Re: [PATCH] CRED: Fix regression in cap_capable() as shown up bysys_faccessat() [ver #2]

From: Serge E. Hallyn
Date: Tue Jan 06 2009 - 11:47:45 EST

Next message: Ingo Molnar: "Re: [PATCH][RFC]: mutex: adaptive spin"
Previous message: Linus Torvalds: "Re: [PATCH][RFC]: mutex: adaptive spin"
In reply to: David Howells: "Re: [PATCH] CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]"
Next in thread: David Howells: "Re: [PATCH] CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting David Howells (dhowells@xxxxxxxxxx):
> Serge E. Hallyn <serue@xxxxxxxxxx> wrote:
>
> > You have the 'acting_as' name for subj/eff, which I like. Is there
> > another name you could use in place of 'real' in the name
> > task_real_capable()?
>
> Ummm... 'Actual' or 'Assigned' perhaps?
>
> > I do find this version much easier to read. It seems easier to
> > track capable+current_cred() vs real_capable+get_task_cred(). Could
> > you do a few benchmarks to gauge whether the difference the
> > optimization makes?
>
> Yeah... My main objection is passing around two or three superfluous arguments
> in the common case. Most of the time, the only necessary argument to
> sec->capable():
>
> int (*capable) (struct task_struct *tsk, const struct cred *cred,
> int cap, int audit);
>
> is cap; tsk, cred and audit are all superfluous in the (very) common case.
>
> How about:
>
> int (*fast_capable) (int cap);
>
> which assumes current, current_cred() and SECURITY_CAP_AUDIT?

Well I'd rather it be called acting_capable() or self_acting_capable(),
but the realy issue is how to make that work through the security_ops()
layer without needless code duplication. It'd be ideal if it's doable,
I agree.

> Benchmarking is tricky, given that the individual savings will be relatively
> small in comparison to the code that calls them.
>
> However, if I can get rid of three arguments passed into each of
> security_capable(), selinux_capable() and cap_capable(), that really should
> speed things up if you call it enough times, especially as current is held in a
> register on some archs.
>
> I'll see what I can do.
>
> > I'm looking at a several-week-old linux-next, but only see one use of
> > capable on another task which audits, and that is in commoncap for
> > traceme, so it seems reasonable.
>
> Should has_capability() be out of lines and have security_real_capable() merged
> into it? And the same for has_capability_noaudit() and
> security_real_capable_noaudit()?
>
> > So yeah, I do like this version better.
>
> Perhaps a separate patch to optimise capable(). As I said, I'll see about
> benchmarking it.

Cool, thanks. In the meantime, I guess your first patch is in
security-next anyway, right?

-serge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [PATCH][RFC]: mutex: adaptive spin"
Previous message: Linus Torvalds: "Re: [PATCH][RFC]: mutex: adaptive spin"
In reply to: David Howells: "Re: [PATCH] CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]"
Next in thread: David Howells: "Re: [PATCH] CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]