Re: [PATCH 0/5] LSM hook updates
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: > Quoting Chris Wright ([EMAIL PROTECTED]): > > > A little surprising: kernbench is improved, but dbench and tbench > > > are worse - though within the 95% CI. > > > > It is interesting. Would be good to see what happens with the cap_ bits > > used in SELinux instead of secondary callout. > > Here are the new numbers next to the originals. 'patchedv2' is > obviously with your new patch. Kernbench keeps getting faster :) Thanks again. Hmm, tbench fell a bit more, reaim is sort of all over the place. Do you have a harness for this? I can run same on hardware here (in particular I'm interested to do P4 and ia64). thanks, -chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
Quoting Chris Wright ([EMAIL PROTECTED]): > > A little surprising: kernbench is improved, but dbench and tbench > > are worse - though within the 95% CI. > > It is interesting. Would be good to see what happens with the cap_ bits > used in SELinux instead of secondary callout. Here are the new numbers next to the originals. 'patchedv2' is obviously with your new patch. Kernbench keeps getting faster :) dbench (throughput, larger is better): original: 357.957780 +/- 3.509188 patched: 351.266820 +/- 4.736168 patchedv2: 352.414880 +/- 3.649639 tbench (throughput, larger is better): original: 38.710270 +/- 0.028970 patched: 38.210506 +/- 0.032954 patchedv2: 38.018038 +/- 0.024762 kernbench (time, smaller is better): original: 91.837000 +/- 0.324471 patched: 91.466000 +/- 0.308797 patchedv2: 91.079000 +/- 0.236836 reaim (#children vs throughput, larger is better): original: 1 48702.197000 1875.223996 3 131411.87 4497.107969 5 130219.174000 6365.289551 7 162377.027000 3131.071134 9 155432.904000 4964.935291 11 169784.384000 4490.812272 13 164540.169000 3902.652904 15 172983.569000 3149.934591 patched: 1 47525.273000 1509.578035 3 132151.651000 2282.043786 5 131244.291000 5874.212092 7 165629.693000 4646.641230 9 156163.11 3422.903849 11 170608.526000 4132.988693 13 164863.102000 3664.214481 15 172947.803000 2548.662380 patchedv2: 1 46796.702000 1454.752458 3 126771.43 3296.287229 5 132779.408000 4786.218275 7 165525.949000 3364.383587 9 156160.772000 3358.822121 11 172681.856000 2524.954098 13 162618.395000 4892.710796 15 172982.17 3105.761847 > Also, need to run ia64, > do you have an ia64 box? Not a one, I'm afraid. -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: > Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm, > highmem not enabled). I should hopefully have a 2way ppc available > later today for a pair of runs. Thanks for running these numbers Serge. > dbench and tbench were run 50 times each, kernbench and reaim 10 times > each. Results are mean +/- 95% confidence half-interval. Kernel had > selinux and capabilities compiled in. > > A little surprising: kernbench is improved, but dbench and tbench > are worse - though within the 95% CI. It is interesting. Would be good to see what happens with the cap_ bits used in SELinux instead of secondary callout. Also, need to run ia64, do you have an ia64 box? thanks, -chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
Quoting Stephen Smalley ([EMAIL PROTECTED]): > On Fri, 2005-08-26 at 04:23 -0500, [EMAIL PROTECTED] wrote: > > Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm, > > highmem not enabled). I should hopefully have a 2way ppc available > > later today for a pair of runs. > > > > dbench and tbench were run 50 times each, kernbench and reaim 10 times > > each. Results are mean +/- 95% confidence half-interval. Kernel had > > selinux and capabilities compiled in. > > > > A little surprising: kernbench is improved, but dbench and tbench > > are worse - though within the 95% CI. > > Might be interesting to roll in Chris' patch (sent separately to lsm and > selinux list) for "remove selinux stacked ops" in place of your patch, > as that will avoid the indirect call through the secondary_ops in > SELinux. At that point, you can also disable the capability module > altogether, as SELinux will just directly use the built-in cap_ > functions from commoncap. True - I'll start a new set of jobs and hopefully report back sunday or monday. thanks, -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
On Fri, 2005-08-26 at 04:23 -0500, [EMAIL PROTECTED] wrote: > Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm, > highmem not enabled). I should hopefully have a 2way ppc available > later today for a pair of runs. > > dbench and tbench were run 50 times each, kernbench and reaim 10 times > each. Results are mean +/- 95% confidence half-interval. Kernel had > selinux and capabilities compiled in. > > A little surprising: kernbench is improved, but dbench and tbench > are worse - though within the 95% CI. Might be interesting to roll in Chris' patch (sent separately to lsm and selinux list) for "remove selinux stacked ops" in place of your patch, as that will avoid the indirect call through the secondary_ops in SELinux. At that point, you can also disable the capability module altogether, as SELinux will just directly use the built-in cap_ functions from commoncap. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
