From: "Serge E. Hallyn" <serue@us.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>, Christoph Hellwig <hch@lst.de>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Stephen Rothwell <sfr@canb.auug.org.au>,
Andrew Morgan <morgan@kernel.org>
Subject: Re: [PATCH] CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]
Date: Tue, 6 Jan 2009 10:47:27 -0600 [thread overview]
Message-ID: <20090106164727.GC9773@us.ibm.com> (raw)
In-Reply-To: <6521.1231189936@redhat.com>
Quoting David Howells (dhowells@redhat.com):
> Serge E. Hallyn <serue@us.ibm.com> wrote:
>
> > You have the 'acting_as' name for subj/eff, which I like. Is there
> > another name you could use in place of 'real' in the name
> > task_real_capable()?
>
> Ummm... 'Actual' or 'Assigned' perhaps?
>
> > I do find this version much easier to read. It seems easier to
> > track capable+current_cred() vs real_capable+get_task_cred(). Could
> > you do a few benchmarks to gauge whether the difference the
> > optimization makes?
>
> Yeah... My main objection is passing around two or three superfluous arguments
> in the common case. Most of the time, the only necessary argument to
> sec->capable():
>
> int (*capable) (struct task_struct *tsk, const struct cred *cred,
> int cap, int audit);
>
> is cap; tsk, cred and audit are all superfluous in the (very) common case.
>
> How about:
>
> int (*fast_capable) (int cap);
>
> which assumes current, current_cred() and SECURITY_CAP_AUDIT?
Well I'd rather it be called acting_capable() or self_acting_capable(),
but the realy issue is how to make that work through the security_ops()
layer without needless code duplication. It'd be ideal if it's doable,
I agree.
> Benchmarking is tricky, given that the individual savings will be relatively
> small in comparison to the code that calls them.
>
> However, if I can get rid of three arguments passed into each of
> security_capable(), selinux_capable() and cap_capable(), that really should
> speed things up if you call it enough times, especially as current is held in a
> register on some archs.
>
> I'll see what I can do.
>
> > I'm looking at a several-week-old linux-next, but only see one use of
> > capable on another task which audits, and that is in commoncap for
> > traceme, so it seems reasonable.
>
> Should has_capability() be out of lines and have security_real_capable() merged
> into it? And the same for has_capability_noaudit() and
> security_real_capable_noaudit()?
>
> > So yeah, I do like this version better.
>
> Perhaps a separate patch to optimise capable(). As I said, I'll see about
> benchmarking it.
Cool, thanks. In the meantime, I guess your first patch is in
security-next anyway, right?
-serge
next prev parent reply other threads:[~2009-01-06 16:47 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-30 13:42 access(2) regressions in current mainline Christoph Hellwig
2008-12-30 17:06 ` David Howells
2008-12-30 17:09 ` Christoph Hellwig
2008-12-30 17:20 ` David Howells
2008-12-30 17:29 ` Christoph Hellwig
2008-12-30 17:54 ` David Howells
2008-12-31 2:05 ` Dave Chinner
2008-12-31 3:28 ` [PATCH] CRED: Fix regression in cap_capable() as shown up by sys_faccessat() David Howells
2008-12-31 15:15 ` [PATCH] CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2] David Howells
2008-12-31 23:24 ` James Morris
2009-01-01 23:53 ` J. Bruce Fields
2009-01-02 1:19 ` David Howells
2009-01-02 5:19 ` J. Bruce Fields
2009-01-02 11:59 ` David Howells
2009-01-02 16:45 ` J. Bruce Fields
2009-01-03 18:49 ` J. Bruce Fields
2009-01-03 23:03 ` David Howells
2009-01-04 2:03 ` J. Bruce Fields
2009-01-05 13:11 ` David Howells
2009-01-05 15:57 ` David Howells
2009-01-05 16:48 ` David Howells
2009-01-05 17:19 ` [PATCH] CRED: Fix NFSD regression David Howells
2009-01-05 22:22 ` James Morris
2009-01-06 19:41 ` J. Bruce Fields
2009-01-06 19:56 ` David Howells
2009-01-06 20:08 ` J. Bruce Fields
2009-01-02 16:48 ` [PATCH] CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2] J. Bruce Fields
2009-01-02 19:18 ` David Howells
2009-01-05 2:07 ` James Morris
2009-01-05 3:18 ` Serge E. Hallyn
2009-01-05 3:37 ` Serge E. Hallyn
2009-01-05 12:43 ` David Howells
2009-01-05 19:07 ` Serge E. Hallyn
2009-01-05 21:12 ` David Howells
2009-01-06 16:47 ` Serge E. Hallyn [this message]
2009-01-06 20:39 ` David Howells
2009-01-06 20:56 ` Serge E. Hallyn
2009-01-06 22:27 ` [PATCH] CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #3] David Howells
2009-01-06 22:53 ` James Morris
2009-01-06 23:57 ` J. Bruce Fields
2009-01-07 0:09 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090106164727.GC9773@us.ibm.com \
--to=serue@us.ibm.com \
--cc=dhowells@redhat.com \
--cc=hch@lst.de \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=morgan@kernel.org \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.