Re: [2.6.16-rc5-m3 PATCH] inotify: add the monitor for the eventsource

From: Arjan van de Ven
Date: Thu Mar 09 2006 - 00:32:43 EST

Next message: Linus Torvalds: "Re: [PATCH] Document Linux's memory barriers [try #2]"
Previous message: Brown, Len: "RE: System completely hangs using acpi_cpufreq"
In reply to: Yi Yang: "Re: [2.6.16-rc5-m3 PATCH] inotify: add the monitor for the eventsource"
Next in thread: Yi Yang: "Re: [2.6.16-rc5-m3 PATCH] inotify: add the monitor for the eventsource"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2006-03-09 at 13:18 +0800, Yi Yang wrote:
> Arjan van de Ven wrote:
> > On Thu, 2006-03-09 at 00:33 +0800, Yi Yang wrote:
> >
> >> Current inotify implementation only focus on change of file system, but it doesn't
> >> know who results in this change, this patch adds three fields to struct inotify_event,
> >> tgid, uid and gid, they will save process ID, user ID and user group ID of the process
> >> which leads to change in the file system, such software as anti-virus can make use
> >> of this feature to monitor who is modifying a specific file.
> >>
> >
> >
> > this patch appears to change the ABI! That is bad bad bad.
> >
> a change of struct inotify_event can't change ABI, can you describe it
> more clear?

it breaks ABI because this structure is communicated to userspace, and
you change both the layout and the size of it. What else would ABI
mean??

> > Also, how can you guarantee that "current" is valid and meaningful at
> > the place you use it to get the user id ??
> >
> Of course, current process/thread never disappears before fsnotify_*
> returns.

but... what makes you think it's not a kernel thread such as kjournald?
(which have basically meaningless current)

> > Also the process ID part is really bogus, after all the process may have
> > exited by the time the inotify client gets to it, and the PID may even
> > already have been reused.
> >
> >
> Your concern is correct, but uid and git can give out some hints, I ever
> considered to
> save the name of current process, however that needs a bigger and
> length-variable
> inotify_event struct, moreover, to get the full path name of current
> process/thread
> in kernel will have a big overhead, so I must select a comprise way.

there is no "full path name" concept in linux like that. And even worse,
many processes will not have *any* path because they have been deleted,
especially the viruses will use this ;)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: [PATCH] Document Linux's memory barriers [try #2]"
Previous message: Brown, Len: "RE: System completely hangs using acpi_cpufreq"
In reply to: Yi Yang: "Re: [2.6.16-rc5-m3 PATCH] inotify: add the monitor for the eventsource"
Next in thread: Yi Yang: "Re: [2.6.16-rc5-m3 PATCH] inotify: add the monitor for the eventsource"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]