Quoting Chris Wright ([EMAIL PROTECTED]): > * Chris Wright ([EMAIL PROTECTED]) wrote: > > I'll have some numbers tomorrow. If you'd like to run SELinux that'd > > be quite useful. > > These are just lmbench and kernel build numbers (certainly not the best > for real benchmark numbers, but easy to get a quick view run). This is > just baseline (i.e. default, nothing loaded). Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm, highmem not enabled). I should hopefully have a 2way ppc available later today for a pair of runs. dbench and tbench were run 50 times each, kernbench and reaim 10 times each. Results are mean +/- 95% confidence half-interval. Kernel had selinux and capabilities compiled in. A little surprising: kernbench is improved, but dbench and tbench are worse - though within the 95% CI. dbench (throughput, larger is better): original: 357.957780 +/- 3.509188 patched: 351.266820 +/- 4.736168 tbench (throughput, larger is better): original: 38.710270 +/- 0.028970 patched: 38.210506 +/- 0.032954 kernbench (time, smaller is better): original: 91.837000 +/- 0.324471 patched: 91.466000 +/- 0.308797 reaim (#children vs throughput, larger is better): original: 1 48702.197000 1875.223996 3 131411.87 4497.107969 5 130219.174000 6365.289551 7 162377.027000 3131.071134 9 155432.904000 4964.935291 11 169784.384000 4490.812272 13 164540.169000 3902.652904 15 172983.569000 3149.934591 patched: 1 47525.273000 1509.578035 3 132151.651000 2282.043786 5 131244.291000 5874.212092 7 165629.693000 4646.641230 9 156163.11 3422.903849 11 170608.526000 4132.988693 13 164863.102000 3664.214481 15 172947.803000 2548.662380 thanks, -serge - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
Quoting Chris Wright ([EMAIL PROTECTED]): * Chris Wright ([EMAIL PROTECTED]) wrote: I'll have some numbers tomorrow. If you'd like to run SELinux that'd be quite useful. These are just lmbench and kernel build numbers (certainly not the best for real benchmark numbers, but easy to get a quick view run). This is just baseline (i.e. default, nothing loaded). Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm, highmem not enabled). I should hopefully have a 2way ppc available later today for a pair of runs. dbench and tbench were run 50 times each, kernbench and reaim 10 times each. Results are mean +/- 95% confidence half-interval. Kernel had selinux and capabilities compiled in. A little surprising: kernbench is improved, but dbench and tbench are worse - though within the 95% CI. dbench (throughput, larger is better): original: 357.957780 +/- 3.509188 patched: 351.266820 +/- 4.736168 tbench (throughput, larger is better): original: 38.710270 +/- 0.028970 patched: 38.210506 +/- 0.032954 kernbench (time, smaller is better): original: 91.837000 +/- 0.324471 patched: 91.466000 +/- 0.308797 reaim (#children vs throughput, larger is better): original: 1 48702.197000 1875.223996 3 131411.87 4497.107969 5 130219.174000 6365.289551 7 162377.027000 3131.071134 9 155432.904000 4964.935291 11 169784.384000 4490.812272 13 164540.169000 3902.652904 15 172983.569000 3149.934591 patched: 1 47525.273000 1509.578035 3 132151.651000 2282.043786 5 131244.291000 5874.212092 7 165629.693000 4646.641230 9 156163.11 3422.903849 11 170608.526000 4132.988693 13 164863.102000 3664.214481 15 172947.803000 2548.662380 thanks, -serge - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
On Fri, 2005-08-26 at 04:23 -0500, [EMAIL PROTECTED] wrote: Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm, highmem not enabled). I should hopefully have a 2way ppc available later today for a pair of runs. dbench and tbench were run 50 times each, kernbench and reaim 10 times each. Results are mean +/- 95% confidence half-interval. Kernel had selinux and capabilities compiled in. A little surprising: kernbench is improved, but dbench and tbench are worse - though within the 95% CI. Might be interesting to roll in Chris' patch (sent separately to lsm and selinux list) for remove selinux stacked ops in place of your patch, as that will avoid the indirect call through the secondary_ops in SELinux. At that point, you can also disable the capability module altogether, as SELinux will just directly use the built-in cap_ functions from commoncap. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
