LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The causes of bloat?

The causes of bloat?

Posted Oct 1, 2009 9:46 UTC (Thu) by alex (subscriber, #1355)
In reply to: LinuxCon: Kernel roundtable covers more than just bloat by dowdle
Parent article: LinuxCon: Kernel roundtable covers more than just bloat

Listening to this weeks FLOSS weekly which interviewed Linus I noted a lot of the "bloat" comes from features like auditing and security checking. I don't know if it's possible to build a stripped down kernel without these things in them and see if the performance comes back. Not that I'd want to run such a kernel on a production site though...

(Log in to post comments)

The causes of bloat?

Posted Oct 4, 2009 17:26 UTC (Sun) by nevets (subscriber, #11875) [Link]

I've seen this with ftrace traces. Running the function graph tracer, a good amount of time is spent in the selinux code. The price you pay for security.

One might argue that we've become 12% slower, but > 12% more secure.

How much checking do you need to do?

Posted Oct 5, 2009 10:43 UTC (Mon) by alex (subscriber, #1355) [Link]

I'm all for increasing the security of the kernel. However I feel the ideal* case the kernel should be striving for is a compare/branch for the check. Does SELinux do any caching of it's authentication results?

For example once you have validated a process can read a given file descriptor do you need to re-run the whole capability checking logic for every sys_read()?

Of course any such caching probably introduces another attack vector so care would have to be taken with the implementation?

*ideal being a target even if you may never actually reach that goal.

The causes of bloat?

Posted Oct 8, 2009 7:01 UTC (Thu) by kragil (subscriber, #34373) [Link]

Yeah, it was clear that Linus wasn't happy about how the "huge and bloated" thing was the only focus nearly all media concentrated on. (leaving out the "unacceptable but unavoidable" part.)

In the interview he said that "at least Linux isn't this fat ugly pig that should have been shot 15 years ago"

I'd like to think that Linus is so bright that the bloat statement was intentional to get the kernel community working on a solution (don't tell me there isn't one that is way too easy), but he probably does not have these mad Sun Tzu communication skillz.

Maybe next time add the the pig comment to put things into perspective for the media?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds