[systemd-devel] [PATCH 3/4] connection: use the already cached metadata if KDBUS_HELLO_CACHE_META is set
Djalal Harouni
tixxdz at opendz.org
Sun Jun 29 05:11:07 PDT 2014
On Fri, Jun 27, 2014 at 01:02:19PM +0200, Daniel Mack wrote:
> On 06/27/2014 12:46 PM, Kay Sievers wrote:
> > On Fri, Jun 27, 2014 at 12:32 PM, Djalal Harouni <tixxdz at opendz.org> wrote:
> >> For connections with the KDBUS_HELLO_CACHE_META flag dup the
> >> metadata/credentials from handle or from the HELLO cmd, and use it to
> >> construct kdbus kmsg object, this improves benchmark by ~50%
> >>
> >> The KDBUS_HELLO_CACHE_META flag is only for privileged bus users, others
> >> will fail with -EPERM. Privileged bus users can do what ever they want.
> >
> > Metadata contains timestamps, global message sequence numbers, PIDs,
> > none of that should be cached or faked, I think.
>
> By no means, even for 'trusted' connections. The entire concept of
> metadata breaks if we cache things here.
Yes, I do agree, that was a quick hack to see how much we gain...
The thing is that for privileged processes or connections we already
support faking creds and seclabal, and in the kernel there is already
support for the no_new_privs bit:
https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt
So I was exploring things, don't know if it would worth it to make kdbus
smarter and check the no_new_privs bit if set, and cache some fields...
Anyway, yes I do realize, providing real time metadata is part of the
design and really a nice *race-free* feature.
Thanks for the comments!
>
> Daniel
>
--
Djalal Harouni
http://opendz.org
More information about the systemd-devel
mailing list