Re: changing mm->mmap_sem (was: Re: system call for process information?)

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Rik van Riel]

On Sun, 18 Mar 2001, Mike Galbraith wrote:

> > No, this was make -j30 bzImage.  (nscd was running though...)
> 
> I rebooted, shut down nscd prior to testing and did 5 builds in a row
> without a single gripe.  Started nscd for sixth run and instantly the
> kernel griped.  Yup.. threaded apps pushing swap.

OK, I'll write some code to prevent multiple threads from
stepping all over each other when they pagefault at the
same address.

What would be the preferred method of fixing this ?

- fixing do_swap_page and all ->nopage functions
- hacking handle_mm_fault to make sure no overlapping
  pagefaults will be served at the same time

regards,

Rik
--
Virtual memory is like a game you can't win;
However, without VM there's truly nothing to lose...

		http://www.surriel.com/
http://www.conectiva.com/	http://distro.conectiva.com.br/

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Linus Torvalds]

In article <Pine.LNX.4.21.0103181122480.13050-100000@imladris.rielhome.conectiva>,
Rik van Riel  <riel@conectiva.com.br> wrote:
>
>OK, I'll write some code to prevent multiple threads from
>stepping all over each other when they pagefault at the
>same address.
>
>What would be the preferred method of fixing this ?
>
>- fixing do_swap_page and all ->nopage functions

There is no need to fix gthe "nopage" functions. They never see the page
table directly anyway. 

So the only thing that _should_ be needed is to make sure that
do_no_page(), do_swap_page() and do_anonymous_page() will re-aquire the
mm->page_table_lock and undo their work if it turns out that the page
table entry is no longer empty.. 

(do_wp_page() should already be ok in this regard - it already does this
exactly because present pagetable entries can already race with kswapd. 
What we're adding is that _nonpresent_ page table entries can race with
multiple invocations of concurrent page faults)

>- hacking handle_mm_fault to make sure no overlapping
>  pagefaults will be served at the same time

No. The whole reason the rw_semaphores were done in the first place was
to allow page faults to happen concurrently to allow threaded
applictions to scale up even when faulting.

		Linus

[PATCH] Single user linux

[imel96]

hi,

a friend of my asked me on how to make linux easier to use
for personal/casual win user.

i found out that one of the big problem with linux and most
other operating system is the multi-user thing.

i think, no personal computer user should know about what's
an operating system idea of a user. they just want to use
the computer, that's it.

by a personal computer i mean home pc, notebook, tablet,
pda, and communicator. only one user will use those devices,
or maybe his/her friend/family. do you think that user want
to know about user account?

from that, i also found out that it is very awkward to type
username and password every time i use my computer.
so here's a patch. i also have removed the user_struct from
my kernel, but i don't think you'd like #ifdef's.
may be it'll be good for midori too.


	imel



--- sched.h	Mon Apr  2 18:57:06 2001
+++ sched.h~	Tue Apr 24 17:32:33 2001
@@ -655,6 +655,12 @@
 		       unsigned long, const char *, void *);
 extern void free_irq(unsigned int, void *);

+#ifdef CONFIG_NOUSER
+#define capable(x)	1
+#define suser()		1
+#define fsuser()	1
+#else
+
 /*
  * This has now become a routine instead of a macro, it sets a flag if
  * it returns true (to do BSD-style accounting where the process is flagged
@@ -706,6 +712,8 @@
 	}
 	return 0;
 }
+
+#endif /* CONFIG_NOUSER */

 /*
  * Routines for handling mm_structs

diff -ur linux/Documentation/Configure.help nouser/Documentation/Configure.help
--- linux/Documentation/Configure.help	Mon Apr  2 18:53:29 2001
+++ nouser/Documentation/Configure.help	Tue Apr 24 18:08:49 2001
@@ -13626,6 +13626,14 @@
   a work-around for a number of buggy BIOSes. Switch this option on if
   your computer crashes instead of powering off properly.

+Disable Multi-user (DANGEROUS)
+CONFIG_NOUSER
+  Disable kernel multi-user support. Normally, we treat each user
+  differently, depending on his/her permissions. If you _really_
+  think that you're not going to use your computer in a hostile
+  environment and would like to cut a few bytes, say Y.
+  Most people should say N.
+
 Watchdog Timer Support
 CONFIG_WATCHDOG
   If you say Y here (and to one of the following options) and create a
diff -ur linux/arch/i386/config.in nouser/arch/i386/config.in
--- linux/arch/i386/config.in	Mon Feb  5 18:50:27 2001
+++ nouser/arch/i386/config.in	Tue Apr 24 17:53:42 2001
@@ -244,6 +244,8 @@
    bool '    Use real mode APM BIOS call to power off' CONFIG_APM_REAL_MODE_POWER_OFF
 fi

+bool 'Disable Multi-user (DANGEROUS)' CONFIG_NOUSER
+
 endmenu

 source drivers/mtd/Config.in

Re: [PATCH] Single user linux

[Alexander Viro]

On Tue, 24 Apr 2001 imel96@trustix.co.id wrote:

> a friend of my asked me on how to make linux easier to use
> for personal/casual win user.
> 
> i found out that one of the big problem with linux and most
> other operating system is the multi-user thing.

What, makes it hard to write viruses for it? Awww, poor skr1pt k1dd13z...

> i think, no personal computer user should know about what's
> an operating system idea of a user. they just want to use
> the computer, that's it.

And would that "use" by any chance include access to network?

> by a personal computer i mean home pc, notebook, tablet,
> pda, and communicator. only one user will use those devices,
> or maybe his/her friend/family. do you think that user want
> to know about user account?

So let him log in as root, do everything as root and be cracked
like a bloody moron he is. Next?

> from that, i also found out that it is very awkward to type
> username and password every time i use my computer.

So break your /sbin/login.

> so here's a patch. i also have removed the user_struct from
> my kernel, but i don't think you'd like #ifdef's.
> may be it'll be good for midori too.

[snip the patch that makes all user ids equivalent to root, but
doesn't remove networking support]

What for? If they want root - give them root and be done with that.
No need to change the kernel.

You know, if you really do not understand the implications of
running everything with permissions equivalent to root - get
the hell out of any UNIX-related programming until you learn.

If you want CP/M or MacOS - you know where to find them.

Re: [PATCH] Single user linux

[imel96]

On Tue, 24 Apr 2001, Alexander Viro wrote:
> What, makes it hard to write viruses for it? Awww, poor skr1pt k1dd13z...
>

>
> And would that "use" by any chance include access to network?
>

>
> So let him log in as root, do everything as root and be cracked
> like a bloody moron he is. Next?
>

come on, it's hard for me as it's hard for you. not everybody
expect a computer to be like people here thinks how a computer
should be.

think about personal devices. something like the nokia communicator.
a system security passwd is acceptable, but that's it. no those-
device-user would like to know about user account, file ownership,
etc. they just want to use it.

that also explain why win95 user doesn't want to use NT. not
because they can't afford it (belive me, here NT costs only
us$2), but additional headache isn't acceptable.

with multi-user concept, conceptually there should be an
administrator to create account, grant permission, etc.
no my sister doesn't want that. i bet there are billions of
people not willing to learn how to use a computer, they just
want to use it.

and yes, mobile devices access network.


> What for? If they want root - give them root and be done with that.
> No need to change the kernel.
>
> You know, if you really do not understand the implications of
> running everything with permissions equivalent to root - get
> the hell out of any UNIX-related programming until you learn.
>
> If you want CP/M or MacOS - you know where to find them.

so what the hell is transmeta doing with mobile linux (midori).
is it going to teach multi-user thing to tablet owners?
surely mortals expect midori to behave like their pc. lets say
on redhat, they have to login as root to access their files,
they don't even know what a root is!

lets break unix mind for a while, and give everyone a chance
to use linux.


		imel

Re: [PATCH] Single user linux

[Mohammad A. Haque]

imel96@trustix.co.id wrote:
> 
> hi,
> 
> a friend of my asked me on how to make linux easier to use
> for personal/casual win user.
> 
> i found out that one of the big problem with linux and most
> other operating system is the multi-user thing.
> 
> i think, no personal computer user should know about what's
> an operating system idea of a user. they just want to use
> the computer, that's it.
> 
> by a personal computer i mean home pc, notebook, tablet,
> pda, and communicator. only one user will use those devices,
> or maybe his/her friend/family. do you think that user want
> to know about user account?
> 
> from that, i also found out that it is very awkward to type
> username and password every time i use my computer.

Sounds to me like you really don't get the whole concept of permissions
and that it's how Unix works.

Besides, why should the kernel do anythign different for you when there
are userland tools that you can use to have the system auto-login as a
specified user?

-- 

=====================================================================
Mohammad A. Haque                              http://www.haque.net/ 
                                               mhaque@haque.net

  "Alcohol and calculus don't mix.             Project Lead
   Don't drink and derive." --Unknown          http://wm.themes.org/
                                               batmanppc@themes.org
=====================================================================

[OFFTOPIC] Re: [PATCH] Single user linux

[Mike A. Harris]

On Tue, 24 Apr 2001 imel96@trustix.co.id wrote:

>a friend of my asked me on how to make linux easier to use
>for personal/casual win user.
>
>i found out that one of the big problem with linux and most
>other operating system is the multi-user thing.
>
>i think, no personal computer user should know about what's
>an operating system idea of a user. they just want to use
>the computer, that's it.
>
>by a personal computer i mean home pc, notebook, tablet,
>pda, and communicator. only one user will use those devices,
>or maybe his/her friend/family. do you think that user want
>to know about user account?
>
>from that, i also found out that it is very awkward to type
>username and password every time i use my computer.
>so here's a patch. i also have removed the user_struct from
>my kernel, but i don't think you'd like #ifdef's.
>may be it'll be good for midori too.

trustix.co.id?  hehehe.

If you don't want to login with user/password, then change your
password to "".  Don't want to even do that?  Then just change
/etc/inittab to invoke "login -f username" instead of mingetty or
whatever.  No need at all to hack the kernel up.

Dunno why you sent the patch here or to Linus though..  The
chance of it even being looked at are about 1/2^infinity  ;o)

I've got a hacked up version of mingetty that allows you to
configure autologins on tty's if you like.  You're welcome to my
packages if you like just email me privately. It is useful if you
are in an environment where physical security is not a concern at
all, but network security is still a concern.  I use it so I can
boot up, login once, and it fires up tty's on all consoles for
me.  It can also bypass any login if you like.


----------------------------------------------------------------------
    Mike A. Harris  -  Linux advocate  -  Free Software advocate
          This message is copyright 2001, all rights reserved.
  Views expressed are my own, not necessarily shared by my employer.
----------------------------------------------------------------------

Re: [PATCH] Single user linux

[Daniel Stone]

On Tue, Apr 24, 2001 at 07:44:17PM +0700, imel96@trustix.co.id wrote:
> 
> On Tue, 24 Apr 2001, Alexander Viro wrote:
> > What, makes it hard to write viruses for it? Awww, poor skr1pt k1dd13z...
> >
> > And would that "use" by any chance include access to network?
> >
> > So let him log in as root, do everything as root and be cracked
> > like a bloody moron he is. Next?
> >
> 
> come on, it's hard for me as it's hard for you. not everybody
> expect a computer to be like people here thinks how a computer
> should be.

Hence, Microsoft Windows. It might not be stable, it might not be fast, it
might not do RAID, packet-filtering and SQL, but it does a job. A simple
job. To give Mum & Dad(tm) (with apologies to maddog) a chance to use a
computer.
 
> think about personal devices. something like the nokia communicator.
> a system security passwd is acceptable, but that's it. no those-
> device-user would like to know about user account, file ownership,
> etc. they just want to use it.

Since when, did mobile phones == computers?

> that also explain why win95 user doesn't want to use NT. not
> because they can't afford it (belive me, here NT costs only
> us$2), but additional headache isn't acceptable.

So, let them stay in Win95. They don't *need* NT.

> with multi-user concept, conceptually there should be an
> administrator to create account, grant permission, etc.
> no my sister doesn't want that. i bet there are billions of
> people not willing to learn how to use a computer, they just
> want to use it.

If your sister doesn't want that, give your sister a copy of Win95. If she
doesn't want that, she obviously wouldn't get any advantage out of Linux, as
opposed to Win95, whatsoever. Would she get a kick out of having to learn an
entirely new environment? Granted, I'm far more productive in GNOME,
Sawfish, emacs and mutt than Win95, Word and Outlook, but it takes people
time to get used to, and you'll have trouble dragging them out of
point-n-click.

> and yes, mobile devices access network.
>
> > What for? If they want root - give them root and be done with that.
> > No need to change the kernel.
> >
> > You know, if you really do not understand the implications of
> > running everything with permissions equivalent to root - get
> > the hell out of any UNIX-related programming until you learn.
> >
> > If you want CP/M or MacOS - you know where to find them.
> 
> so what the hell is transmeta doing with mobile linux (midori).
> is it going to teach multi-user thing to tablet owners?
> surely mortals expect midori to behave like their pc. lets say
> on redhat, they have to login as root to access their files,
> they don't even know what a root is!
> 
> lets break unix mind for a while, and give everyone a chance
> to use linux.

If you don't want multiple users, don't add them. Just be content with root,
and give her root. It has multiple user capabilities, which should be used
under all circumstances, but if you don't want something, don't use it. You
have a choice.

My $au0.02. (which is apparently just over us1c now. oh joy).

-- 
Daniel Stone
Linux Kernel Developer
daniel@kabuki.openfridge.net

Re: [PATCH] Single user linux

[Alexander Viro]

On Tue, 24 Apr 2001 imel96@trustix.co.id wrote:

[snip long wankage]

Equivalent of your "patch" can be achieved by making login(1) and
friends let everyone in as root without asking password. End of
story. If you don't understand even _that_ - you don't understand
the bloody basics of the system and I certainly don't want to
deal with your code anywhere near the kernel.

Re: [PATCH] Single user linux

[Sean Hunter]

On Tue, Apr 24, 2001 at 07:44:17PM +0700, imel96@trustix.co.id wrote:
> with multi-user concept, conceptually there should be an
> administrator to create account, grant permission, etc.
> no my sister doesn't want that. i bet there are billions of
> people not willing to learn how to use a computer, they just
> want to use it.

So they buy Macs.  <- This is not a joke or a criticism.  My wife is a happy
and contented ignorant mac user.  

[snippage]

> so what the hell is transmeta doing with mobile linux (midori).
> is it going to teach multi-user thing to tablet owners?
> surely mortals expect midori to behave like their pc. lets say
> on redhat, they have to login as root to access their files,
> they don't even know what a root is!
> 
> lets break unix mind for a while, and give everyone a chance
> to use linux.
> 

If you wanted to do this, the correct place would be to alter your pam config,
but then again, if you knew the slightest thing about unix, you'd know that.

