| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1236291865.22399.139.camel@nimitz> Date: Thu, 05 Mar 2009 14:24:25 -0800 From: Dave Hansen <dave@...ux.vnet.ibm.com> To: Alexey Dobriyan <adobriyan@...il.com> Cc: Christoph Hellwig <hch@...radead.org>, containers <containers@...ts.linux-foundation.org>, Ingo Molnar <mingo@...e.hu>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [RFC][PATCH 00/11] track files for checkpointability On Fri, 2009-03-06 at 01:00 +0300, Alexey Dobriyan wrote: > On Thu, Mar 05, 2009 at 01:27:07PM -0800, Dave Hansen wrote: > > > Imagine, unsupported file is opened between userspace checks > > > for /proc/*/checkpointable and /proc/*/fdinfo/*/checkpointable > > > and whatever, you stil have to do all the checks inside checkpoint(2). > > > > Alexey, we have two problems here. I completely agree that we have to > > do complete and thorough checks of each file descriptor at > > sys_checkpoint(). Any checks made at other times should not be trusted. > > > > The other side is what Ingo has been asking for. How do we *know* when > > we are checkpointable *before* we call (and without calling) > > This "without calling checkpoint(2)" results in much complications > as demonstrated. I'll let you take that up with Ingo. :) > task_struct and file are not like other structures because they are exposed > in /proc. Very true. But, we can always use the task as a proxy to say whether any of this tasks's *resources* are uncheckpointable. Is this task's ipc_namespace checkpointable, etc... > For PROC_FS=n kernels, one can't even check. Definitely. I'd be happy to make this check require PROC=y or even DEBUGFS=y. I just want to make the mechanism usable for developers so they're more motivated to find and fix checkpoint issues. > You can do checkpoint(2) without actual dump. You pass, you're most > certainly checkpointable (with inevitable race condition in mind). OK, so you envision this as maybe calling sys_checkpoint() with a -1 fd or something? I'm generally OK with that. If the /proc stuff is really the sticking point here, I'd be happy to stick it at the end of the series so we can throw it away more easily. > With time the amount of stuff C/R won't support will approach zero, > but the infrastructure for "checkpointable" will stay constant. > If it's too much right now, it will be way too much in future. What have you seen in OpenVZ? Do new things that are not checkpointable pop up very often? -- Dave -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists