Re: [PATCH 0/10] af_unix: add multicast and filtering features toAF_UNIX

From: Javier Martinez Canillas
Date: Tue Feb 28 2012 - 11:32:43 EST

Next message: Autif Khan: "[PATCH 1/3] drivers: usb: serial: sierra - upgrade to 1.7.40"
Previous message: Srivatsa S. Bhat: "[PATCH] PM/Sleep,ACPI: Teach acpi_cpu_soft_notify() to handle CPU hotplug insuspend/resume path"
In reply to: Javier Martinez Canillas: "Re: [PATCH 0/10] af_unix: add multicast and filtering features toAF_UNIX"
Next in thread: David Miller: "Re: [PATCH 0/10] af_unix: add multicast and filtering features toAF_UNIX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02/28/2012 04:24 PM, Javier Martinez Canillas wrote:
> On 02/28/2012 03:28 PM, David Lamparter wrote:
>> On Tue, Feb 28, 2012 at 11:47:39AM +0100, Rodrigo Moya wrote:
>>> > - slow readers: dropping packets vs blocking the sender. Although
>>> > datagrams are not reliable on IP, datagrams on Unix sockets are
>>> never
>>> > lost. So if one receiver has its buffer full the sender is blocked
>>> > instead of dropping packets. That way we guarantee a reliable
>>> > communication channel.
>>
>> This sounds like a terribly nice way to f*ck the entire D-Bus system by
>> having one broken (or malicious) desktop application. What's the
>> intended way of coping with users that block the socket by not reading?
>>
>>
>> -David L.
>
> The problem is that D-bus expects a reliable transport method (TCP or
> SOCK_STREAM Unix socks) but this is not the case with multicast Unix
> sockets. Since our implementation is for SOCK_SEQPACKET and SOCK_DGRAM
> socket types.
>
> So, you have to either add another layer to the D-bus protocol to make
> it reliable (acks, retransmissions, flow control, etc) or avoid losing
> D-bus messages (by blocking the sender if one of the receivers has its
> buffer full).
>

Also, this problem exists with current D-bus implementation. If a
malicious desktop application doesn't read its socket then the messages
sent to it will be buffered in the daemon:
https://bugs.freedesktop.org/show_bug.cgi?id=33606

dbus-daemon memory usage will ballooning until
max_incoming_bytes/max_outgoing_bytes limit is reached (1GB for session
bus in default configuration)

<limit name="max_incoming_bytes">1000000000</limit>
<limit name="max_outgoing_bytes">1000000000</limit>

It only works because not many applications are broken and user-space
memory is virtualized. But if you bypass the daemon and use a multicast
transport layer (as in our multicast Unix socket implementation) you
don't have that much memory to buffer the packets.

So you have to either block the senders or:

- drop the slow reader
- kill the spammer
- have an infinite amount of memory

Regards,
Javier
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Autif Khan: "[PATCH 1/3] drivers: usb: serial: sierra - upgrade to 1.7.40"
Previous message: Srivatsa S. Bhat: "[PATCH] PM/Sleep,ACPI: Teach acpi_cpu_soft_notify() to handle CPU hotplug insuspend/resume path"
In reply to: Javier Martinez Canillas: "Re: [PATCH 0/10] af_unix: add multicast and filtering features toAF_UNIX"
Next in thread: David Miller: "Re: [PATCH 0/10] af_unix: add multicast and filtering features toAF_UNIX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]