diff options
| author | Jeff Layton <jlayton@redhat.com> | 2012-10-10 15:25:25 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-10-12 00:32:02 -0400 |
| commit | e3d6b07b8ba161f638b026feba0c3c97875d7f1c (patch) | |
| tree | d40cea06665f9092820d76948d38e329c178011b | |
| parent | 29e9a3467c1367549568d7d411d5f30209ae181b (diff) | |
audit: optimize audit_compare_dname_path
In the cases where we already know the length of the parent, pass it as
a parm so we don't need to recompute it. In the cases where we don't
know the length, pass in AUDIT_NAME_FULL (-1) to indicate that it should
be determined.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| -rw-r--r-- | kernel/audit.h | 5 | ||||
| -rw-r--r-- | kernel/audit_watch.c | 3 | ||||
| -rw-r--r-- | kernel/auditfilter.c | 16 | ||||
| -rw-r--r-- | kernel/auditsc.c | 8 |
4 files changed, 20 insertions, 12 deletions
diff --git a/kernel/audit.h b/kernel/audit.h index 1038e23eb61..d51cba868e1 100644 --- a/kernel/audit.h +++ b/kernel/audit.h | |||
| @@ -74,12 +74,15 @@ static inline int audit_hash_ino(u32 ino) | |||
| 74 | return (ino & (AUDIT_INODE_BUCKETS-1)); | 74 | return (ino & (AUDIT_INODE_BUCKETS-1)); |
| 75 | } | 75 | } |
| 76 | 76 | ||
| 77 | /* Indicates that audit should log the full pathname. */ | ||
| 78 | #define AUDIT_NAME_FULL -1 | ||
| 79 | |||
| 77 | extern int audit_match_class(int class, unsigned syscall); | 80 | extern int audit_match_class(int class, unsigned syscall); |
| 78 | extern int audit_comparator(const u32 left, const u32 op, const u32 right); | 81 | extern int audit_comparator(const u32 left, const u32 op, const u32 right); |
| 79 | extern int audit_uid_comparator(kuid_t left, u32 op, kuid_t right); | 82 | extern int audit_uid_comparator(kuid_t left, u32 op, kuid_t right); |
| 80 | extern int audit_gid_comparator(kgid_t left, u32 op, kgid_t right); | 83 | extern int audit_gid_comparator(kgid_t left, u32 op, kgid_t right); |
| 81 | extern int parent_len(const char *path); | 84 | extern int parent_len(const char *path); |
| 82 | extern int audit_compare_dname_path(const char *dname, const char *path); | 85 | extern int audit_compare_dname_path(const char *dname, const char *path, int plen); |
| 83 | extern struct sk_buff * audit_make_reply(int pid, int seq, int type, | 86 | extern struct sk_buff * audit_make_reply(int pid, int seq, int type, |
| 84 | int done, int multi, | 87 | int done, int multi, |
| 85 | const void *payload, int size); | 88 | const void *payload, int size); |
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c index deb97c139e0..9a9ae6e3d29 100644 --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c | |||
| @@ -265,7 +265,8 @@ static void audit_update_watch(struct audit_parent *parent, | |||
| 265 | /* Run all of the watches on this parent looking for the one that | 265 | /* Run all of the watches on this parent looking for the one that |
| 266 | * matches the given dname */ | 266 | * matches the given dname */ |
| 267 | list_for_each_entry_safe(owatch, nextw, &parent->watches, wlist) { | 267 | list_for_each_entry_safe(owatch, nextw, &parent->watches, wlist) { |
| 268 | if (audit_compare_dname_path(dname, owatch->path)) | 268 | if (audit_compare_dname_path(dname, owatch->path, |
| 269 | AUDIT_NAME_FULL)) | ||
| 269 | continue; | 270 | continue; |
| 270 | 271 | ||
| 271 | /* If the update involves invalidating rules, do the inode-based | 272 | /* If the update involves invalidating rules, do the inode-based |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index d705eb17661..7f19f23d38a 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -1328,11 +1328,17 @@ int parent_len(const char *path) | |||
