[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BANLkTi=kod0vH3Ybb4Fe=Sa5zvzYSmoj1Q@mail.gmail.com>
Date: Fri, 22 Apr 2011 11:26:09 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Andi Kleen <andi@...stfloor.org>
Cc: linux-fsdevel@...r.kernel.org, akpm@...ux-foundation.org,
linux-kernel@...r.kernel.org, npiggin@...nel.dk,
shaohua.li@...el.com, sds@...ho.nsa.gov, jmorris@...ei.org,
linux-security-module@...r.kernel.org,
Eric Paris <eparis@...isplace.org>
Subject: Re: Make RCU dcache work with CONFIG_SECURITY=y
On Thu, Apr 21, 2011 at 5:23 PM, Andi Kleen <andi@...stfloor.org> wrote:
>
> I didn't find good test suites for the security modules, so
> there wasn't a lot of testing on this unfortunately
> (the selinux one for LTP doesn't seem to work). Some close
> review of these changes is needed.
>
> On the other hand the VFS changes itself are very straight forward
> and the 1/1 patch is very straight forward (and a win in itself)
>
> The bottom line is with this patchkit a CONFIG_SECURITY=y
> kernel has as good VFS performance as a kernel with CONFIG_SECURITY
> disabled.
Gaah. My immediate reaction to the patch-series was "This is great, I
was really hoping we could get all those annoying cases sorted out,
and I'll queue them for the next merge window".
Having then actually read through the patches a bit more, I then got
convinced that at least the first patch should probably be applied
right away and be marked for stable, since it looks pretty damn
obvious to me, and it might already on its own fix the performance
regression for some configurations (although realistically I guess few
enough people really do the "selinux=0" thing, so the big advantage is
making easier to backport the other patches later if we don't do them
now).
And now I'm vacillating about the two later patches too. They look
fine to me, but I really have _zero_ familiarity with selinux and
smack internals, so unlike the first patch, I can't go "that looks
like the obviously right thing, and it clearly catches all the RCU
cases".
The "we can't use all the nifty RCU pathwalk in the config that most
distros ship by default" is clearly a performance regression, and has
meant that it's not been really showing its real advantages for most
people. So in that sense, it's a regression fix and thus valid even
though we're pretty late in the -rc series.
But at the same time, it's also a bit scary.
Comments? I'd really like to see/hear feedback like "yeah, this looks
really obviously safe" vs "yeah, looks good, but I really don't feel
very comfortable with it" from the security people.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists