public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Eric Dumazet <dada1@cosmosbay.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Davide Libenzi <davidel@xmailserver.org>,
	Ingo Molnar <mingo@elte.hu>, Ulrich Drepper <drepper@redhat.com>,
	Jeff Garzik <jeff@garzik.org>, Zach Brown <zach.brown@oracle.com>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Arjan van de Ven <arjan@infradead.org>,
	Christoph Hellwig <hch@infradead.org>,
	Andrew Morton <akpm@zip.com.au>,
	Alan Cox <alan@lxorguk.ukuu.org.uk>,
	Evgeniy Polyakov <johnpol@2ka.mipt.ru>,
	"David S. Miller" <davem@davemloft.net>,
	Suparna Bhattacharya <suparna@in.ibm.com>,
	Jens Axboe <jens.axboe@oracle.com>,
	Thomas Gleixner <tglx@linutronix.de>
Subject: Re: Syslets, Threadlets, generic AIO support, v6
Date: Wed, 30 May 2007 23:53:54 +0200	[thread overview]
Message-ID: <465DF272.3000108@cosmosbay.com> (raw)
In-Reply-To: <alpine.LFD.0.98.0705301341480.26602@woody.linux-foundation.org>

Linus Torvalds a écrit :
> 
> On Wed, 30 May 2007, Eric Dumazet wrote:
>>> No, Davide, the problem is that some applications depend on getting
>>> _specific_ file descriptors.
>> Fix the application, and not adding kernel bloat ?
> 
> No. The application is _correct_. It's how file descriptors are defined to 
> work. 
> 
>> Then you can also exclude multi-threading, since a thread (even not inside
>> glibc) can also use socket()/pipe()/open()/whatever and take the zero file
>> descriptor as well.
> 
> Totally different. That's an application internal issue. It does *not* 
> mean that we can break existing standards.
> 
>> The only hardcoded thing in Unix is 0, 1 and 2 fds.
> 
> Wrong. I already gave an example of real code that just didn't bother to 
> keep track of which fd's it had open, and closed them all. Partly, in 
> fact, because you can't even _know_ which fd's you have open when somebody 
> else just execve's you.

If someone really cares, /proc/self/fd can help. But one shouldn't care at all.

About the things that the process can do before execing() a process, file 
descriptors outside of 0,1,2 are the most obvious thing, but you also have 
alarm(), or stupid rlimits.

> 
> You can call it buggy, but the fact is, if you do, you're SIMPLY WRONG. 
> 
> You cannot just change years and years of coding practice, and standard 
> documentations. The behaviour of file descriptors is a fact. Ignoring that 
> fact because you don't like it is naïve and simply not realistic.

I want to change nothing. Current situation is fine and well documented, thank 
you.

If a program does "for (i = 0; i < NR_OPEN; i++) close(i);", this 
*will*/*should* work as intended : close all files descriptors from 0 to 
NR_OPEN. Big deal.

But you wont find in a program :

FILE *fp = fopen("somefile", "r");
for (i = 0; i < NR_OPEN; i++)
     close(i);
while (fgets(buff, sizeof(buff), fp)) {
}


You and/or others want to add fd namespaces and other hacks.

I saw on this thread suspicious examples, I am waiting for a real one, 
justifying all this stuff.

After file descriptors separation, I guess we'll need memory space separation 
as well, signal separations (SIGALRM comes to mind), uid/gid separation, cpu 
time separation, and so on... setrlimit() layered for every shared lib.



  reply	other threads:[~2007-05-30 21:57 UTC|newest]

