LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Kernel page

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

0/5: LSM hooks rework

From:  Kurt Garloff <garloff@suse.de>
To:  Linux kernel list <linux-kernel@vger.kernel.org>
Subject:  [PATCH] 0/5: LSM hooks rework
Date:  Sun, 13 Feb 2005 16:05:15 -0500
Cc:  Andreas Gruenbacher <agruen@suse.de>, James Morris <jmorris@redhat.com>, Chris Wright <chrisw@osdl.org>

Hi,

this goes back to a discussion in August last year:
http://www.ussg.iu.edu/hypermail/linux/kernel/0408.1/0623...

The following patchset addresses three issues of the security.h stub
collection:
* All the functions are implemented twice, once for
  CONFIG_SECURITY enabled and once for disabled.
  Makes it harder than necessary to keep in sync
  and the file much longer than needed. 
* We do lots of indirect (and thus non-inlined) calls to
  mostly noop functions, which has a performance impact.
  By using a branch (as suggested by David Mosberger and
  implemented by Brian Baker) we can save a number of cycles.
  Especially visible on IA64, where we can get > 3% improvement
  on netperf -t TCP_RR
* The default of dummy if CONFIG_SECURITY is enabled is not
  desirable as it does differ from the CONFIG_SECURITY disabled
  default. Thus make capabilities the default.

Patches are against 2.6.11-rc4 and follow in subsequent mails.
-- 
Kurt Garloff, Director SUSE Labs, Novell Inc.

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds