From: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
To: David Lamparter <equinox@diac24.net>
Cc: Rodrigo Moya <rodrigo.moya@collabora.co.uk>,
David Miller <davem@davemloft.net>,
javier@collabora.co.uk, eric.dumazet@gmail.com,
lennart@poettering.net, kay.sievers@vrfy.org,
alban.crequy@collabora.co.uk, bart.cerneels@collabora.co.uk,
sjoerd.simons@collabora.co.uk, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/10] af_unix: add multicast and filtering features to AF_UNIX
Date: Tue, 28 Feb 2012 17:33:04 +0100 [thread overview]
Message-ID: <4F4D01C0.3050808@collabora.co.uk> (raw)
In-Reply-To: <4F4CF1BF.7080503@collabora.co.uk>
On 02/28/2012 04:24 PM, Javier Martinez Canillas wrote:
> On 02/28/2012 03:28 PM, David Lamparter wrote:
>> On Tue, Feb 28, 2012 at 11:47:39AM +0100, Rodrigo Moya wrote:
>>> > - slow readers: dropping packets vs blocking the sender. Although
>>> > datagrams are not reliable on IP, datagrams on Unix sockets are
>>> never
>>> > lost. So if one receiver has its buffer full the sender is blocked
>>> > instead of dropping packets. That way we guarantee a reliable
>>> > communication channel.
>>
>> This sounds like a terribly nice way to f*ck the entire D-Bus system by
>> having one broken (or malicious) desktop application. What's the
>> intended way of coping with users that block the socket by not reading?
>>
>>
>> -David L.
>
> The problem is that D-bus expects a reliable transport method (TCP or
> SOCK_STREAM Unix socks) but this is not the case with multicast Unix
> sockets. Since our implementation is for SOCK_SEQPACKET and SOCK_DGRAM
> socket types.
>
> So, you have to either add another layer to the D-bus protocol to make
> it reliable (acks, retransmissions, flow control, etc) or avoid losing
> D-bus messages (by blocking the sender if one of the receivers has its
> buffer full).
>
Also, this problem exists with current D-bus implementation. If a
malicious desktop application doesn't read its socket then the messages
sent to it will be buffered in the daemon:
https://bugs.freedesktop.org/show_bug.cgi?id=33606
dbus-daemon memory usage will ballooning until
max_incoming_bytes/max_outgoing_bytes limit is reached (1GB for session
bus in default configuration)
<limit name="max_incoming_bytes">1000000000</limit>
<limit name="max_outgoing_bytes">1000000000</limit>
It only works because not many applications are broken and user-space
memory is virtualized. But if you bypass the daemon and use a multicast
transport layer (as in our multicast Unix socket implementation) you
don't have that much memory to buffer the packets.
So you have to either block the senders or:
- drop the slow reader
- kill the spammer
- have an infinite amount of memory
Regards,
Javier
next prev parent reply other threads:[~2012-02-28 16:32 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-20 15:57 [PATCH 0/10] af_unix: add multicast and filtering features to AF_UNIX Javier Martinez Canillas
2012-02-20 15:57 ` [PATCH 01/10] af_unix: Documentation on multicast unix sockets Javier Martinez Canillas
2012-02-20 15:57 ` [PATCH 02/10] af_unix: Add constant for unix socket options level Javier Martinez Canillas
2012-02-20 15:57 ` [PATCH 03/10] af_unix: add setsockopt on unix sockets Javier Martinez Canillas
2012-02-20 16:20 ` David Miller
2012-02-20 19:13 ` [PATCH 0/10] af_unix: add multicast and filtering features to AF_UNIX Colin Walters
2012-02-21 8:07 ` Rodrigo Moya
2012-02-24 20:36 ` David Miller
2012-02-27 14:00 ` Javier Martinez Canillas
2012-02-27 19:05 ` David Miller
2012-02-28 10:47 ` Rodrigo Moya
2012-02-28 14:28 ` David Lamparter
2012-02-28 15:24 ` Javier Martinez Canillas
2012-02-28 16:33 ` Javier Martinez Canillas [this message]
2012-02-28 19:05 ` David Miller
2012-03-01 11:57 ` Javier Martinez Canillas
2012-03-01 12:26 ` Eric Dumazet
2012-03-01 12:33 ` David Laight
2012-03-01 12:50 ` Rodrigo Moya
2012-03-01 12:59 ` Eric Dumazet
2012-03-01 13:56 ` Javier Martinez Canillas
2012-03-01 16:00 ` Eric Dumazet
2012-03-01 16:02 ` Luiz Augusto von Dentz
2012-03-01 17:06 ` Javier Martinez Canillas
2012-03-01 17:59 ` Eric Dumazet
2012-03-01 18:10 ` Alan Cox
2012-03-01 19:02 ` Javier Martinez Canillas
2012-03-01 19:29 ` Javier Martinez Canillas
2012-03-01 18:53 ` David Dillow
2012-03-01 20:55 ` David Miller
2012-03-02 4:40 ` Stephen Hemminger
2012-03-01 20:44 ` David Miller
2012-03-01 22:01 ` Luiz Augusto von Dentz
2012-03-01 22:08 ` David Miller
2012-03-02 8:39 ` Luiz Augusto von Dentz
2012-03-02 8:55 ` David Miller
2012-03-02 9:27 ` Javier Martinez Canillas
2012-03-02 9:39 ` David Miller
2012-03-02 13:13 ` Eric Dumazet
2012-03-02 16:34 ` Javier Martinez Canillas
2012-03-02 17:08 ` Alan Cox
2012-03-05 8:38 ` Luiz Augusto von Dentz
2012-03-05 14:05 ` Martin Mares
2012-03-05 15:11 ` Javier Martinez Canillas
2012-03-05 15:49 ` Martin Mares
2012-03-05 18:55 ` David Lamparter
2012-03-02 10:08 ` Luiz Augusto von Dentz
2012-03-03 12:20 ` Martin Mares
2012-03-02 22:19 ` david
2012-03-01 12:57 ` Luiz Augusto von Dentz
2012-03-01 20:42 ` David Miller
2012-03-01 14:25 Erik Hugne
2012-03-01 17:18 ` Rodrigo Moya
2012-03-02 7:01 ` Ying Xue
[not found] ` <4F506ABC.8050807@windriver.com>
2012-03-05 15:49 ` Erik Hugne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F4D01C0.3050808@collabora.co.uk \
--to=javier.martinez@collabora.co.uk \
--cc=alban.crequy@collabora.co.uk \
--cc=bart.cerneels@collabora.co.uk \
--cc=davem@davemloft.net \
--cc=equinox@diac24.net \
--cc=eric.dumazet@gmail.com \
--cc=javier@collabora.co.uk \
--cc=kay.sievers@vrfy.org \
--cc=lennart@poettering.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=rodrigo.moya@collabora.co.uk \
--cc=sjoerd.simons@collabora.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).