[rsbac] A few comments/questions on RSBAC
Amon Ott
ao at rsbac.org
Wed Jul 6 19:05:45 CEST 2005
On Mittwoch 06 Juli 2005 18:22, tvrtko.ursulin at sophos.com wrote:
> [btw, kernel 2.6.11, RSBAC 1.2.4]
>
> I just started looking at RSBAC two days ago so excuse me if
something I
> say might be completely wrong.
>
> 1. There is a rsbac_kmalloc function which allocate in this way:
>
> #if KERNEL >= 2.6
> kmalloc(size, GFP_ATOMIC)
> #else
> kmalloc(size, GFP_KERNEL)
> #endif
>
> Why? It looks totally wrong and extremely hackish. It also leads me
to
> belive that request hook must not sleep, which I have confirmed with
> kernel debugging options. Of course, because of that, the whole
usability
> is questionable.
Why do you think that requests must not sleep? They may and do, as you
show yourself under 2.
Only list operations with spinlocks held must not sleep. rsbac_kmalloc
is mostly called from list functions, which hold a spinlock when
adding or removing items. In 2.6 memory allocations with spinlocks
held must be with ATOMIC. In 2.4 it works very will with normal
GFP_KERNEL.
There are some other uses of rsbac_kmalloc, and it might save some few
processor cycles to change it to GFP_KERNEL when a function is not
spinlocked. However, this never really seemed an issue.
> The comment for that function is also wrong, it says that it will
always
> allocate GFP_KERNEL.
Sorry for that old comment... I updated it in my tree.
> 2. However, DAZ module which is shipped together with RSBAC does
sleep in
> it's request hook by waiting on a event, of course it will do that
since
> it must communicate with userspace.
Yes, it does.
> 3. DAZ subdirectory also holds two completely identical files,
> dazuko_rsbac.c and dazuko_main.c. One of them is not used. There are
more
> unused files in there (FreeBSD?!).
Yes, this is to easily maintain the same code base with original
Dazuko. Delete dazuko_rsbac.c, if it annoys you.
> 4. RSBAC source code is full of enums, unions and structures named
like
> struct rsbac_something_t. They are not typedef-ed, so why they have
_t
> suffix? I thought that it is a convention that typedef-ed type
should have
> _t added to them and this is confusing.
Conventions differ between coders. I guess I broke several conventions
of Linux kernel hacking, because using my own coding style lets me
code significantly faster. This may lead to some confusion for
others, but on the other hand many people said they liked my style
better. :)
> Having noticed all this by only briefly looking at the code, how
mature
> and stable do you consider RSBAC to be currently? Especially on 2.6
> kernels?
I do not use the experimental 2.6 kernels on server systems myself,
but experience by others and on my workstation shows that RSBAC is
pretty stable there, too. On 2.4 it has been rock solid for me and
many others for a long time, except for the odd glitch in pre
versions or unusual cases.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list