Sean

Re: [PATCH] Single user linux

[Roland Seuhs]

Am Dienstag, 24. April 2001 14:44 schrieb imel96@trustix.co.id:
> On Tue, 24 Apr 2001, Alexander Viro wrote:
> > So let him log in as root, do everything as root and be cracked
> > like a bloody moron he is. Next?
>
> come on, it's hard for me as it's hard for you. not everybody
> expect a computer to be like people here thinks how a computer
> should be.
>
> think about personal devices. something like the nokia communicator.
> a system security passwd is acceptable, but that's it. no those-
> device-user would like to know about user account, file ownership,
> etc. they just want to use it.
>
> that also explain why win95 user doesn't want to use NT. not
> because they can't afford it (belive me, here NT costs only
> us$2), but additional headache isn't acceptable.
>
> with multi-user concept, conceptually there should be an
> administrator to create account, grant permission, etc.
> no my sister doesn't want that. i bet there are billions of
> people not willing to learn how to use a computer, they just
> want to use it.
>
> and yes, mobile devices access network.

KDE2.1.1 comes with a password disabling feature. That means that you can log 
in without password (you have to use KDM). For everything else (ftp, telnet, 
ssh, text-console-login - whatever) you still need the password. 
This is very new, KDE-versions prior to 2.1.1 don't have that feature AFAIK.

So if you've got physical access to the machine you just have to click on 
your icon/name and cklick "Go!" or press Enter. It can't get much easier than 
that.

I think this is a far better alternative than a single user Linux.

Greetings,

Roland

Re: [PATCH] Single user linux

[Alexander Viro]

On Tue, 24 Apr 2001, Mohammad A. Haque wrote:

> imel96@trustix.co.id wrote:

[snip]
 
> Sounds to me like you really don't get the whole concept of permissions
> and that it's how Unix works.
> 
> Besides, why should the kernel do anythign different for you when there
> are userland tools that you can use to have the system auto-login as a
> specified user?

With apologies to Tom Lehrer...

	Hooray for the Folk Song Army,
	We will show you the way.
	'Cause we all hate poverty, war, and injustice,
	And chords that are too hard to play.

Re: [PATCH] Single user linux

[Richard B. Johnson]

On Tue, 24 Apr 2001 imel96@trustix.co.id wrote:

> 
> On Tue, 24 Apr 2001, Alexander Viro wrote:
> > What, makes it hard to write viruses for it? Awww, poor skr1pt k1dd13z...
[SNIPPED..]
> 
> > > And would that "use" by any chance include access to network?  >
> 
> >
> > So let him log in as root, do everything as root and be cracked
> > like a bloody moron he is. Next?
> >
> 
> come on, it's hard for me as it's hard for you. not everybody
> expect a computer to be like people here thinks how a computer
> should be.
> 
> think about personal devices. something like the nokia communicator.
> a system security passwd is acceptable, but that's it. no those-
> device-user would like to know about user account, file ownership,
> etc. they just want to use it.
> 

[SNIPPED...]
You are on the wrong list. You don't modify the kernel to make
a "single-user" machine. You modify the password file in /etc/passwd.
Until you know, and completely understand this, you will be laughed at.

When an interactive process is started, /bin/login gets the new
process information from the /etc/passwd file just before it gets
overwritten (exec) by the shell shown in that same password file.

If you want your accounts to have root privs, you set the UID and
GID fields in the password file to 0 and 0 respectively. I would
not suggest that you connect your computer to a network if you
do this.

Cheers,
Dick Johnson

Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).

"Memory is like gasoline. You use it up when you are running. Of
course you get it all back when you reboot..."; Actual explanation
obtained from the Micro$oft help desk.

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Tomas Telensky]

> 
> trustix.co.id?  hehehe.
> 
> If you don't want to login with user/password, then change your
> password to "".  Don't want to even do that?  Then just change
> /etc/inittab to invoke "login -f username" instead of mingetty or
> whatever.  No need at all to hack the kernel up.
> 
> Dunno why you sent the patch here or to Linus though..  The
> chance of it even being looked at are about 1/2^infinity  ;o)

:-) Great.
You and Alex are right - I agree that this is a complete moronism.

But, what I should say to the network security, is that AFAIK in the most
of linux distributions the standard daemons (httpd, sendmail) are run as
root! Having multi-user system or not! Why? For only listening to a port
<1024? Is there any elegant solution?

  Tomas

Re: [PATCH] Single user linux

[imel96]

On Tue, 24 Apr 2001, Daniel Stone wrote:
> Hence, Microsoft Windows. It might not be stable, it might not be fast, it
> might not do RAID, packet-filtering and SQL, but it does a job. A simple
> job. To give Mum & Dad(tm) (with apologies to maddog) a chance to use a
> computer.
>
>
> Since when, did mobile phones == computers?

read the news! i'm programming nokia 9210 with c++, is that
computer enough?

i bet if you programmed one, you'd wish you have posix
interface.

>
> > that also explain why win95 user doesn't want to use NT. not
> > because they can't afford it (belive me, here NT costs only
> > us$2), but additional headache isn't acceptable.
>
> So, let them stay in Win95. They don't *need* NT.

and how's stability, speed, etc. they read. is there a linux
advocate around here?


> If your sister doesn't want that, give your sister a copy of Win95. If she
> doesn't want that, she obviously wouldn't get any advantage out of Linux, as
> opposed to Win95, whatsoever. Would she get a kick out of having to learn an
> entirely new environment? Granted, I'm far more productive in GNOME,
> Sawfish, emacs and mutt than Win95, Word and Outlook, but it takes people
> time to get used to, and you'll have trouble dragging them out of
> point-n-click.

okay, it wouldn't cost me. but it surely easier if everybody used
linux, so i could put my ext2 disk everywhere i want.

hey, it's obvious that it's not for a server!
i try to point out a problem for people not on this list, don't
work around that problem.



		imel

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Mohammad A. Haque]

On Tue, 24 Apr 2001, Tomas Telensky wrote:

> :-) Great.
> You and Alex are right - I agree that this is a complete moronism.
>
> But, what I should say to the network security, is that AFAIK in the most
> of linux distributions the standard daemons (httpd, sendmail) are run as
> root! Having multi-user system or not! Why? For only listening to a port
> <1024? Is there any elegant solution?

If your distro is runnign httpd as root you may want to give them a nice
swift kick in the behind. By default apache is configured to run as
nobody.

Dunno about sendmail.

Correct. <1024 requires root to bind to the port.

-- 

=====================================================================
Mohammad A. Haque                              http://www.haque.net/
                                               mhaque@haque.net

  "Alcohol and calculus don't mix.             Project Lead
   Don't drink and derive." --Unknown          http://wm.themes.org/
                                               batmanppc@themes.org
=====================================================================

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Alexander Viro]

On Tue, 24 Apr 2001, Tomas Telensky wrote:

> of linux distributions the standard daemons (httpd, sendmail) are run as
> root! Having multi-user system or not! Why? For only listening to a port
> <1024? Is there any elegant solution?

Sendmail is old. Consider it as a remnant of times when network was
more... friendly. Security considerations were mostly ignored - and
not only by sendmail. It used to be choke-full of holes. They were
essentially debugged out of it in late 90s. It seems to be more or
less OK these days, but it's full of old cruft. And splitting the
thing into reasonable parts and leaving them with minaml privileges
they need is large and painful work.

There are alternatives (e.g. exim, or two unmentionable ones) that are
cleaner. Besides, there are some, erm, half-promises that next major
release of sendmail may be a big cleanup. Hell knows what will come out
of that.

Re: [PATCH] Single user linux

[imel96]

On Tue, 24 Apr 2001, Richard B. Johnson wrote:
> You are on the wrong list. You don't modify the kernel to make
> a "single-user" machine. You modify the password file in /etc/passwd.
> Until you know, and completely understand this, you will be laughed at.
>
> When an interactive process is started, /bin/login gets the new
> process information from the /etc/passwd file just before it gets
> overwritten (exec) by the shell shown in that same password file.
>
> If you want your accounts to have root privs, you set the UID and
> GID fields in the password file to 0 and 0 respectively. I would
> not suggest that you connect your computer to a network if you
> do this.

thank you very much fyi.
if just you tried to understand it a little further:
i didn't change all uid/gid to 0!

why? so with that radical patch, users will still have
uid/gid so programs know the user's profile.

if everyone had 0/0 uid/gid, pine will open /var/spool/mail/root,
etc.


		imel

Re: [PATCH] Single user linux

[Daniel Stone]

On Tue, Apr 24, 2001 at 08:27:56PM +0700, imel96@trustix.co.id wrote:
> On Tue, 24 Apr 2001, Daniel Stone wrote:
> > Hence, Microsoft Windows. It might not be stable, it might not be fast, it
> > might not do RAID, packet-filtering and SQL, but it does a job. A simple
> > job. To give Mum & Dad(tm) (with apologies to maddog) a chance to use a
> > computer.
> >
> >
> > Since when, did mobile phones == computers?
> 
> read the news! i'm programming nokia 9210 with c++, is that
> computer enough?

Aah. I see. Where was this? I never saw it.
 
> i bet if you programmed one, you'd wish you have posix
> interface.

That may be so, so hack up your own OS. It's a MOBILE PHONE, it needs to be
absolutely *rock solid*. Look at the 5110, that's just about perfect. The
7110, on the other hand ...

> > > that also explain why win95 user doesn't want to use NT. not
> > > because they can't afford it (belive me, here NT costs only
> > > us$2), but additional headache isn't acceptable.
> >
> > So, let them stay in Win95. They don't *need* NT.
> 
> and how's stability, speed, etc. they read. is there a linux
> advocate around here?

There are Linux advocates, but I'd say most of us are sane enough to use the
right-tool-for-the-job approach. And UNIX on a phone is pure overkill.
 
> > If your sister doesn't want that, give your sister a copy of Win95. If she
> > doesn't want that, she obviously wouldn't get any advantage out of Linux, as
> > opposed to Win95, whatsoever. Would she get a kick out of having to learn an
> > entirely new environment? Granted, I'm far more productive in GNOME,
> > Sawfish, emacs and mutt than Win95, Word and Outlook, but it takes people
> > time to get used to, and you'll have trouble dragging them out of
> > point-n-click.
> 
> okay, it wouldn't cost me. but it surely easier if everybody used
> linux, so i could put my ext2 disk everywhere i want.
>
> hey, it's obvious that it's not for a server!
> i try to point out a problem for people not on this list, don't
> work around that problem.

Your sister won't notice much advantage. Linux on a workstation actually has
*disadvantages* (unfamiliar interface, unintuitive same, etc), as opposed to
'Doze on a workstation. Sure it's more stable, and the tiniest bit faster,
but what's that really matter to your sister, if she can't even figure out
how to use it?

-d, who owns a 7110 and can lock it solid, or get it to do funny resetting
tricks, at least once every 2 days

-- 
Daniel Stone
Linux Kernel Developer
daniel@kabuki.openfridge.net

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Alexander Viro]

On Tue, 24 Apr 2001, Mohammad A. Haque wrote:

> Correct. <1024 requires root to bind to the port.

... And nothing says that it should be done by daemon itself.

Re: [PATCH] Single user linux

[Mohammad A. Haque]

On Tue, 24 Apr 2001 imel96@trustix.co.id wrote:
> okay, it wouldn't cost me. but it surely easier if everybody used
> linux, so i could put my ext2 disk everywhere i want.
>
> hey, it's obvious that it's not for a server!
> i try to point out a problem for people not on this list, don't
> work around that problem.

Man, do you like not search for software or someting?

1) There exists a ext2 driver for Win9x

2) You are NOT trying to point out or solve a problem. You're just
trying to force something you think is right in your own little world
into the kernel. Had you searched around, you'd see that this 'problem'
as you call it has been addressed.

--

=====================================================================
Mohammad A. Haque                              http://www.haque.net/
                                               mhaque@haque.net

  "Alcohol and calculus don't mix.             Project Lead
   Don't drink and derive." --Unknown          http://wm.themes.org/
                                               batmanppc@themes.org
=====================================================================

Re: [PATCH] Single user linux

[Mike A. Harris]

On Tue, 24 Apr 2001, Roland Seuhs wrote:

>> with multi-user concept, conceptually there should be an
>> administrator to create account, grant permission, etc.
>> no my sister doesn't want that. i bet there are billions of
>> people not willing to learn how to use a computer, they just
>> want to use it.
>>
>> and yes, mobile devices access network.
>
>KDE2.1.1 comes with a password disabling feature. That means that you can log
>in without password (you have to use KDM). For everything else (ftp, telnet,
>ssh, text-console-login - whatever) you still need the password.

ftp://people.redhat.com/mharris/hacks/mingetty

This allows you to do:

5:2345:respawn:/sbin/mingetty --autologin=mharris tty5

in /etc/inittab at boot time.  The only problem with it is if you
upgrade and mingetty gets upgraded the standard mingetty doesn't
grok --autologin so it explodes and respawns until init kills it.

I'm rewriting it to use a config file instead, and might possibly
change the name if Florian doesn't mind.



----------------------------------------------------------------------
    Mike A. Harris  -  Linux advocate  -  Free Software advocate
          This message is copyright 2001, all rights reserved.
  Views expressed are my own, not necessarily shared by my employer.
----------------------------------------------------------------------

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Tomas Telensky]

On Tue, 24 Apr 2001, Alexander Viro wrote:

> 
> 
> On Tue, 24 Apr 2001, Tomas Telensky wrote:
> 
> > of linux distributions the standard daemons (httpd, sendmail) are run as
> > root! Having multi-user system or not! Why? For only listening to a port
> > <1024? Is there any elegant solution?
> 
> Sendmail is old. Consider it as a remnant of times when network was
> more... friendly. Security considerations were mostly ignored - and
> not only by sendmail. It used to be choke-full of holes. They were
> essentially debugged out of it in late 90s. It seems to be more or
> less OK these days, but it's full of old cruft. And splitting the
> thing into reasonable parts and leaving them with minaml privileges
> they need is large and painful work.

Thanks for the comment. And why not just let it listen to 25 and then
being run as uid=nobody, gid=mail?
  Tomas

> 
> There are alternatives (e.g. exim, or two unmentionable ones) that are
> cleaner. Besides, there are some, erm, half-promises that next major
> release of sendmail may be a big cleanup. Hell knows what will come out
> of that.
> 

Re: [PATCH] Single user linux

[Alan Cox]

> so what the hell is transmeta doing with mobile linux (midori).
> is it going to teach multi-user thing to tablet owners?

Thats you problem. Distinguish the OS from the user interface.

> surely mortals expect midori to behave like their pc. lets say
> on redhat, they have to login as root to access their files,
> they don't even know what a root is!

Even my digital tv box has multiple users. The fact you cannot figure out how
to make your UI present that to the end user in a suitable manner is not
the kernels problem. Get a real UI designer

problem found (was Re: [PATCH] Single user linux)

[imel96]

On Tue, 24 Apr 2001, Daniel Stone wrote:
> Aah. I see. Where was this? I never saw it.

psst, it's a proto.

