Re: [PATCH RFC v2 19/22] selinux: validate symbols

From: Christian Göttsche
Date: Wed Jan 08 2025 - 12:02:30 EST

Next message: Matthew Gerlach: "[PATCH v3 0/5] Add PCIe Root Port support for Agilex family of chips"
Previous message: Thierry Reding: "Re: [PATCH 4/5] i2c: tegra: Add support for SW Mutex register"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 8 Jan 2025 at 04:00, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>
> On Dec 16, 2024 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgoettsche@xxxxxxxxxxxxx> wrote:
> >
> > Some symbol tables need to be validated after indexing, since during
> > indexing their referenced entries might not yet have been indexed.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> > ---
> > security/selinux/ss/policydb.c | 94 ++++++++++++++++++++++++++++++++++
> > 1 file changed, 94 insertions(+)
>
> Out of curiosity, have you measured the policy load times before and
> after this patchset? I'd like to understand the performance impact of
> the additional checks and validations.

A trivial benchmark of load_policy(8) inside a virtme-ng environment
showed a slight increase from 82,7ms to 82.9ms.
I'll try some more benchmarks for v3.

> --
> paul-moore.com

Next message: Matthew Gerlach: "[PATCH v3 0/5] Add PCIe Root Port support for Agilex family of chips"
Previous message: Thierry Reding: "Re: [PATCH 4/5] i2c: tegra: Add support for SW Mutex register"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]