Subject: Re: Integrating securelevel and kauth(9)
To: Robert Watson <>
From: David Laight <>
List: tech-security
Date: 03/28/2006 18:29:42
On Tue, Mar 28, 2006 at 11:34:37AM +0000, Robert Watson wrote:
> When we switched from a smaller number of indexed checks to 
> a larger number of function prototypes with explicit type checking, these 
> went away.

I also suspect that the code paths get a lot shorter.
And probably easier to read...

If all the calls to a routine end up passing a constant parameter
telling the called function what to do (which I suspect ends up being
the case here), you save the cost of pushing the argument + the cost
of the switch statement (and can maybe even sensibly inline the code

If, for instance, you run netbsd under bochs, you can get an instruction
trace output.  Executing simple system calls shows that a lot of the
time is spend faffing about in lockmgr.
We don't want to do the same for the authorization checks.


David Laight: