linux/security/selinux/include
Kirill Tkhai f0b07bb151 net: Introduce net_rwsem to protect net_namespace_list
rtnl_lock() is used everywhere, and contention is very high.
When someone wants to iterate over alive net namespaces,
he/she has no a possibility to do that without exclusive lock.
But the exclusive rtnl_lock() in such places is overkill,
and it just increases the contention. Yes, there is already
for_each_net_rcu() in kernel, but it requires rcu_read_lock(),
and this can't be sleepable. Also, sometimes it may be need
really prevent net_namespace_list growth, so for_each_net_rcu()
is not fit there.

This patch introduces new rw_semaphore, which will be used
instead of rtnl_mutex to protect net_namespace_list. It is
sleepable and allows not-exclusive iterations over net
namespaces list. It allows to stop using rtnl_lock()
in several places (what is made in next patches) and makes
less the time, we keep rtnl_mutex. Here we just add new lock,
while the explanation of we can remove rtnl_lock() there are
in next patches.

Fine grained locks generally are better, then one big lock,
so let's do that with net_namespace_list, while the situation
allows that.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-29 13:47:53 -04:00
..
audit.h SELinux: keep the code clean formating and syntax 2008-07-14 15:01:36 +10:00
avc_ss.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
avc.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
classmap.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
conditional.h selinux: Change bool variable name to index. 2016-04-14 11:24:50 -04:00
ibpkey.h selinux: Add a cache for quicker retreival of PKey SIDs 2017-05-23 12:28:12 -04:00
initial_sid_to_string.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netif.h selinux: make the netif cache namespace aware 2014-09-10 17:09:57 -04:00
netlabel.h security: replace FSF address with web source in license notices 2017-11-20 17:01:29 -05:00
netnode.h selinux: reduce the number of calls to synchronize_net() when flushing caches 2014-06-26 14:33:56 -04:00
netport.h selinux: reduce the number of calls to synchronize_net() when flushing caches 2014-06-26 14:33:56 -04:00
objsec.h selinux: bpf: Add selinux check for eBPF syscall operations 2017-10-20 13:32:59 +01:00
security.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm.h net: Introduce net_rwsem to protect net_namespace_list 2018-03-29 13:47:53 -04:00