Thread overview: 71+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-29 21:27 Syslets, Threadlets, generic AIO support, v6 Zach Brown
2007-05-29 21:49 ` Linus Torvalds
2007-05-29 22:49   ` Zach Brown
2007-05-29 22:16 ` Jeff Garzik
2007-05-29 23:09   ` Zach Brown
2007-05-29 23:20     ` Ulrich Drepper
2007-05-30  1:11       ` Dave Jones
2007-05-30 17:08         ` Zach Brown
2007-05-30  7:26     ` Ingo Molnar
2007-05-30  7:20   ` Ingo Molnar
2007-05-30  7:31     ` Ulrich Drepper
2007-05-30  8:42       ` Ingo Molnar
2007-05-30  8:51         ` Evgeniy Polyakov
2007-05-30  9:05           ` Ingo Molnar
2007-05-30 15:16         ` Linus Torvalds
2007-05-30 15:39         ` Ulrich Drepper
2007-05-30 19:40         ` Davide Libenzi
2007-05-30 19:55           ` Ulrich Drepper
2007-05-30 20:00           ` Linus Torvalds
2007-05-30 20:21             ` Davide Libenzi
2007-05-30 20:31             ` Eric Dumazet
2007-05-30 20:44               ` Linus Torvalds
2007-05-30 21:53                 ` Eric Dumazet [this message]
2007-05-30 21:31               ` Davide Libenzi
2007-05-30 21:16             ` Ulrich Drepper
2007-05-30 21:27               ` Linus Torvalds
2007-05-30 21:47                 ` Ulrich Drepper
2007-05-30 22:06                   ` Davide Libenzi
2007-05-30 21:48                 ` Davide Libenzi
2007-05-30 22:01                   ` Linus Torvalds
2007-05-31  6:13                     ` Ingo Molnar
2007-05-31  7:35                       ` Eric Dumazet
2007-05-31  9:26                         ` Ingo Molnar
2007-05-31  9:02                       ` Ingo Molnar
2007-05-31 10:41                         ` Eric Dumazet
2007-05-31 10:50                           ` Ingo Molnar
2007-05-31  9:32                       ` Ingo Molnar
2007-05-31  9:34                         ` Jens Axboe
2007-05-30 22:09                   ` Eric Dumazet
2007-05-30 21:51                 ` David M. Lloyd
2007-05-30 22:24                 ` William Lee Irwin III
2007-05-30 21:38               ` Jeremy Fitzhardinge
2007-05-30 21:39               ` Davide Libenzi
2007-05-30 21:36             ` Jeremy Fitzhardinge
2007-05-30 21:44               ` Linus Torvalds
2007-05-30 21:48                 ` Linus Torvalds
2007-05-30 21:54                   ` Jeremy Fitzhardinge
2007-05-30 22:27             ` Matt Mackall
2007-05-30 22:38               ` William Lee Irwin III
2007-05-30  8:32     ` Evgeniy Polyakov
2007-05-30  8:54       ` Ingo Molnar
2007-05-30  9:30         ` Evgeniy Polyakov
2007-05-30  9:28     ` Jeff Garzik
2007-05-30 13:02       ` Ingo Molnar
2007-05-30 13:20         ` Ingo Molnar
2007-05-30 15:31       ` Linus Torvalds
2007-05-30 16:09         ` Ingo Molnar
2007-05-30 17:57           ` Jens Axboe
2007-05-30 19:05           ` Mark Lord
2007-05-30 19:10             ` Jens Axboe
2007-05-30 19:15             ` Linus Torvalds
2007-05-30 19:32               ` Jens Axboe
2007-05-30 20:07               ` Eric Dumazet
2007-05-30 20:31                 ` Linus Torvalds
2007-05-30 20:46                   ` Eric Dumazet
2007-05-30 19:52           ` Davide Libenzi
2007-05-30  7:40 ` Jens Axboe
2007-05-30 16:55   ` Zach Brown
2007-05-30 17:33     ` Jens Axboe
  -- strict thread matches above, loose matches on Subject: below --
2007-05-31  8:15 Albert Cahalan
2007-05-31  9:50 ` Ingo Molnar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=465DF272.3000108@cosmosbay.com \
    --to=dada1@cosmosbay.com \
    --cc=akpm@zip.com.au \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=arjan@infradead.org \
    --cc=davem@davemloft.net \
    --cc=davidel@xmailserver.org \
    --cc=drepper@redhat.com \
    --cc=hch@infradead.org \
    --cc=jeff@garzik.org \
    --cc=jens.axboe@oracle.com \
    --cc=johnpol@2ka.mipt.ru \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=suparna@in.ibm.com \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --cc=zach.brown@oracle.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox