[RFC] lsm: fs: Use i_callback to free i_security in RCU callback
Song Liu
song at kernel.org
Tue Dec 17 18:19:49 UTC 2024
On Tue, Dec 17, 2024 at 9:38 AM Al Viro <viro at zeniv.linux.org.uk> wrote:
>
> > - Let pipe free inode from a RCU callback.
>
> ... which hurts the systems with LSM crap disabled.
> NAK.
How do we measure the overhead in such cases? AFAICT,
the overhead is very small:
1. Many (most) systems have some LSM enabled anyway.
2. pipe create/release is not on any hot path. On a busy system
with 176 CPUs, I measured ~30 pipe create/release per second.
3. The overhead of a rcu callback is small.
Given these measures, I don't think "hurts the system without LSM"
justifies 2 extra pointers per inode.
Thanks,
Song
More information about the Linux-security-module-archive
mailing list