Seth Arnold wrote: >On Thu, Aug 02, 2001 at 05:18:05PM +0000, David Wagner wrote: >> Do you have any proof of this? I'm skeptical that the difference is >> noticeable under common usage, but without measurements, I don't know >> how to evaluate this claim either way. > >[...] in many cases the 'return (0)' will be faster. (And >perhaps the first case is overly complicated .. but no matter how well >it is optimized, in most cases it will likely take at least one CPU >cycle more than the second case.) Was this meant seriously? Sure, you can shave off a cycle here and there, but I'm asking about noticeable performance improvement under typical usage scenarios. I see no reason to make sweeping changes to the architecture that introduce a large risk of our patches being rejected and that make it likely we'll introduce a few security bugs along the way, if all we gain by doing so is optimizing away a few cycles, on the conjecture that maybe this would make some embedded folks happy. I'm convinced this can't be the argument you had in mind for moving all existing kernel checks to a module. I must be missing something. I hope you'll show me where I went wrong. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 20:20:31 PDT