From: Linus Torvalds <torvalds@linux-foundation.org>
To: Andi Kleen <andi@firstfloor.org>
Cc: linux-fsdevel@vger.kernel.org, akpm@linux-foundation.org,
linux-kernel@vger.kernel.org, npiggin@kernel.dk,
shaohua.li@intel.com, sds@tycho.nsa.gov, jmorris@namei.org,
linux-security-module@vger.kernel.org,
Eric Paris <eparis@parisplace.org>
Subject: Re: Make RCU dcache work with CONFIG_SECURITY=y
Date: Fri, 22 Apr 2011 11:26:09 -0700 [thread overview]
Message-ID: <BANLkTi=kod0vH3Ybb4Fe=Sa5zvzYSmoj1Q@mail.gmail.com> (raw)
In-Reply-To: <1303431801-10540-1-git-send-email-andi@firstfloor.org>
On Thu, Apr 21, 2011 at 5:23 PM, Andi Kleen <andi@firstfloor.org> wrote:
>
> I didn't find good test suites for the security modules, so
> there wasn't a lot of testing on this unfortunately
> (the selinux one for LTP doesn't seem to work). Some close
> review of these changes is needed.
>
> On the other hand the VFS changes itself are very straight forward
> and the 1/1 patch is very straight forward (and a win in itself)
>
> The bottom line is with this patchkit a CONFIG_SECURITY=y
> kernel has as good VFS performance as a kernel with CONFIG_SECURITY
> disabled.
Gaah. My immediate reaction to the patch-series was "This is great, I
was really hoping we could get all those annoying cases sorted out,
and I'll queue them for the next merge window".
Having then actually read through the patches a bit more, I then got
convinced that at least the first patch should probably be applied
right away and be marked for stable, since it looks pretty damn
obvious to me, and it might already on its own fix the performance
regression for some configurations (although realistically I guess few
enough people really do the "selinux=0" thing, so the big advantage is
making easier to backport the other patches later if we don't do them
now).
And now I'm vacillating about the two later patches too. They look
fine to me, but I really have _zero_ familiarity with selinux and
smack internals, so unlike the first patch, I can't go "that looks
like the obviously right thing, and it clearly catches all the RCU
cases".
The "we can't use all the nifty RCU pathwalk in the config that most
distros ship by default" is clearly a performance regression, and has
meant that it's not been really showing its real advantages for most
people. So in that sense, it's a regression fix and thus valid even
though we're pretty late in the -rc series.
But at the same time, it's also a bit scary.
Comments? I'd really like to see/hear feedback like "yeah, this looks
really obviously safe" vs "yeah, looks good, but I really don't feel
very comfortable with it" from the security people.
Linus
next prev parent reply other threads:[~2011-04-22 18:26 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-22 0:23 Make RCU dcache work with CONFIG_SECURITY=y Andi Kleen
2011-04-22 0:23 ` [PATCH 1/3] SECURITY: Move exec_permission RCU checks into security modules Andi Kleen
2011-04-22 0:46 ` Eric Paris
2011-04-22 4:34 ` Christoph Hellwig
2011-04-22 15:25 ` Andi Kleen
2011-04-22 15:27 ` Christoph Hellwig
2011-04-22 0:23 ` [PATCH 2/3] SELINUX: Make selinux cache VFS RCU walks safe Andi Kleen
2011-04-22 0:45 ` Eric Paris
2011-04-22 15:16 ` Andi Kleen
2011-04-22 0:23 ` [PATCH 3/3] SMACK: Make smack directory access check RCU safe Andi Kleen
2011-04-22 1:40 ` Make RCU dcache work with CONFIG_SECURITY=y Shaohua Li
2011-04-22 18:26 ` Linus Torvalds [this message]
2011-04-22 21:16 ` Andi Kleen
2011-04-22 21:32 ` Casey Schaufler
2011-04-22 21:17 ` Eric Paris
2011-04-22 23:29 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='BANLkTi=kod0vH3Ybb4Fe=Sa5zvzYSmoj1Q@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=npiggin@kernel.dk \
--cc=sds@tycho.nsa.gov \
--cc=shaohua.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).