From: Arnd Bergmann <arnd@arndb.de>
To: scameron@beardog.cce.hp.com
Cc: linux-kernel@vger.kernel.org, axboe@kernel.dk, dab@hp.com,
mike.miller@hp.com
Subject: Re: Question about driver ioctl, big kernel lock, mutexes
Date: Wed, 16 Mar 2011 20:36:56 +0100 [thread overview]
Message-ID: <201103162036.56474.arnd@arndb.de> (raw)
In-Reply-To: <20110316155033.GQ12760@beardog.cce.hp.com>
On Wednesday 16 March 2011 16:50:33 scameron@beardog.cce.hp.com wrote:
> That's a pretty big change in behavior. Some commands sent through
> the passthrough ioctls may take awhile, and they're going to block
> any other ioctls from getting started while they're going. Previously,
> it was possible to saturate the controller using multiple threads or
> processes hammering on the ioctl path. This would appear to no longer
> be the case.
I just looked a bit closer at the driver, this is what I noticed:
* The mutex currently protects CCISS_GETNODENAME against CCISS_SETNODENAME
and CCISS_GETINTINFO against CCISS_SETINTINFO. You can easily change
that by taking &h->lock in the CCISS_GET* functions.
* The scsi ioctls don't need the mutex, we've checked that elsewhere.
* I can see no reason why any of the CCISS specific ioctls would
require a lock. There is no global data they touch, and very little
host specific data, most of which is accessed under a host spinlock.
* When you clean up the ioctl handling to remove the mutex, it would
be a good idea to clean up the compat_ioctl handling at the same
time, which is another artifact of a legacy implementation. Just
change cciss_ioctl_big_passthru to take a BIG_IOCTL_Command_struct
kernel pointer argument, and then it directly from
cciss_ioctl32_big_passthru without the extra compat_alloc_user_space
and copy_in_user. Same for cciss_ioctl32_passthru. This will
simplify the compat code path and make it faster.
* Allocating consistent memory on behalf of the user indeed looks
like a potential DoS attack, but it's only possible if you have
read permissions on the block device. To improve this, you should
track the total amount of memory allocated to the device, since
even a single ioctl apparently could be used to pin down all memory
otherwise, independent of the number of commands.
Arnd
prev parent reply other threads:[~2011-03-16 19:37 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-16 15:50 Question about driver ioctl, big kernel lock, mutexes scameron
2011-03-16 19:06 ` Arnd Bergmann
2011-03-16 19:47 ` scameron
2011-03-16 20:40 ` Arnd Bergmann
2011-03-17 13:26 ` scameron
2011-03-16 19:36 ` Arnd Bergmann [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201103162036.56474.arnd@arndb.de \
--to=arnd@arndb.de \
--cc=axboe@kernel.dk \
--cc=dab@hp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mike.miller@hp.com \
--cc=scameron@beardog.cce.hp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox