apfs/linux-apfs
0
0
Fork 0
mirror of https://github.com/linux-apfs/linux-apfs.git synced 2026-05-01 15:00:59 -07:00
Code Issues Packages Projects Releases Wiki Activity

LSM: shrink sizeof LSM specific portion of common_audit_data

Browse Source 
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop.  This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union.  Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Eric Paris
2012-04-03 09:37:02 -07:00
committed by Linus Torvalds
parent 95694129b4
commit 3b3b0e4fc1
16 changed files with 241 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/smack/smack.h
+12 -1
View File
@@ -185,6 +185,15 @@ struct smack_known {
*/
#define SMK_NUM_ACCESS_TYPE 5
/* SMACK data */
struct smack_audit_data {
const char *function;
char *subject;
char *object;
char *request;
int result;
};
/*
* Smack audit data; is empty if CONFIG_AUDIT not set
* to save some stack
@@ -192,6 +201,7 @@ struct smack_known {
struct smk_audit_info {
#ifdef CONFIG_AUDIT
struct common_audit_data a;
struct smack_audit_data sad;
#endif
};
/*
@@ -311,7 +321,8 @@ static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
{
memset(a, 0, sizeof(*a));
a->a.type = type;
a->a.smack_audit_data.function = func;
a->a.smack_audit_data = &a->sad;
a->a.smack_audit_data->function = func;
}
static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
security/smack/smack_access.c
+6 -5
View File
@@ -275,9 +275,9 @@ static inline void smack_str_from_perm(char *string, int access)
static void smack_log_callback(struct audit_buffer *ab, void *a)
{
struct common_audit_data *ad = a;
struct smack_audit_data *sad = &ad->smack_audit_data;
struct smack_audit_data *sad = ad->smack_audit_data;
audit_log_format(ab, "lsm=SMACK fn=%s action=%s",
ad->smack_audit_data.function,
ad->smack_audit_data->function,
sad->result ? "denied" : "granted");
audit_log_format(ab, " subject=");
audit_log_untrustedstring(ab, sad->subject);
@@ -310,11 +310,12 @@ void smack_log(char *subject_label, char *object_label, int request,
if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0)
return;
if (a->smack_audit_data.function == NULL)
a->smack_audit_data.function = "unknown";
sad = a->smack_audit_data;
if (sad->function == NULL)
sad->function = "unknown";
/* end preparing the audit data */
sad = &a->smack_audit_data;
smack_str_from_perm(request_buffer, request);
sad->subject = subject_label;
sad->object = object_label;