[PATCH v3 2/2] vfs: avoid duplicating creds in faccessat if possible
Yury Norov
yury.norov at gmail.com
Sat Mar 4 20:51:30 UTC 2023
On Sat, Mar 04, 2023 at 11:19:54AM -0800, Linus Torvalds wrote:
> On Fri, Mar 3, 2023 at 9:51 PM Yury Norov <yury.norov at gmail.com> wrote:
> >
> > And the following code will be broken:
> >
> > cpumask_t m1, m2;
> >
> > cpumask_setall(m1); // m1 is ffff ffff ffff ffff because it uses
> > // compile-time optimized nr_cpumask_bits
> >
> > for_each_cpu(cpu, m1) // 32 iterations because it relied on nr_cpu_ids
> > cpumask_set_cpu(cpu, m2); // m2 is ffff ffff XXXX XXXX
>
> So honestly, it looks like you picked an example of something very
> unusual to then make everything else slower.
What about bootable sticks?
> Rather than commit aa47a7c215e7, we should just have fixed 'setall()'
> and 'for_each_cpu()' to use nr_cpu_ids, and then the rest would
> continue to use nr_cpumask_bits.
No, that wouldn't work for all.
> That particular code sequence is arguably broken to begin with.
> setall() should really only be used as a mask, most definitely not as
> some kind of "all possible cpus".
Sorry, don't understand this.
> The latter is "cpu_possible_mask", which is very different indeed (and
> often what you want is "cpu_online_mask")
Don't understand this possible vs online argument, but OK. What about this?
if (cpumask_setall_is_fixed)
cpumask_setall(mask);
else {
for_each_online_cpu(cpu)
cpumask_set_cpu(cpu, mask);
}
// You forgot to 'fix' cpumask_equal()
BUG_ON(!cpumask_equal(cpu_online_mask, mask));
Or this:
cpumask_clear(mask);
for_each_cpu_not(cpu, mask)
cpumask_set_cpu(cpu, mask);
BUG_ON(!cpumask_full(mask));
The root of the problem is that half of cpumask API relies (relied) on
compile-time nr_cpumask_bits, and the other - on boot-time nr_cpu_ids.
So, if you consistently propagate your 'fix', you'll get rid of
nr_cpumask_bits entirely with all that associate overhead.
That's what I actually did. And even tried to minimize the
overhead the best way I can think of.
> But I'd certainly be ok with using nr_cpu_ids for setall, partly
> exactly because it's so rare. It would probably be better to remove it
> entirely, but whatever.
>
> Linus
More information about the Linux-security-module-archive
mailing list