From: Ingo Molnar <mingo@elte.hu>
To: Christoph Hellwig <hch@infradead.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>,
kernel@lists.fedoraproject.org, Mimi Zohar <zohar@us.ibm.com>,
warthog9@kernel.org, Dave Chinner <david@fromorbit.com>,
linux-kernel@vger.kernel.org, Serge Hallyn <serue@us.ibm.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
James Morris <jmorris@namei.org>,
Kyle McMartin <kyle@mcmartin.ca>
Subject: Re: ima: use of radix tree cache indexing == massive waste of memory?
Date: Sun, 17 Oct 2010 07:40:08 +0200 [thread overview]
Message-ID: <20101017054008.GA16383@elte.hu> (raw)
In-Reply-To: <20101017004945.GE1614@infradead.org>
* Christoph Hellwig <hch@infradead.org> wrote:
> On Sat, Oct 16, 2010 at 02:10:29PM -0700, H. Peter Anvin wrote:
>
> > "Christoph Hellwig" <hch@infradead.org> wrote:
> >
> > > Besides the algorithmic problems with ima, why is kernel.org using
> > > IMA to start with? Except for IBM looking for a reason to jusity
> > > why TPM isn't a completely waster of ressources it's pointless.
> > > And it was only merged under the premise that it would not affect
> > > innocent normal users.
> >
> > I'm confused ... what makes you think we are? This might have been
> > an unintentional misconfiguration...
>
> I didn't mean to imply you enabled it intentionally. In fact it looks
> like the inode tracking in IMA is always on once it's compiled in,
> which totally defeats the purpose of doing it's on iternal inode
> tracking instead of bloating the inode what they originally proposed.
> IMA really needs a kernel parameter to only enabled this crap when
> people actually use it.
That is true.
> And whoever turned it on in Fedora needs some serious wahcking.
And that is false.
This security feature was merged upstream last year, it's not in
drivers/staging/ and the Kconfig help text does not contain any warning
that this is 'crap', so how were the Fedora people supposed to know?
If you are suggesting that distribution kernel maintainers should not
trust upstream kernel feature decisions and are expected to do a line by
line review of the ~40,000 commits that go upstream every year, to make
sure there's no hidden 'crap' in them (and failing that be labeled
incompetent idiots), then you are out of your mind.
It's just not possible to do that nor is it reasonable or efficient:
crap should be caught via hierarchical filtering: when the developer
posts the first patches to lkml, or when it merged into a maintainer
tree, or when it goes upstream or when it is upstream and then, as the
very last (and most expensive) line of defense, it will be caught when
it gets exposure in distributions. Which seems to be precisely what
happened here.
Fact is that Kyle did Linux a _favor_ by enabling the feature in Fedora,
as it allowed the bug/inefficiency/crap to be found by Dave. Linux got
richer as a result as we learned about a bug that affects many people.
Your gratuitous insults against him are highly misguided.
Thanks,
Ingo
next prev parent reply other threads:[~2010-10-17 5:40 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-16 6:52 ima: use of radix tree cache indexing == massive waste of memory? Dave Chinner
2010-10-16 19:20 ` Christoph Hellwig
2010-10-16 21:10 ` H. Peter Anvin
2010-10-17 0:35 ` Dave Chinner
2010-10-17 0:54 ` J.H.
2010-10-17 2:11 ` Dave Chinner
2010-10-18 18:12 ` J.H.
2010-10-17 0:49 ` Christoph Hellwig
2010-10-17 1:09 ` Kyle McMartin
2010-10-17 1:13 ` Christoph Hellwig
2010-10-17 5:49 ` Ingo Molnar
2010-10-17 5:40 ` Ingo Molnar [this message]
2010-10-17 18:46 ` Christoph Hellwig
2010-10-18 0:49 ` James Morris
2010-10-18 6:25 ` Kyle McMartin
2010-10-18 6:36 ` Andrew Morton
2010-10-18 9:29 ` Dave Chinner
2010-10-18 13:31 ` Mimi Zohar
2010-10-18 20:50 ` Ware, Ryan R
2010-10-26 7:31 ` Pavel Machek
2010-10-18 16:03 ` Mimi Zohar
2010-10-18 19:24 ` John Stoffel
2010-10-18 16:46 ` Ryan Ware
2010-10-18 16:48 ` Eric Paris
2010-10-18 17:10 ` Kyle McMartin
2010-10-18 17:34 ` Kyle McMartin
2010-10-18 17:56 ` Linus Torvalds
2010-10-18 18:13 ` Eric Paris
2010-10-18 18:19 ` Ingo Molnar
2010-10-18 18:43 ` Eric Paris
2010-10-19 0:58 ` Eric Paris
2010-10-18 18:06 ` H. Peter Anvin
2010-10-18 18:11 ` Ingo Molnar
2010-10-18 18:13 ` H. Peter Anvin
2010-10-25 13:18 ` Pavel Machek
2010-10-17 5:57 ` Mimi Zohar
2010-10-17 11:02 ` Peter Zijlstra
2010-10-17 13:12 ` Eric Paris
2010-10-17 13:59 ` Peter Zijlstra
2010-10-17 14:04 ` Peter Zijlstra
2010-10-17 14:16 ` Eric Paris
2010-10-18 11:57 ` Peter Zijlstra
2010-10-18 14:59 ` Ted Ts'o
2010-10-18 15:02 ` Peter Zijlstra
2010-10-18 15:02 ` Eric Paris
2010-10-17 18:52 ` Christoph Hellwig
2010-10-18 16:44 ` Ryan Ware
2010-10-18 0:07 ` Dave Chinner
2010-10-17 14:09 ` Mimi Zohar
2010-10-17 18:49 ` Christoph Hellwig
2010-10-17 19:39 ` Pavel Machek
-- strict thread matches above, loose matches on Subject: below --
2010-10-18 15:09 Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101017054008.GA16383@elte.hu \
--to=mingo@elte.hu \
--cc=akpm@linux-foundation.org \
--cc=david@fromorbit.com \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=jmorris@namei.org \
--cc=kernel@lists.fedoraproject.org \
--cc=kyle@mcmartin.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=serue@us.ibm.com \
--cc=torvalds@linux-foundation.org \
--cc=warthog9@kernel.org \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox