From: Greg Lindahl <greg@blekko.com>
To: David Miller <davem@davemloft.net>
Cc: penguin-kernel@i-love.sakura.ne.jp, paul.moore@hp.com,
linux-security-module@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH] LSM: Add security_socket_post_accept() and security_socket_post_recv_datagram().
Date: Tue, 21 Apr 2009 18:52:28 -0700 [thread overview]
Message-ID: <20090422015228.GA13312@bx9.net> (raw)
In-Reply-To: <20090421.181411.26595688.davem@davemloft.net>
On Tue, Apr 21, 2009 at 06:14:11PM -0700, David Miller wrote:
> We had a similar situation with read()'s on UDP sockets.
>
> When poll() says something, it has to stick.
Isn't that completely different? Anyone who writes code that calls
accept() quickly finds out that in the real world it fails for all
kinds of reasons worth ignoring. As an example, a comment in ircd at
the only accept call (circa 1998):
/*
** There may be many reasons for error return, but in otherwise
** correctly working environment the probable cause is running
** out of file descriptors (EMFILE, ENFILE or others?). The
** man pages for accept don't seem to list these as possible,
** although it's obvious that it may happen here.
** Thus no specific errors are tested at this point, just
** assume that connections cannot be accepted until some old
** is closed first.
*/
And it silently ignores EAGAIN, which of course is a can't happen when
used with select(). The recently-written only-runs-on-Linux system I'm
working on ignores EAGAIN, even though it's a can't happen with
epoll. I can ask the guy who wrote it, but he's probably ignoring it
because he was frequently seeing them.
I'd be surprised if you found much real-life code that didn't
gracefully tolerate accept failures. Can anyone come up with an
example?
-- greg
next prev parent reply other threads:[~2009-04-22 1:52 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-14 10:44 [PATCH] LSM: Add security_socket_post_accept() and security_socket_post_recv_datagram() Tetsuo Handa
2009-04-14 22:59 ` Paul Moore
2009-04-15 5:12 ` Tetsuo Handa
2009-04-15 10:51 ` [PATCH 1/2] " Tetsuo Handa
2009-04-15 10:51 ` [PATCH 2/2] tomoyo: Add network access control support Tetsuo Handa
2009-04-16 18:23 ` [PATCH] LSM: Add security_socket_post_accept() and security_socket_post_recv_datagram() Paul Moore
2009-04-18 8:34 ` Tetsuo Handa
2009-04-20 22:22 ` Paul Moore
2009-04-21 10:54 ` Tetsuo Handa
2009-04-21 10:57 ` David Miller
2009-04-21 11:39 ` Tetsuo Handa
2009-04-21 11:40 ` David Miller
2009-04-21 12:26 ` Tetsuo Handa
2009-04-21 12:37 ` David Miller
2009-04-21 12:52 ` [PATCH] LSM: Add security_socket_post_accept() andsecurity_socket_post_recv_datagram() Tetsuo Handa
2009-04-21 13:04 ` David Miller
2009-04-22 0:55 ` [PATCH] LSM: Add security_socket_post_accept() and security_socket_post_recv_datagram() Tetsuo Handa
2009-04-22 1:14 ` David Miller
2009-04-22 1:49 ` Tetsuo Handa
2009-04-22 4:22 ` David Miller
2009-04-22 5:02 ` Tetsuo Handa
2009-04-22 5:07 ` David Miller
2009-04-22 5:38 ` Tetsuo Handa
2009-04-22 5:52 ` David Miller
2009-04-23 14:00 ` Tetsuo Handa
2009-04-23 14:10 ` David Miller
2009-04-23 14:47 ` Samir Bellabes
2009-04-22 1:52 ` Greg Lindahl [this message]
2009-04-22 4:23 ` David Miller
2009-04-22 6:10 ` Greg Lindahl
2009-04-22 6:34 ` David Miller
2009-04-22 6:41 ` Greg Lindahl
2009-04-22 6:46 ` David Miller
2009-04-22 6:54 ` Greg Lindahl
2009-04-22 6:58 ` David Miller
2009-04-22 7:19 ` Tetsuo Handa
2009-04-24 2:07 ` Tetsuo Handa
2009-04-24 4:35 ` David Miller
2009-04-24 4:41 ` David Miller
2009-04-24 4:55 ` Tetsuo Handa
2009-04-24 5:26 ` Tetsuo Handa
2009-04-24 11:40 ` David Miller
2009-04-24 13:57 ` [PATCH] LSM: Add security_socket_post_accept() andsecurity_socket_post_recv_datagram() Tetsuo Handa
2009-04-19 8:03 ` [PATCH v2] LSM: Add security_socket_post_accept() and security_socket_post_recv_datagram() Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090422015228.GA13312@bx9.net \
--to=greg@blekko.com \
--cc=davem@davemloft.net \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=paul.moore@hp.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).