Re: [patch 7/8] fdmap v2 - implement sys_socket2

From: Kyle Moffett
Date: Sat Jun 09 2007 - 10:40:16 EST

Next message: Pavel Machek: "Re: AppArmor FAQ"
Previous message: Andy Whitcroft: "Re: [PATCH] checkpatch: add an exclusion for 'for_each' helper macros"
In reply to: Paul Mackerras: "Re: [patch 7/8] fdmap v2 - implement sys_socket2"
Next in thread: Paul Mackerras: "Re: [patch 7/8] fdmap v2 - implement sys_socket2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jun 09, 2007, at 01:41:42, Paul Mackerras wrote:

Davide Libenzi writes:

The only reason we use a floating base, is because Uli preferred to have non-exactly predictable fd allocations. There no reason of re-doing the same POSIX mistake all over again:

Why must everything that makes things a bit simpler and more predictable for application programmers be called a "mistake"?

1) Linear FD allocation makes it IMPOSSIBLE for libraries to reliably use persistent FDs behind an application's back. For example, this code sequence should almost always be OK: (except when calling into a library specifically to open a file or socket)

close(0);
some_library_function();
fd = open("some_file", O_RDWR);
/* fd == 0 here */

2) Another common code example which causes problems:

int i;
for (i = 0; i < NR_OPEN; i++)
if (!fd_is_special_to_us(i))
close(i);

Note that this is conceptually buggy, but occurs in several major C programming books, most of the major shells, and a lot of other software to boot.

3) In order to allocate new FDs, the kernel has to scan over a (potentially very large) bitmap. A process with 100,000 fds (not terribly uncommon) would have 12.5kbyte of FD bitmap and would trash the cache every time it tried to allocate an FD.

You can't even hope to use persistent library FDs with these problems, and they even cause problems with servers using lots of FDs. Introducing another linear FD space will just make this sort of stuff happen ALL OVER AGAIN.

If you want to make things reproducible, you could have an option where the "random" algorithm is just pseudo-linearly allocated FDs (no bitmap search) XORed with a boot-time constant either randomly- generated or set in the boot args. That way the people interested in maximum security or stress testing can use completely randomized numbers and the people who need reproducibility can get that too, *without* having the same linear FD allocation problems all over again. The fundamental problem is that a series of numbers increasing linearly from X (especially where X == 0) are used as meaningful data by lazy programmers, instead of just as a cookie. By nonlinearizing the data, even just a little, that becomes unlikely to occur. It also forces programmers to use FDs correctly and prevents problems like this in the future.

Cheers,
Kyle Moffett
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: AppArmor FAQ"
Previous message: Andy Whitcroft: "Re: [PATCH] checkpatch: add an exclusion for 'for_each' helper macros"
In reply to: Paul Mackerras: "Re: [patch 7/8] fdmap v2 - implement sys_socket2"
Next in thread: Paul Mackerras: "Re: [patch 7/8] fdmap v2 - implement sys_socket2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]