[rsbac] A few comments/questions on RSBAC
tvrtko.ursulin at sophos.com
Wed Jul 6 19:37:10 CEST 2005
>Why do you think that requests must not sleep? They may and do, as you
>show yourself under 2.
Because if I use kmalloc instead of rsbac_kmalloc, I trigger "sleeping
function called from invalid context". Call trace is
Looking at the code shows that in adf_request_reg you are taking a
read_lock, traversing the list of registered modules and invoking their
callbacks. Therefore, REG modules are not allowed to sleep in their
>Only list operations with spinlocks held must not sleep. rsbac_kmalloc
>is mostly called from list functions, which hold a spinlock when
>adding or removing items. In 2.6 memory allocations with spinlocks
>held must be with ATOMIC. In 2.4 it works very will with normal
Why the difference between 2.4 and 2.6? Did you experience lock-ups?
Because, GFP_KERNEL allocations while holding a lock are not fine under
2.4 as well. You were probably just very lucky to get away with them.
>There are some other uses of rsbac_kmalloc, and it might save some few
>processor cycles to change it to GFP_KERNEL when a function is not
>spinlocked. However, this never really seemed an issue.
DAZ uses rsbac_kmalloc all over the place so I suggest that it is wrong
even if callbacks were allowed to sleep.
>Yes, this is to easily maintain the same code base with original
>Dazuko. Delete dazuko_rsbac.c, if it annoys you.
It looks messy but fine.
>> 4. RSBAC source code is full of enums, unions and structures named
>> struct rsbac_something_t. They are not typedef-ed, so why they have
>> suffix? I thought that it is a convention that typedef-ed type
>> _t added to them and this is confusing.
>Conventions differ between coders. I guess I broke several conventions
>of Linux kernel hacking, because using my own coding style lets me
>code significantly faster. This may lead to some confusion for
>others, but on the other hand many people said they liked my style
I don't think that _t is a convention of Linux kernel hacking but a more
general one. I might be wrong though.
Tvrtko August Ursulin
Software Engineer, Sophos
Tel: 01235 559933
Sophos - protecting businesses against viruses and spam
More information about the rsbac