From: Andreas Gruenbacher <agruen@suse.de>
To: Eric Paris <eparis@redhat.com>
Cc: Christoph Hellwig <hch@infradead.org>,
Matt Helsley <matthltc@us.ibm.com>,
torvalds@linux-foundation.org, linux-kernel@vger.kernel.org,
viro@zeniv.linux.org.uk, akpm@linux-foundation.org,
Michael Kerrisk <michael.kerrisk@gmail.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: [GIT PULL] notification tree - try 37!
Date: Fri, 20 Aug 2010 02:00:27 +0200 [thread overview]
Message-ID: <201008200200.28582.agruen@suse.de> (raw)
In-Reply-To: <201008171009.51737.agruen@suse.de>
[Adding linux-fsdevel here as well.]
On Tuesday 17 August 2010 10:09:50 Andreas Gruenbacher wrote:
> > > Q: What prevents the system from going out of memory when a listener
> > > decides to stop reading events or simply can't keep up? There doesn't
> > > seem to be a limit on the queue depth. Listeners currently need
> > > CAP_SYS_ADMIN, but somehow limiting the queue depth and throttling when
> > > things start to go bad still sounds like a reasonable thing to do,
> > > right?
> >
> > It's an interesting question and obviously one that I've thought about.
> > You remember when we talked previously I said the hardest part left was
> > allowing non-root users to use the interface. It gets especially
> > difficult when thinking about perm-events. I was specifically told not
> > to timeout or drop those. But when dealing with non-root users using
> > perm events? As for pure notification we can do something like inotify
> > does quite easily.
> >
> > I'm not certain exactly what the best semantics are for non trusted
> > users, so I didn't push any patches that way. Suggestions welcome :)
>
> The system will happily go OOM for trusted users and non-perm events if the
> listener doesn't keep up, so some throttling, dropping, or both needs to
> happen for non-perm events. This is the critical case. Doing what inotify
> does (queue an overflow event and drop further events) seems to make sense
> here.
>
> The situation with perm-events is less severe because the number of
> outstanding perm events is bounded by the number of running processes.
> This may be enough of a limit.
>
> I don't think we need to worry about perm-events for untrusted users. We
> can start supporting some kinds of non-perm-events for untrusted users
> later; this won't change the existing interface.
Another case where fanotify fails to generate useful events is when a listener
runs out of file descriptors; events will simply end up with fd == -EMFILE in
that case. I don't think this behavior is useful; instead, reading from the
fanotify file descriptor (he one returned by fanotify_init()) should fail to
give the listener a chance to react.
Andreas
next prev parent reply other threads:[~2010-08-20 0:00 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1281110319.17812.21.camel@dhcp231-200.rdu.redhat.com>
[not found] ` <201008191444.08966.agruen@suse.de>
[not found] ` <1282230012.21419.1566.camel@acb20005.ipt.aol.com>
2010-08-19 23:41 ` [GIT PULL] notification tree: directory events Andreas Gruenbacher
2010-08-20 3:38 ` Eric Paris
2010-08-20 5:19 ` Andreas Dilger
2010-08-20 9:21 ` Christoph Hellwig
2010-08-20 15:29 ` Andreas Gruenbacher
2010-08-20 20:39 ` Andreas Dilger
2010-08-20 9:09 ` Tvrtko Ursulin
2010-08-20 11:07 ` Andreas Gruenbacher
2010-08-20 11:25 ` Andreas Gruenbacher
2010-08-20 12:16 ` Andreas Gruenbacher
[not found] ` <1282016387.21419.113.camel@acb20005.ipt.aol.com>
[not found] ` <201008171009.51737.agruen@suse.de>
2010-08-20 0:00 ` Andreas Gruenbacher [this message]
[not found] ` <201008192307.32526.agruen@suse.de>
[not found] ` <1282276236.21419.2101.camel@acb20005.ipt.aol.com>
2010-08-20 12:38 ` [GIT PULL] notification tree - try 37! Andreas Gruenbacher
2010-08-23 16:46 ` Eric Paris
2010-08-23 22:38 ` Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201008200200.28582.agruen@suse.de \
--to=agruen@suse.de \
--cc=akpm@linux-foundation.org \
--cc=eparis@redhat.com \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matthltc@us.ibm.com \
--cc=michael.kerrisk@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).