diff options
author | Eric Paris <eparis@redhat.com> | 2012-04-04 15:01:42 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2012-04-09 12:23:00 -0400 |
commit | d4cf970d0732628d514405c5a975024b9e205b0b (patch) | |
tree | 481f90ea13b2cbc8dd77bc934aa91024c1df6587 /security/selinux | |
parent | 602a8dd6ea6abd463bc26310c4a1b44919f88e68 (diff) |
SELinux: move common_audit_data to a noinline slow path function
selinux_inode_has_perm is a hot path. Instead of declaring the
common_audit_data on the stack move it to a noinline function only used in
the rare case we need to send an audit message.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/hooks.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 8417a6afaf3..b3bd8e1d268 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -2658,11 +2658,29 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na | |||
2658 | return dentry_has_perm(cred, dentry, FILE__READ); | 2658 | return dentry_has_perm(cred, dentry, FILE__READ); |
2659 | } | 2659 | } |
2660 | 2660 | ||
2661 | static int selinux_inode_permission(struct inode *inode, int mask) | 2661 | static noinline int audit_inode_permission(struct inode *inode, |
2662 | u32 perms, u32 audited, u32 denied, | ||
2663 | unsigned flags) | ||
2662 | { | 2664 | { |
2663 | const struct cred *cred = current_cred(); | ||
2664 | struct common_audit_data ad; | 2665 | struct common_audit_data ad; |
2665 | struct selinux_audit_data sad = {0,}; | 2666 | struct selinux_audit_data sad = {0,}; |
2667 | struct inode_security_struct *isec = inode->i_security; | ||
2668 | int rc; | ||
2669 | |||
2670 | COMMON_AUDIT_DATA_INIT(&ad, INODE); | ||
2671 | ad.selinux_audit_data = &sad; | ||
2672 | ad.u.inode = inode; | ||
2673 | |||
2674 | rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms, | ||
2675 | audited, denied, &ad, flags); | ||
2676 | if (rc) | ||
2677 | return rc; | ||
2678 | return 0; | ||
2679 | } | ||
2680 | |||
2681 | static int selinux_inode_permission(struct inode *inode, int mask) | ||
2682 | { | ||
2683 | const struct cred *cred = current_cred(); | ||
2666 | u32 perms; | 2684 | u32 perms; |
2667 | bool from_access; | 2685 | bool from_access; |
2668 | unsigned flags = mask & MAY_NOT_BLOCK; | 2686 | unsigned flags = mask & MAY_NOT_BLOCK; |
@@ -2696,15 +2714,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) | |||
2696 | if (likely(!audited)) | 2714 | if (likely(!audited)) |
2697 | return rc; | 2715 | return rc; |
2698 | 2716 | ||
2699 | COMMON_AUDIT_DATA_INIT(&ad, INODE); | 2717 | rc2 = audit_inode_permission(inode, perms, audited, denied, flags); |
2700 | ad.selinux_audit_data = &sad; | ||
2701 | ad.u.inode = inode; | ||
2702 | |||
2703 | if (from_access) | ||
2704 | ad.selinux_audit_data->auditdeny |= FILE__AUDIT_ACCESS; | ||
2705 | |||
2706 | rc2 = slow_avc_audit(sid, isec->sid, isec->sclass, perms, | ||
2707 | audited, denied, &ad, flags); | ||
2708 | if (rc2) | 2718 | if (rc2) |
2709 | return rc2; | 2719 | return rc2; |
2710 | return rc; | 2720 | return rc; |