| Message ID | 20230126033358.1880-1-demi@invisiblethingslab.com |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp76676wrn;
Wed, 25 Jan 2023 19:41:17 -0800 (PST)
X-Google-Smtp-Source:
AMrXdXvHKSJmjnKmXLky7PpR3ev3iBSH+ySm/zn57+kwXQNGjLvEOwE32qHJxwoIcvFdYR30MjCi
X-Received: by 2002:a17:906:3397:b0:86b:e50c:151b with SMTP id
v23-20020a170906339700b0086be50c151bmr33513442eja.28.1674704477524;
Wed, 25 Jan 2023 19:41:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1674704477; cv=none;
d=google.com; s=arc-20160816;
b=HGlMX4HVe6Zz8u5DBCWJXSm8llu0hKzsKgw2BRmiRjZTlY32G8XNhhT+Yhm6v0If0c
MjkvAMZv/UhY2UCFnU6Jp8nDb3J5tQhgRh1ltSPY9HnJZJSepMH6985BsFN2yNVR2PM5
viZ/XnK/PRrQW1Q5/iXYMbISDNWINt3yRNgS4S1fDLRqbFvlJtmgsMYUHPHrRndGouI+
Ak3CNkX5+brqN3XlzDimaFEBVtAD9N9J8CFkDSfZSvldWOncTWEovVXQKfkcPHxrgU9j
fBXz9kgw17NlEd687aJ2XRH/vsNCS4rpe7LikIpnqxvYyibW+R3qrOnuwH6BUayqUArx
uaCA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:feedback-id:dkim-signature
:dkim-signature;
bh=3zrqCCWozEhlE3QduurTIaTnuK8HrtZwnOI/8OAKWhk=;
b=sWsVvEcKOy0ip2GefEAlFywOo6cGAnHmitYuVdoALoMM/+p48+Rl8k3uDCBvnfsOSM
J964icin5p5r19J/UcSt4kHaQVye0SLjLFiiovSb/6WhRjfp3ib5KfL8qTY1Edp0HcfY
d7qKToGzTnE/O2HGyhrYa3Oj1UnNRQJIhvce8AgnXMBq6SEXgKQWpFPNM50zKGW99d4k
W+W7AdBUuFZLMn9gCaDFU1QZjXkgoPsQZtc0Ydf8GB1GqTt9OfMqyKUUIhE698vrYreg
Ptjk7dL1GfQnzyfGu+JCkjoJcU+DjL8CMioH6oFKCsiK6vkA5lo3BlPpZPj4+gq8B5su
LqiQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@invisiblethingslab.com header.s=fm3
header.b="itbOC/cn";
dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=oxKex1i2;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
fi22-20020a1709073ad600b00878679489b6si326851ejc.132.2023.01.25.19.40.47;
Wed, 25 Jan 2023 19:41:17 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@invisiblethingslab.com header.s=fm3
header.b="itbOC/cn";
dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=oxKex1i2;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S236391AbjAZDeU (ORCPT <rfc822;lekhanya01809@gmail.com>
+ 99 others); Wed, 25 Jan 2023 22:34:20 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59332 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S236302AbjAZDeO (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 25 Jan 2023 22:34:14 -0500
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com
[66.111.4.27])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F283C457F2;
Wed, 25 Jan 2023 19:34:08 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
by mailout.nyi.internal (Postfix) with ESMTP id D81D35C05B2;
Wed, 25 Jan 2023 22:34:05 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163])
by compute6.internal (MEProxy); Wed, 25 Jan 2023 22:34:05 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
invisiblethingslab.com; h=cc:cc:content-transfer-encoding
:content-type:date:date:from:from:in-reply-to:message-id
:mime-version:reply-to:sender:subject:subject:to:to; s=fm3; t=
1674704045; x=1674790445; bh=3zrqCCWozEhlE3QduurTIaTnuK8HrtZwnOI
/8OAKWhk=; b=itbOC/cn4y/B40q8XnHC36ZK342HhUiZQWzWRilS+UaShH1NhZp
1PIxe43uByehOYWScDldnSB68SutvMRyXl/4yQ7STcrYFsYiZxDIdibVrkfQd59y
smuG5Op6lc6AP91KJTBaEkXF4J+7yg3MUFiilIMxFP0EiZxs/I016ZoFZFI2tBci
9w7zB9ntKgF7oe9mhUDMTKz2pnLewxPQUN2Izy4WUrdvWwVGWHskqPXAtNoOiop+
XDLHC8lPhPgqa6XJ8JtDKVoBXB5MRkNV9+BowGxC0SWn5O9gr1KxGin24Vs8sqN+
