diff options
| author | Eric Paris <eparis@redhat.com> | 2012-04-03 12:37:02 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-04-03 12:48:40 -0400 |
| commit | 3b3b0e4fc15efa507b902d90cea39e496a523c3b (patch) | |
| tree | d7b91c21ad6c6f4ac21dd51297b74eec47c61684 /security/smack/smack_access.c | |
| parent | 95694129b43165911dc4e8a972f0d39ad98d86be (diff) | |
LSM: shrink sizeof LSM specific portion of common_audit_data
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/smack/smack_access.c')
| -rw-r--r-- | security/smack/smack_access.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index cc7cb6edba0..2af7fcc98a7 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
| @@ -275,9 +275,9 @@ static inline void smack_str_from_perm(char *string, int access) | |||
| 275 | static void smack_log_callback(struct audit_buffer *ab, void *a) | 275 | static void smack_log_callback(struct audit_buffer *ab, void *a) |
| 276 | { | 276 | { |
| 277 | struct common_audit_data *ad = a; | 277 | struct common_audit_data *ad = a; |
| 278 | struct smack_audit_data *sad = &ad->smack_audit_data; | 278 | struct smack_audit_data *sad = ad->smack_audit_data; |
| 279 | audit_log_format(ab, "lsm=SMACK fn=%s action=%s", | 279 | audit_log_format(ab, "lsm=SMACK fn=%s action=%s", |
| 280 | ad->smack_audit_data.function, | 280 | ad->smack_audit_data->function, |
| 281 | sad->result ? "denied" : "granted"); | 281 | sad->result ? "denied" : "granted"); |
| 282 | audit_log_format(ab, " subject="); | 282 | audit_log_format(ab, " subject="); |
| 283 | audit_log_untrustedstring(ab, sad->subject); | 283 | audit_log_untrustedstring(ab, sad->subject); |
| @@ -310,11 +310,12 @@ void smack_log(char *subject_label, char *object_label, int request, | |||
| 310 | if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0) | 310 | if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0) |
| 311 | return; | 311 | return; |
| 312 | 312 | ||
| 313 | if (a->smack_audit_data.function == NULL) | 313 | sad = a->smack_audit_data; |
| 314 | a->smack_audit_data.function = "unknown"; | 314 | |
| 315 | if (sad->function == NULL) | ||
| 316 | sad->function = "unknown"; | ||
| 315 | 317 | ||
| 316 | /* end preparing the audit data */ | 318 | /* end preparing the audit data */ |
| 317 | sad = &a->smack_audit_data; | ||
| 318 | smack_str_from_perm(request_buffer, request); | 319 | smack_str_from_perm(request_buffer, request); |
| 319 | sad->subject = subject_label; | 320 | sad->subject = subject_label; |
| 320 | sad->object = object_label; | 321 | sad->object = object_label; |