Quoting Stephen Smalley ([EMAIL PROTECTED]): On Fri, 2005-08-26 at 04:23 -0500, [EMAIL PROTECTED] wrote: Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm, highmem not enabled). I should hopefully have a 2way ppc available later today for a pair of runs. dbench and tbench were run 50 times each, kernbench and reaim 10 times each. Results are mean +/- 95% confidence half-interval. Kernel had selinux and capabilities compiled in. A little surprising: kernbench is improved, but dbench and tbench are worse - though within the 95% CI. Might be interesting to roll in Chris' patch (sent separately to lsm and selinux list) for remove selinux stacked ops in place of your patch, as that will avoid the indirect call through the secondary_ops in SELinux. At that point, you can also disable the capability module altogether, as SELinux will just directly use the built-in cap_ functions from commoncap. True - I'll start a new set of jobs and hopefully report back sunday or monday. thanks, -serge - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm, highmem not enabled). I should hopefully have a 2way ppc available later today for a pair of runs. Thanks for running these numbers Serge. dbench and tbench were run 50 times each, kernbench and reaim 10 times each. Results are mean +/- 95% confidence half-interval. Kernel had selinux and capabilities compiled in. A little surprising: kernbench is improved, but dbench and tbench are worse - though within the 95% CI. It is interesting. Would be good to see what happens with the cap_ bits used in SELinux instead of secondary callout. Also, need to run ia64, do you have an ia64 box? thanks, -chris - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
Quoting Chris Wright ([EMAIL PROTECTED]): A little surprising: kernbench is improved, but dbench and tbench are worse - though within the 95% CI. It is interesting. Would be good to see what happens with the cap_ bits used in SELinux instead of secondary callout. Here are the new numbers next to the originals. 'patchedv2' is obviously with your new patch. Kernbench keeps getting faster :) dbench (throughput, larger is better): original: 357.957780 +/- 3.509188 patched: 351.266820 +/- 4.736168 patchedv2: 352.414880 +/- 3.649639 tbench (throughput, larger is better): original: 38.710270 +/- 0.028970 patched: 38.210506 +/- 0.032954 patchedv2: 38.018038 +/- 0.024762 kernbench (time, smaller is better): original: 91.837000 +/- 0.324471 patched: 91.466000 +/- 0.308797 patchedv2: 91.079000 +/- 0.236836 reaim (#children vs throughput, larger is better): original: 1 48702.197000 1875.223996 3 131411.87 4497.107969 5 130219.174000 6365.289551 7 162377.027000 3131.071134 9 155432.904000 4964.935291 11 169784.384000 4490.812272 13 164540.169000 3902.652904 15 172983.569000 3149.934591 patched: 1 47525.273000 1509.578035 3 132151.651000 2282.043786 5 131244.291000 5874.212092 7 165629.693000 4646.641230 9 156163.11 3422.903849 11 170608.526000 4132.988693 13 164863.102000 3664.214481 15 172947.803000 2548.662380 patchedv2: 1 46796.702000 1454.752458 3 126771.43 3296.287229 5 132779.408000 4786.218275 7 165525.949000 3364.383587 9 156160.772000 3358.822121 11 172681.856000 2524.954098 13 162618.395000 4892.710796 15 172982.17 3105.761847 Also, need to run ia64, do you have an ia64 box? Not a one, I'm afraid. -serge - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: Quoting Chris Wright ([EMAIL PROTECTED]): A little surprising: kernbench is improved, but dbench and tbench are worse - though within the 95% CI. It is interesting. Would be good to see what happens with the cap_ bits used in SELinux instead of secondary callout. Here are the new numbers next to the originals. 'patchedv2' is obviously with your new patch. Kernbench keeps getting faster :) Thanks again. Hmm, tbench fell a bit more, reaim is sort of all over the place. Do you have a harness for this? I can run same on hardware here (in particular I'm interested to do P4 and ia64). thanks, -chris - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
* Chris Wright ([EMAIL PROTECTED]) wrote: > I'll have some numbers tomorrow. If you'd like to run SELinux that'd > be quite useful. These are just lmbench and kernel build numbers (certainly not the best for real benchmark numbers, but easy to get a quick view run). This is just baseline (i.e. default, nothing loaded). This is x86_64 (1 HT core) 2GB. Kernel build: old hooks new hooks - - real7m2.313sreal7m1.542s user6m25.012s user6m25.484s sys 0m56.580s sys 0m56.008s real7m3.376sreal7m0.593s user6m25.412s user6m24.184s sys 0m57.140s sys 0m56.936s real7m2.643sreal7m1.280s user6m23.840s user6m25.408s sys 0m57.668s sys 0m55.935s real7m0.015sreal7m0.712s user6m23.964s user6m24.820s sys 0m57.940s sys 0m56.520s real7m3.204sreal7m0.592s user6m23.868s user6m24.652s sys 0m57.712s sys 