Magic groups in 2.6
Posted May 13, 2004 21:10 UTC (Thu) by
rjw (guest, #10415)
In reply to:
Magic groups in 2.6 by elanthis
Parent article:
Magic groups in 2.6
When you wish to *obtain* access to a new bit of functionality, you go and
open a file descriptior to whatever path - this is a ONE OFF cost. And it
is certainly cheaper than the other one off costs that almost all
processes incur - notably, mapping all their libraries.
After that, any calls to the functionality will be ONE syscall, which just
has to check that the fd number you passed is in the set of fds that your
process has open, and then follow a pointer to get to the file operations
structure. Do you have a solution that allows you to access privileged
functionality without syscalls? If so, I have a bridge I would like to
sell you. Or do you believe that permissions are rechecked every time a
file desciptor is used? They are not. That is the whole damn point of
them.
eg:
big_map_cap = open("/dev/caps/big_map");
//one off cost of a syscall
foreach(big_map_that_i_want){
address = do_me_a_big_map_syscall(big_map_cap, size);
// oh my god, it is a syscall!
}
So in fact, this is far cheaper than all these ridiculous system call
checkers than context switch to user space to a policy agent if the
decision isn't cached or has been thrown away.
(
Log in to post comments)
