From owner-svn-src-all@FreeBSD.ORG Wed Jun 3 08:36:26 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E35AD1065673; Wed, 3 Jun 2009 08:36:26 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (chello087206192061.chello.pl [87.206.192.61]) by mx1.freebsd.org (Postfix) with ESMTP id 2C98D8FC1D; Wed, 3 Jun 2009 08:36:25 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 2C54745CA6; Wed, 3 Jun 2009 10:36:23 +0200 (CEST) Received: from localhost (pjd.wheel.pl [10.0.1.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id 39735456AB; Wed, 3 Jun 2009 10:36:18 +0200 (CEST) Date: Wed, 3 Jun 2009 10:36:22 +0200 From: Pawel Jakub Dawidek To: Robert Watson Message-ID: <20090603083622.GA3824@garage.freebsd.pl> References: <200906021826.n52IQHrh024410@svn.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2oS5YaxWCcQjTEyO" Content-Disposition: inline In-Reply-To: <200906021826.n52IQHrh024410@svn.freebsd.org> User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 8.0-CURRENT i386 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-5.9 required=3.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r193332 - in head/sys: kern netatalk netinet rpc security/mac X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2009 08:36:27 -0000 --2oS5YaxWCcQjTEyO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 02, 2009 at 06:26:17PM +0000, Robert Watson wrote: > Author: rwatson > Date: Tue Jun 2 18:26:17 2009 > New Revision: 193332 > URL: http://svn.freebsd.org/changeset/base/193332 >=20 > Log: > Add internal 'mac_policy_count' counter to the MAC Framework, which is a > count of the number of registered policies. > =20 > Rather than unconditionally locking sockets before passing them into MA= C, > lock them in the MAC entry points only if mac_policy_count is non-zero. > =20 > This avoids locking overhead for a number of socket system calls when no > policies are registered, eliminating measurable overhead for the MAC > Framework for the socket subsystem when there are no active policies. > =20 > Possibly socket locks should be acquired by policies if they are requir= ed > for socket labels, which would further avoid locking overhead when there > are policies but they don't require labeling of sockets, or possibly > don't even implement socket controls. This may introduce further overhead if there are few policies that implement socket controls. Then you will have cost of npolicies * lock/unlo= ck. Maybe we could check if there is at least one policy implementing particular socket control and if yes lock the socket in the framework only once? This won't be ideal (there might be socket control that doesn't need to lock the socket), but is good enough for my taste:) --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --2oS5YaxWCcQjTEyO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFKJjYGForvXbEpPzQRAt2GAKChKnv6ZaUq1YSsRutbx0zLReVnawCfePZM KcfsAcGfd6Qa+FhQeYDQpzY= =vTmO -----END PGP SIGNATURE----- --2oS5YaxWCcQjTEyO--