0m56.460s real7m1.961sreal7m1.328s user6m24.416s user6m25.284s sys 0m57.252s sys 0m56.184s Basic system parameters Host OS Description Mhz - - --- vert.sous Linux 2.6.13- x86_64-linux-gnu-oldhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-oldhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-oldhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-oldhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-newhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-newhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-newhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-newhoo 2997 Processor, Processes - times in microseconds - smaller is better Host OS Mhz null null open selct sig sig fork exec sh call I/O stat clos TCP inst hndl proc proc proc - - - vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.4 14.9 0.36 4.77 199. 684. 2524 vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.4 15.0 0.36 4.68 198. 689. 2530 vert.sous Linux 2.6.13- 2997 0.23 0.39 14.1 16.4 14.2 0.36 4.74 198. 690. 2528 vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.4 14.9 0.37 4.71 199. 684. 2532 vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.3 14.2 0.37 4.66 195. 679. 2497 vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.3 14.8 0.37 4.67 198. 681. 2511 vert.sous Linux 2.6.13- 2997 0.23 0.40 14.1 16.3 15.0 0.37 4.67 197. 678. 2512 vert.sous Linux 2.6.13- 2997 0.23 0.39 14.1 16.3 15.6 0.37 4.70 197. 681. 2508 Context switching - times in microseconds - smaller is better - Host OS 2p/0K 2p/16K 2p/64K 8p/16K 8p/64K 16p/16K 16p/64K ctxsw ctxsw ctxsw ctxsw ctxsw ctxsw ctxsw - - - -- -- -- -- --- --- vert.sous Linux 2.6.13- 6.120 7.1500 9.6900 7.1600 11.8 7.7800018.0 vert.sous Linux 2.6.13- 6.140 7.1000 9.6700 7.1600 11.7 7.9300018.1 vert.sous Linux 2.6.13- 6.080 7.1100 9.6900 7.2100 11.9 8.1400018.0 vert.sous Linux 2.6.13- 6.070 7.1000 9.7100 7.3000 12.9 7.8500018.1 vert.sous Linux 2.6.13- 5.820 6.8900 9.4200 7.0600 12.2 7.7700018.0 vert.sous Linux 2.6.13- 5.830 6.9700 9.5400 7. 13.6 7.9900017.9 vert.sous Linux 2.6.13- 5.870 6.8200 9.5000 7.3000 12.1 8.1500017.8 vert.sous Linux 2.6.13- 5.870 6.9200 9.5400 7.1200 11.4 7.9100018.3 *Local* Communication latencies in microseconds - smaller is better --- Host OS 2p/0K Pipe AF UDP RPC/ TCP RPC/ TCP ctxsw UNIX UDP TCP conn - - - - - - - - vert.sous Linux 2.6.13- 6.180 15.2 33.9 29.9 42.3 55.9 72.2 106. vert.sous Linux 2.6.13- 6.140 15.2 33.8 30.1 42.5 55.8 72.5 107. vert.sous Linux 2.6.13- 6.080 15.1 34.0 30.0 42.5 55.9 72.6 107. vert.sous Linux 2.6.13- 6.070 14.7 34.1 30.2 42.4 55.7 72.5 107. vert.sous Linux 2.6.13- 5.820 14.1 33.8 30.0 42.0 54.9 71.0 106. vert.sous Linux 2.6.13- 5.830 14.4 33.9 30.2 42.1 54.9 71.0 106. vert.sous Linux 2.6.13- 5.870 14.6 34.1 29.9 42.0 54.9 71.2 106. vert.sous Linux 2.6.13- 5.870 14.6 34.3 29.8 42.2 54.8 71.0 106. File & VM system latencies in microseconds - smaller is better -- Host OS 0K File 10K File MmapProtPage
Re: [PATCH 0/5] LSM hook updates
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: > Did you ever check this with selinux? No, thanks for catching that oversight. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
Did you ever check this with selinux? I'm assuming that the problem is that selinux does things like: rc = secondary_ops->task_create(); when secondary_ops->task_create can now be null... (Will whip up the obvious patch asap - later this morning) -serge Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]): > Hmm, haven't yet figured out why, but something in this patchset > doesn't work for power5. Oops attached, as well as the assembly > for selinux_task_create (which I'm weeding through right now). > > thanks, > -serge > > Oops output from console: > > Security Framework v1.0.0 initialized > SELinux: Initializing. > SELinux: Starting in permissive mode > selinux_register_security: Registering secondary module capability > Capability LSM initialized as secondary > Mount-cache hash table entries: 256 > Oops: Kernel access of bad area, sig: 11 [#1] > SMP NR_CPUS=128 NUMA PSERIES LPAR > Modules linked in: > NIP: C016BCCC XER: 2005 LR: C004FA38 CTR: C016BCA8 > REGS: c0403590 TRAP: 0300 Not tainted (2.6.13-rc7-git1) > MSR: 80009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11 CR: 4228 > DAR: DSISR: 4000 > TASK: c0468ea0[0] 'swapper' THREAD: c040 CPU: 0 > GPR00: C004FA38 C0403810 C054BA70 00800B00 > GPR04: C0403DE0 C0403B60 > GPR08: C049C450 C05F3298 > GPR12: 4222 C0423C00 > GPR16: C0403B60 > GPR20: C0403DE0 0001 > GPR24: 00800B00 C0403DE0 > GPR28: 0001 0001 C04A4AC8 00800B00 > NIP [c016bccc] .selinux_task_create+0x24/0x84 > LR [c004fa38] .copy_process+0xc28/0x163c > Call Trace: > [c0403810] [00d0] 0xd0 (unreliable) > [c0403890] [c004fa38] .copy_process+0xc28/0x163c > [c04039a0] [c005059c] .do_fork+0x94/0x240 > [c0403a80] [c0011c80] .sys_clone+0x60/0x78 > [c0403af0] [c000d814] .ppc_clone+0x8/0xc > --- Exception: c00 at .kernel_thread+0x28/0x68 > LR = .rest_init+0x24/0x5c > [c0403de0] [01ff1b88] 0x1ff1b88 (unreliable) > [c0403e50] [c03e3004] .proc_root_init+0x164/0x184 > [c0403ed0] [c03c98a0] .start_kernel+0x2ac/0x328 > [c0403f90] [c000bfb4] .