linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ingo Molnar <mingo@elte.hu>
To: Eric Paris <eparis@redhat.com>
Cc: Christoph Hellwig <hch@infradead.org>,
	linux-kernel@vger.kenel.org,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, zohar@us.ibm.com,
	warthog9@kernel.org, david@fromorbit.com, jmorris@namei.org,
	kyle@mcmartin.ca, hpa@zytor.com, akpm@linux-foundation.org,
	torvalds@linux-foundation.org, viro@zeniv.linux.org.uk
Subject: Re: [PATCH 1/3] IMA: move read/write counters into struct inode
Date: Tue, 19 Oct 2010 10:39:21 +0200	[thread overview]
Message-ID: <20101019083921.GA27723@elte.hu> (raw)
In-Reply-To: <1287454443.2530.124.camel@localhost.localdomain>


* Eric Paris <eparis@redhat.com> wrote:

> More cryptic command line options and complexity is not the solution.  I have no 
> plans to send (a fixed/"working" version of) Kyle's patch which would cause a 
> userspace regression since working machines would magically stop working.

That is a valid argument.

> The right solution is to provide features without unreasonably impacting those who 
> do not want those features.  At the moment my patch series reduces memory usage by 
> a factor of at least 40 and eliminates the locking contention and serialization of 
> bringing inodes into and out of core.  It does so without introducing ANY 
> additional overhead or complexity.

And that argument is missing the point IMO. Christoph is perfectly correct to 
observe:

  It bloats the inode with three unsigned long values for a feature no sane person
  would ever use.

that's 24 bytes per inode - when in the past we've made _huge_ efforts to minimally 
shrink it by a few bytes.

> If there is a general consensus that 24 bytes per inode is too large we can move 
> forward from here and drop the 'opencount' and save 8 bytes (while eliminating the 
> debugging and verification this code has helped to provide in the past)
> 
> If there is a general consensus that 16 bytes per inode is too large we can travel 
> down the much more complex route of attempting to collect this information 
> dynamically by freezing userspace, scanning every open file, and calculating the 
> information.  We would then have a 2 stage integrity structure, the first with 
> just counters and the second would contain integrity information if needed.

Hm, why would all that be needed?

The security subsystem already has a private-data extension in struct inode:

 struct inode {
 ...
 #ifdef CONFIG_SECURITY
         void                    *i_security;
 #endif
 ...
 }

That could be used for IMA, right? IMA state can either embedd in struct 
inode_security_struct or the security subsystem could define an intermediate data 
structure. (it's up to the security subsystem how it wants to make use of this data 
pointer.)

An unlimited amount of optional information can be attached that way.

Thanks,

	Ingo

  parent reply	other threads:[~2010-10-19  8:40 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-10-19  1:16 [PATCH 1/3] IMA: move read/write counters into struct inode Eric Paris
2010-10-19  1:16 ` [PATCH 2/3] IMA: only allocate iint when needed Eric Paris
2010-10-19  1:17 ` [PATCH 3/3] IMA: use rbtree instead of radix tree for inode information cache Eric Paris
2010-10-19  1:30 ` [PATCH 1/3] IMA: move read/write counters into struct inode Christoph Hellwig
2010-10-19  2:14   ` Eric Paris
2010-10-19  7:39     ` Dave Chinner
2010-10-19 16:24       ` Eric Paris
2010-10-19 16:29         ` Christoph Hellwig
2010-10-19  8:39     ` Ingo Molnar [this message]
2010-10-19  2:46 ` Eric Paris
2010-10-19 15:52 ` Linus Torvalds
2010-10-19 16:36   ` Eric Paris
2010-10-19 16:55     ` Al Viro
2010-10-19 17:03       ` Linus Torvalds
2010-10-19 17:28         ` Al Viro
2010-10-19 18:16           ` Mimi Zohar
2010-10-20 13:10             ` John Stoffel
2010-10-20 13:36               ` Al Viro
2010-10-20 14:09                 ` John Stoffel
2010-10-19 19:11           ` Matthew Wilcox
2010-10-20  3:15             ` Al Viro
2010-10-20 17:38               ` J. Bruce Fields
2010-10-19 22:49         ` Eric Paris
2010-10-20 14:38           ` Ingo Molnar
2010-10-20 14:46             ` Eric Paris
2010-10-20 15:15               ` Ingo Molnar
2010-10-20 15:25                 ` Eric Paris
2010-10-21 16:15                 ` Casey Schaufler
2010-10-22  8:48                   ` Ingo Molnar
2010-10-22 17:50                     ` Casey Schaufler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20101019083921.GA27723@elte.hu \
    --to=mingo@elte.hu \
    --cc=akpm@linux-foundation.org \
    --cc=david@fromorbit.com \
    --cc=eparis@redhat.com \
    --cc=hch@infradead.org \
    --cc=hpa@zytor.com \
    --cc=jmorris@namei.org \
    --cc=kyle@mcmartin.ca \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kenel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=warthog9@kernel.org \
    --cc=zohar@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).