Re: [RFC] [PATCH] Replace security fields with hashtable

From: Serge E. Hallyn (serue@private)
Date: Wed Oct 27 2004 - 04:13:39 PDT

Thank you for the feedback.

> >From what I can tell, this will serialize all LSMs, as well as add 
> overhead when probing the hash chains.

I always liked the trusted bsd approach of an array inode->i_security[NUM_LSMS]
better. but this is more flexible than that, while hopefully faster and cleaner
than the purely voluntary chaining approach.

> IMHO, this code needs to be fully threadable (i.e. no global spinlocks on 
> the read side, at least), and also be optimizable for the common case of 
> one or two LSMs.

I was going to switch to seqlocks on the next version (It could be
too write-heavy for RCU).  The spinlocks were only for the first version,
while testing on UP.

Do you have anything in mind for how to optimize for one LSM?

> +/* TODO: I'm using semaphore and down_interruptable. Are there
> +   any hooks that can be called inside an interrupt where it is NOT
> +   possible to sleep on a semaphore?
> +*/
> Yes, many of the hooks can be called from softirq.  file_send_sigiotask 
> can be called from hard irq.

Oh, that was a comment by David Wheeler.  It's actually obsolete - his
final code only used a semaphore while registering and unregistering


This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 04:14:40 PDT