__setup_cpu_power3+0x0/0x4 > Instruction dump: > 4e800020 63ff0004 4b44 7c0802a6 fbc1fff0 ebc2c9d0 fbe1fff8 f8010010 > f821ff81 e97e8100 e92b e9490258 f8410028 e96a0010 e84a0008 > <0>Kernel panic - not syncing: Attempted to kill the idle task! > > Taken from hooks.S: > > 5494 <.selinux_task_create>: > 5494: 7c 08 02 a6 mflrr0 > 5498: fb c1 ff f0 std r30,-16(r1) > 549c: eb c2 00 00 ld r30,0(r2) > 54a0: fb e1 ff f8 std r31,-8(r1) > 54a4: f8 01 00 10 std r0,16(r1) > 54a8: f8 21 ff 81 stdur1,-128(r1) > 54ac: e9 7e 81 00 ld r11,-32512(r30) > 54b0: e9 2b 00 00 ld r9,0(r11) > 54b4: e9 49 02 58 ld r10,600(r9) > 54b8: e8 0a 00 00 ld r0,0(r10) > 54bc: f8 41 00 28 std r2,40(r1) > 54c0: e9 6a 00 10 ld r11,16(r10) > 54c4: e8 4a 00 08 ld r2,8(r10) > 54c8: 7c 09 03 a6 mtctr r0 > 54cc: 4e 80 04 21 bctrl > 54d0: e8 41 00 28 ld r2,40(r1) > 54d4: 38 a0 00 01 li r5,1 > 54d8: 2f a3 00 00 cmpdi cr7,r3,0 > 54dc: 41 9e 00 1c beq-cr7,54f8 <.selinux_task_create+0x64> > 54e0: 38 21 00 80 addir1,r1,128 > 54e4: e8 01 00 10 ld r0,16(r1) > 54e8: eb c1 ff f0 ld r30,-16(r1) > 54ec: eb e1 ff f8 ld r31,-8(r1) > 54f0: 7c 08 03 a6 mtlrr0 > 54f4: 4e 80 00 20 blr > 54f8: 38 21 00 80 addir1,r1,128 > 54fc: e8 6d 01 70 ld r3,368(r13) > 5500: e8 01 00 10 ld r0,16(r1) > 5504: eb c1 ff f0 ld r30,-16(r1) > 5508: eb e1 ff f8 ld r31,-8(r1) > 550c: 7c 64 1b 78 mr r4,r3 > 5510: 7c 08 03 a6 mtlrr0 > 5514: 4b ff ba 68 b f7c <.task_has_perm> > > - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
Hmm, haven't yet figured out why, but something in this patchset doesn't work for power5. Oops attached, as well as the assembly for selinux_task_create (which I'm weeding through right now). thanks, -serge Oops output from console: Security Framework v1.0.0 initialized SELinux: Initializing. SELinux: Starting in permissive mode selinux_register_security: Registering secondary module capability Capability LSM initialized as secondary Mount-cache hash table entries: 256 Oops: Kernel access of bad area, sig: 11 [#1] SMP NR_CPUS=128 NUMA PSERIES LPAR Modules linked in: NIP: C016BCCC XER: 2005 LR: C004FA38 CTR: C016BCA8 REGS: c0403590 TRAP: 0300 Not tainted (2.6.13-rc7-git1) MSR: 80009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11 CR: 4228 DAR: DSISR: 4000 TASK: c0468ea0[0] 'swapper' THREAD: c040 CPU: 0 GPR00: C004FA38 C0403810 C054BA70 00800B00 GPR04: C0403DE0 C0403B60 GPR08: C049C450 C05F3298 GPR12: 4222 C0423C00 GPR16: C0403B60 GPR20: C0403DE0 0001 GPR24: 00800B00 C0403DE0 GPR28: 0001 0001 C04A4AC8 00800B00 NIP [c016bccc] .selinux_task_create+0x24/0x84 LR [c004fa38] .copy_process+0xc28/0x163c Call Trace: [c0403810] [00d0] 0xd0 (unreliable) [c0403890] [c004fa38] .copy_process+0xc28/0x163c [c04039a0] [c005059c] .do_fork+0x94/0x240 [c0403a80] [c0011c80] .sys_clone+0x60/0x78 [c0403af0] [c000d814] .ppc_clone+0x8/0xc --- Exception: c00 at .kernel_thread+0x28/0x68 LR = .rest_init+0x24/0x5c [c0403de0] [01ff1b88] 0x1ff1b88 (unreliable) [c0403e50] [c03e3004] .proc_root_init+0x164/0x184 [c0403ed0] [c03c98a0] .start_kernel+0x2ac/0x328 [c0403f90] [c000bfb4] .__setup_cpu_power3+0x0/0x4 Instruction dump: 4e800020 63ff0004 4b44 7c0802a6 fbc1fff0 ebc2c9d0 fbe1fff8 f8010010 f821ff81 e97e8100 e92b e9490258 f8410028 e96a0010 e84a0008 <0>Kernel panic - not syncing: Attempted to kill the idle task! Taken from hooks.S: 5494 <.selinux_task_create>: 5494: 7c 08 02 a6 mflrr0 5498: fb c1 ff f0 std r30,-16(r1) 549c: eb c2 00 00 ld r30,0(r2) 54a0: fb e1 ff f8 std r31,-8(r1) 54a4: f8 01 00 10 std r0,16(r1) 54a8: f8 21 ff 81 stdur1,-128(r1) 54ac: e9 7e 81 00 ld r11,-32512(r30) 54b0: e9 2b 00 00 ld r9,0(r11) 54b4: e9 49 02 58 ld r10,600(r9) 54b8: e8 0a 00 00 ld r0,0(r10) 54bc: f8 41 00 28 std r2,40(r1) 54c0: e9 6a 00 10 ld r11,16(r10) 54c4: e8 4a 00 08 ld r2,8(r10) 54c8: 7c 09 03 a6 mtctr r0 54cc: 4e 80 04 21 bctrl 54d0: e8 41 00 28 ld r2,40(r1) 54d4: 38 a0 00 01 li r5,1 54d8: 2f a3 00 00 cmpdi cr7,r3,0 54dc: 41 9e 00 1c beq-cr7,54f8 <.selinux_task_create+0x64> 54e0: 38 21 00 80 addir1,r1,128 54e4: e8 01 00 10 ld r0,16(r1) 54e8: eb c1 ff f0 ld r30,-16(r1) 54ec: eb e1 ff f8 ld r31,-8(r1) 54f0: 7c 08 03 a6 mtlrr0 54f4: 4e 80 00 20 blr 54f8: 38 21 00 80 addir1,r1,128 54fc: e8 6d 01 70 ld r3,368(r13) 5500: e8 01 00 10 ld r0,16(r1) 5504: eb c1 ff f0 ld r30,-16(r1) 5508: eb e1 ff f8 ld r31,-8(r1) 550c: 7c 64 1b 78 mr r4,r3 5510: 7c 08 03 a6 mtlrr0 5514: 4b ff ba 68 b f7c <.task_has_perm> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
