From: Florian Weimer <fw@deneb.enyo.de>
To: David Daney <ddaney@caviumnetworks.com>
Cc: linux-kernel@vger.kernel.org, DSA <debian-admin@lists.debian.org>,
team@security.debian.org, libpam-modules@packages.debian.org
Subject: Re: 2.6.28, rlimits, performance and debian etch
Date: Sun, 25 Jan 2009 11:59:06 +0100 [thread overview]
Message-ID: <87fxj74pol.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: <497A3E62.6010706@caviumnetworks.com> (David Daney's message of "Fri, 23 Jan 2009 14:02:10 -0800")
* David Daney:
> One problem is that for values of RLIMIT_NOFILE less than something
> like 4096, it is much faster to call sys_close() on all possible
> values than iterate through a handful of open files from /proc/self/fd
> using opendir(3)/readdir(3).
Really? Yuck.
> The real solution is to convert your user space programs to use the
> new syscalls that allow for race-free setting of close-on-exec.
> Then you no longer need to mess around with iterating over these
> things.
These system calls are too recent to use in the next two Debian
releases. In addition, we can't really be sure that all libraries use
the new calls.
I find the design of the CLOEXEC business somewhat revulsive, by the
way. It reminds me of those DoSomethingEx APIs in another platform.
The *_at system calls are a similar wart. Even with this stuff, I
still can't safely open a file with a different effective user ID in a
multithreaded application, or create a AF_UNIX socket with specific
file system permissions. Some thread-specific context with what have
been traditionally considered per-process attributes might have been
better. 8-(
next prev parent reply other threads:[~2009-01-25 10:59 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-21 11:52 2.6.28, rlimits, performance and debian etch Peter Palfrader
2009-01-23 21:07 ` Florian Weimer
2009-01-23 22:02 ` David Daney
2009-01-23 23:11 ` Peter Palfrader
2009-01-25 10:59 ` Florian Weimer [this message]
2009-01-27 23:17 ` Andrew Morton
2009-01-29 12:19 ` Adam Tkac
2009-01-29 18:05 ` Andrew Morton
2009-01-29 18:10 ` Peter Palfrader
2009-02-02 16:20 ` Adam Tkac
2009-02-08 22:31 ` Steve Langasek
-- strict thread matches above, loose matches on Subject: below --
2009-02-26 21:48 Frans Pop
2009-02-26 22:01 ` Steve Langasek
2009-02-27 7:30 ` Peter Palfrader
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fxj74pol.fsf@mid.deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=ddaney@caviumnetworks.com \
--cc=debian-admin@lists.debian.org \
--cc=libpam-modules@packages.debian.org \
--cc=linux-kernel@vger.kernel.org \
--cc=team@security.debian.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.