lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <19877.1190026932@redhat.com>
Date:	Mon, 17 Sep 2007 12:02:12 +0100
From:	David Howells <dhowells@...hat.com>
To:	"Ulrich Drepper" <drepper@...il.com>
Cc:	dhowells@...hat.com, viro@....linux.org.uk, hch@...radead.org,
	torvalds@...l.org, linux-kernel@...r.kernel.org
Subject: Re: Credentials test patch

Ulrich Drepper <drepper@...il.com> wrote:

> In sys_faccessat you temporarily allocate a cred object which is
> discarded in the end.  With a few more macro definitions you could
> create a dup_cred variant which initialized an automatic variable of
> type struct cred.  This way the kmalloc/kfree pair would fall away.

No, you can't.  The filesystems sys_faccessat() then invokes are entitled to
take a reference to it - the SunRPC authentication stuff, for example - so you
can't just preemptively unallocate it as would occur with an automatic variable.

> access is actually used frequently.  For instance, ld.so uses it on
> every startup as a quicker possibility to check for a file which
> usually doesn't exist.  So, speeding up access has some small effect
> on performance.  The resulting code might actually reduce the kernel
> size a bit due to all the checks and calls which go away.

A better way would be to compare fsuid/fsgid to uid/gid and to just take an
extra ref on the incumbent cred object if they're the same, rather than always
allocating a new one.  That, I suspect, would speed up 99.99% of the cases.

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