Hmm, haven't yet figured out why, but something in this patchset doesn't work for power5. Oops attached, as well as the assembly for selinux_task_create (which I'm weeding through right now). thanks, -serge Oops output from console: Security Framework v1.0.0 initialized SELinux: Initializing. SELinux: Starting in permissive mode selinux_register_security: Registering secondary module capability Capability LSM initialized as secondary Mount-cache hash table entries: 256 Oops: Kernel access of bad area, sig: 11 [#1] SMP NR_CPUS=128 NUMA PSERIES LPAR Modules linked in: NIP: C016BCCC XER: 2005 LR: C004FA38 CTR: C016BCA8 REGS: c0403590 TRAP: 0300 Not tainted (2.6.13-rc7-git1) MSR: 80009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11 CR: 4228 DAR: DSISR: 4000 TASK: c0468ea0[0] 'swapper' THREAD: c040 CPU: 0 GPR00: C004FA38 C0403810 C054BA70 00800B00 GPR04: C0403DE0 C0403B60 GPR08: C049C450 C05F3298 GPR12: 4222 C0423C00 GPR16: C0403B60 GPR20: C0403DE0 0001 GPR24: 00800B00 C0403DE0 GPR28: 0001 0001 C04A4AC8 00800B00 NIP [c016bccc] .selinux_task_create+0x24/0x84 LR [c004fa38] .copy_process+0xc28/0x163c Call Trace: [c0403810] [00d0] 0xd0 (unreliable) [c0403890] [c004fa38] .copy_process+0xc28/0x163c [c04039a0] [c005059c] .do_fork+0x94/0x240 [c0403a80] [c0011c80] .sys_clone+0x60/0x78 [c0403af0] [c000d814] .ppc_clone+0x8/0xc --- Exception: c00 at .kernel_thread+0x28/0x68 LR = .rest_init+0x24/0x5c [c0403de0] [01ff1b88] 0x1ff1b88 (unreliable) [c0403e50] [c03e3004] .proc_root_init+0x164/0x184 [c0403ed0] [c03c98a0] .start_kernel+0x2ac/0x328 [c0403f90] [c000bfb4] .__setup_cpu_power3+0x0/0x4 Instruction dump: 4e800020 63ff0004 4b44 7c0802a6 fbc1fff0 ebc2c9d0 fbe1fff8 f8010010 f821ff81 e97e8100 e92b e9490258 e80a f8410028 e96a0010 e84a0008 0Kernel panic - not syncing: Attempted to kill the idle task! Taken from hooks.S: 5494 .selinux_task_create: 5494: 7c 08 02 a6 mflrr0 5498: fb c1 ff f0 std r30,-16(r1) 549c: eb c2 00 00 ld r30,0(r2) 54a0: fb e1 ff f8 std r31,-8(r1) 54a4: f8 01 00 10 std r0,16(r1) 54a8: f8 21 ff 81 stdur1,-128(r1) 54ac: e9 7e 81 00 ld r11,-32512(r30) 54b0: e9 2b 00 00 ld r9,0(r11) 54b4: e9 49 02 58 ld r10,600(r9) 54b8: e8 0a 00 00 ld r0,0(r10) 54bc: f8 41 00 28 std r2,40(r1) 54c0: e9 6a 00 10 ld r11,16(r10) 54c4: e8 4a 00 08 ld r2,8(r10) 54c8: 7c 09 03 a6 mtctr r0 54cc: 4e 80 04 21 bctrl 54d0: e8 41 00 28 ld r2,40(r1) 54d4: 38 a0 00 01 li r5,1 54d8: 2f a3 00 00 cmpdi cr7,r3,0 54dc: 41 9e 00 1c beq-cr7,54f8 .selinux_task_create+0x64 54e0: 38 21 00 80 addir1,r1,128 54e4: e8 01 00 10 ld r0,16(r1) 54e8: eb c1 ff f0 ld r30,-16(r1) 54ec: eb e1 ff f8 ld r31,-8(r1) 54f0: 7c 08 03 a6 mtlrr0 54f4: 4e 80 00 20 blr 54f8: 38 21 00 80 addir1,r1,128 54fc: e8 6d 01 70 ld r3,368(r13) 5500: e8 01 00 10 ld r0,16(r1) 5504: eb c1 ff f0 ld r30,-16(r1) 5508: eb e1 ff f8 ld r31,-8(r1) 550c: 7c 64 1b 78 mr r4,r3 5510: 7c 08 03 a6 mtlrr0 5514: 4b ff ba 68 b f7c .task_has_perm - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
Did you ever check this with selinux? I'm assuming that the problem is that selinux does things like: rc = secondary_ops-task_create(); when secondary_ops-task_create can now be null... (Will whip up the obvious patch asap - later this morning) -serge Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]): Hmm, haven't yet figured out why, but something in this patchset doesn't work for power5. Oops attached, as well as the assembly for selinux_task_create (which I'm weeding through right now). thanks, -serge Oops output from console: Security Framework v1.0.0 initialized SELinux: Initializing. SELinux: Starting in permissive mode selinux_register_security: Registering secondary module capability Capability LSM initialized as secondary Mount-cache hash table entries: 256 Oops: Kernel access of bad area, sig: 11 [#1] SMP NR_CPUS=128 NUMA PSERIES LPAR Modules linked in: NIP: C016BCCC XER: 2005 LR: C004FA38 CTR: C016BCA8 REGS: c0403590 TRAP: 0300 Not tainted (2.6.13-rc7-git1) MSR: 80009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11 CR: 4228 DAR: DSISR: 4000 TASK: c0468ea0[0] 'swapper' THREAD: c040 CPU: 0 GPR00: C004FA38 C0403810 C054BA70 00800B00 GPR04: C0403DE0 C0403B60 GPR08: C049C450 C05F3298 GPR12: 4222 C0423C00 GPR16: C0403B60 GPR20: C0403DE0 0001 GPR24: 00800B00 C0403DE0 GPR28: 0001 0001 C04A4AC8 00800B00 NIP [c016bccc] .selinux_task_create+0x24/0x84 LR [c004fa38] .copy_process+0xc28/0x163c Call Trace: [c0403810] [00d0] 0xd0 (unreliable) [c0403890] [c004fa38] .copy_process+0xc28/0x163c [c04039a0] [c005059c] .do_fork+0x94/0x240 [c0403a80] [c0011c80] .sys_clone+0x60/0x78 [c0403af0] [c000d814] .ppc_clone+0x8/0xc --- Exception: c00 at .kernel_thread+0x28/0x68 LR = .rest_init+0x24/0x5c [c0403de0] [01ff1b88] 0x1ff1b88 (unreliable) [c0403e50] [c03e3004] .proc_root_init+0x164/0x184 [c0403ed0] [c03c98a0] .start_kernel+0x2ac/0x328 [c0403f90] [c000bfb4] .