From: Al Viro <viro@ZenIV.linux.org.uk>
To: Andi Kleen <andi@firstfloor.org>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
Andi Kleen <ak@linux.intel.com>,
chris.mason@oracle.com, josef@redhat.com, agruen@linbit.com,
"Serge E. Hallyn" <serue@us.ibm.com>
Subject: Re: [PATCH 1/4] Cache xattr security drop check for write
Date: Sat, 28 May 2011 12:42:44 +0100 [thread overview]
Message-ID: <20110528114244.GG11521@ZenIV.linux.org.uk> (raw)
In-Reply-To: <1306536845-24162-1-git-send-email-andi@firstfloor.org>
On Fri, May 27, 2011 at 03:54:02PM -0700, Andi Kleen wrote:
> From: Andi Kleen <ak@linux.intel.com>
>
> Some recent benchmarking on btrfs showed that a major scaling bottleneck
> on large systems on btrfs is currently the xattr lookup on every write.
>
> Why xattr lookup on every write I hear you ask?
>
> write wants to drop suid and security related xattrs that could set o
> capabilities for executables. To do that it currently looks up
> security.capability on EVERY write (even for non executables) to decide
> whether to drop it or not.
Hm...
a) is_sgid() is a bad name for that - at the very least s/g/x/, since
anybody would read your variant as "check if it's set-group-id".
b) I'd add a helper for filesystems to use, rather than messing
with the flags directly.
next prev parent reply other threads:[~2011-05-28 11:42 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-27 22:54 [PATCH 1/4] Cache xattr security drop check for write Andi Kleen
2011-05-27 22:54 ` [PATCH 2/4] EXT4: Set NOSEC flag early when there are no xattrs Andi Kleen
2011-05-28 9:08 ` Marco Stornelli
2011-05-28 11:24 ` Chris Mason
2011-05-28 14:43 ` Andi Kleen
2011-05-27 22:54 ` [PATCH 3/4] BTRFS: Set NOSEC early for btrfs Andi Kleen
2011-05-27 22:54 ` [PATCH 4/4] XFS: Set NOSEC flag early when inode has no xattrs Andi Kleen
2011-05-28 11:42 ` Al Viro [this message]
2011-05-29 13:52 ` [PATCH 1/4] Cache xattr security drop check for write Valdis.Kletnieks
2011-05-29 14:24 ` Andi Kleen
2011-05-29 17:48 ` Valdis.Kletnieks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110528114244.GG11521@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=agruen@linbit.com \
--cc=ak@linux.intel.com \
--cc=andi@firstfloor.org \
--cc=chris.mason@oracle.com \
--cc=josef@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox