From: David Vrabel <david.vrabel@citrix.com>
To: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Olaf Hering <olaf@aepfle.de>, <konrad.wilk@oracle.com>,
<xen-devel@lists.xen.org>, <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] xen-blkfront: remove type check from blkfront_setup_discard
Date: Tue, 14 Jan 2014 10:46:30 +0000 [thread overview]
Message-ID: <52D51586.3020508@citrix.com> (raw)
In-Reply-To: <52D49CD5.20805@oracle.com>
On 14/01/14 02:11, Boris Ostrovsky wrote:
> On 01/13/2014 06:07 PM, Olaf Hering wrote:
>> On Mon, Jan 13, Boris Ostrovsky wrote:
>>
>>> On 01/13/2014 04:30 AM, Olaf Hering wrote:
>>>>> Similarly, if xenbug_gather("discard-secure") fails, I think the
>>>>> code will
>>>>> assume that secure discard has not been requested. I don't know what
>>>>> security implications this will have but it sounds bad to me.
>>>> There are no security implications, if the backend does not
>>>> advertise it
>>>> then its not present.
>>> Right. But my questions was what if the backend does advertise it and
>>> wants
>>> the frontent to use it but xenbus_gather() in the frontend fails. Do
>>> we want
>>> to silently continue without discard-secure? Is this safe?
>> The frontend can not know that the backend advertised discard-secure
>> because the frontend just failed to read the property which indicates
>> discard-secure should be enabled.
>
> And is it OK for the frontend not to know about this?
Yes.
> I don't understand what the use model for this feature is. Is it just
> that the backend advertises its capability and it's up to the frontend
> to use it or not -or- is it that the user/admin created the storage with
> expectations that it will be used in "secure" manner.
The creator of the data (i.e., the guest) is the one who knows whether
the data is security sensitive. The backend is simply providing the
facility which the guest may or may not make use of.
David
prev parent reply other threads:[~2014-01-14 10:46 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-10 16:28 [PATCH] xen-blkfront: remove type check from blkfront_setup_discard Olaf Hering
2014-01-10 18:07 ` Boris Ostrovsky
2014-01-10 21:37 ` Olaf Hering
2014-01-10 22:28 ` Boris Ostrovsky
2014-01-10 22:49 ` [Xen-devel] " Olaf Hering
2014-01-10 22:57 ` Boris Ostrovsky
2014-01-13 9:30 ` Olaf Hering
2014-01-13 14:51 ` Boris Ostrovsky
2014-01-13 16:24 ` Konrad Rzeszutek Wilk
2014-01-13 23:07 ` Olaf Hering
2014-01-14 2:11 ` Boris Ostrovsky
2014-01-14 10:46 ` David Vrabel [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52D51586.3020508@citrix.com \
--to=david.vrabel@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olaf@aepfle.de \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).