From: Samir Bellabes <sam@synack.fr>
To: Evgeniy Polyakov <zbr@ioremap.net>
Cc: linux-security-module@vger.kernel.org,
Patrick McHardy <kaber@trash.net>, jamal <hadi@cyberus.ca>,
Neil Horman <nhorman@tuxdriver.com>,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: [RFC 5/9] snet: introduce snet_event.c and snet_event.h
Date: Sun, 03 Jan 2010 00:38:21 +0100 [thread overview]
Message-ID: <m2ws00oz6a.fsf@ssh.synack.fr> (raw)
In-Reply-To: <20100102200900.GA27402@ioremap.net> (Evgeniy Polyakov's message of "Sat, 2 Jan 2010 23:09:00 +0300")
Hello Evgeniy,
Evgeniy Polyakov <zbr@ioremap.net> writes:
>> +
>> +extern unsigned int event_hash_size;
>> +
>
>> +
>> +static struct list_head *event_hash;
>> +static rwlock_t event_hash_lock = __RW_LOCK_UNLOCKED();
>> +
>
> Those are way too generic names, please use snet_ prefix as you did in
> other places.
done. thank you
> I believe snet should be converted to RCU instead of rw locks.
I see, I will investigated this idea.
>> +/* lookup for a event_hash - before using this function, lock event_hash_lock */
>> +static struct snet_event_entry *__snet_event_lookup(const enum snet_syscall syscall,
>> + const u8 protocol)
>> +{
>> + unsigned int h = 0;
>> + struct list_head *l;
>> + struct snet_event_entry *s;
>> + struct snet_event t;
>> +
>> + if (!event_hash)
>> + return NULL;
>> +
>> + /* building the element to look for */
>> + t.syscall = syscall;
>> + t.protocol = protocol;
>> +
>> + /* computing its hash value */
>> + h = jhash(&t, sizeof(struct snet_event), 0) % event_hash_size;
>
> You can have better distribution if not simply cut off the remainder.
> Also it is a rather expensive operation.
true, I replaced the modulo operation to a bitmask operations.
>> + l = &event_hash[h];
>> +
>> + list_for_each_entry(s, l, list) {
>> + if ((s->se.protocol == protocol) &&
>> + (s->se.syscall == syscall)) {
>> + return s;
>> + }
>> + }
>> + return NULL;
>> +}
>
> Below comments looks a little bit weird, was it generated automatically
> by editor?
no, it's was a unused debug function. I deleted this comment.
>> +/* void snet_event_dumpall() */
>> +/* { */
>> +/* unsigned int i = 0; */
>> +/* struct list_head *l; */
>> +/* struct snet_event_entry *s; */
>> +
>> +/* snet_dbg("entering\n"); */
>> +/* read_lock_bh(&event_hash_lock); */
>> +/* for (i = 0; i < (event_hash_size - 1); i++) { */
>> +/* l = &hash[i]; */
>> +/* list_for_each_entry(s, l, list) { */
>> +/* snet_dbg("[%d, %d, %d]\n", i, */
>> +/* s->se.protocol, s->se.syscall); */
>> +/* } */
>> +/* } */
>> +/* read_unlock_bh(&event_hash_lock); */
>> +/* snet_dbg("exiting\n"); */
>> +/* return; */
>> +/* } */
>
>> +int snet_event_insert(const enum snet_syscall syscall, const u8 protocol)
>> +{
>> + struct snet_event_entry *data = NULL;
>> + unsigned int h = 0;
>> +
>> + data = kzalloc(sizeof(struct snet_event_entry), GFP_KERNEL);
>> + if (!data)
>> + return -ENOMEM;
>> +
>> + write_lock_bh(&event_hash_lock);
>> + /* check if event is already registered */
>> + if (!event_hash || __snet_event_lookup(syscall, protocol) != NULL) {
>> + write_unlock_bh(&event_hash_lock);
>> + kfree(data);
>> + return -EINVAL;
>> + }
>
> What about single error exiting point?
done, thanks
>> +
>> + data->se.syscall = syscall;
>> + data->se.protocol = protocol;
>> + INIT_LIST_HEAD(&(data->list));
>> + h = jhash(&(data->se), sizeof(struct snet_event), 0) % event_hash_size;
>> + list_add_tail(&data->list, &event_hash[h]);
>> + write_unlock_bh(&event_hash_lock);
>> +
>> + return 0;
>> +}
>
>> +/* init function */
>> +int snet_event_init(void)
>> +{
>> + int err = 0, i = 0;
>> +
>> + event_hash = kzalloc(sizeof(struct list_head) * event_hash_size,
>> + GFP_KERNEL);
>> + if (!event_hash) {
>> + printk(KERN_WARNING
>> + "snet: can't alloc memory for event_hash\n");
>> + err = -ENOMEM;
>> + goto out;
>> + }
>> +
>> + for (i = 0; i < event_hash_size; i++)
>> + INIT_LIST_HEAD(&(event_hash[i]));
>
> No need for double braces.
