Re: How trustworthy is that I/O device?

To: Matt Thomas <matt%3am-software.com@localhost>
Subject: Re: How trustworthy is that I/O device?
From: Warner Losh <imp%bsdimp.com@localhost>
Date: Wed, 6 Nov 2013 14:24:24 -0800

On Nov 6, 2013, at 2:21 PM, Matt Thomas wrote:

> 
> On Nov 4, 2013, at 2:34 PM, Erik Fair <fair%netbsd.org@localhost> wrote:
> 
>> All OSes have a problem with USB and potentially all other hot-plug I/O 
>> busses: can you trust the device that was just plugged into the bus? How 
>> much I/O do you permit to it before explicit authorization of some kind?
> 
> I've always wondered why we "trust" file systems and panic they aren't
> what we expect.  We don't do that for networking.  If seems if we encounter
> an inconsistency, we mark the f/s as read-only and either return an error
> or complete the action if possible.

Panic now to prevent crazy later. If the structures are inconsistent, then 
relying on underlying assumptions in the code is so unsafe we simply can't do 
it at all.  How do we know that going to read-only doesn't create some kind of 
excess data disclosure path?

Warner

Follow-Ups:
- Re: How trustworthy is that I/O device?
  - From: Matt Thomas

References:
- How trustworthy is that I/O device?
  - From: Erik Fair
- Re: How trustworthy is that I/O device?
  - From: Matt Thomas

Prev by Date: Re: How trustworthy is that I/O device?
Next by Date: Re: How trustworthy is that I/O device?
Previous by Thread: Re: How trustworthy is that I/O device?
Next by Thread: Re: How trustworthy is that I/O device?
Indexes:

Home | Main Index | Thread Index | Old Index