config SECURITY_LOCKDOWN_LSM bool "Basic module for enforcing kernel lockdown" depends on SECURITY select MODULE_SIG if MODULES help Build support for an LSM that enforces a coarse kernel lockdown behaviour. config SECURITY_LOCKDOWN_LSM_EARLY bool "Enable lockdown LSM early in init" depends on SECURITY_LOCKDOWN_LSM help Enable the lockdown LSM early in boot. This is necessary in order to ensure that lockdown enforcement can be carried out on kernel boot parameters that are otherwise parsed before the security subsystem is fully initialised. If enabled, lockdown will unconditionally be called before any other LSMs. choice prompt "Kernel default lockdown mode" default LOCK_DOWN_KERNEL_FORCE_NONE depends on SECURITY_LOCKDOWN_LSM help The kernel can be configured to default to differing levels of lockdown. config LOCK_DOWN_KERNEL_FORCE_NONE bool "None" help No lockdown functionality is enabled by default. Lockdown may be enabled via the kernel commandline or /sys/kernel/security/lockdown. config LOCK_DOWN_KERNEL_FORCE_INTEGRITY bool "Integrity" help The kernel runs in integrity mode by default. Features that allow the kernel to be modified at runtime are disabled. config LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY bool "Confidentiality" help The kernel runs in confidentiality mode by default. Features that allow the kernel to be modified at runtime or that permit userland code to read confidential material held inside the kernel are disabled. endchoice /linux-net-next.git/log/'>logtreecommitdiff
diff options
context:
space:
mode:
authorArjun Roy <arjunroy@google.com>2020-02-14 15:30:49 -0800
committerDavid S. Miller <davem@davemloft.net>2020-02-16 19:25:02 -0800
commitc8856c051454909e5059df4e81c77b9c366c5515 (patch)
tree72b78bb1392b3d2209b387599d8f15fbb2fcae5c
parent8c8da5b8eaf80b9958de96cce189abd4bd1aaff1 (diff)
tcp-zerocopy: Return inq along with tcp receive zerocopy.
This patchset is intended to reduce the number of extra system calls imposed by TCP receive zerocopy. For ping-pong RPC style workloads, this patchset has demonstrated a system call reduction of about 30% when coupled with userspace changes. For applications using edge-triggered epoll, returning inq along with the result of tcp receive zerocopy could remove the need to call recvmsg()=-EAGAIN after a successful zerocopy. Generally speaking, since normally we would need to perform a recvmsg() call for every successful small RPC read via TCP receive zerocopy, returning inq can reduce the number of system calls performed by approximately half. Signed-off-by: Arjun Roy <arjunroy@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat