From: Jeremy White <jwhite@codeweavers.com>
To: Oliver Neukum <oneukum@suse.com>
Cc: Hans de Goede <hdegoede@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>,
spice-devel@lists.freedesktop.org, linux-usb@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [Spice-devel] [RFC PATCH 1/1] Add a usbredir kernel module to remotely connect USB devices over IP.
Date: Thu, 02 Jul 2015 14:02:36 -0500 [thread overview]
Message-ID: <55958ACC.3080607@codeweavers.com> (raw)
In-Reply-To: <1435862819.1749.1.camel@suse.com>
On 07/02/2015 01:46 PM, Oliver Neukum wrote:
> On Thu, 2015-07-02 at 10:57 -0500, Jeremy White wrote:
>> On 07/02/2015 07:10 AM, Oliver Neukum wrote:
>>> On Thu, 2015-07-02 at 13:35 +0200, Hans de Goede wrote:
>>>> Hi,
>>>>
>>>> On 02-07-15 10:45, Oliver Neukum wrote:
>>>>> On Wed, 2015-07-01 at 10:06 +0100, Daniel P. Berrange wrote:
>>>>>
>>>>>> I don't really think it is sensible to be defining & implementing new
>>>>>> network services which can't support strong encryption and authentication.
>>>>>> Rather than passing the file descriptor to the kernel and having it do
>>>>>> the I/O directly, I think it would be better to dissassociate the kernel
>>>>>> from the network transport, and thus leave all sockets layer data I/O
>>>>>> to userspace daemons so they can layer in TLS or SASL or whatever else
>>>>>> is appropriate for the security need.
>>>>>
>>>>> Hi,
>>>>>
>>>>> this hits a fundamental limit. Block IO must be done entirely in kernel
>>>>> space or the system will deadlock. The USB stack is part of the block
>>>>> layer and the SCSI error handling. Thus if you involve user space you
>>>>> cannot honor memory allocation with GFP_NOFS and you break all APIs
>>>>> where we pass GFP_NOIO in the USB stack.
>>>>>
>>>>> Supposed you need to reset a storage device for error handling.
>>>>> Your user space programm does a syscall, which allocates memory
>>>>> and needs to launder pages. It proceeds to write to the storage device
>>>>> you wish to reset.
>>>>>
>>>>> It is the same problem FUSE has with writable mmap. You cannot do
>>>>> block devices in user space sanely.
>>>>
>>>> So how is this dealt with for usbip ?
>>>
>>> As far as I can tell, it isn't. Running a storage device over usbip
>>> is a bit dangerous.
>>
>> I don't follow that analysis. The usbip interactions with the usb stack
>> all seem to be atomic, and never trigger a syscall, as far as I can
>> tell. A port reset will flip a few bits and return. A urb enqueue
>> queues and wakes a different thread, and returns. The alternate thread
>> performs the sendmsg.
>>
>> I'm not suggesting that running a storage device over usbip is
>> especially safe, but I don't see the limit on the design.
>
> Are you referring to the current code or the proposed user space pipe?
I'm referring to current usbip code. But the proposed driver would have
the same behavior.
To be clear, I think the only tangible new proposal is the one Hans put
forth, which would modify the driver I originally posted to use a
netlink socket instead of a passing a file descriptor in via sysfs.
That would allow the user space application responsible for initiating
the request to provide TLS as desired. It comes with the expense of an
extra memcpy, but I suspect Hans is right in saying the network
latencies make that an irrelevant cost.
Cheers,
Jeremy
next prev parent reply other threads:[~2015-07-02 19:02 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-30 21:44 [RFC PATCH 0/1] RFC - Implement a usbredir kernel module Jeremy White
2015-06-30 21:44 ` [RFC PATCH 1/1] Add a usbredir kernel module to remotely connect USB devices over IP Jeremy White
2015-06-30 23:48 ` Greg KH
2015-07-01 3:34 ` Jeremy White
2015-07-01 5:44 ` Greg KH
2015-07-01 15:55 ` Jeremy White
2015-07-01 16:13 ` Greg KH
2015-07-01 18:39 ` Hans de Goede
2015-07-07 16:47 ` Jeremy White
2015-07-08 7:11 ` Hans de Goede
2015-07-09 0:19 ` Jeremy White
2015-07-01 9:06 ` [Spice-devel] " Daniel P. Berrange
2015-07-01 18:31 ` Jeremy White
2015-07-01 18:45 ` Hans de Goede
2015-07-02 8:45 ` Oliver Neukum
2015-07-02 11:35 ` Hans de Goede
2015-07-02 12:10 ` Oliver Neukum
2015-07-02 15:57 ` Jeremy White
2015-07-02 18:46 ` Oliver Neukum
2015-07-02 19:02 ` Jeremy White [this message]
2015-07-02 19:59 ` Alan Stern
2015-07-02 20:06 ` Jeremy White
2015-07-02 20:20 ` Alan Stern
2015-07-03 8:51 ` Krzysztof Opasiak
2015-07-03 14:04 ` Alan Stern
2015-07-06 8:20 ` Oliver Neukum
2015-07-06 20:14 ` Jeremy White
2015-07-06 20:22 ` Alan Stern
[not found] ` <mnlh2b$1cs$1@ger.gmane.org>
2015-07-22 14:03 ` Jeremy White
2015-07-22 14:34 ` Greg KH
2015-07-22 16:55 ` Jeremy White
2015-07-22 17:59 ` Sean O. Stalley
2015-07-23 0:20 ` Jeremy White
2015-12-09 22:32 ` Jeremy White
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55958ACC.3080607@codeweavers.com \
--to=jwhite@codeweavers.com \
--cc=berrange@redhat.com \
--cc=hdegoede@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=oneukum@suse.com \
--cc=spice-devel@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox