From: Kurt Garloff <[EMAIL PROTECTED]> Subject: Replace indirect calls by a branch References: 40217, 39439
In the LSM stub collection, rather do a branch than an indirect call. Many of the functions called do only return 0 or do nothing for the default (capability) case. This is a fast-path optimization; a branch is faster than an indirect call, even more so if correctly predicted. This shows a >3% perf. increase in netperf -t TCP_RR benchmark on IA64. (More exactly: The benchmark was taken with the next two patches applied as well, but I attribute the main effect to this patch.) This is patch 3/5 of the LSM overhaul. include/linux/security.h | 6 +++++- security/security.c | 2 -- 2 files changed, 5 insertions(+), 3 deletions(-) Signed-off-by: Kurt Garloff <[EMAIL PROTECTED]> Index: linux-2.6.10/include/linux/security.h =================================================================== --- linux-2.6.10.orig/include/linux/security.h +++ linux-2.6.10/include/linux/security.h @@ -1241,17 +1241,21 @@ struct security_operations { }; /* global variables */ extern struct security_operations *security_ops; +/* default security ops */ +extern struct security_operations capability_security_ops; /* prototypes */ extern int security_init (void); extern int register_security (struct security_operations *ops); extern int unregister_security (struct security_operations *ops); extern int mod_reg_security (const char *name, struct security_operations *ops); extern int mod_unreg_security (const char *name, struct security_operations *ops); -#define COND_SECURITY(seop, def) security_ops->seop +/* Condition for invocation of non-default security_op */ +#define COND_SECURITY(seop, def) \ + (security_ops == &capability_security_ops)? def: security_ops->seop #else /* CONFIG_SECURITY */ static inline int security_init(void) { Index: linux-2.6.10/security/security.c =================================================================== --- linux-2.6.10.orig/security/security.c +++ linux-2.6.10/security/security.c @@ -21,10 +21,8 @@ #define SECURITY_FRAMEWORK_VERSION "1.0.0" /* things that live in dummy.c */ extern void security_fixup_ops (struct security_operations *ops); -/* default security ops */ -extern struct security_operations capability_security_ops; struct security_operations *security_ops; /* Initialized to NULL */ static inline int verify(struct security_operations *ops) -- Kurt Garloff, Director SUSE Labs, Novell Inc.
pgpA1PzspJgyT.pgp
Description: PGP signature