__setup_cpu_power3+0x0/0x4 Instruction dump: 4e800020 63ff0004 4b44 7c0802a6 fbc1fff0 ebc2c9d0 fbe1fff8 f8010010 f821ff81 e97e8100 e92b e9490258 e80a f8410028 e96a0010 e84a0008 0Kernel panic - not syncing: Attempted to kill the idle task! Taken from hooks.S: 5494 .selinux_task_create: 5494: 7c 08 02 a6 mflrr0 5498: fb c1 ff f0 std r30,-16(r1) 549c: eb c2 00 00 ld r30,0(r2) 54a0: fb e1 ff f8 std r31,-8(r1) 54a4: f8 01 00 10 std r0,16(r1) 54a8: f8 21 ff 81 stdur1,-128(r1) 54ac: e9 7e 81 00 ld r11,-32512(r30) 54b0: e9 2b 00 00 ld r9,0(r11) 54b4: e9 49 02 58 ld r10,600(r9) 54b8: e8 0a 00 00 ld r0,0(r10) 54bc: f8 41 00 28 std r2,40(r1) 54c0: e9 6a 00 10 ld r11,16(r10) 54c4: e8 4a 00 08 ld r2,8(r10) 54c8: 7c 09 03 a6 mtctr r0 54cc: 4e 80 04 21 bctrl 54d0: e8 41 00 28 ld r2,40(r1) 54d4: 38 a0 00 01 li r5,1 54d8: 2f a3 00 00 cmpdi cr7,r3,0 54dc: 41 9e 00 1c beq-cr7,54f8 .selinux_task_create+0x64 54e0: 38 21 00 80 addir1,r1,128 54e4: e8 01 00 10 ld r0,16(r1) 54e8: eb c1 ff f0 ld r30,-16(r1) 54ec: eb e1 ff f8 ld r31,-8(r1) 54f0: 7c 08 03 a6 mtlrr0 54f4: 4e 80 00 20 blr 54f8: 38 21 00 80 addir1,r1,128 54fc: e8 6d 01 70 ld r3,368(r13) 5500: e8 01 00 10 ld r0,16(r1) 5504: eb c1 ff f0 ld r30,-16(r1) 5508: eb e1 ff f8 ld r31,-8(r1) 550c: 7c 64 1b 78 mr r4,r3 5510: 7c 08 03 a6 mtlrr0 5514: 4b ff ba 68 b f7c .task_has_perm - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: Did you ever check this with selinux? No, thanks for catching that oversight. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
* Chris Wright ([EMAIL PROTECTED]) wrote: I'll have some numbers tomorrow. If you'd like to run SELinux that'd be quite useful. These are just lmbench and kernel build numbers (certainly not the best for real benchmark numbers, but easy to get a quick view run). This is just baseline (i.e. default, nothing loaded). This is x86_64 (1 HT core) 2GB. Kernel build: old hooks new hooks - - real7m2.313sreal7m1.542s user6m25.012s user6m25.484s sys 0m56.580s sys 0m56.008s real7m3.376sreal7m0.593s user6m25.412s user6m24.184s sys 0m57.140s sys 0m56.936s real7m2.643sreal7m1.280s user6m23.840s user6m25.408s sys 0m57.668s sys 0m55.935s real7m0.015sreal7m0.712s user6m23.964s user6m24.820s sys 0m57.940s sys 0m56.520s real7m3.204sreal7m0.592s user6m23.868s user6m24.652s sys 0m57.712s sys 0m56.460s real7m1.961sreal7m1.328s user6m24.416s user6m25.284s sys 0m57.252s sys 0m56.184s Basic system parameters Host OS Description Mhz - - --- vert.sous Linux 2.6.13- x86_64-linux-gnu-oldhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-oldhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-oldhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-oldhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-newhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-newhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-newhoo 2997 vert.sous Linux 2.6.13- x86_64-linux-gnu-newhoo 2997 Processor, Processes - times in microseconds - smaller is better Host OS Mhz null null open selct sig sig fork exec sh call I/O stat clos TCP inst hndl proc proc proc - - - vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.4 14.9 0.36 4.77 199. 684. 2524 vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.4 15.0 0.36 4.68 198. 689. 2530 vert.sous Linux 2.6.13- 2997 0.23 0.39 14.1 16.4 14.2 0.36 4.74 198. 690. 2528 vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.4 14.9 0.37 4.71 199. 684. 2532 vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.3 14.2 0.37 4.66 195. 679. 2497 vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.3 14.8 0.37 4.67 198. 681. 2511 vert.sous Linux 2.6.13- 2997 0.23 0.40 14.1 16.3 15.0 0.37 4.67 197. 678. 2512 vert.sous Linux 2.6.13- 2997 0.23 0.39 14.1 16.3 15.6 0.37 4.70 197. 681. 2508 Context switching - times in microseconds - smaller is better - Host OS 2p/0K 2p/16K 2p/64K 8p/16K 8p/64K 16p/16K 16p/64K ctxsw ctxsw ctxsw ctxsw ctxsw ctxsw ctxsw - - - -- -- -- -- --- --- vert.sous Linux 2.6.13- 6.120 7.1500 9.6900 7.1600 11.8 7.7800018.0 vert.sous Linux 2.6.13- 6.140 7.1000 9.6700 7.1600 11.7 7.9300018.1 vert.sous Linux 2.6.13- 6.080 7.1100 9.6900 7.2100 11.9 8.1400018.0 vert.sous Linux 2.6.13- 6.070 7.1000 9.7100 7.3000 12.9 7.8500018.1 vert.sous Linux 2.6.13- 5.820 6.8900 9.4200 7.0600 12.2 7.7700018.0 vert.sous Linux 2.6.13- 5.830 6.9700 9.5400 7. 13.6 7.9900017.9 vert.sous Linux 2.6.13- 5.870 6.8200 9.5000 7.3000 12.1 8.1500017.8 vert.sous Linux 2.6.13- 5.870 6.9200 9.5400 7.1200 11.4 7.9100018.3 *Local* Communication latencies in microseconds - smaller is better --- Host OS 2p/0K Pipe AF UDP RPC/ TCP RPC/ TCP ctxsw UNIX UDP TCP conn - - - - - - - - vert.sous Linux 2.6.13- 6.180 15.2 33.9 29.9 42.3 55.9 72.2 106. vert.sous Linux 2.6.13- 6.140 15.2 33.8 30.1 42.5 55.8 72.5 107. vert.sous Linux 2.6.13- 6.080 15.1 34.0 30.0 42.5 55.9 72.6 107. vert.sous Linux 2.6.13- 6.070 14.7 34.1 30.2 42.4 55.7 72.5 107. vert.sous Linux 2.6.13- 5.820 14.1 33.8 30.0 42.0 54.9 71.0 106. vert.sous Linux 2.6.13- 5.830 14.4 33.9 30.2 42.1 54.9 71.0 106. vert.sous Linux 2.6.13- 5.870 14.6 34.1 29.9 42.0 54.9 71.2 106. vert.sous Linux 2.6.13- 5.870 14.6 34.3 29.8 42.2 54.8 71.0 106. File VM system latencies in microseconds - smaller is better -- Host OS 0K File 10K File MmapProtPage
