Subject: Re: new kpi proposal, sysdisk(9)
To: Elad Efrat <>
From: Bill Studenmund <>
List: tech-kern
Date: 12/29/2006 14:53:00
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Dec 30, 2006 at 12:12:40AM +0200, Elad Efrat wrote:
> Bill Studenmund wrote:
> > Why do we need a flag? Why is "FSYSTEM" different from other opens?
> >=20
> > i.e. don't we want the normal open mask handling?
> because I care if the disk is mounted, or used for swap, more than I
> care if someone just open()'d it.

If it's just mounted, there will be no "mounted for X" value for the key=20
that corresponds to the partition in question.

But if we're talking about security policy, don't you equally care? Sure,=
you don't really care if you're dumping info. But you do care if you're=20
trying to figure out if an operation should succeed.

> > They aren't the same thing. What we'd need to do is indicate this all b=
> > partition or wedge. And that'd mean either partition/wedge-based names =
> > a device-level proplib, or partition-level proplibs. I tend to think th=
> > latter is better.
> this is wrong and practically defeats the purpose of the change. they
> *are* the same as far as the security policy goes.

But they aren't. You don't open disks, you open partitions. To quote your=
original post, we don't open disks for RAIDFrame, we open partitions for=20
RAIDFrame. Or for swap.

Yes, there is the magic partition that covers the whole disk. But it is a=

We already have (or had, I haven't looked recently) code to ensure that=20
you don't open overlapping partitions. Combined with the whole-disk=20
partition, that lets us effectively merge the two (there is something you=
open that is the whole disk).

The reason we have to look at partitions is that you can have multiple=20
partitions in a disk. It's sick, but you could have a swap partitiion and=
a RAIDFrame partition on the same disk. They can both be in use at once.=20
The reason you wanted this change (that we would not otherwise know they=20
are in use) applies equally here too; right now we would have no direct=20
method to determine they were in use (note I said direct. Yes, you could=20
look at swap and RAIDFrame device usage, but that's not the point :-).

Likewise, the fact that part of the above-mentioned disk is open for swap=
does not (or should not) preclude a different part of the disk being=20
opened for mounting or raid or whatever.

To get back to what you originally wanted to do, we should be able to do=20
the "whole disk" open policy stuff you wanted to do with the existing open=
infrastructure, if we ensure that ALL uses of a partition VOP_OPEN() and=20
VOP_CLOSE() it. That is specifically being able to tell if the disk is=20
already in use and thus an operation should be blocked.

I think we also want to do partitions as they can overlap, and all of the=
reasons we don't want a disk open with a partition also apply to opening=20
overlapping partitions. Think about the standard 4.2BSD disklabel layout.=

I'll keep thinking about this.

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.3 (NetBSD)