SELinux: move common_audit_data to a noinline slow path function

selinux_inode_has_perm is a hot path. Instead of declaring the common_audit_data on the stack move it to a noinline function only used in the rare case we need to send an audit message. Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2012-04-04 15:01:42 -0400
committer: Eric Paris <eparis@redhat.com> 2012-04-09 12:23:00 -0400
commit: d4cf970d0732628d514405c5a975024b9e205b0b (patch)
tree: 481f90ea13b2cbc8dd77bc934aa91024c1df6587
parent: 602a8dd6ea6abd463bc26310c4a1b44919f88e68 (diff)
1 files changed, 21 insertions, 11 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 8417a6afaf3..b3bd8e1d268 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2658,11 +2658,29 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na
        return dentry_has_perm(cred, dentry, FILE__READ);
 }
-static int selinux_inode_permission(struct inode *inode, int mask)
+static noinline int audit_inode_permission(struct inode *inode,
+                                           u32 perms, u32 audited, u32 denied,
+                                           unsigned flags)
 {
-        const struct cred *cred = current_cred();
        struct common_audit_data ad;
        struct selinux_audit_data sad = {0,};
+        struct inode_security_struct *isec = inode->i_security;
+        int rc;
+        COMMON_AUDIT_DATA_INIT(&ad, INODE);
+        ad.selinux_audit_data = &sad;
+        ad.u.inode = inode;
+        rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
+                            audited, denied, &ad, flags);
+        if (rc)
+                return rc;
+        return 0;
+}
+static int selinux_inode_permission(struct inode *inode, int mask)
+{
+        const struct cred *cred = current_cred();
        u32 perms;
        bool from_access;
        unsigned flags = mask & MAY_NOT_BLOCK;
@@ -2696,15 +2714,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
        if (likely(!audited))
                return rc;
-        COMMON_AUDIT_DATA_INIT(&ad, INODE);
+        rc2 = audit_inode_permission(inode, perms, audited, denied, flags);
-        ad.selinux_audit_data = &sad;
-        ad.u.inode = inode;
-        if (from_access)
-                ad.selinux_audit_data->auditdeny |= FILE__AUDIT_ACCESS;
-        rc2 = slow_avc_audit(sid, isec->sid, isec->sclass, perms,
-                             audited, denied, &ad, flags);
        if (rc2)
                return rc2;
        return rc;
author	Eric Paris <eparis@redhat.com>	2012-04-04 15:01:42 -0400
committer	Eric Paris <eparis@redhat.com>	2012-04-09 12:23:00 -0400
commit	d4cf970d0732628d514405c5a975024b9e205b0b (patch)
tree	481f90ea13b2cbc8dd77bc934aa91024c1df6587
parent	602a8dd6ea6abd463bc26310c4a1b44919f88e68 (diff)