lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20191113214521.20931-1-linux@rasmusvillemoes.dk>
Date:   Wed, 13 Nov 2019 22:45:21 +0100
From:   Rasmus Villemoes <linux@...musvillemoes.dk>
To:     Alexander Viro <viro@...iv.linux.org.uk>
Cc:     Rasmus Villemoes <linux@...musvillemoes.dk>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH] fs/namei.c: micro-optimize acl_permission_check

System-installed files are usually 0755 or 0644, so in most cases, we
can avoid the binary search and the cost of pulling the cred->groups
array and in_group_p() .text into the cpu cache.

Signed-off-by: Rasmus Villemoes <linux@...musvillemoes.dk>
---
Ballpark numbers: For example, building a random package like
util-linux with "make -j8" causes about 300000 calls/s of
generic_permission, with root-owned files (binaries, shared libraries,
system headers, and walking the directories from / to those)
outnumbering the user-owned files about 10:1, so in that case one
avoids, say, 250000 calls/s of in_group_p(). Assuming that the net
saving is about 20 instructions, that's 5M insn/s, which is of course
too small to measure (it's in the .1% range), but might still be
enough to justify this.

 fs/namei.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/namei.c b/fs/namei.c
index 671c3c1a3425..c78757435317 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -303,7 +303,12 @@ static int acl_permission_check(struct inode *inode, int mask)
 				return error;
 		}
 
-		if (in_group_p(inode->i_gid))
+		/*
+		 * If the "group" and "other" permissions are the same,
+		 * there's no point calling in_group_p() to decide which
+		 * set to use.
+		 */
+		if ((((mode >> 3) ^ mode) & 7) && in_group_p(inode->i_gid))
 			mode >>= 3;
 	}
 
-- 
2.23.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