> That may be so, so hack up your own OS. It's a MOBILE PHONE, it needs to be
> absolutely *rock solid*. Look at the 5110, that's just about perfect. The
> 7110, on the other hand ...

mobile phone to you! already, people has put linux on pdas.

> There are Linux advocates, but I'd say most of us are sane enough to use the
> right-tool-for-the-job approach. And UNIX on a phone is pure overkill.

problem is you guys are to unix-centric, try to be user-centric a little.
it's not like it ruins everything. that patch basically do something
like allowing access to port <1024 to everybody, someone just need
to bring a notebook to get passwd from nis.
multi-user security is useless at home as physical access is there.


		imel

Re: problem found (was Re: [PATCH] Single user linux)

[Daniel Stone]

On Tue, Apr 24, 2001 at 09:04:02PM +0700, imel96@trustix.co.id wrote:
> 
> 

What's with all these blank lines? Everywhere!

> On Tue, 24 Apr 2001, Daniel Stone wrote:
> > Aah. I see. Where was this? I never saw it.
> 
> psst, it's a proto.

Right-o. In the news, you say. Hrm.

> > That may be so, so hack up your own OS. It's a MOBILE PHONE, it needs to be
> > absolutely *rock solid*. Look at the 5110, that's just about perfect. The
> > 7110, on the other hand ...
> 
> mobile phone to you! already, people has put linux on pdas.

True, but I don't see what's so l33t about having bash on an Agenda, except
for, say, the novelty value of opening it up and writing "date" to get the
date in UNIX format, when someone asks you the time.

> > There are Linux advocates, but I'd say most of us are sane enough to use the
> > right-tool-for-the-job approach. And UNIX on a phone is pure overkill.
> 
> problem is you guys are to unix-centric, try to be user-centric a little.

We're too UNIX-centric, yet you're the one trying to put UNIX on a phone?
Come on ...

Al Viro made some excellent points there. If you want to run single-user,
hack /sbin/login. Hack /sbin/init. But it's not the kernel's job, what you
do.

> it's not like it ruins everything. that patch basically do something
> like allowing access to port <1024 to everybody, someone just need
> to bring a notebook to get passwd from nis.
> multi-user security is useless at home as physical access is there.

Well, not really, because what if I run single-user, but I also need to get
in from home? So, everyone who connects, gets in? What if I run BIND, and
forget to update before an exploit? Whoops, there goes my entire system,
exploited like that. Single-user is absolutely stupid, IMNSHO. Unless, of
course, if you're using something that will *never* be connected, like a
watch. In a rabbithole. A rabbithole which is B2 secure.

-- 
Daniel Stone
Linux Kernel Developer
daniel@kabuki.openfridge.net

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Alexander Viro]

On Tue, 24 Apr 2001, Tomas Telensky wrote:

> Thanks for the comment. And why not just let it listen to 25 and then
> being run as uid=nobody, gid=mail?

Handling of .forward, for one thing. Or pipe aliases, or...

None of this stuff is unsolvable (e.g. handling of .forward belongs to
MDA, not MTA), but changing that will break existing setups.

Re: [PATCH] Single user linux

[imel96]

On Tue, 24 Apr 2001, Alan Cox wrote:
> > so what the hell is transmeta doing with mobile linux (midori).
> > is it going to teach multi-user thing to tablet owners?
>
> Thats you problem. Distinguish the OS from the user interface.

sigh. is that mean the little thing had to do capable() check
each time it access something?

> Even my digital tv box has multiple users. The fact you cannot figure out how
> to make your UI present that to the end user in a suitable manner is not
> the kernels problem. Get a real UI designer

if it's useful, it's okay. if not, what is it doing there?


		imel

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Alan Cox]

> On Tue, 24 Apr 2001, Mohammad A. Haque wrote:
> > Correct. <1024 requires root to bind to the port.
> ... And nothing says that it should be done by daemon itself.

Or that you shouldnt let inetd do it for you
And that you shouldn't drop the capabilities except that bind

It is possible to implement the entire mail system without anything running
as root but xinetd.

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Alexander Viro]

On Tue, 24 Apr 2001, Alan Cox wrote:

> > On Tue, 24 Apr 2001, Mohammad A. Haque wrote:
> > > Correct. <1024 requires root to bind to the port.
> > ... And nothing says that it should be done by daemon itself.
> 
> Or that you shouldnt let inetd do it for you
> And that you shouldn't drop the capabilities except that bind
> 
> It is possible to implement the entire mail system without anything running
> as root but xinetd.

You want an MDA with elevated privileges, though...

Re: [PATCH] Single user linux

[Mike A. Harris]

On Tue, 24 Apr 2001 imel96@trustix.co.id wrote:

>> Even my digital tv box has multiple users. The fact you cannot figure out how
>> to make your UI present that to the end user in a suitable manner is not
>> the kernels problem. Get a real UI designer
>
>if it's useful, it's okay. if not, what is it doing there?

Serving it's purpose?  ;o)

Here is a useful command for you to add to your toolkit:

chmod -R 777 /

GPL of course.  ;o)


----------------------------------------------------------------------
    Mike A. Harris  -  Linux advocate  -  Free Software advocate
          This message is copyright 2001, all rights reserved.
  Views expressed are my own, not necessarily shared by my employer.
----------------------------------------------------------------------

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Gábor Lénárt]

On Tue, Apr 24, 2001 at 03:18:11PM +0100, Alan Cox wrote:
> > On Tue, 24 Apr 2001, Mohammad A. Haque wrote:
> > > Correct. <1024 requires root to bind to the port.
> > ... And nothing says that it should be done by daemon itself.
> 
> Or that you shouldnt let inetd do it for you
> And that you shouldn't drop the capabilities except that bind
> 
> It is possible to implement the entire mail system without anything running
> as root but xinetd.

Or even without xinetd. Just use local port forwarding eg 2525 -> 25, and
use port 2525 as SMTP port in your MTA. I've succeed to setup such a
configuration.

-- 
 --[ Gábor Lénárt ]---[ Vivendi Telecom Hungary ]---------[ lgb@lgb.hu ]--
 U have 8 bit comp or chip of them and it's unused or to be sold? Call me!
 -------[ +36 30 2270823 ]------> LGB <-----[ Linux/UNIX/8bit 4ever ]-----

Re: [PATCH] Single user linux

[Alan Cox]

> > Even my digital tv box has multiple users. The fact you cannot figure out how
> > to make your UI present that to the end user in a suitable manner is not
> > the kernels problem. Get a real UI designer
> 
> if it's useful, it's okay. if not, what is it doing there?

For one it allowing you to build enough of a security model to prevent your
phone user from deleting critical system files by accident. Something 
incredibly basic that I cannot believe anyone could overlook

Take a look why my Digital TV has multiple users


	-	It can charge pay per view films to multiple accounts
		(think about multiple SIM cards)

	-	It remembers personal barriers (so I can require
		passwords to watch adult rated films for example)
		(For a phone think about call barring - set the phone user
		 and loan it for calls home only to children)

	-	It remembers preferences. (Currently only useful for junk
		sky interactive stuff like email)
		(think about multiple email accounts)

And it has a perfectly sane UI for all of this. In fact most people have 
probably never realised their set top box even has the concept of users in it
because they've never set more than one up.

Another reason your device needs good security models is that if I can't store
digital credit card data safely on it, its a dead product line soon. If it
can't do internet its an ex product.

How do you plan to do internet without a security model in your OS. How are you
going to protect credit card data from web browser bugs. How are you going to
protect that data from sms parsing bugs ?

How do you plan to deal with synchronizing data between multiple systems when
you have no user model ?

The questions you should be asking are not 'Why do I need a security model' they
are 'Is the model provided good enough'.

Alan

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Alan Cox]

> > It is possible to implement the entire mail system without anything running
> > as root but xinetd.
> 
> You want an MDA with elevated privileges, though...

What role requires priviledge once the port is open ?

	DNS lookup does not
	Spooling to disk does not
	Accepting a connection from a client does not
	Doing peercred auth with a client does not
	Copying spool articles matching the peercred to the client does not

Alan

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Alexander Viro]

On Tue, 24 Apr 2001, Alan Cox wrote:

> > > It is possible to implement the entire mail system without anything running
> > > as root but xinetd.
> > 
> > You want an MDA with elevated privileges, though...
                 ^
> What role requires priviledge once the port is open ?

.forward handling may, depending on how much do you want to put into it.

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[CaT]

On Tue, Apr 24, 2001 at 03:37:34PM +0100, Alan Cox wrote:
> What role requires priviledge once the port is open ?
> 
> 	DNS lookup does not
> 	Spooling to disk does not
> 	Accepting a connection from a client does not
> 	Doing peercred auth with a client does not
> 	Copying spool articles matching the peercred to the client does not

Running procmail as the user who is to receive the email for local mail
delivery as running it with gid mail (for eg) would allow one user to
modify another's mail.

(just a thought - the above's valid with sendmail at least)

-- 
CaT (cat@zip.com.au)		*** Jenna has joined the channel.
				<cat> speaking of mental giants..
				<Jenna> me, a giant, bullshit
				<Jenna> And i'm not mental
					- An IRC session, 20/12/2000

Re: problem found (was Re: [PATCH] Single user linux)

[Xavier Bestel]

Le 25 Apr 2001 00:06:57 +1000, Daniel Stone a écrit :

> > problem is you guys are to unix-centric, try to be user-centric a little.
> 
> We're too UNIX-centric, yet you're the one trying to put UNIX on a phone?
> Come on ...

Hey ! We already put uClinux on a phone ! Full-fledge linux is not far,
beware !

Cheers,

Xav

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Pjotr Kourzanoff]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: TEXT/PLAIN; charset=X-UNKNOWN, Size: 556 bytes --]

On Tue, 24 Apr 2001, [iso-8859-2] Gábor Lénárt wrote:
>
> Or even without xinetd. Just use local port forwarding eg 2525 -> 25, and

  This is more like 25 -> 2525 :-)

> use port 2525 as SMTP port in your MTA. I've succeed to setup such a
> configuration.

  This requires you to ensure that your MTA is started first on that
  port...Might be difficult to achieve reliably in an automatic way
  without root privileges :-(

  mailuser@foo% /etc/rc.d/init.d/sendmail stop
  badguy@foo% ./suck 2525
  mailuser@foo% /etc/rc.d/init.d/sendmail start
  ...

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Gerhard Mack]

On Tue, 24 Apr 2001, Alan Cox wrote:

> > On Tue, 24 Apr 2001, Mohammad A. Haque wrote:
> > > Correct. <1024 requires root to bind to the port.
> > ... And nothing says that it should be done by daemon itself.
> 
> Or that you shouldnt let inetd do it for you
> And that you shouldn't drop the capabilities except that bind
> 
> It is possible to implement the entire mail system without anything running
> as root but xinetd.
> 
Qmail does exactly this afik.  

I've always found the root < 1024 to be quite limmited and find myself
wishing I could assign permissions based on ip/port. 

	Gerhard

 

--
Gerhard Mack

gmack@innerfire.net

<>< As a computer I find your faith in technology amusing.

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Gábor Lénárt]

On Tue, Apr 24, 2001 at 04:49:57PM +0200, Pjotr Kourzanoff wrote:
> On Tue, 24 Apr 2001, [iso-8859-2] Gábor Lénárt wrote:
> >
> > Or even without xinetd. Just use local port forwarding eg 2525 -> 25, and
> 
>   This is more like 25 -> 2525 :-)

OK, that was a hard night for me, I need some sleeeeeep :)

> > use port 2525 as SMTP port in your MTA. I've succeed to setup such a
> > configuration.
> 
>   This requires you to ensure that your MTA is started first on that
>   port...Might be difficult to achieve reliably in an automatic way
>   without root privileges :-(
> 
>   mailuser@foo% /etc/rc.d/init.d/sendmail stop
>   badguy@foo% ./suck 2525
>   mailuser@foo% /etc/rc.d/init.d/sendmail start

Yes, you're right. But this is a mail server without any user on it
(even users are authenticated from LDAP).

-- 
 --[ Gábor Lénárt ]---[ Vivendi Telecom Hungary ]---------[ lgb@lgb.hu ]--
 U have 8 bit comp or chip of them and it's unused or to be sold? Call me!
 -------[ +36 30 2270823 ]------> LGB <-----[ Linux/UNIX/8bit 4ever ]-----

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Alan Cox]

> > 	Copying spool articles matching the peercred to the client does not
> 
> Running procmail as the user who is to receive the email for local mail
> delivery as running it with gid mail (for eg) would allow one user to
> modify another's mail.

What is this gid mail crap ? You don't need priviledge. You get the mail by
asking the daemon for it. procmail needs no priviledge either if it is done
right.

You just need to think about the security models in the right way. Linux gives
you the ability to do authenticated uid/gid checking over a socket connection.
That is an incredibly powerful model for real compartmentalisation.

Alan

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[CaT]

On Tue, Apr 24, 2001 at 04:49:57PM +0200, Pjotr Kourzanoff wrote:
> > use port 2525 as SMTP port in your MTA. I've succeed to setup such a
> > configuration.
> 
>   This requires you to ensure that your MTA is started first on that
>   port...Might be difficult to achieve reliably in an automatic way
>   without root privileges :-(
> 
>   mailuser@foo% /etc/rc.d/init.d/sendmail stop
>   badguy@foo% ./suck 2525
>   mailuser@foo% /etc/rc.d/init.d/sendmail start

Not necessarily. While I have no yet used the feature, iptables
permits firewalling on userid. I presume this includes wether or
not a program can listen on a port, right? (and all the other
fun things).

If so then all you'd have to do is deny external access to port 2525
and only permit mailuser to listen etc on it and you're set.

-- 
CaT (cat@zip.com.au)		*** Jenna has joined the channel.
				<cat> speaking of mental giants..
				<Jenna> me, a giant, bullshit
				<Jenna> And i'm not mental
					- An IRC session, 20/12/2000

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Alan Cox]

> I've always found the root < 1024 to be quite limmited and find myself
> wishing I could assign permissions based on ip/port. 

Its been done. Search for 'sockfs' I believe it was called.

Re: [PATCH] Single user linux

[Jeremy Jackson]

Alan Cox wrote:

> > so what the hell is transmeta doing with mobile linux (midori).
> > is it going to teach multi-user thing to tablet owners?
>
> Thats you problem. Distinguish the OS from the user interface.
>
> > surely mortals expect midori to behave like their pc. lets say
> > on redhat, they have to login as root to access their files,
> > they don't even know what a root is!
>
> Even my digital tv box has multiple users. The fact you cannot figure out how
> to make your UI present that to the end user in a suitable manner is not
> the kernels problem. Get a real UI designer.

Quote of the day:

Never engage in a battle of wits with an idiot;  they will bring
you down to their level, then beat you with experience.

Cheers!

