[rsbac] A few comments/questions on RSBAC

tvrtko.ursulin@sophos.com tvrtko.ursulin at sophos.com
Wed Jul 6 19:37:10 CEST 2005 

Hi Amon,

>Why do you think that requests must not sleep? They may and do, as you
>show yourself under 2.

Because if I use kmalloc instead of rsbac_kmalloc, I trigger "sleeping 
function called from invalid context". Call trace is 
adf_request->adf_request_int->adf_request_reg->my_hook->kmalloc.

Looking at the code shows that in adf_request_reg you are taking a 
read_lock, traversing the list of registered modules and invoking their 
callbacks. Therefore, REG modules are not allowed to sleep in their 
request hooks.

>Only list operations with spinlocks held must not sleep. rsbac_kmalloc
>is mostly called from list functions, which hold a spinlock when
>adding or removing items. In 2.6 memory allocations with spinlocks
>held must be with ATOMIC. In 2.4 it works very will with normal
>GFP_KERNEL.

Why the difference between 2.4 and 2.6? Did you experience lock-ups? 
Because, GFP_KERNEL allocations while holding a lock are not fine under 
2.4 as well. You were probably just very lucky to get away with them.

>There are some other uses of rsbac_kmalloc, and it might save some few
>processor cycles to change it to GFP_KERNEL when a function is not
>spinlocked. However, this never really seemed an issue.

DAZ uses rsbac_kmalloc all over the place so I suggest that it is wrong 
even if callbacks were allowed to sleep.

>Yes, this is to easily maintain the same code base with original
>Dazuko. Delete dazuko_rsbac.c, if it annoys you.

It looks messy but fine.

>> 4. RSBAC source code is full of enums, unions and structures named
>like
>> struct rsbac_something_t. They are not typedef-ed, so why they have
>_t
>> suffix? I thought that it is a convention that typedef-ed type
>should have
>> _t added to them and this is confusing.
>
>Conventions differ between coders. I guess I broke several conventions
>of Linux kernel hacking, because using my own coding style lets me
>code significantly faster. This may lead to some confusion for
>others, but on the other hand many people said they liked my style
>better. :)

I don't think that _t is a convention of Linux kernel hacking but a more 
general one. I might be wrong though.


-- 
Tvrtko August Ursulin
Software Engineer, Sophos

Tel: 01235 559933
Web: www.sophos.com
Sophos - protecting businesses against viruses and spam

More information about the rsbac mailing list