Re: fanotify - overall design before I start sending patches

[Miklos Szeredi]

On Fri, 07 Aug 2009, Eric Paris wrote:
> On Fri, 2009-08-07 at 18:36 +0200, Miklos Szeredi wrote:
> > On Thu, 06 Aug 2009, Eric Paris wrote:
> > > just work.  The whole reason for the timeout is because I don't trust
> > > userspace not to get it wrong and I'd rather not lose my box because of
> > > it.
> > 
> > IMO this has nothing to do with userspace(*) and everything to do with
> > complexity.  Virus scanning is complex and any such code, whether
> > runing in userspace or not, can easily screw up and freeze the system.
> 
> I agree, 'userspace' was not the best term.  Let me rephrase:
> 
> "The whole reason for the timeout is because I don't trust anything not
> to get it wrong and I'd rather not lose my box because of it."

That's clearly not true.  We don't have timers watching filesystems or
security modules to make sure they complete an operation within a
given amount of time.

So there's something else why you think the fanotify interface is
special, and the only reason it's special is that it's a userspace
API.

> > The way to solve that is not to implement hacks on the kernel
> > interface, but rather by separating the complex parts and implementing
> > a simple watchdog layer on top of that, that makes sure things don't
> > go wrong.
> 
> So you would argue that every fanotify listener implement their own
> watchdog layer that may or may not be correct rather than do a single
> watchdog layer for everyone?  And that's better?

As Pavel said, hopefully most fanotify listeners will _not_ need a
watchdog layer.  Maybe virus scanners will need one, but that will be
the least of their worries, probably.

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/