From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Serge E. Hallyn" <serge.hallyn@canonical.com>
Subject: Re: remove_suid bangs on xattrs
Date: Thu, 2 Sep 2010 11:02:05 -0500
Message-ID: <20100902160205.GA21495@hallyn.com>
References: <20100816193812.GF993@think>
 <20100816194439.GG993@think>
 <20100818024139.GA16578@hallyn.com>
 <AANLkTi=MXSozcAbwaifnGnL=6TGyDf7HiBjmFGZfwQ-A@mail.gmail.com>
 <5E83F6C3-2B1E-4FBF-960C-27364528813C@dilger.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: "Andrew G. Morgan" <morgan@kernel.org>,
	"Serge E. Hallyn" <serge.hallyn@canonical.com>,
	Chris Mason <chris.mason@oracle.com>,
	linux-fsdevel@vger.kernel.org
To: Andreas Dilger <adilger@dilger.ca>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from adelie.canonical.com ([91.189.90.139]:56665 "EHLO
	adelie.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756597Ab0IBQCI (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 2 Sep 2010 12:02:08 -0400
Content-Disposition: inline
In-Reply-To: <5E83F6C3-2B1E-4FBF-960C-27364528813C@dilger.ca>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Quoting Andreas Dilger (adilger@dilger.ca):
> On 2010-08-19, at 23:31, Andrew G. Morgan wrote:
> > Lots of small writes to 'any' file also tends to bang on this code.
> > I've been wondering if it might make sense to cache, in the inode,
> > that a file does *not* have any capabilities associated with it. That
> > way the kernel wouldn't need to look up the xattrs twice for the same
> > incapable file - which is, by far, the common case.
> 
> That would be a blessing.  I see a steady stream of
> getxattr("security.capability") requests, and being able to disable this

Do you think it would help at all to add a S_NO_POSIXCAPS
to i_flags, and set that the first time we find that
getxattr("security.capability") finds no capabilities?
I.e. are these requests frequently for the same inode, or
always for new ones?

> (possibly even in the superblock with a flag) would avoid expensive RPCs on a
> network filesystem.

Hmm, as it is, the get_vfs_caps_from_disk() does not get called
if MNT_NOSUID.  But the cap_inode_need_killpriv() does, so a
quick way to reduce that # for you would be to pass the inode
to security_inode_need_killpriv (so it can get to mnt), and
have that check for MNT_NOSUID, and then you can mount your
network fs's with MNT_NOSUID...  Would that help you?


-serge