| 1328 | return p - path; | 1328 | return p - path; |
| 1329 | } | 1329 | } |
| 1330 | 1330 | ||
| 1331 | /* Compare given dentry name with last component in given path, | 1331 | /** |
| 1332 | * return of 0 indicates a match. */ | 1332 | * audit_compare_dname_path - compare given dentry name with last component in |
| 1333 | int audit_compare_dname_path(const char *dname, const char *path) | 1333 | * given path. Return of 0 indicates a match. |
| 1334 | * @dname: dentry name that we're comparing | ||
| 1335 | * @path: full pathname that we're comparing | ||
| 1336 | * @parentlen: length of the parent if known. Passing in AUDIT_NAME_FULL | ||
| 1337 | * here indicates that we must compute this value. | ||
| 1338 | */ | ||
| 1339 | int audit_compare_dname_path(const char *dname, const char *path, int parentlen) | ||
| 1334 | { | 1340 | { |
| 1335 | int dlen, pathlen, parentlen; | 1341 | int dlen, pathlen; |
| 1336 | const char *p; | 1342 | const char *p; |
| 1337 | 1343 | ||
| 1338 | dlen = strlen(dname); | 1344 | dlen = strlen(dname); |
| @@ -1340,7 +1346,7 @@ int audit_compare_dname_path(const char *dname, const char *path) | |||
| 1340 | if (pathlen < dlen) | 1346 | if (pathlen < dlen) |
| 1341 | return 1; | 1347 | return 1; |
| 1342 | 1348 | ||
| 1343 | parentlen = parent_len(path); | 1349 | parentlen = parentlen == AUDIT_NAME_FULL ? parent_len(path) : parentlen; |
| 1344 | if (pathlen - parentlen != dlen) | 1350 | if (pathlen - parentlen != dlen) |
| 1345 | return 1; | 1351 | return 1; |
| 1346 | 1352 | ||
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 09c7b6b4f8e..0160a68b4d7 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -81,9 +81,6 @@ | |||
| 81 | * a name dynamically and also add those to the list anchored by names_list. */ | 81 | * a name dynamically and also add those to the list anchored by names_list. */ |
| 82 | #define AUDIT_NAMES 5 | 82 | #define AUDIT_NAMES 5 |
| 83 | 83 | ||
| 84 | /* Indicates that audit should log the full pathname. */ | ||
| 85 | #define AUDIT_NAME_FULL -1 | ||
| 86 | |||
| 87 | /* no execve audit message should be longer than this (userspace limits) */ | 84 | /* no execve audit message should be longer than this (userspace limits) */ |
| 88 | #define MAX_EXECVE_AUDIT_LEN 7500 | 85 | #define MAX_EXECVE_AUDIT_LEN 7500 |
| 89 | 86 | ||
| @@ -2222,7 +2219,7 @@ void __audit_inode_child(const struct inode *parent, | |||
| 2222 | continue; | 2219 | continue; |
| 2223 | 2220 | ||
| 2224 | if (n->ino == parent->i_ino && | 2221 | if (n->ino == parent->i_ino && |
| 2225 | !audit_compare_dname_path(dname, n->name)) { | 2222 | !audit_compare_dname_path(dname, n->name, n->name_len)) { |
| 2226 | found_parent = n->name; | 2223 | found_parent = n->name; |
| 2227 | goto add_names; | 2224 | goto add_names; |
| 2228 | } | 2225 | } |
| @@ -2235,7 +2232,8 @@ void __audit_inode_child(const struct inode *parent, | |||
| 2235 | 2232 | ||
| 2236 | /* strcmp() is the more likely scenario */ | 2233 | /* strcmp() is the more likely scenario */ |
| 2237 | if (!strcmp(dname, n->name) || | 2234 | if (!strcmp(dname, n->name) || |
| 2238 | !audit_compare_dname_path(dname, n->name)) { | 2235 | !audit_compare_dname_path(dname, n->name, |
| 2236 | AUDIT_NAME_FULL)) { | ||
| 2239 | if (inode) | 2237 | if (inode) |
| 2240 | audit_copy_inode(n, dentry, inode); | 2238 | audit_copy_inode(n, dentry, inode); |
| 2241 | else | 2239 | else |