Re: [patch 0/15] lsm stacking v0.3: intro

From: James Morris
Date: Wed Jul 27 2005 - 14:49:20 EST

Next message: Thomas Zehetbauer: "2.6.12: no sound on SPDIF with emu10k1"
Previous message: James Morris: "Re: [patch 0/15] lsm stacking v0.3: intro"
In reply to: serue: "[patch 13/15] lsm stacking v0.3: seclvl: update for stacking"
Next in thread: James Morris: "Re: [patch 0/15] lsm stacking v0.3: intro"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 27 Jul 2005 serue@xxxxxxxxxx wrote:

> if interested in the performance results. I am certainly interested in
> ways to further speed up security_get_value.

What about having a small static array of security blob pointers for the
common case (e.g. SELinux + capabilities + perhaps something else), the
total number of which is compile-time configurable. Reserve one pointer
at the end for the hlist.

When a module registers with stacker, if there's room in the array, it
reserves a slot for the module. This slot value can be stored by stacker
in a handle held by the module (along with the stacker ID etc. perhaps).

Calls to security_get_value() etc. can then be very fast and simple for
the common case, where the security blob is a pointer offset by an index
in a small array. The arbitrarily sized hlist would then be a fallback
with a higher performance hit.

- James
--
James Morris
<jmorris@xxxxxxxxxx>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas Zehetbauer: "2.6.12: no sound on SPDIF with emu10k1"
Previous message: James Morris: "Re: [patch 0/15] lsm stacking v0.3: intro"
In reply to: serue: "[patch 13/15] lsm stacking v0.3: seclvl: update for stacking"
Next in thread: James Morris: "Re: [patch 0/15] lsm stacking v0.3: intro"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]