Jeremy

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[CaT]

On Tue, Apr 24, 2001 at 03:59:28PM +0100, Alan Cox wrote:
> What is this gid mail crap ? You don't need priviledge. You get the mail by
> asking the daemon for it. procmail needs no priviledge either if it is done
> right.
> 
> You just need to think about the security models in the right way. Linux gives
> you the ability to do authenticated uid/gid checking over a socket connection.
> That is an incredibly powerful model for real compartmentalisation.

Ok. My experience isn't all that great so I may well be missing something
here. But what?

1. email -> sendmail

2. sendmail figures out what it has to do with it. turns out it's deliver
it locally for user blah

3. sendmail starts procmail so that it delivers the email.

4. procmail goes through the recepie list for user blah and eventually
delivers the email (one way or another)

Now, in order for step 4 to be done safely, procmail should be running
as the user it's meant to deliver the mail for. for this to happen
sendmail needs to start it as that user in step 3 and to do that it
needs extra privs, above and beyond that of a normal user.

Now as I said, I'm not a UNIX God[tm] and so I may well be missing something
vital. If so, what is it? This sounds like something that would be way
useful to learn. :)

-- 
CaT (cat@zip.com.au)		*** Jenna has joined the channel.
				<cat> speaking of mental giants..
				<Jenna> me, a giant, bullshit
				<Jenna> And i'm not mental
					- An IRC session, 20/12/2000

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Pjotr Kourzanoff]

On Wed, 25 Apr 2001, CaT wrote:

> On Tue, Apr 24, 2001 at 04:49:57PM +0200, Pjotr Kourzanoff wrote:
> > > use port 2525 as SMTP port in your MTA. I've succeed to setup such a
> > > configuration.
> >
> >   This requires you to ensure that your MTA is started first on that
> >   port...Might be difficult to achieve reliably in an automatic way
> >   without root privileges :-(
> >
> >   mailuser@foo% /etc/rc.d/init.d/sendmail stop
> >   badguy@foo% ./suck 2525
> >   mailuser@foo% /etc/rc.d/init.d/sendmail start
>
> Not necessarily. While I have no yet used the feature, iptables
> permits firewalling on userid. I presume this includes wether or

  man iptables.

> not a program can listen on a port, right? (and all the other
> fun things).
>
> If so then all you'd have to do is deny external access to port 2525
> and only permit mailuser to listen etc on it and you're set.

  For this to work, you need to hack up iptables on the mail server
  itself as -m owner only works for locally generated packets. And
  even then ./suck will receive on 2525 but will not be able to reply.

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Alan Cox]

> 1. email -> sendmail
> 2. sendmail figures out what it has to do with it. turns out it's deliver
...

> Now, in order for step 4 to be done safely, procmail should be running
> as the user it's meant to deliver the mail for. for this to happen
> sendmail needs to start it as that user in step 3 and to do that it
> needs extra privs, above and beyond that of a normal user.

	email -> sendmail
	sendmail 'its local' -> spool

user:
	get_mail | procmail
	mutt

The mail server doesnt need to run procmail. If you wanted to run mail batches
through on a regular basis you can use cron for it, or leave a daemon running

	

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Alex Riesen]

On Tue, Apr 24, 2001 at 04:53:10PM +0100, Alan Cox wrote:
> > 1. email -> sendmail
> > 2. sendmail figures out what it has to do with it. turns out it's deliver
> ...
> 
> > Now, in order for step 4 to be done safely, procmail should be running
> > as the user it's meant to deliver the mail for. for this to happen
> > sendmail needs to start it as that user in step 3 and to do that it
> > needs extra privs, above and beyond that of a normal user.
> 
> 	email -> sendmail
> 	sendmail 'its local' -> spool
Isn't this a good thing to have spam filtered out before it will be
written in spool?

Alex Riesen

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Jesse Pollard]

---------  Received message begins Here  ---------

> 
> > 1. email -> sendmail
> > 2. sendmail figures out what it has to do with it. turns out it's deliver
> ...
> 
> > Now, in order for step 4 to be done safely, procmail should be running
> > as the user it's meant to deliver the mail for. for this to happen
> > sendmail needs to start it as that user in step 3 and to do that it
> > needs extra privs, above and beyond that of a normal user.
> 
> 	email -> sendmail
> 	sendmail 'its local' -> spool
> 
> user:
> 	get_mail | procmail
> 	mutt
> 
> The mail server doesnt need to run procmail. If you wanted to run mail batches
> through on a regular basis you can use cron for it, or leave a daemon running

And get_mail must have elevated privileges to search for the users mail...
or sendmail must have already switched user on reciept to put it in the
users inbox which also requires privleges...

And an additional daemon (owned by the user) is yet another attack point...

Cron could be used to batch message handling... as long as it runs before
the users quota is used up. This becomes the same as using IMAP or fetchmail
to download it.

It's much more efficent to process each mail as it arrives.

All this does is move the program that requires privileges to somewhere
else. It doesn't eliminate it.

Granted, sendmail could use a better implementation of a security model.

-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil

Any opinions expressed are solely my own.

Re: [PATCH] Single user linux

[Stephen Satchell]

"Thinking out of the box," you don't need to modify the kernel or the 
userland utilities to make Linux automatically launch a dedicated terminal 
for embedded applications.  All you need to do is look at the file 
/etc/inittab and read the man pages for this file.  For console access, you 
merely make a shell the first program launched, and you specify RESPAWN as 
the restart type so that if the shell crashes you get your shell back.  The 
invocation may need to be put in a wrapper so that standard input, standard 
output, and standard error are set properly, as are the environment variables.

The security model of Unix need not be sacrificed.  The wrapper can set the 
user ID to a default non-zero user so that there is more security than the 
all-root solution that others have suggested.  For administrative duties, 
the user would use su (and appropriate password) to acquire the appropriate 
permissions.
Back when Unix was first given out by Bell Labs in the '70s, several Bell 
people wrote papers describing exactly how to do this sort of thing in 
Version 7.  In the thirty years since the technique was described, the 
underlying structure -- init/getty/login -- hasn't changed.  I suspect that 
many people here haven't explored the power of inittab, especially given 
the discussion about dying daemons a few months back and how the problem 
was solved in the beginning and the solution ignored today.  (For those of 
you interested, you might want to check the archives for the tangent in the 
OOMkiller discussion.)

(Sorry, I've not found those papers on-line, and my copies were lost about 
seven moves ago.)

Satch


At 06:44 PM 4/24/01 +0700, imel96@trustix.co.id wrote:

>hi,
>
>a friend of my asked me on how to make linux easier to use
>for personal/casual win user.
>
>i found out that one of the big problem with linux and most
>other operating system is the multi-user thing.
>
>i think, no personal computer user should know about what's
>an operating system idea of a user. they just want to use
>the computer, that's it.
>
>by a personal computer i mean home pc, notebook, tablet,
>pda, and communicator. only one user will use those devices,
>or maybe his/her friend/family. do you think that user want
>to know about user account?
>
>from that, i also found out that it is very awkward to type
>username and password every time i use my computer.
>so here's a patch. i also have removed the user_struct from
>my kernel, but i don't think you'd like #ifdef's.
>may be it'll be good for midori too.
>
>
>         imel
>
>
>
>--- sched.h     Mon Apr  2 18:57:06 2001
>+++ sched.h~    Tue Apr 24 17:32:33 2001
>@@ -655,6 +655,12 @@
>                        unsigned long, const char *, void *);
>  extern void free_irq(unsigned int, void *);
>
>+#ifdef CONFIG_NOUSER
>+#define capable(x)     1
>+#define suser()                1
>+#define fsuser()       1
>+#else
>+
>  /*
>   * This has now become a routine instead of a macro, it sets a flag if
>   * it returns true (to do BSD-style accounting where the process is flagged
>@@ -706,6 +712,8 @@
>         }
>         return 0;
>  }
>+
>+#endif /* CONFIG_NOUSER */
>
>  /*
>   * Routines for handling mm_structs
>
>diff -ur linux/Documentation/Configure.help 
>nouser/Documentation/Configure.help
>--- linux/Documentation/Configure.help  Mon Apr  2 18:53:29 2001
>+++ nouser/Documentation/Configure.help Tue Apr 24 18:08:49 2001
>@@ -13626,6 +13626,14 @@
>    a work-around for a number of buggy BIOSes. Switch this option on if
>    your computer crashes instead of powering off properly.
>
>+Disable Multi-user (DANGEROUS)
>+CONFIG_NOUSER
>+  Disable kernel multi-user support. Normally, we treat each user
>+  differently, depending on his/her permissions. If you _really_
>+  think that you're not going to use your computer in a hostile
>+  environment and would like to cut a few bytes, say Y.
>+  Most people should say N.
>+
>  Watchdog Timer Support
>  CONFIG_WATCHDOG
>    If you say Y here (and to one of the following options) and create a
>diff -ur linux/arch/i386/config.in nouser/arch/i386/config.in
>--- linux/arch/i386/config.in   Mon Feb  5 18:50:27 2001
>+++ nouser/arch/i386/config.in  Tue Apr 24 17:53:42 2001
>@@ -244,6 +244,8 @@
>     bool '    Use real mode APM BIOS call to power off' 
> CONFIG_APM_REAL_MODE_POWER_OFF
>  fi
>
>+bool 'Disable Multi-user (DANGEROUS)' CONFIG_NOUSER
>+
>  endmenu
>
>  source drivers/mtd/Config.in
>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html
>Please read the FAQ at  http://www.tux.org/lkml/

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Alan Cox]

> And get_mail must have elevated privileges to search for the users mail...
> or sendmail must have already switched user on reciept to put it in the
> users inbox which also requires privleges...

No. Think instead of blindly following existing implementation

	socket(AF_UNIX, SOCK_STREAM, 0);
	connect("/var/run/mailservice");
	write("GIMMEMYMAIL\n");
	read("200 CATCH..");
	read(all my mail)

The daemon needs no priviledge. The client needs no priviledge. The 
PEERCRED authentication on AF_UNIX sockets does the work. I can even pass you
back the file handle of the mailbox if I was using an old style non database
indexed mail spool.

> It's much more efficent to process each mail as it arrives.

You are doing a lot more exec() calls that way. If you get enough mail
to make spool space an issue you want a daemon.

Alan

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Markus Schaber]

Hello,

On Tue, 24 Apr 2001, Alan Cox wrote:

> > Now, in order for step 4 to be done safely, procmail should be running
> > as the user it's meant to deliver the mail for. for this to happen
> > sendmail needs to start it as that user in step 3 and to do that it
> > needs extra privs, above and beyond that of a normal user.
>
> 	email -> sendmail
> 	sendmail 'its local' -> spool
>
> user:
> 	get_mail | procmail
> 	mutt
>
> The mail server doesnt need to run procmail. If you wanted to run mail batches
> through on a regular basis you can use cron for it, or leave a daemon running

Oh, well, cron is just another suid program.

This example would just be the ideal scenario for posix- or novell-style
ACLs in the filesystem.

You run the MDA/MTA under some mailerdaemon uid. And then a user can
explicitly give this daemon read access to .procmail etc. You can also
give the MTA (and nobody else) write access to /var/spool/mail. The MDA
then gives the specifical user full access to the spoolfile when creating
it, or adding mail to it. And the user can fetch his mail and truncate or
delete the file just as he and his software is used to.

There are much more things with ACLs, especially in workgroup environments
(That's why I loved the old Novel server in our university), but they
never got into the kernel.  And as far as I (as a non-hacker) understand,
the fields reserved for this feature were dropped for the large file
support, so we may never see ACLs.

Gruß,
Markus
-- 
| Gluecklich ist, wer vergisst, was nicht aus ihm geworden ist.
+---------------------------------------.     ,---------------->
http://www.uni-ulm.de/~s_mschab/         \   /
mailto:markus.schaber@student.uni-ulm.de  \_/

Re: [PATCH] Single user linux

[Russell King]

On Tue, Apr 24, 2001 at 07:44:17PM +0700, imel96@trustix.co.id wrote:
> come on, it's hard for me as it's hard for you. not everybody
> expect a computer to be like people here thinks how a computer
> should be.

I'm sorry, you're looking at the problem the wrong way around.
Its not a kernel problem, but a user space problem.

> think about personal devices. something like the nokia communicator.
> a system security passwd is acceptable, but that's it. no those-
> device-user would like to know about user account, file ownership,
> etc. they just want to use it.

If you do everything as one user, then you are effectively in a
single-user mode.  Just make sure that the user owns all the files
that they might need.

Your change still doesn't get rid of the /bin/login program - you still
have to do that, so why not do it anyway?

Also, I know of no personal device that gives you access to system
software (which is effectively what giving a user 'root' access
gives you).  How many users do you know who can copy the firmware
in their phone or organiser?

> that also explain why win95 user doesn't want to use NT. not
> because they can't afford it (belive me, here NT costs only
> us$2), but additional headache isn't acceptable.

I'm sorry, that's a different problem, and _even_ Windows 95 and 98
has a "User Logon".  Only if you use the system in a single user mode
does it not have a logon.  You can do the same with Linux again
without making kernel modifications.

I'd like to point out that RedHat have thought about this, and they
have some of the infrastructure in there to automatically log you
on at boot time in (within X).

As I say, this is a user space issue, and distributions are addressing
it adequately.

--
Russell King (rmk@arm.linux.org.uk)                The developer of ARM Linux
             http://www.arm.linux.org.uk/personal/aboutme.html

Re: [PATCH] Single user linux

[J Sloan]

imel96@trustix.co.id wrote:

> hi,
>
> a friend of my asked me on how to make linux easier to use
> for personal/casual win user.
>
>
> from that, i also found out that it is very awkward to type
> username and password every time i use my computer.
> so here's a patch.

Neet hack, but maybe the kernel isn't the best
place to do this -

For instance, you can simply use the KDE 2.1.1 login
manager, with the current kernel intact, to automatically
log in and start the X session of a specific user, upon
entering runlevel 5 -

Might this not be a better direction?

cu

jjs

Re: [PATCH] Single user linux

[Garett Spencley]

> that also explain why win95 user doesn't want to use NT. not
> because they can't afford it (belive me, here NT costs only
> us$2), but additional headache isn't acceptable.

I'm going to speak from experience:

My mother, who is the biggest windoze fan on the face of the universe, got
fed up with win98 and decided to move to win2k. The hole "multi-user" thing
doesn't bother her in the slightest. She has a non-admin account for
herself "karen".

You want a better example?

My little cousin is not much into computers but he uses one enough to check
mail, surf the web etc... Like many win98 users he was re-installing it
about once a month. He finally got so fed up he asked me to install Linux
for him!

He is now very happy. He doesn't care about the fact that he has to type
in his user name. He even doesn't know any shell commands. He would
probably actually get concerned if he had to use root always because that
would reveal the same problems that he was having with win98.

There's a lot of things you can do to make Linux easier for newbies. None
of them involve hacking the kernel. Have you tried Linux-Mandrake 8.0 yet?

-- 
Garett Spencley

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[David Gómez]

On Tue, 24 Apr 2001, Tomas Telensky wrote:

> 
> But, what I should say to the network security, is that AFAIK in the most
> of linux distributions the standard daemons (httpd, sendmail) are run as
> root! Having multi-user system or not! Why? For only listening to a port
> <1024? Is there any elegant solution?
> 

httpd as root ? that's what i call a clueless network admin.
sendmail has an OBSOLETE design. Use a good MTA like qmail. Exim or
smail are ok, but they're still "sendmailish".


David Gómez

"The question of whether computers can think is just like the question of
 whether submarines can swim." -- Edsger W. Dijkstra

Re: [PATCH] Single user linux

[Aaron Lehmann]

On Tue, Apr 24, 2001 at 11:38:01PM +1000, Daniel Stone wrote:
> And UNIX on a phone is pure overkill.

Quit being a naysayer. UNIX on a PDA is a wet dream.

Re: [PATCH] Single user linux

[Daniel Stone]

On Tue, Apr 24, 2001 at 05:01:18PM -0700, Aaron Lehmann wrote:
> On Tue, Apr 24, 2001 at 11:38:01PM +1000, Daniel Stone wrote:
> > And UNIX on a phone is pure overkill.
> 
> Quit being a naysayer. UNIX on a PDA is a wet dream.

What real value does it have, apart from the geek "look at me, I'm using
bash" value?

-- 
Daniel Stone
Linux Kernel Developer
daniel@kabuki.openfridge.net

Re: [PATCH] Single user linux

[Alan Cox]

> > Quit being a naysayer. UNIX on a PDA is a wet dream.
> What real value does it have, apart from the geek "look at me, I'm using
> bash" value?

It means I can do anything on my ipaq I can do anywhere else. I can run 
multiple apps at a time. I can run X11. I can run the palm emulator even ;)

Its the same reason Linux is valuable on an S/390 mainframe. Its a common pool
of apps, environments and tools. Anything your PC can do, my ipaq can do.

Alan

Re: [PATCH] Single user linux

[Aaron Lehmann]

On Wed, Apr 25, 2001 at 10:07:48AM +1000, Daniel Stone wrote:
> What real value does it have, apart from the geek "look at me, I'm using
> bash" value?

I don't really want to get into it at the moment, but imagine hacking
netfilter without lugging a laptop around. PDA's are sleek and cool,
and using UNIX on them lets you write shell scripts to sort your
addresses and stuff like that. Basically it's everything that's cool
about Unix as a workstation OS scaled down to PDA-size.

Re: [PATCH] Single user linux

[Jonathan Lundell]

At 5:01 PM -0700 2001-04-24, Aaron Lehmann wrote:
>On Tue, Apr 24, 2001 at 11:38:01PM +1000, Daniel Stone wrote:
>> And UNIX on a phone is pure overkill.
>
>Quit being a naysayer. UNIX on a PDA is a wet dream.

http://www.agendacomputing.com/ (not that the reviews have been very kind)
-- 
/Jonathan Lundell.

Re: [PATCH] Single user linux

[Daniel Stone]

On Tue, Apr 24, 2001 at 05:20:27PM -0700, Aaron Lehmann wrote:
> On Wed, Apr 25, 2001 at 10:07:48AM +1000, Daniel Stone wrote:
> > What real value does it have, apart from the geek "look at me, I'm using
> > bash" value?
> 
> I don't really want to get into it at the moment, but imagine hacking
> netfilter without lugging a laptop around. PDA's are sleek and cool,
> and using UNIX on them lets you write shell scripts to sort your
> addresses and stuff like that. Basically it's everything that's cool
> about Unix as a workstation OS scaled down to PDA-size.

True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a
tab! not space! you just broke my makefiles! aargh!), and compiling
Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA.
Hrmz.

-- 
Daniel Stone
Linux Kernel Developer
daniel@kabuki.openfridge.net

Re: [PATCH] Single user linux

[Daniel Stone]

On Wed, Apr 25, 2001 at 01:16:03AM +0100, Alan Cox wrote:
> > > Quit being a naysayer. UNIX on a PDA is a wet dream.
> > What real value does it have, apart from the geek "look at me, I'm using
> > bash" value?
> 
> It means I can do anything on my ipaq I can do anywhere else. I can run 
> multiple apps at a time. I can run X11. I can run the palm emulator even ;)

How long does it take you to write "date"? Plus, aren't you content with
IRCing on your *phone*? ;)
 
> Its the same reason Linux is valuable on an S/390 mainframe. Its a common pool
> of apps, environments and tools. Anything your PC can do, my ipaq can do.

OK. "time make bzImage". Of course, mine's really slow (and I will consider
myself publically humiliated if my only Linux machine is beaten on a kernel
compile by an iPAQ). I 'spose, if it only goes into suspend, the ability to
write "uptime" on it constitutes a walking penis extension after a while?

-- 
Daniel Stone
Linux Kernel Developer
daniel@kabuki.openfridge.net

Re: [PATCH] Single user linux

[Aaron Lehmann]

On Wed, Apr 25, 2001 at 10:32:46AM +1000, Daniel Stone wrote:
> True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a
> tab! not space! you just broke my makefiles! aargh!), and compiling
> Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA.
> Hrmz.

I didn't say it was practical. But those PDA's are getting downright
speedy. Much faster than UNIX workstations from days of old.

Input is a big problem, but we'll leave that to technology (speech?
microkeyboards?)

Re: [PATCH] Single user linux

[Daniel Stone]

On Tue, Apr 24, 2001 at 05:35:10PM -0700, Aaron Lehmann wrote:
> On Wed, Apr 25, 2001 at 10:32:46AM +1000, Daniel Stone wrote:
> > True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a
> > tab! not space! you just broke my makefiles! aargh!), and compiling
> > Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA.
> > Hrmz.
> 
> I didn't say it was practical. But those PDA's are getting downright
> speedy. Much faster than UNIX workstations from days of old.

Please, oh please, tell me my machine would beat it on a "time make
bzImage". Else I'll do something really stupid. Like, get one for my
workstation and feel the improvement ;)
 
> Input is a big problem, but we'll leave that to technology (speech?
> microkeyboards?)

Aye - difference between space and tab. Broken Makefiles, anyone?

-- 
Daniel Stone
Linux Kernel Developer
daniel@kabuki.openfridge.net

Re: [PATCH] Single user linux

[Gerhard Mack]

On Wed, 25 Apr 2001, Daniel Stone wrote:

> OK. "time make bzImage". Of course, mine's really slow (and I will consider
> myself publically humiliated if my only Linux machine is beaten on a kernel
> compile by an iPAQ). I 'spose, if it only goes into suspend, the ability to
> write "uptime" on it constitutes a walking penis extension after a while?

When I first started I compiled my linux kernels on a 386 dx with 8 mb ram
heh.  I think a lot of the current PDAs are faster.

	Gerhard


--
Gerhard Mack

gmack@innerfire.net

<>< As a computer I find your faith in technology amusing.

Re: [PATCH] Single user linux

[Disconnect]

On Tue, 24 Apr 2001, Aaron Lehmann did have cause to say:

> On Wed, Apr 25, 2001 at 10:07:48AM +1000, Daniel Stone wrote:
> > What real value does it have, apart from the geek "look at me, I'm using
> > bash" value?
> 
> I don't really want to get into it at the moment, but imagine hacking
> netfilter without lugging a laptop around. PDA's are sleek and cool,
> and using UNIX on them lets you write shell scripts to sort your
> addresses and stuff like that. Basically it's everything that's cool
> about Unix as a workstation OS scaled down to PDA-size.

Two (not quite exclusive ;) ..) points:

First, most pda's have apps like telnet/ssh/etc available. (And even more
specific apps are available for various uses - I recall a palm pilot app
that talked to cisco gear and gave a nice gui for 90% of the config, plus
a terminal for the rest.)

And second, I agree that there are some great advantages to small linux
(my ipaq runs linux, and my barely larger libretto is a full debian
mirror) but all of these (even pocketlinux, which is basically not linux)
work with the concept of multiple users.  Whether for profiles or for
system vs user, they all use it.  This patch is trash.



-----BEGIN GEEK CODE BLOCK-----
Version: 3.1 [www.ebb.org/ungeek]
GIT/CC/CM/AT d--(-)@ s+:-- a-->? C++++$ ULBS*++++$ P- L+++>+++++ 
E--- W+++ N+@ o+>$ K? w--->+++++ O- M V-- PS+() PE Y+@ PGP++() t
5--- X-- R tv+@ b++++>$ DI++++ D++(+++) G++ e* h(-)* r++ y++
------END GEEK CODE BLOCK------

Re: [OFFTOPIC] Re: [PATCH] Single user linux

[Ben Ford]

Tomas Telensky wrote:

<snip>

>But, what I should say to the network security, is that AFAIK in the most
>of linux distributions the standard daemons (httpd, sendmail) are run as
>root! Having multi-user system or not! Why? For only listening to a port
><1024? Is there any elegant solution?
>

Yes, most daemons have the ability to switch user ID once they have 
bound tho the port.  Additionally, support is starting to show up for 
capabilities.  I know that ProFTPD has support.  Now, assuming it is 
running on a newer kernel, it never needs to be root, because it has 
been granted the capability to open a low port.  Even if it is cracked, 
it cannot do other things like . . . insert a kernel module, . . . 
overwrite /etc/passwd . . . . . etc

-b

-- 
Three things are certain:
Death, taxes, and lost data
Guess which has occurred.
- - - - - - - - - - - - - - - - - - - -
Patched Micro$oft servers are secure today . . . but tomorrow is another story!

Re: [PATCH] Single user linux

[Ben Ford]

imel96@trustix.co.id wrote:

>
>
>On Tue, 24 Apr 2001, Daniel Stone wrote:
>
>>Hence, Microsoft Windows. It might not be stable, it might not be fast, it
>>might not do RAID, packet-filtering and SQL, but it does a job. A simple
>>job. To give Mum & Dad(tm) (with apologies to maddog) a chance to use a
>>computer.
>>
>>
>>Since when, did mobile phones == computers?
>>
>
>read the news! i'm programming nokia 9210 with c++, is that
>computer enough?
>

If that is what this discussion is about, you may just be better off 
with a custom program to run instead of init.  Have you ever booted with 
init=/bin/bash?  Notice how it doesn't require a password . . . Use your 
own program here and you have no need of butchering the kernel.  Be much 
easier to maintain as well.

-b

-- 
Three things are certain:
Death, taxes, and lost data
Guess which has occurred.
- - - - - - - - - - - - - - - - - - - -
Patched Micro$oft servers are secure today . . . but tomorrow is another story!

Re: [PATCH] Single user linux

[Mike A. Harris]

On Tue, 24 Apr 2001, Aaron Lehmann wrote:

>Date: Tue, 24 Apr 2001 17:01:18 -0700
>From: Aaron Lehmann <aaronl@vitelus.com>
>To: imel96@trustix.co.id, Daniel Stone <daniel@kabuki.openfridge.net>,
>     Alexander Viro <viro@math.psu.edu>, linux-kernel@vger.kernel.org
>Content-Type: text/plain; charset=us-ascii
>Subject: Re: [PATCH] Single user linux
>
>On Tue, Apr 24, 2001 at 11:38:01PM +1000, Daniel Stone wrote:
>> And UNIX on a phone is pure overkill.
>
>Quit being a naysayer. UNIX on a PDA is a wet dream.

No, actually, it is a reality:

http://www.agendacomputing.com


----------------------------------------------------------------------
    Mike A. Harris  -  Linux advocate  -  Free Software advocate
          This message is copyright 2001, all rights reserved.
  Views expressed are my own, not necessarily shared by my employer.
----------------------------------------------------------------------
"If it isn't source, it isn't software."  -- NASA

Re: [PATCH] Single user linux

[Mike A. Harris]

On Tue, 24 Apr 2001, Jonathan Lundell wrote:

>Date: Tue, 24 Apr 2001 17:26:29 -0700
>From: Jonathan Lundell <jlundell@pobox.com>
>To: Aaron Lehmann <aaronl@vitelus.com>
>Cc: linux-kernel@vger.kernel.org
>Content-Type: text/plain; charset="us-ascii"
>Subject: Re: [PATCH] Single user linux
>
>At 5:01 PM -0700 2001-04-24, Aaron Lehmann wrote:
>>On Tue, Apr 24, 2001 at 11:38:01PM +1000, Daniel Stone wrote:
>>> And UNIX on a phone is pure overkill.
>>
>>Quit being a naysayer. UNIX on a PDA is a wet dream.
>
>http://www.agendacomputing.com/ (not that the reviews have been very kind)

Nor has an official product been released.  Reviewing hardware
and software in open development model before it is officially
stamped "final release" is unfair to say the least.  I follow the
agenda list and it is a nice piece of hardware and the software
is coming along quite nicely.  I've heard mostly good stuff about
it so far, although it is not a consumer level product yet - it
is a developers product, for people ready to fire up emacs and
start coding.


----------------------------------------------------------------------
    Mike A. Harris  -  Linux advocate  -  Free Software advocate
          This message is copyright 2001, all rights reserved.
  Views expressed are my own, not necessarily shared by my employer.
----------------------------------------------------------------------
"If it isn't source, it isn't software."  -- NASA

Re: [PATCH] Single user linux

[Alan Cox]

> True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a
> tab! not space! you just broke my makefiles! aargh!), and compiling
> Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA.

Usual misguided assumptions

1.	Many PDA's have a keyboard
2.	The ipaq has an optional fold up keyboard
3.	Modern PDA's have 200Mhz processors and XScale will see some of them
	hitting 600MHz+

Re: [PATCH] Single user linux

[Ronald Bultje]

On 2001.04.25 02:52:22 +0200 Gerhard Mack wrote:
> On Wed, 25 Apr 2001, Daniel Stone wrote:
> 
> > OK. "time make bzImage". Of course, mine's really slow (and I will
> consider
> > myself publically humiliated if my only Linux machine is beaten on a
> kernel
> > compile by an iPAQ). I 'spose, if it only goes into suspend, the
> ability to
> > write "uptime" on it constitutes a walking penis extension after a
> while?
> 
> When I first started I compiled my linux kernels on a 386 dx with 8 mb
> ram
> heh.  I think a lot of the current PDAs are faster.

Who says it needs to compile? Who says it needs software installed? Who
says it needs to run the software itself?

First of all, if linux will make it on a PDA, I'm sure there will be
prepackaged stuff. But more important, a PDA doesn't need other software
installed to have a function. It can function as a remote X-terminal
connected to a big linux X-server somewhere else which runs the software.
In that case, the speed of the PDA is no longer a problem and you have a
cute little and simple fully-featured X-window system. It's just a bit
small. Now if we get something like IBM's speach recognition system and it
works a bit, or we make our own speach recognition system, this can serve
very well for simple things like adding points to your agenda, writing
e-mail. But for just reading your mail or your agenda, you don't need more
than to press some buttons and read the screen. And for pressing the
buttons you really don't need anything else than a touchscreen or some (1?
2?) buttons on the PDA...

And for using linux as a command-line too on a PDA - we'll need something
to make input easier, like Aaron Lehman suggested in another e-mail
(keyboard, speach recognition). 

--
Ronald Bultje

Re: [PATCH] Single user linux

[Daniel Stone]

On Wed, Apr 25, 2001 at 08:45:25AM +0100, Alan Cox wrote:
> > True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a
> > tab! not space! you just broke my makefiles! aargh!), and compiling
> > Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA.
> 
> Usual misguided assumptions
> 
> 1.	Many PDA's have a keyboard
> 2.	The ipaq has an optional fold up keyboard
> 3.	Modern PDA's have 200Mhz processors and XScale will see some of them
> 	hitting 600MHz+

I stand corrected. Too broke to get one, but corrected nevertheless.

(I've only seen the agenda in action, and it seemed a lot of time writing
"date" for relatively little action - the date). 

-- 
Daniel Stone
daniel@kabuki.openfridge.net

Re: [PATCH] Single user linux

[Helge Hafting]

imel96@trustix.co.id wrote:

> thank you very much fyi.
> if just you tried to understand it a little further:
> i didn't change all uid/gid to 0!
> 
> why? so with that radical patch, users will still have
> uid/gid so programs know the user's profile.
> 
> if everyone had 0/0 uid/gid, pine will open /var/spool/mail/root,
> etc.

So you want multi-user to distinguish users, but no login sequence 
with typing of passwords & username.  

You can have all that without changing the kernel!
Linux distributions runs things like login and getty by default,
but you don't have to do that.  

If you run linux on a device not perceived as a computer,
consider this:

1. Run whatever daemons you need as root or under daemon usernames,
depending on what privileges they need.

2. Run the user interface program (X or whatever) as a user,
not root.  No, they don't need a password for that.  Just
start it from inittab, with a wrapper program that su's to the
appropriate user without asking for passwords.

3. If the user really need root for anything, such as changing
device configuration, use a suid configuration program.  No
password needed with that approach.  You probably want
a configuration program anyway as your "dumb" users probably 
don't know how to edit files in /etc anyway.  Making 
it suid is no extra work.

Now you have both the security of linux and the ease of use of a
password-less system.  Part of linux stability comes from the
fact that ordinary users cannot do anything.  Crashing the
machine is easy as root, but an appliance user don't need
to be root for normal use.  And the special cases which need
it can be handled by suid programs that cannot do "anything",
just the purpose they are written for.

Linux is very configurable even without patching the kernel.
A general rule is that no kernel patches is accepted for
problems that are easily solvable with simple programs.

Helge Hafting

Re: [PATCH] Single user linux

[Albert D. Cahalan]

imel96@trustix.co. writes:

> i didn't change all uid/gid to 0!
> 
> why? so with that radical patch, users will still have
> uid/gid so programs know the user's profile.

So you:

1. broke security (OK, fine...)
2. didn't remove all the support for security

It would be far more interesting to rip out all trace of security.
That would include the kernel memory access checking, parts of the
task struct, filesystem and VFS code, and surely much more.

Then you can try to show a measurable performance difference.

Re: [PATCH] Single user linux

[Disconnect]

On Wed, 25 Apr 2001, Ronald Bultje did have cause to say:

> Who says it needs to compile? Who says it needs software installed? Who
> says it needs to run the software itself?

My current project (and I'm just waiting for nfs and wvlan_cs to stabalize
on ARM before putting the final touches on it) is an ipaq nfsrooted to a
Debian image, over the wireless lan.  Works like a champ, and it -does-
compile stuff reasonably fast (well, reasonably fast considering the data
is all on the far side of 11M/sec wireless.)  My kit is mostly portable as
well, since the nfs server is on the libretto and runs just fine in my
backpack ;)

The next step is bludgeoning debian-arm into not running 50-100 little
servers I don't need on my PIM.  But that may be the function of a
task-nfs-ipaq package or some such.

So far -multiuser- linux on PIMs ("true" linux, with X, etc, as distinct
from pocketlinux/qpe/etc, which are a different animal in this case) is
almost there.  Web browsers are coming along nicely (and remote-X netscape
is usable, although barely) and there are several nice imap clients. (and
input methods ranging from a handwriting system to a little onscreen
keyboard, if you are in a situation where an external keyboard is not
feasable.)

---
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1 [www.ebb.org/ungeek]
GIT/CC/CM/AT d--(-)@ s+:-- a-->? C++++$ ULBS*++++$ P- L+++>+++++ 
E--- W+++ N+@ o+>$ K? w--->+++++ O- M V-- PS+() PE Y+@ PGP++() t
5--- X-- R tv+@ b++++>$ DI++++ D++(+++) G++ e* h(-)* r++ y++
------END GEEK CODE BLOCK------

Re: [PATCH] Single user linux

[Jordan Crouse]

So, are you saying, right now in front of the whole community, that you only 
use Linux because you can develop on it?  That if it wasn't for GCC you would 
be playing Minesweeper right now?  

I know thats not what you are saying, but thats how you come across.  We 
always tell everybody who would listen that Linux can hold its own as an 
operating system.  Not just because the code is open, and not just for the 
development environment.  Linux can hold its own because it is *good*.  Not 
perfect (there is no perfect operating system), but when you put it against 
its peers, it rises to the top (<bigotry>along with its other unix 
cousins</bigotry>). 

So why wouldn't linux be ideal for an embedded situation.  Why wouldn't an 
open MP3 player be a better option that Media Player?  We can't we use the 
security, stability and power of Linux for a a suite of PIMs and Doom?I

Be proud of your operating system - you have 32 bits of multitasking power 
and stability, and you can fit it into 512K.  Lets see Redmond try that!

Jordan
  
On Tuesday 24 April 2001 18:32, Daniel Stone mentioned:
> On Tue, Apr 24, 2001 at 05:20:27PM -0700, Aaron Lehmann wrote:
> > On Wed, Apr 25, 2001 at 10:07:48AM +1000, Daniel Stone wrote:
> > > What real value does it have, apart from the geek "look at me, I'm
> > > using bash" value?
> >
> > I don't really want to get into it at the moment, but imagine hacking
> > netfilter without lugging a laptop around. PDA's are sleek and cool,
> > and using UNIX on them lets you write shell scripts to sort your
> > addresses and stuff like that. Basically it's everything that's cool
> > about Unix as a workstation OS scaled down to PDA-size.
>
> True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a
> tab! not space! you just broke my makefiles! aargh!), and compiling
> Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA.
> Hrmz.

Re: [PATCH] Single user linux

[Jonathan Lundell]

At 8:45 AM +0100 2001-04-25, Alan Cox wrote:
> > True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a
>> tab! not space! you just broke my makefiles! aargh!), and compiling
>> Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA.
>
>Usual misguided assumptions
>
>1.	Many PDA's have a keyboard
>2.	The ipaq has an optional fold up keyboard
>3.	Modern PDA's have 200Mhz processors and XScale will see some of them
>	hitting 600MHz+

4. Linux is only ever used for developing Linux kernels. Or, under extreme circumstances, Linux apps.
-- 
/Jonathan Lundell.

Re: problem found (was Re: [PATCH] Single user linux)

[Paul Jakma]

hi imel,

On Tue, 24 Apr 2001 imel96@trustix.co.id wrote:

> problem is you guys are to unix-centric, try to be user-centric a little.

with all respect: the problem is that you do not listen.

as people keep trying to point out to you:

- you can have your single-user centric user environment (no logon)

while

- retaining advantages of multi-user security

no kernel changes needed.

ie: you can have your phone's user environment come straight up
(without needing a login or anything) and have security so that the
phone user can't do harmful things like delete system files.

you can have the best of all worlds...

> 		imel

--paulj

Re: [PATCH] Single user linux

[Pavel Machek]

Hi!

> > > Since when, did mobile phones == computers?
> > 
> > read the news! i'm programming nokia 9210 with c++, is that
> > computer enough?
> 
> Aah. I see. Where was this? I never saw it.

9210 has qwerty keyboard.

> > i bet if you programmed one, you'd wish you have posix
> > interface.
> 
> That may be so, so hack up your own OS. It's a MOBILE PHONE, it needs to be
> absolutely *rock solid*. Look at the 5110, that's just about perfect. The
> 7110, on the other hand ...

And point is?

> > > > that also explain why win95 user doesn't want to use NT. not
> > > > because they can't afford it (belive me, here NT costs only
> > > > us$2), but additional headache isn't acceptable.
> > >
> > > So, let them stay in Win95. They don't *need* NT.
> > 
> > and how's stability, speed, etc. they read. is there a linux
> > advocate around here?
> 
> There are Linux advocates, but I'd say most of us are sane enough to use the
> right-tool-for-the-job approach. And UNIX on a phone is pure
> overkill.

Is it? Let's see.

You want your mobile phone to read mail. That's SMTP. Oh, and SMTP
needs to run over something. That's TCP/IP over PPP or SLIP. Oh and
you want web access. Add HTTP to the list.

[above is reasonable even for "normal" mobile phone; those below
require keyboard]

You'd like to ssh from your mobile phone. Add ssh. You'd like to ssh
*to* your mobile phone, because it keyboard sucks. That sshd. You'd
like to be able to let others to play games on your mobile phone, oh
that means multiuser mode.

You see? Linux has much stuff you'll need.

> > okay, it wouldn't cost me. but it surely easier if everybody used
> > linux, so i could put my ext2 disk everywhere i want.
> >
> > hey, it's obvious that it's not for a server!
> > i try to point out a problem for people not on this list, don't
> > work around that problem.
> 
> Your sister won't notice much advantage. Linux on a workstation actually has
> *disadvantages* (unfamiliar interface, unintuitive same, etc), as opposed to
> 'Doze on a workstation. Sure it's more stable, and the tiniest bit faster,
> but what's that really matter to your sister, if she can't even figure out
> how to use it?

My brother is 10 and he uses suse7.2 installation just fine. He likes
it more than windoze 2000 (I deleted) because there are more games in
kde than in windows. [I'd prefer gnome.]

> -d, who owns a 7110 and can lock it solid, or get it to do funny resetting
> tricks, at least once every 2 days

Hmm, maybe your 7110 needs memory protection so that runaway calendar
can not hurt basic functions? ;-).
								Pavel
-- 
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org

Re: [PATCH] Single user linux

[Pavel Machek]

Hi!

> > OK. "time make bzImage". Of course, mine's really slow (and I will consider
> > myself publically humiliated if my only Linux machine is beaten on a kernel
> > compile by an iPAQ). I 'spose, if it only goes into suspend, the ability to
> > write "uptime" on it constitutes a walking penis extension after a while?
> 
> When I first started I compiled my linux kernels on a 386 dx with 8 mb ram
> heh.  I think a lot of the current PDAs are faster.

My pocket computer is 40MHz mips r3902, likely faster than your
386dx. That's 3 years old. Anything you can buy today is at least
twice as fast. [hell, I saw 8MB ram 2MB flash 80MHz mips machine in
size of palm for $100 (vtech helio) -- I'll tell you where to buy it
when you ask.]
								Pavel
-- 
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org

Re: [PATCH] Single user linux

[Pavel Machek]

Hi!

> > > What real value does it have, apart from the geek "look at me, I'm using
> > > bash" value?
> > 
> > I don't really want to get into it at the moment, but imagine hacking
> > netfilter without lugging a laptop around. PDA's are sleek and cool,
> > and using UNIX on them lets you write shell scripts to sort your
> > addresses and stuff like that. Basically it's everything that's cool
> > about Unix as a workstation OS scaled down to PDA-size.
> 
> True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a
> tab! not space! you just broke my makefiles! aargh!), and compiling

So you telnet to your PDA from some real machine. And you don't need
to write C code in order for unix environment to be usable. 50% of
unix users I know use it for pine/mutt emacs/vi talk/irc/mud kind of
stuff.

> Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA.
> Hrmz.

How many hours? I'd say less than minute. In todays PDAs, 80MHz mips
cpu is *slow*.
								Pavel
-- 
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org

agenda & vtech helio [was Re: [PATCH] Single user linux]

[Pavel Machek]

Hi!

> >>> And UNIX on a phone is pure overkill.
> >>
> >>Quit being a naysayer. UNIX on a PDA is a wet dream.
> >
> >http://www.agendacomputing.com/ (not that the reviews have been very kind)
> 
> Nor has an official product been released.  Reviewing hardware
> and software in open development model before it is officially
> stamped "final release" is unfair to say the least.  I follow the
> agenda list and it is a nice piece of hardware and the software

Is there agenda emulator, somewhere? Is there their root filesystem
available for download? [Besides, anyone knows of vtech helio emulator
for linux? Only version I saw was windows...]

I'm running linux on philips velo, which is similar to agenda, and I
guess I could use some of their stuff.

(Anybody knows about support of audio on r39xx companion chip? Or
about voltmeters support?)
								  Pavel
-- 
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org

[OT] linux on pda was Re: [PATCH] Single user linux

[Collectively Unconscious]

On Fri, 27 Apr 2001, Robert Varga wrote:

> On Wed, Apr 25, 2001 at 10:34:56AM +1000, Daniel Stone wrote:
> > On Wed, Apr 25, 2001 at 01:16:03AM +0100, Alan Cox wrote:
> > > > > Quit being a naysayer. UNIX on a PDA is a wet dream.
> > > > What real value does it have, apart from the geek "look at me, I'm using
> > > > bash" value?

Hmm...How about free and open source, uniform app base, easy access by
third party vendors.

Also it seems to me last I checked PDA's were at least equvalent to the
386 which is ostensibly the bottom linux rung.

As for the objection about slow compile times, get real. No PDA is going
to compile anything. All compilations happen on your desktop with a
crosscompiler. PDA's are for running handy little apps, not development
work.

Or are we saying M$ CE is as good as it gets. :P

Jay

Re: [PATCH] Single user linux

[Robert Varga]

[-- Attachment #1: Type: text/plain, Size: 1456 bytes --]

On Wed, Apr 25, 2001 at 10:34:56AM +1000, Daniel Stone wrote:
> On Wed, Apr 25, 2001 at 01:16:03AM +0100, Alan Cox wrote:
> > > > Quit being a naysayer. UNIX on a PDA is a wet dream.
> > > What real value does it have, apart from the geek "look at me, I'm using
> > > bash" value?
> > 
> > It means I can do anything on my ipaq I can do anywhere else. I can run 
> > multiple apps at a time. I can run X11. I can run the palm emulator even ;)
> 
> How long does it take you to write "date"? Plus, aren't you content with
> IRCing on your *phone*? ;)
>  
> > Its the same reason Linux is valuable on an S/390 mainframe. Its a common pool
> > of apps, environments and tools. Anything your PC can do, my ipaq can do.
> 
> OK. "time make bzImage". Of course, mine's really slow (and I will consider
> myself publically humiliated if my only Linux machine is beaten on a kernel

Okay. Does the word *choice* ring a bell ? Agenda VR3s are supplied with Linux
kernel (modified), and it gives you the freedom to choose what kind of SW
you want to use -- hey, it's linux and when the app fits in the memory,
there's no stopping you. Different look and feel? Different graffitti? Different
kernel? You name it and you got it (well mostly) ;-)

-- 
Kind regards,
Robert Varga
------------------------------------------------------------------------------
n@hq.sk                                          http://hq.sk/~nite/gpgkey.txt
 

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

Re: [PATCH] Single user linux

[Daniel Stone]

On Fri, Apr 27, 2001 at 03:12:39PM +0200, Robert Varga wrote:
> On Wed, Apr 25, 2001 at 10:34:56AM +1000, Daniel Stone wrote:
> > On Wed, Apr 25, 2001 at 01:16:03AM +0100, Alan Cox wrote:
> > > > What real value does it have, apart from the geek "look at me, I'm using
> > > > bash" value?
> > > 
> > > It means I can do anything on my ipaq I can do anywhere else. I can run 
> > > multiple apps at a time. I can run X11. I can run the palm emulator even ;)
> > 
> > How long does it take you to write "date"? Plus, aren't you content with
> > IRCing on your *phone*? ;)
>
> Okay. Does the word *choice* ring a bell ? Agenda VR3s are supplied with Linux
> kernel (modified), and it gives you the freedom to choose what kind of SW
> you want to use -- hey, it's linux and when the app fits in the memory,
> there's no stopping you. Different look and feel? Different graffitti? Different
> kernel? You name it and you got it (well mostly) ;-)

I know all this, see my very first point above. I just can't see the real
practical value. I'd more than likely find a Palm more productive, as it's
simple, does one task, and does it well. If I wanted to buy a PDA, I'd get a
Palm. If I wanted to buy a miniature laptop, I'd get a PictureBook or
somesuch. I just can't see the practical use.

-- 
Daniel Stone
daniel@kabuki.openfridge.net

Re: [PATCH] Single user linux

[Daniel Stone]

On Thu, Apr 26, 2001 at 09:35:45PM +0200, Pavel Machek wrote:
> Hi!

Hola.
 
> > > read the news! i'm programming nokia 9210 with c++, is that
> > > computer enough?
> > 
> > Aah. I see. Where was this? I never saw it.
> 
> 9210 has qwerty keyboard.

He said "read the news". I've seen the 9110 and 9210's, I was asking where
this news was.
 
> > > i bet if you programmed one, you'd wish you have posix
> > > interface.
> > 
> > That may be so, so hack up your own OS. It's a MOBILE PHONE, it needs to be
> > absolutely *rock solid*. Look at the 5110, that's just about perfect. The
> > 7110, on the other hand ...
> 
> And point is?

The point is that you need a known good, absolutely rock-solid OS to do it,
and IMHO, you really need a customised job, not something like Linux, which
is a monolith in comparison.

> > > and how's stability, speed, etc. they read. is there a linux
> > > advocate around here?
> > 
> > There are Linux advocates, but I'd say most of us are sane enough to use the
> > right-tool-for-the-job approach. And UNIX on a phone is pure
> > overkill.
> 
> Is it? Let's see.
> 
> You want your mobile phone to read mail. That's SMTP. Oh, and SMTP
> needs to run over something. That's TCP/IP over PPP or SLIP. Oh and
> you want web access. Add HTTP to the list.

In the mobile world, that is *all* WAP.
 
> [above is reasonable even for "normal" mobile phone; those below
> require keyboard]
> 
> You'd like to ssh from your mobile phone. Add ssh. You'd like to ssh
> *to* your mobile phone, because it keyboard sucks. That sshd. You'd
> like to be able to let others to play games on your mobile phone, oh
> that means multiuser mode.

I'd *like* to, sure, but this is impractical because the mobile links suck
so hard. Dunno about you, but it takes a few seconds to pull in a <1k page.
Ugh. SSH? Games, sure, I point my phone at a 7110 or 6210 and I can play
2-player Snake 2 :)

> You see? Linux has much stuff you'll need.

True, but you have to be wary of overkill, like I said.

> > Your sister won't notice much advantage. Linux on a workstation actually has
> > *disadvantages* (unfamiliar interface, unintuitive same, etc), as opposed to
> > 'Doze on a workstation. Sure it's more stable, and the tiniest bit faster,
> > but what's that really matter to your sister, if she can't even figure out
> > how to use it?
> 
> My brother is 10 and he uses suse7.2 installation just fine. He likes
> it more than windoze 2000 (I deleted) because there are more games in
> kde than in windows. [I'd prefer gnome.]

I've used RedHat since I was about 11, Debian since 13. It's not that hard,
if you can just get used to it. But you're playing with yourself if you
think that KDE has more games than Win2k ... Black & White? All the Star
Wars games? etc ... I know a lot of them are being ported to Linux, most via
Loki, but still ...

(I use GNOME, and the panel giving me Bus errors is starting to annoy me).
 
> > -d, who owns a 7110 and can lock it solid, or get it to do funny resetting
> > tricks, at least once every 2 days
> 
> Hmm, maybe your 7110 needs memory protection so that runaway calendar
> can not hurt basic functions? ;-).

Oh, I think it's just to do with changing state, seeing as most of the
lockups I get are when I hit keys really, really quickly in sequence, and
one lands just as the screen's blank, and it's changing state (snake 2 can
also kill it).

-- 
Daniel Stone
daniel@kabuki.openfridge.net

Re: [PATCH] Single user linux

[Erik Mouw]

On Thu, Apr 26, 2001 at 09:41:13PM +0200, Pavel Machek wrote:
> > When I first started I compiled my linux kernels on a 386 dx with 8 mb ram
> > heh.  I think a lot of the current PDAs are faster.
> 
> My pocket computer is 40MHz mips r3902, likely faster than your
> 386dx. That's 3 years old. Anything you can buy today is at least
> twice as fast. [hell, I saw 8MB ram 2MB flash 80MHz mips machine in
> size of palm for $100 (vtech helio) -- I'll tell you where to buy it
> when you ask.]

The Compaq iPaq uses an Intel StrongARM SA1110 CPU running at 190MHz.
Integer performance for a 221MHz SA1110 is comparable with a Pentium
180 (on the average), so I guess that the iPaq performance is
compatable with a P166.


Erik

-- 
J.A.K. (Erik) Mouw, Information and Communication Theory Group, Department
of Electrical Engineering, Faculty of Information Technology and Systems,
Delft University of Technology, PO BOX 5031,  2600 GA Delft, The Netherlands
Phone: +31-15-2783635  Fax: +31-15-2781843  Email: J.A.K.Mouw@its.tudelft.nl
WWW: http://www-ict.its.tudelft.nl/~erik/

Re: [OT] linux on pda was Re: [PATCH] Single user linux

[Erik Mouw]

On Fri, Apr 27, 2001 at 07:42:25AM -0500, Collectively Unconscious wrote:
> Also it seems to me last I checked PDA's were at least equvalent to the
> 386 which is ostensibly the bottom linux rung.

Check out the Compaq iPaq 3600 series.

> As for the objection about slow compile times, get real. No PDA is going
> to compile anything. All compilations happen on your desktop with a
> crosscompiler. PDA's are for running handy little apps, not development
> work.

Ehm, I know that people actually use their iPaq to compile things
natively. Plug in an IBM microdrive, add a foldable keyboard and you
get a complete Unix workstation in pocket format. For more information,
see http://www.handhelds.org/ .


Erik
[who also natively compiles kernels on a platform comparable to the
iPaq -- see http://www.lart.tudelft.nl/ ]

-- 
J.A.K. (Erik) Mouw, Information and Communication Theory Group, Department
of Electrical Engineering, Faculty of Information Technology and Systems,
Delft University of Technology, PO BOX 5031,  2600 GA Delft, The Netherlands
Phone: +31-15-2783635  Fax: +31-15-2781843  Email: J.A.K.Mouw@its.tudelft.nl
WWW: http://www-ict.its.tudelft.nl/~erik/

Re: [PATCH] Single user linux

[Jim Gettys]

Not to mention fold up keyboard, IBM microdrive, etc.  So you
can run the ARM Debian distro either via NFS (with the problems that
entails), or even locally on a microdrive (or I suppose you could
also play with an IDE or SCSI controller if you were really insane).

On the kernel software side, we also have IPV6/mobile IP running.  We're
using Dave Woodhouse's JFFS2 with compression for our file system (Compressed
journalling flash file system) on flash.

In terms of apps, various PIM stuff, though needs lots of work,
other goodies like GPS applications, etc.  Mozilla in previous versions
has been known to work.  Tons of games, doom, etc.

MP3 players (at least 3).  Gnome core libraries.

Python, Java 2 standard edition, swing, all running etc..... 

Lots of work/fun left to do, of course, in all areas.

Shall we just say we're having lots and lots and lots of fun :-).

These are real computers.

Lots of dust in the air: lots should have settled by June.  In particular,
look at the Familiar work.

See www.handhelds.org.  I apologize about the state of our web site:
I've done much of the maintenance in the past, but I've been out for some
surgery and life has been insane ever since.  Most of the interesting
stuff is in the Wiki.  And iPAQ's are not as unobtanium as they once were:
we're in really high volume production (>100K/month) but demand still
outstrips supply (sigh...).

Come join the party...

					- Jim Gettys



> Sender: linux-kernel-owner@vger.kernel.org
> From: Disconnect <lkml@sigkill.net>
> Date: 	Wed, 25 Apr 2001 10:17:55 -0400
> To: Ronald Bultje <rbultje@ronald.bitfreak.net>
> Cc: linux-kernel@vger.kernel.org
> Subject: Re: [PATCH] Single user linux
> -----
> On Wed, 25 Apr 2001, Ronald Bultje did have cause to say:
> 
> > Who says it needs to compile? Who says it needs software installed? Who
> > says it needs to run the software itself?
> 
> My current project (and I'm just waiting for nfs and wvlan_cs to stabalize
> on ARM before putting the final touches on it) is an ipaq nfsrooted to a
> Debian image, over the wireless lan.  Works like a champ, and it -does-
> compile stuff reasonably fast (well, reasonably fast considering the data
> is all on the far side of 11M/sec wireless.)  My kit is mostly portable as
> well, since the nfs server is on the libretto and runs just fine in my
> backpack ;)
> 
> The next step is bludgeoning debian-arm into not running 50-100 little
> servers I don't need on my PIM.  But that may be the function of a
> task-nfs-ipaq package or some such.
> 
> So far -multiuser- linux on PIMs ("true" linux, with X, etc, as distinct
> from pocketlinux/qpe/etc, which are a different animal in this case) is
> almost there.  Web browsers are coming along nicely (and remote-X netscape
> is usable, although barely) and there are several nice imap clients. (and
> input methods ranging from a handwriting system to a little onscreen
> keyboard, if you are in a situation where an external keyboard is not
> feasable.)
> 
> ---

--
Jim Gettys
Technology and Corporate Development
Compaq Computer Corporation
jg@pa.dec.com

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Stephen C. Tweedie]

Hi,

On Sun, Mar 18, 2001 at 10:34:38AM +0100, Manfred Spraul wrote:

> > The problem is that mmap_sem seems to be protecting the list
> > of VMAs, so taking _only_ the page_table_lock could let a VMA
> > change under us while a page fault is underway ...
> 
> No, that can't happen.

It can.  Page faults often need to block, so they have to be able to
drop the page_table_lock.  Holding the mmap_sem is all that keeps the
vma intact until the IO is complete.

Cheers,
 Stephen

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Rik van Riel]

On Sun, 18 Mar 2001, Linus Torvalds wrote:
> On Sun, 18 Mar 2001, Rik van Riel wrote:
> >
> > Indeed, having threaded apps do multiple page faults at the
> > same time is the main goal of this patch. However, I don't
> > see how it would be good for scalability to have multiple
> > threads fault in the same page at the same time, when they
> > could just wait for one of them to do the work.
> 
> But they will.
> 
> That's what lock_page() etc are there for - there's no need for the VM
> to synchronize because we already have the synchronization primitives
> at a lower level.

Indeed. I'll go multithread the do_no_page and do_swap_page
functions tomorrow (maybe even tonight ;)).

regards,

Rik
--
Virtual memory is like a game you can't win;
However, without VM there's truly nothing to lose...

		http://www.surriel.com/
http://www.conectiva.com/	http://distro.conectiva.com.br/

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Linus Torvalds]

On Sun, 18 Mar 2001, Rik van Riel wrote:
>
> Indeed, having threaded apps do multiple page faults at the
> same time is the main goal of this patch. However, I don't
> see how it would be good for scalability to have multiple
> threads fault in the same page at the same time, when they
> could just wait for one of them to do the work.

But they will.

That's what lock_page() etc are there for - there's no need for the VM to
synchronize because we already have the synchronization primitives at a
lower level.

And there isn't any other lock that could work anyway. It's either the
whole MM or a page. There's nothing in between.

		Linus

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Rik van Riel]

On Sun, 18 Mar 2001, Linus Torvalds wrote:
> In article <Pine.LNX.4.21.0103181122480.13050-100000@imladris.rielhome.conectiva>,
> Rik van Riel  <riel@conectiva.com.br> wrote:
> >
> >OK, I'll write some code to prevent multiple threads from
> >stepping all over each other when they pagefault at the
> >same address.
> >
> >What would be the preferred method of fixing this ?
> >
> >- fixing do_swap_page and all ->nopage functions
> 
> There is no need to fix gthe "nopage" functions. They never see the
> page table directly anyway.
> 
> So the only thing that _should_ be needed is to make sure that
> do_no_page(), do_swap_page() and do_anonymous_page() will re-aquire
> the mm->page_table_lock and undo their work if it turns out that the
> page table entry is no longer empty..

... in which case concurrency is maximised, but there is a
possibility of doing double work...

> >- hacking handle_mm_fault to make sure no overlapping
> >  pagefaults will be served at the same time
> 
> No. The whole reason the rw_semaphores were done in the first place
> was to allow page faults to happen concurrently to allow threaded
> applictions to scale up even when faulting.

Indeed, having threaded apps do multiple page faults at the
same time is the main goal of this patch. However, I don't
see how it would be good for scalability to have multiple
threads fault in the same page at the same time, when they
could just wait for one of them to do the work.

Only faults for different addresses would proceed, not faults
for the same address...

regards,

Rik
--
Virtual memory is like a game you can't win;
However, without VM there's truly nothing to lose...

		http://www.surriel.com/
http://www.conectiva.com/	http://distro.conectiva.com.br/

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Mike Galbraith]

On Sun, 18 Mar 2001, Rik van Riel wrote:

> > VFS: Mounted root (ext2 filesystem) readonly.
> > Freeing unused kernel memory: 196k freed
> > Adding Swap: 265064k swap-space (priority 2)
> > VM: Bad swap entry 00011e00
> > VM: Bad swap entry 00058d00
> > Unused swap offset entry in swap_dup 00058d00
> > Unused swap offset entry in swap_dup 00011e00
> > VM: Bad swap entry 00011e00
> > VM: Bad swap entry 00058d00
>
> Heh, I guess do_swap_page isn't too happy when multiple threads
> of the same program take a page fault at the same address at the
> same time.
>
> I take it you were testing something like mysql, jvm or apache2 ?

No, this was make -j30 bzImage.  (nscd was running though...)

	-Mike

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Rik van Riel]

On Sun, 18 Mar 2001, Manfred Spraul wrote:

> > The problem is that mmap_sem seems to be protecting the list
> > of VMAs, so taking _only_ the page_table_lock could let a VMA
> > change under us while a page fault is underway ...
> 
> No, that can't happen.
> VMA changes only happen if both the mmap_sem and the page table lock is
> acquired. (check insert_vm() at the end of mm/mmap.c)
> The page fault path uses the map_sem, kswaps uses page_table_lock.

You're right here, I missed this "little detail"...

> << from your patch:
> --- linux-2.4.2-ac20-vm/mm/vmscan.c.orig	Sat Mar 17 11:30:49 2001
> +++ linux-2.4.2-ac20-vm/mm/vmscan.c	Sat Mar 17 20:53:10 2001
> @@ -231,6 +231,7 @@
>  	 * Find the proper vm-area after freezing the vma chain
>  	 * and ptes.
>  	 */
> +	down_read(&mm->mmap_sem);
>                 spin_lock(&mm->page_table_lock);
>  >>>>
> 
> Why do you acquire the mmap semaphore in swapout_mm()? The old rule was
> that kswapd should never sleep on the mmap semaphore. Isn't there a
> deadlock if mmap sem is already acquired? I don't remember the details.

You're right, kswapd shouldn't do this.  I have this removed from
my code right now...

> > The problem is that mmap_sem seems to be protecting the list
> > of VMAs, so taking _only_ the page_table_lock could let a VMA
> > change under us while a page fault is underway ...
> 
> I remember that the pmd_alloc() and pte_alloc() functions need
> additional locking.

Isn't this what the page_table_lock is for ?
(too bad they're not using it...)

regards,

Rik
--
Virtual memory is like a game you can't win;
However, without VM there's truly nothing to lose...

		http://www.surriel.com/
http://www.conectiva.com/	http://distro.conectiva.com.br/

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Rik van Riel]

On Sun, 18 Mar 2001, Mike Galbraith wrote:

> I gave this patch a try, and the initial results are extremely encouraging.
> Not only do I have vmstat (SCHED_RR) info in realtime with zero delays :))
> I also have a _nice_ throughput improvement.  There are some worrisome
> warnings below along with the compile changes I made here, but for an
> initial patch, things look pretty darn wonderful.

	[snip compile fixes .. integrated]

> VFS: Mounted root (ext2 filesystem) readonly.
> Freeing unused kernel memory: 196k freed
> Adding Swap: 265064k swap-space (priority 2)
> VM: Bad swap entry 00011e00
> VM: Bad swap entry 00058d00
> Unused swap offset entry in swap_dup 00058d00
> Unused swap offset entry in swap_dup 00011e00
> VM: Bad swap entry 00011e00
> VM: Bad swap entry 00058d00

Heh, I guess do_swap_page isn't too happy when multiple threads
of the same program take a page fault at the same address at the
same time.

I take it you were testing something like mysql, jvm or apache2 ?

regards,

Rik
--
Virtual memory is like a game you can't win;
However, without VM there's truly nothing to lose...

		http://www.surriel.com/
http://www.conectiva.com/	http://distro.conectiva.com.br/

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Mike Galbraith]

On Sun, 18 Mar 2001, Rik van Riel wrote:

> On Fri, 16 Mar 2001, Stephen C. Tweedie wrote:
>
> > Right, I'm not suggesting removing that: making the mmap_sem
> > read/write is fine, but yes, we still need that semaphore.
>
> Initial patch (against 2.4.2-ac20) is available at
> http://www.surriel.com/patches/
>
> > But as for the "page faults would use an extra lock to protect against
> > each other" bit --- we already have another lock, the page table lock,
> > which can be used in this way, so ANOTHER lock should be unnecessary.
>
> Tomorrow I'll take a look at the various ->nopage
> functions and do_swap_page to see if these functions
> would be able to take simultaneous faults at the same
> address (from multiple threads).  If not, either we'll
> need to modify these functions, or we could add a (few?)
> extra lock to prevent these functions from faulting at
> the same address at the same time in multiple threads.

Hi Rik,

I gave this patch a try, and the initial results are extremely encouraging.
Not only do I have vmstat (SCHED_RR) info in realtime with zero delays :))
I also have a _nice_ throughput improvement.  There are some worrisome
warnings below along with the compile changes I made here, but for an
initial patch, things look pretty darn wonderful.

	Cheers,

	-Mike

--- ./include/linux/sched.h.org	Sun Mar 18 10:20:42 2001
+++ ./include/linux/sched.h	Sun Mar 18 10:27:48 2001
@@ -238,7 +238,7 @@
 	mm_users:	ATOMIC_INIT(2), 		\
 	mm_count:	ATOMIC_INIT(1), 		\
 	map_count:	1, 				\
-	mmap_sem:	__MUTEX_INITIALIZER(name.mmap_sem), \
+	mmap_sem:	__RWSEM_INITIALIZER(name.mmap_sem, RW_LOCK_BIAS), \
 	page_table_lock: SPIN_LOCK_UNLOCKED, 		\
 	mmlist:		LIST_HEAD_INIT(name.mmlist),	\
 }
--- ./include/linux/mm.h.org	Sun Mar 18 09:56:55 2001
+++ ./include/linux/mm.h	Sun Mar 18 10:27:59 2001
@@ -533,13 +533,13 @@
 	if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur ||
 	    ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur)
 		return -ENOMEM;
-	spin_lock(&mm->page_table_lock);
+	spin_lock(&vma->vm_mm->page_table_lock);
 	vma->vm_start = address;
 	vma->vm_pgoff -= grow;
 	vma->vm_mm->total_vm += grow;
 	if (vma->vm_flags & VM_LOCKED)
 		vma->vm_mm->locked_vm += grow;
-	spin_unlock(&mm->page_table_lock);
+	spin_unlock(&vma->vm_mm->page_table_lock);
 	return 0;
 }

...
VFS: Mounted root (ext2 filesystem) readonly.
Freeing unused kernel memory: 196k freed
Adding Swap: 265064k swap-space (priority 2)
VM: Bad swap entry 00011e00
VM: Bad swap entry 00058d00
Unused swap offset entry in swap_dup 00058d00
Unused swap offset entry in swap_dup 00011e00
VM: Bad swap entry 00011e00
VM: Bad swap entry 00058d00
Unused swap offset entry in swap_dup 00058d00
VM: Bad swap entry 00058d00
Unused swap offset entry in swap_dup 00011e00
Unused swap offset entry in swap_dup 00058d00
VM: Bad swap entry 00011e00
VM: Bad swap entry 00058d00
Unused swap offset entry in swap_dup 00011e00
Unused swap offset entry in swap_dup 00058d00
VM: Bad swap entry 00011e00
VM: Bad swap entry 00058d00
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 006ef700
Unused swap offset entry in swap_dup 006ef700
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_count 00011e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 008f4e00
Unused swap offset entry in swap_dup 006ef700
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 008f4e00
Unused swap offset entry in swap_dup 006ef700
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
Unused swap offset entry in swap_dup 00011e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 00011e00
Unused swap offset entry in swap_count 00011e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 006ef700
Unused swap offset entry in swap_dup 008f4e00
VM: Bad swap entry 006ef700
VM: Bad swap entry 008f4e00
Unused swap offset entry in swap_dup 008f4e00
Unused swap offset entry in swap_dup 006ef700

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Manfred Spraul]

>
> The problem is that mmap_sem seems to be protecting the list
> of VMAs, so taking _only_ the page_table_lock could let a VMA
> change under us while a page fault is underway ...

No, that can't happen.
VMA changes only happen if both the mmap_sem and the page table lock is
acquired. (check insert_vm() at the end of mm/mmap.c)
The page fault path uses the map_sem, kswaps uses page_table_lock.

<< from your patch:
--- linux-2.4.2-ac20-vm/mm/vmscan.c.orig	Sat Mar 17 11:30:49 2001
+++ linux-2.4.2-ac20-vm/mm/vmscan.c	Sat Mar 17 20:53:10 2001
@@ -231,6 +231,7 @@
 	 * Find the proper vm-area after freezing the vma chain
 	 * and ptes.
 	 */
+	down_read(&mm->mmap_sem);
                spin_lock(&mm->page_table_lock);
 >>>>

Why do you acquire the mmap semaphore in swapout_mm()? The old rule was
that kswapd should never sleep on the mmap semaphore. Isn't there a
deadlock if mmap sem is already acquired? I don't remember the details.

>
> The problem is that mmap_sem seems to be protecting the list
> of VMAs, so taking _only_ the page_table_lock could let a VMA
> change under us while a page fault is underway ...

I remember that the pmd_alloc() and pte_alloc() functions need
additional locking.

--
    Manfred

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Rik van Riel]

On Fri, 16 Mar 2001, Stephen C. Tweedie wrote:

> Right, I'm not suggesting removing that: making the mmap_sem
> read/write is fine, but yes, we still need that semaphore.

Initial patch (against 2.4.2-ac20) is available at
http://www.surriel.com/patches/

> But as for the "page faults would use an extra lock to protect against
> each other" bit --- we already have another lock, the page table lock,
> which can be used in this way, so ANOTHER lock should be unnecessary.

Tomorrow I'll take a look at the various ->nopage
functions and do_swap_page to see if these functions
would be able to take simultaneous faults at the same
address (from multiple threads).  If not, either we'll
need to modify these functions, or we could add a (few?)
extra lock to prevent these functions from faulting at
the same address at the same time in multiple threads.

regards,

Rik
--
Virtual memory is like a game you can't win;
However, without VM there's truly nothing to lose...

		http://www.surriel.com/
http://www.conectiva.com/	http://distro.conectiva.com.br/

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Stephen C. Tweedie]

Hi,

On Fri, Mar 16, 2001 at 08:50:25AM -0300, Rik van Riel wrote:
> On Fri, 16 Mar 2001, Stephen C. Tweedie wrote:
> 
> > > Write locks would be used in the code where we actually want
> > > to change the VMA list and page faults would use an extra lock
> > > to protect against each other (possibly a per-pagetable lock
> > 
> > Why do we need another lock?  The critical section where we do the
> > final update on the pte _already_ takes the page table spinlock to
> > avoid races against the swapper.
> 
> The problem is that mmap_sem seems to be protecting the list
> of VMAs, so taking _only_ the page_table_lock could let a VMA
> change under us while a page fault is underway ...

Right, I'm not suggesting removing that: making the mmap_sem
read/write is fine, but yes, we still need that semaphore.  But as for
the "page faults would use an extra lock to protect against each
other" bit --- we already have another lock, the page table lock,
which can be used in this way, so ANOTHER lock should be unnecessary.

--Stephen

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Rik van Riel]

On Fri, 16 Mar 2001, Stephen C. Tweedie wrote:
> On Thu, Mar 15, 2001 at 09:24:59AM -0300, Rik van Riel wrote:
> > On Wed, 14 Mar 2001, Rik van Riel wrote:
> 
> > The mmap_sem is used in procfs to prevent the list of VMAs
> > from changing. In the page fault code it seems to be used
> > to prevent other page faults to happen at the same time with
> > the current page fault (and to prevent VMAs from changing
> > while a page fault is underway).
> 
> The page table spinlock should be quite sufficient to let us avoid
> races in the page fault code.

> > Write locks would be used in the code where we actually want
> > to change the VMA list and page faults would use an extra lock
> > to protect against each other (possibly a per-pagetable lock
> 
> Why do we need another lock?  The critical section where we do the
> final update on the pte _already_ takes the page table spinlock to
> avoid races against the swapper.

The problem is that mmap_sem seems to be protecting the list
of VMAs, so taking _only_ the page_table_lock could let a VMA
change under us while a page fault is underway ...

Then again, I guess just making mmap_sem a R/W lock should fix
our problems ... and maybe even make it possible (in 2.5?) to
let multithreaded programs have pagefaults at the same time,
instead of having all threads queue up behind mmap_sem.

regards,

Rik
--
Virtual memory is like a game you can't win;
However, without VM there's truly nothing to lose...

		http://www.surriel.com/
http://www.conectiva.com/	http://distro.conectiva.com.br/

Re: changing mm->mmap_sem (was: Re: system call for process information?)

[Stephen C. Tweedie]

Hi,

On Thu, Mar 15, 2001 at 09:24:59AM -0300, Rik van Riel wrote:
> On Wed, 14 Mar 2001, Rik van Riel wrote:

> The mmap_sem is used in procfs to prevent the list of VMAs
> from changing. In the page fault code it seems to be used
> to prevent other page faults to happen at the same time with
> the current page fault (and to prevent VMAs from changing
> while a page fault is underway).

The page table spinlock should be quite sufficient to let us avoid
races in the page fault code.  We've had to deal with this before
there was ever a mmap_sem anyway: in ancient times, every page fault
had to do things like check to see if the pte had changed after IO was
complete and once the BKL had been retaken.  We can do the same with
the page fault spinlock without much pain.

> Maybe we should change the mmap_sem into a R/W semaphore ?

Definitely.

> Write locks would be used in the code where we actually want
> to change the VMA list and page faults would use an extra lock
> to protect against each other (possibly a per-pagetable lock

Why do we need another lock?  The critical section where we do the
final update on the pte _already_ takes the page table spinlock to
avoid races against the swapper.

Cheers,
 Stephen

changing mm->mmap_sem (was: Re: system call for process information?)

[Rik van Riel]

On Wed, 14 Mar 2001, Rik van Riel wrote:
> On Wed, 14 Mar 2001, george anzinger wrote:
> 
> > Is it REALLY necessary to prevent them from seeing an
> > inconsistent state?  Seems to me that in the total picture (i.e.
> > system wide) they will never see a consistent state, so why be
> > concerned with a small corner of the system.
> 
> You're right.

Mmmm, I've looked at the code today and it turned out that
we're NOT right ;)

The mmap_sem is used in procfs to prevent the list of VMAs
from changing. In the page fault code it seems to be used
to prevent other page faults to happen at the same time with
the current page fault (and to prevent VMAs from changing
while a page fault is underway).

Maybe we should change the mmap_sem into a R/W semaphore ?

Since page faults seem to be the "common cause" of blocking
procfs access *and* since both page faults and procfs only
need to prevent the VMA list from changing, a read lock would
help here.

Write locks would be used in the code where we actually want
to change the VMA list and page faults would use an extra lock
to protect against each other (possibly a per-pagetable lock so
multithreaded apps can pagefault in different memory regions at
the same time ???).

regards,

Rik
--
Virtual memory is like a game you can't win;
However, without VM there's truly nothing to lose...

		http://www.surriel.com/
http://www.conectiva.com/	http://distro.conectiva.com.br/