Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem.

(off-list ancestor, not in this archive)
Question regarding sendmmsg(). · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-07-22
Re: Question regarding sendmmsg(). · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-07-22
[PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-07-22
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · David Miller <davem@davemloft.net> · 2011-07-22
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-07-22
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-07-22
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-07-23
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Michael Tokarev <hidden> · 2011-07-23
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-07-23
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Anton Blanchard <hidden> · 2011-07-25
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-07-25
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Casey Schaufler <casey@schaufler-ca.com> · 2011-07-25
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-07-25
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Casey Schaufler <casey@schaufler-ca.com> · 2011-07-25
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Anton Blanchard <hidden> · 2011-07-26
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-07-26
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Eric Paris <hidden> · 2011-07-26
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-07-28
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · David Miller <davem@davemloft.net> · 2011-08-02
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-08-02
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · David Miller <davem@davemloft.net> · 2011-08-02
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · David Miller <davem@davemloft.net> · 2011-08-02
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-08-02
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · David Miller <davem@davemloft.net> · 2011-08-02
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-08-02
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-08-03
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · David Miller <davem@davemloft.net> · 2011-08-03
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Anton Blanchard <hidden> · 2011-08-03
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-08-03
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Anton Blanchard <hidden> · 2011-08-03
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Eduard Sinelnikov <hidden> · 2011-08-03
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2011-08-03
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Anton Blanchard <hidden> · 2011-08-04
Re: [PATCH] net: Fix security_socket_sendmsg() bypass problem. · Anton Blanchard <hidden> · 2011-08-03
Re: Question regarding sendmmsg(). · Paul Moore <hidden> · 2011-07-26

From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: 2011-07-26 11:21:23

Anton Blanchard wrote:

Not sure what happened to your email but the gains are evident at
just 2 packets.

I know your benchmark result, but that result is based on calling
security_socket_sendmsg() only once.

What we worry is that overhead by security_socket_sendmsg() kills the
performance gain for batched case.

I can help with testing - the commit included a microbenchmark for
the purposes of analysing its performance.

Yes please. The patch in msg11510.html would want some more discussion, but
the patch in msg11504.html is ready to benchmark on your environment.

Does SELinux want to receive nosec flag at selinux_socket_sendmsg() because
calling security_socket_sendmsg() more than once is meaningless for SELinux?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help