Re: [PATCH] [LSM] Rework LSM hooks

From: James Morris
Date: Wed Aug 11 2004 - 20:24:36 EST

Next message: Jon Smirl: "Re: [PATCH] add PCI ROMs to sysfs"
Previous message: Pallipadi, Venkatesh: "RE: [PATCH] add PCI ROMs to sysfs"
In reply to: Kurt Garloff: "Re: [PATCH] [LSM] Rework LSM hooks"
Next in thread: Kurt Garloff: "Re: [PATCH] [LSM] Rework LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 12 Aug 2004, Kurt Garloff wrote:

> On Tue, Aug 10, 2004 at 10:16:29AM -0400, James Morris wrote:
> > Is this just an ia64 issue? If so, then perhaps we should look at only
> > penalising ia64? Otherwise, loading an LSM module is going to cause
> > expensive false unlikely() on _every_ LSM hook.
>
> You should worry about the fast path.
> That's no LSM being loaded and just using the default capabilities.
> Which is what most users usse as of this time.

I'm not sure we can expect this to be true in the future.

> If you do call into any serious LSM, you'll spend much more CPU cycles
> anyway ...

Possibly, but keep in mind that your patch effectively adds 135 false
unlikely() calls throughout the kernel when an LSM is loaded. Can you
provide figures for, say, the overhead of your patch (if any) with the BSD
securelevels LSM loaded?

Also, we still have the option of making COND_SECURITY ia64-specific.

- James
--
James Morris
<jmorris@xxxxxxxxxx>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jon Smirl: "Re: [PATCH] add PCI ROMs to sysfs"
Previous message: Pallipadi, Venkatesh: "RE: [PATCH] add PCI ROMs to sysfs"
In reply to: Kurt Garloff: "Re: [PATCH] [LSM] Rework LSM hooks"
Next in thread: Kurt Garloff: "Re: [PATCH] [LSM] Rework LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]