From: Andreas Gruenbacher <agruen@suse.de>
To: Eric Paris <eparis@redhat.com>
Cc: Christoph Hellwig <hch@infradead.org>,
Matt Helsley <matthltc@us.ibm.com>,
torvalds@linux-foundation.org, linux-kernel@vger.kernel.org,
viro@zeniv.linux.org.uk, akpm@linux-foundation.org,
Michael Kerrisk <michael.kerrisk@gmail.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: [GIT PULL] notification tree - try 37!
Date: Fri, 20 Aug 2010 02:00:27 +0200 [thread overview]
Message-ID: <201008200200.28582.agruen@suse.de> (raw)
In-Reply-To: <201008171009.51737.agruen@suse.de>
[Adding linux-fsdevel here as well.]
On Tuesday 17 August 2010 10:09:50 Andreas Gruenbacher wrote:
> > > Q: What prevents the system from going out of memory when a listener
> > > decides to stop reading events or simply can't keep up? There doesn't
> > > seem to be a limit on the queue depth. Listeners currently need
> > > CAP_SYS_ADMIN, but somehow limiting the queue depth and throttling when
> > > things start to go bad still sounds like a reasonable thing to do,
> > > right?
> >
> > It's an interesting question and obviously one that I've thought about.
> > You remember when we talked previously I said the hardest part left was
> > allowing non-root users to use the interface. It gets especially
> > difficult when thinking about perm-events. I was specifically told not
> > to timeout or drop those. But when dealing with non-root users using
> > perm events? As for pure notification we can do something like inotify
> > does quite easily.
> >
> > I'm not certain exactly what the best semantics are for non trusted
> > users, so I didn't push any patches that way. Suggestions welcome :)
>
> The system will happily go OOM for trusted users and non-perm events if the
> listener doesn't keep up, so some throttling, dropping, or both needs to
> happen for non-perm events. This is the critical case. Doing what inotify
> does (queue an overflow event and drop further events) seems to make sense
> here.
>
> The situation with perm-events is less severe because the number of
> outstanding perm events is bounded by the number of running processes.
> This may be enough of a limit.
>
> I don't think we need to worry about perm-events for untrusted users. We
> can start supporting some kinds of non-perm-events for untrusted users
> later; this won't change the existing interface.
Another case where fanotify fails to generate useful events is when a listener
runs out of file descriptors; events will simply end up with fd == -EMFILE in
that case. I don't think this behavior is useful; instead, reading from the
fanotify file descriptor (he one returned by fanotify_init()) should fail to
give the listener a chance to react.
Andreas
next prev parent reply other threads:[~2010-08-20 0:00 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-06 15:58 [GIT PULL] notification tree - try 37! Eric Paris
2010-08-06 23:34 ` Matt Helsley
2010-08-07 0:06 ` Christoph Hellwig
2010-08-07 19:15 ` Eric Paris
2010-08-07 20:55 ` Matt Helsley
2010-08-16 20:32 ` Andreas Gruenbacher
2010-08-17 3:39 ` Eric Paris
2010-08-17 4:03 ` Matt Helsley
2010-08-17 8:09 ` Andreas Gruenbacher
2010-08-17 15:08 ` Eric Paris
2010-08-19 20:24 ` Andreas Gruenbacher
2010-08-19 20:32 ` Andreas Gruenbacher
2010-08-19 20:42 ` Eric Paris
2010-08-19 21:07 ` Andreas Gruenbacher
2010-08-19 21:22 ` Andreas Gruenbacher
2010-08-20 3:50 ` Eric Paris
2010-08-20 12:38 ` Andreas Gruenbacher
2010-08-23 16:46 ` Eric Paris
2010-08-23 22:38 ` Andreas Gruenbacher
2010-08-20 0:00 ` Andreas Gruenbacher [this message]
2010-08-17 8:38 ` Andreas Gruenbacher
2010-08-17 15:24 ` Eric Paris
2010-08-17 15:48 ` Andreas Gruenbacher
2010-08-18 14:18 ` Andreas Gruenbacher
2010-08-17 9:45 ` Tvrtko Ursulin
2010-08-17 10:01 ` Andreas Gruenbacher
2010-08-17 10:12 ` Tvrtko Ursulin
2010-08-17 10:55 ` Tvrtko Ursulin
2010-08-17 15:27 ` Eric Paris
2010-08-18 15:47 ` [GIT PULL] notification tree: directory events Andreas Gruenbacher
2010-08-18 15:59 ` Eric Paris
2010-08-18 16:42 ` Christoph Hellwig
2010-08-18 17:07 ` Eric Paris
2010-08-19 12:44 ` Andreas Gruenbacher
2010-08-19 15:00 ` Eric Paris
2010-08-19 23:41 ` Andreas Gruenbacher
2010-08-20 3:38 ` Eric Paris
2010-08-20 5:19 ` Andreas Dilger
2010-08-20 9:21 ` Christoph Hellwig
2010-08-20 15:29 ` Andreas Gruenbacher
2010-08-20 20:39 ` Andreas Dilger
2010-08-20 9:09 ` Tvrtko Ursulin
2010-08-20 11:07 ` Andreas Gruenbacher
2010-08-20 11:25 ` Andreas Gruenbacher
2010-08-20 12:16 ` Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201008200200.28582.agruen@suse.de \
--to=agruen@suse.de \
--cc=akpm@linux-foundation.org \
--cc=eparis@redhat.com \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matthltc@us.ibm.com \
--cc=michael.kerrisk@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).