[dm-devel] Re: "Enhanced" MD code avaible for review
Jeff Garzik
jgarzik at pobox.com
Tue Mar 30 17:15:07 UTC 2004
Justin T. Gibbs wrote:
> The dm-raid1 module also appears to intrinsicly trust its mapping and the
> contents of its meta-data (simple magic number check). It seems to me that
> the kernel should validate all of its inputs regardless of whether the
> ioctls that are used to present them are only supposed to be used by a
> "trusted daemon".
The kernel should not be validating -trusted- userland inputs. Root is
allowed to scrag the disk, violate limits, and/or crash his own machine.
A simple example is requiring userland, when submitting ATA taskfiles
via an ioctl, to specify the data phase (pio read, dma write, no-data,
etc.). If the data phase is specified incorrectly, you kill the OS
driver's ATA host state machine, and the results are very unpredictable.
Since this is a trusted operation, requiring CAP_RAW_IO, it's up to
userland to get the required details right (just like following a spec).
> I honestly don't care if the final solution is EMD, DM, or XYZ so long
> as that solution is correct, supportable, and covers all of the scenarios
> required for robust RAID support. That is the crux of the argument, not
> "please love my code".
hehe. I think we all agree here...
Jeff
More information about the dm-devel
mailing list