aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-04-04 15:01:42 -0400
committerEric Paris <eparis@redhat.com>2012-04-09 12:23:00 -0400
commitd4cf970d0732628d514405c5a975024b9e205b0b (patch)
tree481f90ea13b2cbc8dd77bc934aa91024c1df6587 /security/selinux
parent602a8dd6ea6abd463bc26310c4a1b44919f88e68 (diff)
SELinux: move common_audit_data to a noinline slow path function
selinux_inode_has_perm is a hot path. Instead of declaring the common_audit_data on the stack move it to a noinline function only used in the rare case we need to send an audit message. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c32
1 files changed, 21 insertions, 11 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 8417a6afaf3..b3bd8e1d268 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2658,11 +2658,29 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na
2658 return dentry_has_perm(cred, dentry, FILE__READ); 2658 return dentry_has_perm(cred, dentry, FILE__READ);
2659} 2659}
2660 2660
2661static int selinux_inode_permission(struct inode *inode, int mask) 2661static noinline int audit_inode_permission(struct inode *inode,
2662 u32 perms, u32 audited, u32 denied,
2663 unsigned flags)
2662{ 2664{
2663 const struct cred *cred = current_cred();
2664 struct common_audit_data ad; 2665 struct common_audit_data ad;
2665 struct selinux_audit_data sad = {0,}; 2666 struct selinux_audit_data sad = {0,};
2667 struct inode_security_struct *isec = inode->i_security;
2668 int rc;
2669
2670 COMMON_AUDIT_DATA_INIT(&ad, INODE);
2671 ad.selinux_audit_data = &sad;
2672 ad.u.inode = inode;
2673
2674 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
2675 audited, denied, &ad, flags);
2676 if (rc)
2677 return rc;
2678 return 0;
2679}
2680
2681static int selinux_inode_permission(struct inode *inode, int mask)
2682{
2683 const struct cred *cred = current_cred();
2666 u32 perms; 2684 u32 perms;
2667 bool from_access; 2685 bool from_access;
2668 unsigned flags = mask & MAY_NOT_BLOCK; 2686 unsigned flags = mask & MAY_NOT_BLOCK;
@@ -2696,15 +2714,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
2696 if (likely(!audited)) 2714 if (likely(!audited))
2697 return rc; 2715 return rc;
2698 2716
2699 COMMON_AUDIT_DATA_INIT(&ad, INODE); 2717 rc2 = audit_inode_permission(inode, perms, audited, denied, flags);
2700 ad.selinux_audit_data = &sad;
2701 ad.u.inode = inode;
2702
2703 if (from_access)
2704 ad.selinux_audit_data->auditdeny |= FILE__AUDIT_ACCESS;
2705
2706 rc2 = slow_avc_audit(sid, isec->sid, isec->sclass, perms,
2707 audited, denied, &ad, flags);
2708 if (rc2) 2718 if (rc2)
2709 return rc2; 2719 return rc2;
2710 return rc; 2720 return rc;