From: Linus Torvalds <torvalds@linux-foundation.org> To: Steven Whitehouse <swhiteho@redhat.com> Cc: David Howells <dhowells@redhat.com>, Ray Strode <rstrode@redhat.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Nicolas Dichtel <nicolas.dichtel@6wind.com>, raven@themaw.net, keyrings@vger.kernel.org, linux-usb@vger.kernel.org, linux-block <linux-block@vger.kernel.org>, Christian Brauner <christian@brauner.io>, LSM List <linux-security-module@vger.kernel.org>, linux-fsdevel <linux-fsdevel@vger.kernel.org>, Linux API <linux-api@vger.kernel.org>, Linux List Kernel Mailing <linux-kernel@vger.kernel.org>, Al Viro <viro@zeniv.linux.org.uk>, "Ray, Debarshi" <debarshi.ray@gmail.com>, Robbie Harwood <rharwood@redhat.com> Subject: Re: Why add the general notification queue and its sources Date: Fri, 6 Sep 2019 10:07:58 -0700 Message-ID: <CAHk-=wg6=qhw0-F=2_8y=VdT+fj8k7G1+t2XNSkRYimXhampVg@mail.gmail.com> (raw) In-Reply-To: <8e60555e-9247-e03f-e8b4-1d31f70f1221@redhat.com> On Fri, Sep 6, 2019 at 9:12 AM Steven Whitehouse <swhiteho@redhat.com> wrote: > > The events are generally not independent - we would need ordering either > implicit in the protocol or explicit in the messages. Note that pipes certainly would never re-order messages. It's just that _if_ you have two independent and concurrent readers of the same pipe, they could read one message each, and you couldn't tell which was first in user space. Of course, I would suggest that anything that actually has non-independent messages should always use a sequence number or something like that in the message anyway. But then it would have to be on a protocol level. And it's not clear that all notifications need it. If it's just a random "things changed" notification, mnaybe that doesn't need a sequence number or anything else. So being on a protocol/data stream level might be the right thing regardless. Another possibility is to just say "don't do that then". If you want multiple concurrent readers, open multiple pipes for them and use separate events, and be happy in the knowledge that you don't have any complicated cases. > We also need to > know in case messages are dropped too - doesn't need to be anything > fancy, just some idea that since we last did a read, there are messages > that got lost, most likely due to buffer overrun. Pipes don't have that, but another flag certainly wouldn't be _hard_ to add. But one problem (and this is fundamental) is that while O_DIRECT works today (and works with kernels going back years), any new features like overflow notification would obviously not work with legacy kernels. On the user write side, with an O_NONBLOCK pipe, you currently just get an -EAGAIN, so you _see_ the drop happening. But (again) there's no sticky flag for it anywhere else, and there's no clean automatic way for the reader to see "ok, the writer overflowed". That's not a problem for any future extensions - the feature sounds like a new flag and a couple of lines to do it - but it's a problem for the whole "prototype in user space using existing pipe support" that I personally find so nice, and which I think is such a good way to prove the user space _need_ for anything like this. But if people are ok with the pipe model in theory, _that_ kind of small and directed feature I have absolutely no problem with adding. It's just whole new untested character mode drivers with odd semantics that I find troublesome. Hmm. Maybe somebody can come up with a good legacy signaling solution (and "just use another pipe for error notification and OOB data" for the first one may _work_, but that sounds pretty hacky and just not very convenient). Linus
next prev parent reply index Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-09-04 22:15 [PATCH 00/11] Keyrings, Block and USB notifications [ver #8] David Howells 2019-09-04 22:15 ` [PATCH 01/11] uapi: General notification ring definitions " David Howells 2019-09-04 22:16 ` [PATCH 02/11] security: Add hooks to rule on setting a watch " David Howells 2019-09-04 22:16 ` [PATCH 03/11] security: Add a hook for the point of notification insertion " David Howells 2019-09-04 22:16 ` [PATCH 04/11] General notification queue with user mmap()'able ring buffer " David Howells 2019-09-04 22:16 ` [PATCH 05/11] keys: Add a notification facility " David Howells 2019-09-04 22:16 ` [PATCH 06/11] Add a general, global device notification watch list " David Howells 2019-09-04 22:16 ` [PATCH 07/11] block: Add block layer notifications " David Howells 2019-09-04 22:16 ` [PATCH 08/11] usb: Add USB subsystem " David Howells 2019-09-04 22:17 ` [PATCH 09/11] Add sample notification program " David Howells 2019-09-04 22:17 ` [PATCH 10/11] selinux: Implement the watch_key security hook " David Howells 2019-09-04 22:17 ` [PATCH 11/11] smack: Implement the watch_key and post_notification hooks " David Howells 2019-09-04 22:28 ` [PATCH 00/11] Keyrings, Block and USB notifications " Linus Torvalds 2019-09-05 17:01 ` Why add the general notification queue and its sources David Howells 2019-09-05 17:19 ` Linus Torvalds 2019-09-05 18:32 ` Ray Strode 2019-09-05 20:39 ` Linus Torvalds 2019-09-06 19:32 ` Ray Strode 2019-09-06 19:41 ` Ray Strode 2019-09-06 19:53 ` Robbie Harwood 2019-09-05 21:32 ` David Howells 2019-09-05 22:08 ` Linus Torvalds 2019-09-05 23:18 ` David Howells 2019-09-06 0:07 ` Linus Torvalds 2019-09-06 10:09 ` David Howells 2019-09-06 15:35 ` Linus Torvalds 2019-09-06 15:53 ` Linus Torvalds 2019-09-06 16:12 ` Steven Whitehouse 2019-09-06 17:07 ` Linus Torvalds [this message] 2019-09-06 17:14 ` Linus Torvalds 2019-09-06 21:19 ` David Howells 2019-09-06 17:14 ` Andy Lutomirski 2019-09-05 18:37 ` Steven Whitehouse 2019-09-05 18:51 ` Ray Strode 2019-09-05 20:09 ` David Lehman 2019-09-05 18:33 ` Greg Kroah-Hartman
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAHk-=wg6=qhw0-F=2_8y=VdT+fj8k7G1+t2XNSkRYimXhampVg@mail.gmail.com' \ --to=torvalds@linux-foundation.org \ --cc=christian@brauner.io \ --cc=debarshi.ray@gmail.com \ --cc=dhowells@redhat.com \ --cc=gregkh@linuxfoundation.org \ --cc=keyrings@vger.kernel.org \ --cc=linux-api@vger.kernel.org \ --cc=linux-block@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=linux-usb@vger.kernel.org \ --cc=nicolas.dichtel@6wind.com \ --cc=raven@themaw.net \ --cc=rharwood@redhat.com \ --cc=rstrode@redhat.com \ --cc=swhiteho@redhat.com \ --cc=viro@zeniv.linux.org.uk \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Linux-Security-Module Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \ linux-security-module@vger.kernel.org public-inbox-index linux-security-module Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module AGPL code for this site: git clone https://public-inbox.org/public-inbox.git