lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 22 Apr 2011 11:26:09 -0700
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Andi Kleen <andi@...stfloor.org>
Cc:	linux-fsdevel@...r.kernel.org, akpm@...ux-foundation.org,
	linux-kernel@...r.kernel.org, npiggin@...nel.dk,
	shaohua.li@...el.com, sds@...ho.nsa.gov, jmorris@...ei.org,
	linux-security-module@...r.kernel.org,
	Eric Paris <eparis@...isplace.org>
Subject: Re: Make RCU dcache work with CONFIG_SECURITY=y

On Thu, Apr 21, 2011 at 5:23 PM, Andi Kleen <andi@...stfloor.org> wrote:
>
> I didn't find good test suites for the security modules, so
> there wasn't a lot of testing on this unfortunately
> (the selinux one for LTP doesn't seem to work). Some close
> review of these changes is needed.
>
> On the other hand the VFS changes itself are very straight forward
> and the 1/1 patch is very straight forward (and a win in itself)
>
> The bottom line is with this patchkit a CONFIG_SECURITY=y
> kernel has as good VFS performance as a kernel with CONFIG_SECURITY
> disabled.

Gaah. My immediate reaction to the patch-series was "This is great, I
was really hoping we could get all those annoying cases sorted out,
and I'll queue them for the next merge window".

Having then actually read through the patches a bit more, I then got
convinced that at least the first patch should probably be applied
right away and be marked for stable, since it looks pretty damn
obvious to me, and it might already on its own fix the performance
regression for some configurations (although realistically I guess few
enough people really do the "selinux=0" thing, so the big advantage is
making easier to backport the other patches later if we don't do them
now).

And now I'm vacillating about the two later patches too. They look
fine to me, but I really have _zero_ familiarity with selinux and
smack internals, so unlike the first patch, I can't go "that looks
like the obviously right thing, and it clearly catches all the RCU
cases".

The "we can't use all the nifty RCU pathwalk in the config that most
distros ship by default" is clearly a performance regression, and has
meant that it's not been really showing its real advantages for most
people. So in that sense, it's a regression fix and thus valid even
though we're pretty late in the -rc series.

But at the same time, it's also a bit scary.

Comments? I'd really like to see/hear feedback like "yeah, this looks
really obviously safe" vs "yeah, looks good, but I really don't feel
very comfortable with it" from the security people.

                       Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