again fixed.
thanks for your time Evgeniy,
sam
next prev parent reply other threads:[~2010-01-02 23:38 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-02 13:04 [RFC 0/9] snet: Security for NETwork syscalls Samir Bellabes
2010-01-02 13:04 ` [RFC 1/9] lsm: add security_socket_closed() Samir Bellabes
2010-01-04 18:33 ` Serge E. Hallyn
2010-01-02 13:04 ` [RFC 2/9] Revert "lsm: Remove the socket_post_accept() hook" Samir Bellabes
2010-01-04 18:36 ` Serge E. Hallyn
2010-01-05 0:31 ` Tetsuo Handa
2010-01-05 0:38 ` Serge E. Hallyn
2010-01-02 13:04 ` [RFC 3/9] snet: introduce security/snet, Makefile and Kconfig changes Samir Bellabes
2010-01-04 18:39 ` Serge E. Hallyn
2010-01-06 6:04 ` Samir Bellabes
2010-01-02 13:04 ` [RFC 4/9] snet: introduce snet_core.c and snet.h Samir Bellabes
2010-01-04 14:43 ` Patrick McHardy
2010-01-06 18:23 ` Samir Bellabes
2010-01-06 19:46 ` Samir Bellabes
2010-01-06 19:58 ` Evgeniy Polyakov
2010-01-23 2:07 ` Samir Bellabes
2010-01-23 2:18 ` Evgeniy Polyakov
2010-01-07 14:34 ` Samir Bellabes
2010-01-07 14:53 ` Samir Bellabes
2010-01-07 14:58 ` Samir Bellabes
2010-01-08 4:32 ` Samir Bellabes
2010-01-04 18:42 ` Serge E. Hallyn
2010-01-06 6:12 ` Samir Bellabes
2010-01-02 13:04 ` [RFC 5/9] snet: introduce snet_event.c and snet_event.h Samir Bellabes
2010-01-02 20:09 ` Evgeniy Polyakov
2010-01-02 23:38 ` Samir Bellabes [this message]
2010-01-04 19:08 ` Serge E. Hallyn
2010-01-08 7:21 ` Samir Bellabes
2010-01-08 15:34 ` Serge E. Hallyn
2010-01-08 17:44 ` Samir Bellabes
2010-01-08 17:51 ` Samir Bellabes
2010-01-08 18:10 ` Serge E. Hallyn
2010-01-02 13:04 ` [RFC 6/9] snet: introduce snet_hooks.c and snet_hook.h Samir Bellabes
2010-01-02 20:13 ` Evgeniy Polyakov
2010-01-03 11:10 ` Samir Bellabes
2010-01-03 19:16 ` Stephen Hemminger
2010-01-03 22:26 ` Samir Bellabes
2010-01-02 13:04 ` [RFC 7/9] snet: introduce snet_netlink.c and snet_netlink.h Samir Bellabes
2010-01-04 15:08 ` Patrick McHardy
2010-01-13 4:19 ` Samir Bellabes
2010-01-13 4:28 ` Samir Bellabes
2010-01-13 5:36 ` Patrick McHardy
2010-01-13 4:36 ` Samir Bellabes
2010-01-13 4:41 ` Samir Bellabes
2010-01-13 6:03 ` Samir Bellabes
2010-01-13 6:20 ` Samir Bellabes
2010-01-15 7:02 ` Samir Bellabes
2010-01-15 9:15 ` Samir Bellabes
2010-01-16 1:59 ` Samir Bellabes
2010-01-17 5:42 ` Samir Bellabes
2010-01-23 19:33 ` Samir Bellabes
2010-01-02 13:04 ` [RFC 8/9] snet: introduce snet_verdict.c and snet_verdict.h Samir Bellabes
2010-01-02 13:04 ` [RFC 9/9] snet: introduce snet_utils.c and snet_utils.h Samir Bellabes
2010-01-03 16:57 ` [RFC 0/9] snet: Security for NETwork syscalls jamal
2010-01-05 7:26 ` Samir Bellabes
2010-01-05 8:20 ` Tetsuo Handa
2010-01-05 14:09 ` Serge E. Hallyn
2010-01-06 0:23 ` [PATCH] LSM: Update comment on security_sock_rcv_skb Tetsuo Handa
2010-01-06 3:27 ` Serge E. Hallyn
2010-01-10 21:53 ` James Morris
2010-01-10 16:20 ` [RFC 0/9] snet: Security for NETwork syscalls jamal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2ws00oz6a.fsf@ssh.synack.fr \
--to=sam@synack.fr \
--cc=hadi@cyberus.ca \
--cc=kaber@trash.net \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=zbr@ioremap.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).