Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753328AbbGBUAG (ORCPT <rfc822;w@1wt.eu>);
	Thu, 2 Jul 2015 16:00:06 -0400
Received: from iolanthe.rowland.org ([192.131.102.54]:43748 "HELO
	iolanthe.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with SMTP id S1754086AbbGBT75 (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 2 Jul 2015 15:59:57 -0400
Date: Thu, 2 Jul 2015 15:59:56 -0400 (EDT)
From: Alan Stern <stern@rowland.harvard.edu>
X-X-Sender: stern@iolanthe.rowland.org
To: Jeremy White <jwhite@codeweavers.com>
cc: Oliver Neukum <oneukum@suse.com>, Hans de Goede <hdegoede@redhat.com>,
        "Daniel P. Berrange" <berrange@redhat.com>,
        <spice-devel@lists.freedesktop.org>, <linux-usb@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>
Subject: Re: [Spice-devel] [RFC PATCH 1/1] Add a usbredir kernel module to
 remotely connect USB devices over IP.
In-Reply-To: <55958ACC.3080607@codeweavers.com>
Message-ID: <Pine.LNX.4.44L0.1507021550470.1320-100000@iolanthe.rowland.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2261
Lines: 47

On Thu, 2 Jul 2015, Jeremy White wrote:

> >> I don't follow that analysis.  The usbip interactions with the usb stack
> >> all seem to be atomic, and never trigger a syscall, as far as I can
> >> tell.  A port reset will flip a few bits and return.  A urb enqueue
> >> queues and wakes a different thread, and returns.  The alternate thread
> >> performs the sendmsg.
> >>
> >> I'm not suggesting that running a storage device over usbip is
> >> especially safe, but I don't see the limit on the design.
> > 
> > Are you referring to the current code or the proposed user space pipe?
> 
> I'm referring to current usbip code.  But the proposed driver would have
> the same behavior.
> 
> To be clear, I think the only tangible new proposal is the one Hans put
> forth, which would modify the driver I originally posted to use a
> netlink socket instead of a passing a file descriptor in via sysfs.
> That would allow the user space application responsible for initiating
> the request to provide TLS as desired.  It comes with the expense of an
> extra memcpy, but I suspect Hans is right in saying the network
> latencies make that an irrelevant cost.

Oliver is talking about the danger of having part of the communication 
path for a block device run through userspace.

Imagine a situation where the client uses a USB storage device provided
by the server as a swap device.  And suppose a userspace daemon on the
client has to process USB packets as they pass between the client and
the server.  If the daemon is idle for some time, parts of its address
space may get stored in the swap area on the server and paged out.

Now consider what happens when those parts of memory need to be paged
back in.  The client submits a request to read from the swap area.  
The request is transformed into USB packets and sent through the
userspace daemon for transmission to the server.  But the daemon can't
process the packets because it is waiting for its missing parts to be
paged back!  Result: deadlock.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/