Re: [PATCH] CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]

From: David Howells
Date: Mon Jan 05 2009 - 16:12:56 EST

Next message: david: "Re: early exception error"
Previous message: Sukadev Bhattiprolu: "Re: devpts multiple instances feedback"
In reply to: Serge E. Hallyn: "Re: [PATCH] CRED: Fix regression in cap_capable() as shown up bysys_faccessat() [ver #2]"
Next in thread: Serge E. Hallyn: "Re: [PATCH] CRED: Fix regression in cap_capable() as shown up bysys_faccessat() [ver #2]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Serge E. Hallyn <serue@xxxxxxxxxx> wrote:

> You have the 'acting_as' name for subj/eff, which I like. Is there
> another name you could use in place of 'real' in the name
> task_real_capable()?

Ummm... 'Actual' or 'Assigned' perhaps?

> I do find this version much easier to read. It seems easier to
> track capable+current_cred() vs real_capable+get_task_cred(). Could
> you do a few benchmarks to gauge whether the difference the
> optimization makes?

Yeah... My main objection is passing around two or three superfluous arguments
in the common case. Most of the time, the only necessary argument to
sec->capable():

int (*capable) (struct task_struct *tsk, const struct cred *cred,
int cap, int audit);

is cap; tsk, cred and audit are all superfluous in the (very) common case.

How about:

int (*fast_capable) (int cap);

which assumes current, current_cred() and SECURITY_CAP_AUDIT?

Benchmarking is tricky, given that the individual savings will be relatively
small in comparison to the code that calls them.

However, if I can get rid of three arguments passed into each of
security_capable(), selinux_capable() and cap_capable(), that really should
speed things up if you call it enough times, especially as current is held in a
register on some archs.

I'll see what I can do.

> I'm looking at a several-week-old linux-next, but only see one use of
> capable on another task which audits, and that is in commoncap for
> traceme, so it seems reasonable.

Should has_capability() be out of lines and have security_real_capable() merged
into it? And the same for has_capability_noaudit() and
security_real_capable_noaudit()?

> So yeah, I do like this version better.

Perhaps a separate patch to optimise capable(). As I said, I'll see about
benchmarking it.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: david: "Re: early exception error"
Previous message: Sukadev Bhattiprolu: "Re: devpts multiple instances feedback"
In reply to: Serge E. Hallyn: "Re: [PATCH] CRED: Fix regression in cap_capable() as shown up bysys_faccessat() [ver #2]"
Next in thread: Serge E. Hallyn: "Re: [PATCH] CRED: Fix regression in cap_capable() as shown up bysys_faccessat() [ver #2]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]