Re: [patch 0/15] lsm stacking v0.3: intro

From: James Morris
Date: Wed Jul 27 2005 - 14:49:20 EST

On Wed, 27 Jul 2005 serue@xxxxxxxxxx wrote:

> if interested in the performance results. I am certainly interested in
> ways to further speed up security_get_value.

What about having a small static array of security blob pointers for the
common case (e.g. SELinux + capabilities + perhaps something else), the
total number of which is compile-time configurable. Reserve one pointer
at the end for the hlist.

When a module registers with stacker, if there's room in the array, it
reserves a slot for the module. This slot value can be stored by stacker
in a handle held by the module (along with the stacker ID etc. perhaps).

Calls to security_get_value() etc. can then be very fast and simple for
the common case, where the security blob is a pointer offset by an index
in a small array. The arbitrarily sized hlist would then be a fallback
with a higher performance hit.

- James
James Morris

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at