Re: [PATCH 0/5] LSM hook updates
* James Morris ([EMAIL PROTECTED]) wrote: > On Wed, 24 Aug 2005, Chris Wright wrote: > > > This is based on Kurt's original work. The net effect is that > > LSM hooks are called conditionally, and in all cases capabilities > > provide the defaults. I've done some basic performance testing, and > > found nothing surprising. > > Do you mean nothing noticable? I did only microbenchmarking, which was as much as double digit percentage faster (on P4), nothing was slower. > > I'm interested to see numbers from others > > before I push this up. These are against Linus' current git tree (they > > will clash with the -mm tree). > > Are there any numbers for popular architectures like i386 and x86_64? I'll have some numbers tomorrow. If you'd like to run SELinux that'd be quite useful. thanks, -chris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
On Wed, 24 Aug 2005, Chris Wright wrote: > This is based on Kurt's original work. The net effect is that > LSM hooks are called conditionally, and in all cases capabilities > provide the defaults. I've done some basic performance testing, and > found nothing surprising. Do you mean nothing noticable? > I'm interested to see numbers from others > before I push this up. These are against Linus' current git tree (they > will clash with the -mm tree). Are there any numbers for popular architectures like i386 and x86_64? - James -- James Morris <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 0/5] LSM hook updates
This is based on Kurt's original work. The net effect is that LSM hooks are called conditionally, and in all cases capabilities provide the defaults. I've done some basic performance testing, and found nothing surprising. I'm interested to see numbers from others before I push this up. These are against Linus' current git tree (they will clash with the -mm tree). security/dummy.c | 996 include/linux/security.h | 1665 --- security/Makefile|9 security/commoncap.c | 160 ++-- security/root_plug.c | 14 security/security.c | 62 - 6 files changed, 839 insertions(+), 2067 deletions(-) thanks, -chris -- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 0/5] LSM hook updates
This is based on Kurt's original work. The net effect is that LSM hooks are called conditionally, and in all cases capabilities provide the defaults. I've done some basic performance testing, and found nothing surprising. I'm interested to see numbers from others before I push this up. These are against Linus' current git tree (they will clash with the -mm tree). security/dummy.c | 996 include/linux/security.h | 1665 --- security/Makefile|9 security/commoncap.c | 160 ++-- security/root_plug.c | 14 security/security.c | 62 - 6 files changed, 839 insertions(+), 2067 deletions(-) thanks, -chris -- - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
On Wed, 24 Aug 2005, Chris Wright wrote: This is based on Kurt's original work. The net effect is that LSM hooks are called conditionally, and in all cases capabilities provide the defaults. I've done some basic performance testing, and found nothing surprising. Do you mean nothing noticable? I'm interested to see numbers from others before I push this up. These are against Linus' current git tree (they will clash with the -mm tree). Are there any numbers for popular architectures like i386 and x86_64? - James -- James Morris [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 0/5] LSM hook updates
* James Morris ([EMAIL PROTECTED]) wrote: On Wed, 24 Aug 2005, Chris Wright wrote: This is based on Kurt's original work. The net effect is that LSM hooks are called conditionally, and in all cases capabilities provide the defaults. I've done some basic performance testing, and found nothing surprising. Do you mean nothing noticable? I did only microbenchmarking, which was as much as double digit percentage faster (on P4), nothing was slower. I'm interested to see numbers from others before I push this up. These are against Linus' current git tree (they will clash with the -mm tree). Are there any numbers for popular architectures like i386 and x86_64? I'll have some numbers tomorrow. If you'd like to run SELinux that'd be quite useful. thanks, -chris - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
