Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755228AbbGFRK5 (ORCPT ); Mon, 6 Jul 2015 13:10:57 -0400 Received: from mail-la0-f53.google.com ([209.85.215.53]:34143 "EHLO mail-la0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754978AbbGFRKx (ORCPT ); Mon, 6 Jul 2015 13:10:53 -0400 MIME-Version: 1.0 In-Reply-To: <1436172445-6979-1-git-send-email-avagin@openvz.org> References: <1436172445-6979-1-git-send-email-avagin@openvz.org> From: Andy Lutomirski Date: Mon, 6 Jul 2015 10:10:32 -0700 Message-ID: Subject: Re: [PATCH 0/24] kernel: add a netlink interface to get information about processes (v2) To: Andrey Vagin Cc: "linux-kernel@vger.kernel.org" , Linux API , Oleg Nesterov , Andrew Morton , Cyrill Gorcunov , Pavel Emelyanov , Roger Luethi , Arnd Bergmann , Arnaldo Carvalho de Melo , David Ahern , Pavel Odintsov Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2443 Lines: 51 On Mon, Jul 6, 2015 at 1:47 AM, Andrey Vagin wrote: > Currently we use the proc file system, where all information are > presented in text files, what is convenient for humans. But if we need > to get information about processes from code (e.g. in C), the procfs > doesn't look so cool. > > From code we would prefer to get information in binary format and to be > able to specify which information and for which tasks are required. Here > is a new interface with all these features, which is called task_diag. > In addition it's much faster than procfs. > > task_diag is based on netlink sockets and looks like socket-diag, which > is used to get information about sockets. I think I like this in principle, but I have can see a few potential problems with using netlink for this: 1. Netlink very naturally handles net namespaces, but it doesn't naturally handle any other kind of namespace. In fact, the taskstats code that you're building on has highly broken user and pid namespace support. (Look for some obviously useless init_user_ns and init_pid_ns references. But that's only the obvious problem. That code calls current_user_ns() and task_active_pid_ns(current) from .doit, which is, in turn, called from sys_write, and looking at current's security state from sys_write is a big no-no.) You could partially fix it by looking at f_cred's namespaces, but that would be a change of what it means to create a netlink socket, and I'm not sure that's a good idea. 2. These look like generally useful interfaces, which means that people might want to use them in common non-system software, which means that some of that software might get run inside of sandboxes (Sandstorm, xdg-app, etc.) Sandboxes like that might block netlink outright, since it can't be usefully filtered by seccomp. (This isn't really the case now, since netlink route queries are too common, but still.) 3. Netlink is a bit tedious to use from userspace. Especially for things like task_diag, which are really just queries that generate single replies. Would it make more sense to have a new syscall instead? You could even still use nlattr formatting for the syscall results. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/