1bBzr/xYHNkhKOCWtfqrdtjly7Jh0E7AK8w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:cc:content-transfer-encoding
:content-type:date:date:feedback-id:feedback-id:from:from
:in-reply-to:message-id:mime-version:reply-to:sender:subject
:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
:x-sasl-enc; s=fm3; t=1674704045; x=1674790445; bh=3zrqCCWozEhlE
3QduurTIaTnuK8HrtZwnOI/8OAKWhk=; b=oxKex1i2j/0Mco60GksvTldYC42Dd
pdUMjSpUSOTpb9z1QAY+WUjYg6ksLLQK2uzbQKUAo1Zg2C+sHtIXBCpAnIbFsAjn
4+0oxB0u3bOM25qOS+bHQra+pbeecgVar02jsJ9u+jvTbdz4WMSYw49Jb34aMEYM
eA7qAkSX54AjjyHdGvu4vnqfb//Q+JQdEJJN4zQg7/KwK2oz0+Y7dZaj6f58L7TT
hs5nF3d73B2HTS3diqakESrrVHJYBme1t58O9mNY2dfhdL+yq37BpqHFilxmkj3P
N3TdP1ZHcFZtWcQrp9Tc+rIw7+GJR9krLEHVjqwyH+TQS+i2g8sdlFxCQ==
X-ME-Sender: <xms:rfTRY6725xmw3M9_wy6VAcPGHbcrIDAAXALC_ezzqGgu8_uRhoPv0w>
<xme:rfTRYz54wgPmc9J-m65mihdjNty8KrpH3dOxqxrzqbIl5I_4wleBtSzykLUzL999H
yEK2Y9VkVevVew>
X-ME-Received:
<xmr:rfTRY5c-XeYocmJVDOF_vnw6pNbx_lwfvTcuwuxZ1xAZTtge5V4IEydC9RVAweE53XptqUbyW9xj>
X-ME-Proxy-Cause:
gggruggvucftvghtrhhoucdtuddrgedvhedruddvfedgheelucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
cujfgurhephffvvefufffkofggtgfgsehtkeertdertdejnecuhfhrohhmpeffvghmihcu
ofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinhhgsh
hlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpefhgefgieeitdeijeeguddtkefgteeg
heehgeetkeevhfefgfduhedtveelgeeugeenucevlhhushhtvghrufhiiigvpedtnecurf
grrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhgshhl
rggsrdgtohhm
X-ME-Proxy: <xmx:rfTRY3K8BsaR6SikC5jT7-f3d9e22OHeqXhkgePMrLn0y58UnAVNCw>
<xmx:rfTRY-JsiC-CmyH3JqmtndM5ovAjIocOp_H5Vnz5xbocvmIcvUB5Vw>
<xmx:rfTRY4wEKKzvSMjPN6rg_jb98hKZEXW7biJaskmWaZ9ourLFDq6IKQ>
<xmx:rfTRY9_6RGw9FBSqSFdBrKQEovNBIAL-_eHatj1IbfsXY2Q7MP1mdQ>
Feedback-ID: iac594737:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed,
25 Jan 2023 22:34:04 -0500 (EST)
From: Demi Marie Obenour <demi@invisiblethingslab.com>
To: Jens Axboe <axboe@kernel.dk>,
=?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>,
Alasdair Kergon <agk@redhat.com>, Mike Snitzer <snitzer@kernel.org>
Cc: Demi Marie Obenour <demi@invisiblethingslab.com>, =?utf-8?q?Marek_Marczy?=
=?utf-8?q?kowski-G=C3=B3recki?= <marmarek@invisiblethingslab.com>,
Juergen Gross <jgross@suse.com>, linux-block@vger.kernel.org,
linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org,
dm-devel@redhat.com
Subject: [RFC PATCH 0/7] Allow race-free block device handling
Date: Wed, 25 Jan 2023 22:33:52 -0500
Message-Id: <20230126033358.1880-1-demi@invisiblethingslab.com>
X-Mailer: git-send-email 2.39.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756054922202568664?=
X-GMAIL-MSGID: =?utf-8?q?1756054922202568664?=
|
| Series |
Allow race-free block device handling
|
|
Message
Demi Marie Obenour
Jan. 26, 2023, 3:33 a.m. UTC
This work aims to allow userspace to create and destroy block devices in a race-free and leak-free way, and to allow them to be exposed to other Xen VMs via blkback without leaks or races. It’s marked as RFC for a few reasons: - The code has been only lightly tested. It might be unstable or insecure. - The DM_DEV_CREATE ioctl gains a new flag. Unknown flags were previously ignored, so this could theoretically break buggy userspace tools. - I have no idea if I got the block device reference counting and locking correct. Demi Marie Obenour (7): block: Support creating a struct file from a block device Allow userspace to get an FD to a newly-created DM device Implement diskseq checks in blkback Increment diskseq when releasing a loop device If autoclear is set, delete a no-longer-used loop device Minor blkback cleanups xen/blkback: Inform userspace that device has been opened block/bdev.c | 77 +++++++++++-- block/genhd.c | 1 + drivers/block/loop.c | 17 ++- drivers/block/xen-blkback/blkback.c | 8 +- drivers/block/xen-blkback/xenbus.c | 171 ++++++++++++++++++++++------ drivers/md/dm-ioctl.c | 67 +++++++++-- include/linux/blkdev.h | 5 + include/uapi/linux/dm-ioctl.h | 16 ++- 8 files changed, 298 insertions(+), 64 deletions(-)
Comments
On Wed, Jan 25 2023 at 10:33P -0500, Demi Marie Obenour <demi@invisiblethingslab.com> wrote: > This work aims to allow userspace to create and destroy block devices > in a race-free and leak-free way, "race-free and leak-free way" implies there both races and leaks in existing code. You're making claims that are likely very specific to your Xen use-case. Please explain more carefully. > and to allow them to be exposed to > other Xen VMs via blkback without leaks or races. It’s marked as RFC > for a few reasons: > > - The code has been only lightly tested. It might be unstable or > insecure. > > - The DM_DEV_CREATE ioctl gains a new flag. Unknown flags were > previously ignored, so this could theoretically break buggy userspace > tools. Not seeing a reason that type of DM change is needed. If you feel strongly about it send a separate patch and we can discuss it. > - I have no idea if I got the block device reference counting and > locking correct. Your headers and justifcation for this line of work are really way too terse. Please take the time to clearly make the case for your changes in both the patch headers and code. Mike
On Thu, Feb 02, 2023 at 11:50:37AM -0500, Mike Snitzer wrote: > On Wed, Jan 25 2023 at 10:33P -0500, > Demi Marie Obenour <demi@invisiblethingslab.com> wrote: > > > This work aims to allow userspace to create and destroy block devices > > in a race-free and leak-free way, > > "race-free and leak-free way" implies there both races and leaks in > existing code. You're making claims that are likely very specific to > your Xen use-case. Please explain more carefully. Will do in v2. > > and to allow them to be exposed to > > other Xen VMs via blkback without leaks or races. It’s marked as RFC > > for a few reasons: > > > > - The code has been only lightly tested. It might be unstable or > > insecure. > > > > - The DM_DEV_CREATE ioctl gains a new flag. Unknown flags were > > previously ignored, so this could theoretically break buggy userspace > > tools. > > Not seeing a reason that type of DM change is needed. If you feel > strongly about it send a separate patch and we can discuss it. Patch 2/7 is the diskseq change. v2 will contain a revised and tested version with a greatly expanded commit message. > > - I have no idea if I got the block device reference counting and > > locking correct. > > Your headers and justifcation for this line of work are really way too > terse. Please take the time to clearly make the case for your changes > in both the patch headers and code. I will expand the commit message in v2, but I am not sure what you want me to add to the code comments. Would you mind explaining?
