Page MenuHomeFreeBSD

Optimize libnv descriptor passing.
Needs ReviewPublic

Authored by markj on Jul 12 2019, 9:42 PM.

Details

Reviewers
oshogbo
pjd
Group Reviewers
capsicum
Summary

Use a single CMSG for all passed descriptors. This lets us pack more
descriptors in a single message, which is useful for cap_fileargs.

Add a regression test which passes an nvlist containing many descriptors
over a unix socket pair.

Diff Detail

Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 25326
Build 23986: arc lint + arc unit

Event Timeline

markj created this revision.Jul 12 2019, 9:42 PM
markj added a comment.EditedJul 16 2019, 3:31 AM

Hmmm. Do we care about supporting Linux anymore given that it seems Capsicum is not going into mainline Linux? I am fine with dropping this patch, but it seems a bit of a shame since it is faster and more space-efficient to send multiple FDs in a single control message.

libnv may be used in different places as well, not only Capsicum.
Right now it is cross build: https://github.com/fudosecurity/nvlist

I also wonder is there is no limit in FreeBSD to the count how many fd we can send in single message.
If so we could have both methods but we still would need to split how many of them we are sending.

markj added a comment.Jul 16 2019, 2:15 PM

libnv may be used in different places as well, not only Capsicum.
Right now it is cross build: https://github.com/fudosecurity/nvlist

Thanks, I will leave this change for now then.

I also wonder is there is no limit in FreeBSD to the count how many fd we can send in single message.

It's limited by the number of fd pointers we can fit in an mbuf cluster.

If so we could have both methods but we still would need to split how many of them we are sending.