-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Karim Yaghmour <karymat_private> writes: > But you'd be interested to know that adding the hooks within > the kernel yields at most 1% overhead over very heavy load. > With the case of a kernel compile, for example, the overhead > is around 0.25%. These results are quite good; however, I was wondering - was this for micro-benchmarks, or only macro ones? In my own work, I've noticed that doubling the time a fork and exec takes only results in a few percent slowdown for kernel builds. Have you run something like LMBench or HBench-OS on an LTT-enabled kernel? I'd be very curious about the results. It seems like system call latency actually doesn't matter too much under normal workloads - after all, most interesting system calls relate to I/O, which is almost always slow. But if we are to get anything incorporated into the main kernel tree, we have to show that our modifications have minimal impact on system call and interrupt latency. My hunch is that the LTT represents a rough lower-bound for the performance of a flexible security module interface. If the LTT has minimal impact in micro-benchmarks, then we have a shot at getting Linus to accept a general interface; if not, we're going to have to make do with something more specialized. I hope we can have a general interface (that would be very good for me, definitely), but I bring this up because I'm not that optimistic. --Anil - -- Anil Somayaji (somaat_private) http://www.cs.unm.edu/~soma +1 505 872 3150 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) iEYEARECAAYFAjrZUSAACgkQXOpXEmNZ3SfyqACfVX4J436BVIXW/Ef4VWoS/MU1 rFcAn2qk/Qj9ayhTwlKsMpI59vzbQus7 =72Uk -----END PGP SIGNATURE----- _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Apr 15 2001 - 00:44:51 PDT