From mboxrd@z Thu Jan  1 00:00:00 1970
From: Florian Weimer <fweimer@redhat.com>
Subject: Re: Thoughts on credential switching
Date: Thu, 27 Mar 2014 16:41:27 +0100
Message-ID: <533446A7.6020003@redhat.com>
References: <CALCETrVyNXYaMWOyWj4gKLWVdzPrSkvv7WTBi2Aa8mYs4NKH9g@mail.gmail.com> <20140327004225.GA20247@sergelap> <CALCETrUtRzViEYUNev1JNFZMms56uiw47YZezak0Z0PKgFneQA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Jim Lieb <jlieb@panasas.com>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	LSM List <linux-security-module@vger.kernel.org>,
	"Serge E. Hallyn" <serge@canonical.com>,
	Kees Cook <keescook@chromium.org>,
	Linux FS Devel <linux-fsdevel@vger.kernel.org>,
	"Theodore Ts'o" <tytso@mit.edu>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	bfields@redhat.com, Jeff Layton <jlayton@redhat.com>
To: Andy Lutomirski <luto@amacapital.net>,
	Serge Hallyn <serge.hallyn@ubuntu.com>
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <CALCETrUtRzViEYUNev1JNFZMms56uiw47YZezak0Z0PKgFneQA@mail.gmail.com>
Sender: linux-security-module-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On 03/27/2014 02:01 AM, Andy Lutomirski wrote:

> Essentially, it's a performance problem.  knfsd has override_creds,
> and it can cache struct cred.  But userspace doing the same thing
> (i.e. impersonating a user) has to do setresuid, setresgid, and
> setgroups, which kills performance, since it results in something like
> five RCU callbacks per impersonation round-trip.

Do you mean setfsuid instead of setresuid?

-- 
Florian Weimer / Red Hat Product Security Team