From: Eric Paris <eparis@redhat.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Eric Paris <eparis@parisplace.org>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Christoph Hellwig <hch@infradead.org>,
Dave Chinner <david@fromorbit.com>,
linux-kernel@vger.kernel.org, Mimi Zohar <zohar@us.ibm.com>,
warthog9@kernel.org, hpa@zytor.com, devel@lists.fedoraprojet.org
Subject: Re: ima: use of radix tree cache indexing == massive waste of memory?
Date: Sun, 17 Oct 2010 10:16:23 -0400 [thread overview]
Message-ID: <1287324983.2530.35.camel@localhost.localdomain> (raw)
In-Reply-To: <1287323960.1998.360.camel@laptop>
On Sun, 2010-10-17 at 15:59 +0200, Peter Zijlstra wrote:
> On Sun, 2010-10-17 at 09:12 -0400, Eric Paris wrote:
> > We could split this into 2 structures, thus greatly shrinking the size
> > of the structure needed for the default/disabled case,
>
> Well, it does suck it needs to bloat data and code when its effectively
> disabled. Isn't there a way to gather this data before we enable it, eg.
> scan the files list on enable or somesuch?
I'll think about it, but I think (without having looked) that it's
hard/impossible given an inode to backtrack to all of the files which
have it open.
If instead you attack the problem from the other side and start with all
of the files we'd need some kind of freezer to so we could get the
atomicity required. We'd have to review every single file on the system
before we could be certain that the inode was correct. Maybe I'm wrong
and someone else can help me see how to solve it this way....
> I mean, if you mandate an external storage you might as well extend
> struct inode, that's cheaper in each respect.
I personally think the cheapest would be to move the counters into the
inode and leave the rest of it, which would only ever exist for measured
inodes, in external storage. On a 'CONFIG=Y but disabled by non-use'
your impact would be sruct inode grows by a long and when opening and
closing a struct file write perms a counter would be inc/dec....
> Me, I'm henceforth making sure to have CONFIG_IMA disabled...
>
> > but it doesn't
> > help the fact that the suggested structure for storage (the radix
> > tree) is apparently quite inefficient. I'd love to hear other
> > suggestions for a better structure....
>
> radix tree is efficient for dense sets, not sparse sets.
I didn't mean to imply that I thought radix trees were inefficient in an
of themselves and hope it didn't come across that way, I recognize that
IMA is apparently using the wrong data structure for the job. Any
suggestions other than hand rolling a hashtable? I know that SELinux
has some pretty generic hashtable code, maybe I should move it into
lib/ ? Do any other subsystems have generic hashtable code? Maybe this
is a time I'm forced to do some consolidation...
-Eric
next prev parent reply other threads:[~2010-10-17 14:17 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-16 6:52 ima: use of radix tree cache indexing == massive waste of memory? Dave Chinner
2010-10-16 19:20 ` Christoph Hellwig
2010-10-16 21:10 ` H. Peter Anvin
2010-10-17 0:35 ` Dave Chinner
2010-10-17 0:54 ` J.H.
2010-10-17 2:11 ` Dave Chinner
2010-10-18 18:12 ` J.H.
2010-10-17 0:49 ` Christoph Hellwig
2010-10-17 1:09 ` Kyle McMartin
2010-10-17 1:13 ` Christoph Hellwig
2010-10-17 5:49 ` Ingo Molnar
2010-10-17 5:40 ` Ingo Molnar
2010-10-17 18:46 ` Christoph Hellwig
2010-10-18 0:49 ` James Morris
2010-10-18 6:25 ` Kyle McMartin
2010-10-18 6:36 ` Andrew Morton
2010-10-18 9:29 ` Dave Chinner
2010-10-18 13:31 ` Mimi Zohar
2010-10-18 20:50 ` Ware, Ryan R
2010-10-26 7:31 ` Pavel Machek
2010-10-18 16:03 ` Mimi Zohar
2010-10-18 19:24 ` John Stoffel
2010-10-18 16:46 ` Ryan Ware
2010-10-18 16:48 ` Eric Paris
2010-10-18 17:10 ` Kyle McMartin
2010-10-18 17:34 ` Kyle McMartin
2010-10-18 17:56 ` Linus Torvalds
2010-10-18 18:13 ` Eric Paris
2010-10-18 18:19 ` Ingo Molnar
2010-10-18 18:43 ` Eric Paris
2010-10-19 0:58 ` Eric Paris
2010-10-18 18:06 ` H. Peter Anvin
2010-10-18 18:11 ` Ingo Molnar
2010-10-18 18:13 ` H. Peter Anvin
2010-10-25 13:18 ` Pavel Machek
2010-10-17 5:57 ` Mimi Zohar
2010-10-17 11:02 ` Peter Zijlstra
2010-10-17 13:12 ` Eric Paris
2010-10-17 13:59 ` Peter Zijlstra
2010-10-17 14:04 ` Peter Zijlstra
2010-10-17 14:16 ` Eric Paris [this message]
2010-10-18 11:57 ` Peter Zijlstra
2010-10-18 14:59 ` Ted Ts'o
2010-10-18 15:02 ` Peter Zijlstra
2010-10-18 15:02 ` Eric Paris
2010-10-17 18:52 ` Christoph Hellwig
2010-10-18 16:44 ` Ryan Ware
2010-10-18 0:07 ` Dave Chinner
2010-10-17 14:09 ` Mimi Zohar
2010-10-17 18:49 ` Christoph Hellwig
2010-10-17 19:39 ` Pavel Machek
-- strict thread matches above, loose matches on Subject: below --
2010-10-18 15:09 Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1287324983.2530.35.camel@localhost.localdomain \
--to=eparis@redhat.com \
--cc=david@fromorbit.com \
--cc=devel@lists.fedoraprojet.org \
--cc=eparis@parisplace.org \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=warthog9@kernel.org \
--cc=zohar@linux.vnet.ibm.com \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox