigger a syscall, as far as I can
> tell.  A port reset will flip a few bits and return.  A urb enqueue
> queues and wakes a different thread, and returns.  The alternate thread
> performs the sendmsg.
> 
> I'm not suggesting that running a storage device over usbip is
> especially safe, but I don't see the limit on the design.

Are you referring to the current code or the proposed user space pipe?

	Regards
		Oliver




  reply	other threads:[~2015-07-02 18:48 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-30 21:44 [RFC PATCH 0/1] RFC - Implement a usbredir kernel module Jeremy White
2015-06-30 21:44 ` [RFC PATCH 1/1] Add a usbredir kernel module to remotely connect USB devices over IP Jeremy White
2015-06-30 23:48   ` Greg KH
2015-07-01  3:34     ` Jeremy White
2015-07-01  5:44       ` Greg KH
2015-07-01 15:55         ` Jeremy White
2015-07-01 16:13           ` Greg KH
2015-07-01 18:39             ` Hans de Goede
2015-07-07 16:47             ` Jeremy White
2015-07-08  7:11               ` Hans de Goede
2015-07-09  0:19                 ` Jeremy White
2015-07-01  9:06   ` [Spice-devel] " Daniel P. Berrange
2015-07-01 18:31     ` Jeremy White
2015-07-01 18:45       ` Hans de Goede
2015-07-02  8:45     ` Oliver Neukum
2015-07-02 11:35       ` Hans de Goede
2015-07-02 12:10         ` Oliver Neukum
2015-07-02 15:57           ` Jeremy White
2015-07-02 18:46             ` Oliver Neukum [this message]
2015-07-02 19:02               ` Jeremy White
2015-07-02 19:59                 ` Alan Stern
2015-07-02 20:06                   ` Jeremy White
2015-07-02 20:20                     ` Alan Stern
2015-07-03  8:51                       ` Krzysztof Opasiak
2015-07-03 14:04                         ` Alan Stern
2015-07-06  8:20                         ` Oliver Neukum
2015-07-06 20:14                           ` Jeremy White
2015-07-06 20:22                             ` Alan Stern
     [not found]                               ` <mnlh2b$1cs$1@ger.gmane.org>
2015-07-22 14:03                                 ` Jeremy White
2015-07-22 14:34                                   ` Greg KH
2015-07-22 16:55                                     ` Jeremy White
2015-07-22 17:59                                       ` Sean O. Stalley
2015-07-23  0:20                                         ` Jeremy White
2015-12-09 22:32                                           ` Jeremy White

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1435862819.1749.1.camel@suse.com \
    --to=oneukum@suse.com \
    --cc=berrange@redhat.com \
    --cc=hdegoede@redhat.com \
    --cc=jwhite@codeweavers.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=spice-devel@lists.freedesktop.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox