Subject: Re: new kpi proposal, sysdisk(9)
To: Elad Efrat <elad@NetBSD.org>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-kern
Date: 12/29/2006 14:53:00
--MfFXiAuoTsnnDAfZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Dec 30, 2006 at 12:12:40AM +0200, Elad Efrat wrote:
> Bill Studenmund wrote:
>=20
> > Why do we need a flag? Why is "FSYSTEM" different from other opens?
> >=20
> > i.e. don't we want the normal open mask handling?
>=20
> because I care if the disk is mounted, or used for swap, more than I
> care if someone just open()'d it.

If it's just mounted, there will be no "mounted for X" value for the key=20
that corresponds to the partition in question.

But if we're talking about security policy, don't you equally care? Sure,=
=20
you don't really care if you're dumping info. But you do care if you're=20
trying to figure out if an operation should succeed.

> > They aren't the same thing. What we'd need to do is indicate this all b=
y=20
> > partition or wedge. And that'd mean either partition/wedge-based names =
in=20
> > a device-level proplib, or partition-level proplibs. I tend to think th=
e=20
> > latter is better.
>=20
> this is wrong and practically defeats the purpose of the change. they
> *are* the same as far as the security policy goes.

But they aren't. You don't open disks, you open partitions. To quote your=
=20
original post, we don't open disks for RAIDFrame, we open partitions for=20
RAIDFrame. Or for swap.

Yes, there is the magic partition that covers the whole disk. But it is a=
=20
partition.

We already have (or had, I haven't looked recently) code to ensure that=20
you don't open overlapping partitions. Combined with the whole-disk=20
partition, that lets us effectively merge the two (there is something you=
=20
open that is the whole disk).

The reason we have to look at partitions is that you can have multiple=20
partitions in a disk. It's sick, but you could have a swap partitiion and=
=20
a RAIDFrame partition on the same disk. They can both be in use at once.=20
The reason you wanted this change (that we would not otherwise know they=20
are in use) applies equally here too; right now we would have no direct=20
method to determine they were in use (note I said direct. Yes, you could=20
look at swap and RAIDFrame device usage, but that's not the point :-).

Likewise, the fact that part of the above-mentioned disk is open for swap=
=20
does not (or should not) preclude a different part of the disk being=20
opened for mounting or raid or whatever.

To get back to what you originally wanted to do, we should be able to do=20
the "whole disk" open policy stuff you wanted to do with the existing open=
=20
infrastructure, if we ensure that ALL uses of a partition VOP_OPEN() and=20
VOP_CLOSE() it. That is specifically being able to tell if the disk is=20
already in use and thus an operation should be blocked.

I think we also want to do partitions as they can overlap, and all of the=
=20
reasons we don't want a disk open with a partition also apply to opening=20
overlapping partitions. Think about the standard 4.2BSD disklabel layout.=
=20
:-)

I'll keep thinking about this.

Take care,

Bill

--MfFXiAuoTsnnDAfZ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)

iD8DBQFFlZxMWz+3JHUci9cRAoTeAKCYneSsR+3BkrEbROlNGucvJG1vhACfU6S3
MPBFG8vTjTSwhM/o88epINI=
=Fi6f
-----END PGP SIGNATURE-----

--MfFXiAuoTsnnDAfZ--