From: David Howells <dhowells@redhat.com>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: David Howells <dhowells@redhat.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Karl MacMillan <kmacmill@redhat.com>,
jmorris@namei.org, chrisw@sous-sol.org, selinux@tycho.nsa.gov,
linux-kernel@vger.kernel.org, aviro@redhat.com
Subject: Re: Security issues with local filesystem caching
Date: Fri, 03 Nov 2006 15:23:33 +0000 [thread overview]
Message-ID: <22908.1162567413@redhat.com> (raw)
In-Reply-To: <1162561291.5635.64.camel@lade.trondhjem.org>
Trond Myklebust <trond.myklebust@fys.uio.no> wrote:
> It is not as if we care about an extra context switch here,
Avoiding context switches aren't the main problem; avoiding serialisation is.
> and we really don't want to do that file i/o in the context of the rpciod
> process if we can avoid it.
We aren't doing file I/O in the context of the rpciod process, at least not to
the cache. It's either done in the context of the process that issued the
read, write or pagefault. keventd handles the copying of data from the backing
file pages to the netfs pages when we satisfy a read from the cache.
> It might be nice to be able to do those calls that only involve lookup+read
> in the context of the user's process in order to avoid the context switch
> when paging in data from the cache,
We do most of both in the user's process's context already.
The security problems come from the lookups, creates, xattr ops that we have to
do when acquiring a cookie. All of these are done in the context of the
process that called iget5 for NFS. We could farm them out to another process
to avoid the security, but that would then cause serialisation and context
switches.
> but writing to it both can and should be done as a write-behind process.
>
> IOW: we should rather set up a separate workqueue to write data to disk,
> and just concentrate on working out a way to lookup and read data with
> no fsuid/fsgid changes and preferably a minimum of selinux magic.
Writing data to the cache is done by the pagecache at the moment. I'd really
like to use direct I/O instead as that'd mean I wouldn't need shadow pages in
the page cache and I'd also be able to avoid the page-to-page copy I'm
currently doing.
David
next prev parent reply other threads:[~2006-11-03 15:25 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-25 10:14 Security issues with local filesystem caching David Howells
2006-10-25 16:52 ` Nate Diller
2006-10-25 16:48 ` Jeff V. Merkey
2006-10-25 17:21 ` David Howells
2006-10-25 17:42 ` Jeff V. Merkey
2006-10-25 18:15 ` David Howells
2006-10-25 20:21 ` Josef Sipek
2006-10-25 20:28 ` Josef Sipek
2006-10-26 9:56 ` David Howells
2006-10-27 15:54 ` Josef Sipek
2006-10-25 21:12 ` Stephen Smalley
2006-10-26 10:40 ` David Howells
2006-10-26 12:51 ` Stephen Smalley
2006-10-26 16:04 ` David Howells
2006-10-26 16:34 ` Stephen Smalley
2006-10-26 17:09 ` David Howells
2006-10-26 17:45 ` Stephen Smalley
2006-10-26 22:53 ` David Howells
2006-10-27 14:48 ` Stephen Smalley
2006-10-27 15:42 ` David Howells
2006-10-27 16:10 ` Stephen Smalley
2006-10-27 16:25 ` David Howells
2006-10-27 17:09 ` Stephen Smalley
2006-10-27 17:34 ` David Howells
2006-10-27 14:41 ` David Howells
2006-10-25 23:37 ` Alan Cox
2006-10-26 0:32 ` Al Viro
2006-10-26 10:45 ` David Howells
2006-10-26 10:54 ` Alan Cox
2006-10-26 9:14 ` Jan Dittmer
2006-10-26 10:55 ` David Howells
2006-10-26 11:52 ` Alan Cox
2006-10-31 21:26 ` David Howells
2006-11-01 13:28 ` Stephen Smalley
2006-11-01 15:34 ` David Howells
2006-11-01 15:58 ` Karl MacMillan
2006-11-01 17:45 ` Stephen Smalley
2006-11-02 16:29 ` Karl MacMillan
2006-11-02 18:04 ` Stephen Smalley
2006-11-01 17:30 ` Stephen Smalley
2006-11-02 17:16 ` David Howells
2006-11-02 19:49 ` Trond Myklebust
2006-11-02 20:38 ` David Howells
2006-11-02 21:24 ` Trond Myklebust
2006-11-03 10:27 ` David Howells
2006-11-03 13:41 ` Trond Myklebust
2006-11-03 15:23 ` David Howells [this message]
2006-11-03 17:30 ` Trond Myklebust
2006-11-14 19:22 ` David Howells
2006-11-15 14:05 ` Trond Myklebust
2006-11-15 15:28 ` David Howells
2006-11-15 16:41 ` Trond Myklebust
2006-11-15 18:17 ` David Howells
2006-11-03 15:33 ` David Howells
2006-11-02 20:33 ` Stephen Smalley
2006-11-02 21:05 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=22908.1162567413@redhat.com \
--to=dhowells@redhat.com \
--cc=aviro@redhat.com \
--cc=chrisw@sous-sol.org \
--cc=jmorris@namei.org \
--cc=kmacmill@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox