From: Ken Brown <kbrown@cornell.edu>
To: cygwin-developers@cygwin.com
Subject: Re: AF_UNIX status report
Date: Thu, 5 Nov 2020 14:01:16 -0500 [thread overview]
Message-ID: <90fdecee-fb2d-6b24-ef30-356df2dbc3d2@cornell.edu> (raw)
In-Reply-To: <20201105172140.GP33165@calimero.vinschen.de>
On 11/5/2020 12:21 PM, Corinna Vinschen wrote:
> On Nov 5 09:23, Ken Brown via Cygwin-developers wrote:
>> OK, here's how I imagine this working:
>>
>> A process wants to send a file descriptor fd, so it creates a msghdr with an
>> SCM_RIGHTS cmsghdr and calls sendmsg. The latter creates and sends an admin
>> packet A containing the fhandler for fd, and then it sends the original
>> packet P.
>>
>> At the receiving end, recvmsg sees packet A first (recvmsg is always
>> checking for admin packets anyway whenever it's called). It stores the
>> fhandler somewhere. When it then reads packet P, it retrieves the stored
>> fhandler, fiddles with it (duplicating handles, etc.), and creates the new
>> file descriptor.
>
> Actually, this needs to be implemented in a source/dest-independent
> manner. Only the server of the named pipe can impersonate the client.
> So the server side should do the job of duplicating the handles. If the
> sever is also the source of SCM_RIGHTS, it should send the fhandler with
> already duplicated handles.
Ah, OK. I was thinking of it differently. Rather than having the server
impersonate the client, I was thinking that the sender would send its winpid as
part of its admin packet, which the receiver could then use to get a handle to
the sender's process. The receiver could then duplicate the handles. But maybe
your approach is better. I'll have to rethink it.
>> Does this seem reasonable? The main thing bothering me is the lack of
>> atomicity. I don't like the gap between the sending of the two packets A
>> and P, and similarly for the receiving. I thought about using the io_lock
>> to at least make sure that the two packets are adjacent in the pipe, but I
>> don't know if we want to tie up the io_lock for that long.
>>
>> Also, the sending process might be sending several file descriptors at once,
>> so that there would be several admin packets to be sent (unless we want to
>> cram it all into one).
>
> We can safely assume that pipe packets up to 64K are sent and received
> atomically.
>
> In most cases this shouldn't be much of a problem. Most scenarios using
> SCM_RIGHTS send no or only a minor payload. Most scenarios share a
> single or only a handful of descriptors.
>
> Apart from that, Linux also defines SCM_MAX_FD, the max. number of
> descriptors in a single sendmsg call. If the number of descriptors
> is larger, sendmsg returns EINVAL. SCM_MAX_FD is 253 on Linux, but
>
> What that means to us is, we can choose our own SCM_MAX_FD and just
> return EINVAL if the number of descriptors is uncomfortably high.
> The max. number of descriptors should be limited so that all descriptors
> fit into 64K, or even 32K, just to leave space for payload.
> Assuming a size of about 600 bytes per fhandler, 50 might be a good
> candidate for SCM_MAX_FD. I'd say even 32 would be sufficent for most
> scenarios.
>
> The idea would be to create the packet on the source side with all
> fhandlers in the ancilliary data block, followed by the payload.
> This should typically fit in a 64K package. If not, only the
> payload needs to be split into multiple packages. Do we really
> need atomicity there? Not sure, but only then we'd need an io_lock.
>
> Does that make sense?
Yes. Thanks.
Ken
next prev parent reply other threads:[~2020-11-05 19:01 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-26 22:04 Ken Brown
2020-10-27 9:43 ` Corinna Vinschen
2020-10-29 20:19 ` Ken Brown
2020-10-29 21:53 ` Joe Lowe
2020-10-30 9:20 ` Corinna Vinschen
2020-11-03 15:43 ` Ken Brown
2020-11-04 12:03 ` Corinna Vinschen
2020-11-05 14:23 ` Ken Brown
2020-11-05 17:21 ` Corinna Vinschen
2020-11-05 19:01 ` Ken Brown [this message]
2020-11-05 19:54 ` Joe Lowe
2020-11-06 4:02 ` Ken Brown
2020-11-05 23:41 ` Ken Brown
2020-11-06 9:12 ` Corinna Vinschen
2020-11-07 22:25 ` Ken Brown
2020-11-08 22:40 ` Ken Brown
2020-11-09 9:08 ` Corinna Vinschen
2020-11-17 19:57 ` Ken Brown
2020-11-18 8:34 ` Corinna Vinschen
2020-11-22 20:44 ` Ken Brown
2020-11-23 8:43 ` Corinna Vinschen
2020-11-26 17:06 ` Ken Brown
2020-12-15 17:33 ` Ken Brown
2020-12-16 9:29 ` Corinna Vinschen
2020-12-16 21:09 ` Ken Brown
2020-12-17 15:54 ` Ken Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=90fdecee-fb2d-6b24-ef30-356df2dbc3d2@cornell.edu \
--to=kbrown@cornell.edu \
--cc=cygwin-developers@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).