To: Eric Paris <eparis@redhat.com>
Cc: malware-list@lists.printk.net, linux-kernel@vger.kernel.org
Subject: Re: [RFC 0/5] [TALPA] Intro to a linux interface for on access scanning
From: Andi Kleen <andi@firstfloor.org>
References: <1217883616.27684.19.camel@localhost.localdomain>
Date: Wed, 06 Aug 2008 04:35:27 +0200
In-Reply-To: <1217883616.27684.19.camel@localhost.localdomain> (Eric Paris's message of "Mon, 04 Aug 2008 17:00:16 -0400")
Message-ID: <874p5y7tw0.fsf@basil.nowhere.org>
User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1252
Lines: 29

Eric Paris <eparis@redhat.com> writes:

> 5. Fine-grained caching
> -----------------------
> It is necessary to select which filesystems can be safely cached and
> which must not be. For example it is not a good idea to allow caching of
> network filesystems because their content can be changed invisibly. Disk
> based and some virtual filesystems can be cached safely on the other
> hand.

Actually local disk file systems can be changed invisibly to the VFS too by 
directly writing to the block device. This does not change the
page cache, but the on disk copy and when a page is pruned from
RAM and reloaded VFS will see the new contents without knowing
about any change. How would you stop that in your
proposal? I assume you could always require a special LKM that
forbids block writes for anything mounted, but that has other problems 
too and one wuld need to be extremly careful of holes in
such a protection scheme (e.g. overlapping partitions) 

[haven't read the rest of the proposal]

-Andi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/