xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

LSM: shrink sizeof LSM specific portion of common_audit_data

Browse Source 
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop.  This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union.  Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Eric Paris
2012-04-03 09:37:02 -07:00
committed by Linus Torvalds
parent 95694129b4
commit 3b3b0e4fc1
16 changed files with 241 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
security/apparmor/audit.c
View File

@@ -115,23 +115,23 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
if (aa_g_audit_header) {
audit_log_format(ab, "apparmor=");
audit_log_string(ab, aa_audit_type[sa->aad.type]);
audit_log_string(ab, aa_audit_type[sa->aad->type]);
}
if (sa->aad.op) {
if (sa->aad->op) {
audit_log_format(ab, " operation=");
audit_log_string(ab, op_table[sa->aad.op]);
audit_log_string(ab, op_table[sa->aad->op]);
}
if (sa->aad.info) {
if (sa->aad->info) {
audit_log_format(ab, " info=");
audit_log_string(ab, sa->aad.info);
if (sa->aad.error)
audit_log_format(ab, " error=%d", sa->aad.error);
audit_log_string(ab, sa->aad->info);
if (sa->aad->error)
audit_log_format(ab, " error=%d", sa->aad->error);
}
if (sa->aad.profile) {
struct aa_profile *profile = sa->aad.profile;
if (sa->aad->profile) {
struct aa_profile *profile = sa->aad->profile;
pid_t pid;
rcu_read_lock();
pid = rcu_dereference(tsk->real_parent)->pid;
@@ -145,9 +145,9 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
audit_log_untrustedstring(ab, profile->base.hname);
}
if (sa->aad.name) {
if (sa->aad->name) {
audit_log_format(ab, " name=");
audit_log_untrustedstring(ab, sa->aad.name);
audit_log_untrustedstring(ab, sa->aad->name);
}
}
@@ -159,7 +159,7 @@ static void audit_pre(struct audit_buffer *ab, void *ca)
void aa_audit_msg(int type, struct common_audit_data *sa,
void (*cb) (struct audit_buffer *, void *))
{
sa->aad.type = type;
sa->aad->type = type;
sa->lsm_pre_audit = audit_pre;
sa->lsm_post_audit = cb;
common_lsm_audit(sa);
@@ -184,7 +184,7 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
BUG_ON(!profile);
if (type == AUDIT_APPARMOR_AUTO) {
if (likely(!sa->aad.error)) {
if (likely(!sa->aad->error)) {
if (AUDIT_MODE(profile) != AUDIT_ALL)
return 0;
type = AUDIT_APPARMOR_AUDIT;
@@ -196,21 +196,21 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
if (AUDIT_MODE(profile) == AUDIT_QUIET ||
(type == AUDIT_APPARMOR_DENIED &&
AUDIT_MODE(profile) == AUDIT_QUIET))
return sa->aad.error;
return sa->aad->error;
if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
type = AUDIT_APPARMOR_KILL;
if (!unconfined(profile))
sa->aad.profile = profile;
sa->aad->profile = profile;
aa_audit_msg(type, sa, cb);
if (sa->aad.type == AUDIT_APPARMOR_KILL)
if (sa->aad->type == AUDIT_APPARMOR_KILL)
(void)send_sig_info(SIGKILL, NULL, sa->tsk ? sa->tsk : current);
if (sa->aad.type == AUDIT_APPARMOR_ALLOWED)
return complain_error(sa->aad.error);
if (sa->aad->type == AUDIT_APPARMOR_ALLOWED)
return complain_error(sa->aad->error);
return sa->aad.error;
return sa->aad->error;
}