Thank you for the feedback. > >From what I can tell, this will serialize all LSMs, as well as add > overhead when probing the hash chains. I always liked the trusted bsd approach of an array inode->i_security[NUM_LSMS] better. but this is more flexible than that, while hopefully faster and cleaner than the purely voluntary chaining approach. > IMHO, this code needs to be fully threadable (i.e. no global spinlocks on > the read side, at least), and also be optimizable for the common case of > one or two LSMs. I was going to switch to seqlocks on the next version (It could be too write-heavy for RCU). The spinlocks were only for the first version, while testing on UP. Do you have anything in mind for how to optimize for one LSM? > +/* TODO: I'm using semaphore and down_interruptable. Are there > + any hooks that can be called inside an interrupt where it is NOT > + possible to sleep on a semaphore? > +*/ > > Yes, many of the hooks can be called from softirq. file_send_sigiotask > can be called from hard irq. Oh, that was a comment by David Wheeler. It's actually obsolete - his final code only used a semaphore while registering and unregistering modules. thanks, -serge
This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 04:14:40 PDT