On Thu, Feb 02 2023 at 1:41P -0500, Demi Marie Obenour <demi@invisiblethingslab.com> wrote: > On Thu, Feb 02, 2023 at 11:50:37AM -0500, Mike Snitzer wrote: > > On Wed, Jan 25 2023 at 10:33P -0500, > > Demi Marie Obenour <demi@invisiblethingslab.com> wrote: > > > > > This work aims to allow userspace to create and destroy block devices > > > in a race-free and leak-free way, > > > > "race-free and leak-free way" implies there both races and leaks in > > existing code. You're making claims that are likely very specific to > > your Xen use-case. Please explain more carefully. > > Will do in v2. > > > > and to allow them to be exposed to > > > other Xen VMs via blkback without leaks or races. It’s marked as RFC > > > for a few reasons: > > > > > > - The code has been only lightly tested. It might be unstable or > > > insecure. > > > > > > - The DM_DEV_CREATE ioctl gains a new flag. Unknown flags were > > > previously ignored, so this could theoretically break buggy userspace > > > tools. > > > > Not seeing a reason that type of DM change is needed. If you feel > > strongly about it send a separate patch and we can discuss it. > > Patch 2/7 is the diskseq change. v2 will contain a revised and tested > version with a greatly expanded commit message. I'm aware that 2/7 is where you make the DM change to disallow unknown flags, what I'm saying is I don't see a reason for that change. Certainly doesn't look to be a requirement for everything else in that patch. So send a separate patch, but I'm inclined to _not_ accept it because it does potentially break some userspace. > > > - I have no idea if I got the block device reference counting and > > > locking correct. > > > > Your headers and justifcation for this line of work are really way too > > terse. Please take the time to clearly make the case for your changes > > in both the patch headers and code. > > I will expand the commit message in v2, but I am not sure what you want > me to add to the code comments. Would you mind explaining? Nothing specific about code, was just a general reminder (based on how terse the 2/7 header was). Mike
On Thu, Feb 02, 2023 at 02:56:34PM -0500, Mike Snitzer wrote: > On Thu, Feb 02 2023 at 1:41P -0500, > Demi Marie Obenour <demi@invisiblethingslab.com> wrote: > > > On Thu, Feb 02, 2023 at 11:50:37AM -0500, Mike Snitzer wrote: > > > On Wed, Jan 25 2023 at 10:33P -0500, > > > Demi Marie Obenour <demi@invisiblethingslab.com> wrote: > > > > > > > This work aims to allow userspace to create and destroy block devices > > > > in a race-free and leak-free way, > > > > > > "race-free and leak-free way" implies there both races and leaks in > > > existing code. You're making claims that are likely very specific to > > > your Xen use-case. Please explain more carefully. > > > > Will do in v2. > > > > > > and to allow them to be exposed to > > > > other Xen VMs via blkback without leaks or races. It’s marked as RFC > > > > for a few reasons: > > > > > > > > - The code has been only lightly tested. It might be unstable or > > > > insecure. > > > > > > > > - The DM_DEV_CREATE ioctl gains a new flag. Unknown flags were > > > > previously ignored, so this could theoretically break buggy userspace > > > > tools. > > > > > > Not seeing a reason that type of DM change is needed. If you feel > > > strongly about it send a separate patch and we can discuss it. > > > > Patch 2/7 is the diskseq change. v2 will contain a revised and tested > > version with a greatly expanded commit message. > > I'm aware that 2/7 is where you make the DM change to disallow unknown > flags, what I'm saying is I don't see a reason for that change. Thanks for the clarification. > Certainly doesn't look to be a requirement for everything else in that > patch. Indeed it is not. I will make it a separate patch. > So send a separate patch, but I'm inclined to _not_ accept it because > it does potentially break some userspace. Is it okay to add DM_FILE_DESCRIPTOR_FLAG (with the same meaning as in 2/7) _without_ rejecting unknown flags? The same patch would bump the minor version number, so userspace would still be able to tell if the kernel supported DM_FILE_DESCRIPTOR_FLAG. If you wanted, I could ignore DM_FILE_DESCRIPTOR_FLAG unless the minor number passed by userspace is sufficiently recent. Another option would be to make userspace opt-in to strict parameter checking by passing 5 as the major version instead of 4. Userspace programs that passed 4 would get the old behavior, while userspace programs that passed 5 would get strict parameter checking and be able to use new features such as DM_FILE_DESCRIPTOR_FLAG. > > > > - I have no idea if I got the block device reference counting and > > > > locking correct. > > > > > > Your headers and justifcation for this line of work are really way too > > > terse. Please take the time to clearly make the case for your changes > > > in both the patch headers and code. > > > > I will expand the commit message in v2, but I am not sure what you want > > me to add to the code comments. Would you mind explaining? > > Nothing specific about code, was just a general reminder (based on how > terse the 2/7 header was). > > Mike Thanks for the feedback!