aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2006-03-22 03:09:22 -0500
committerLinus Torvalds <torvalds@g5.osdl.org>2006-03-22 10:54:07 -0500
commit7cae7e26f245151b9ccad868bf2edf8c8048d307 (patch)
treedb785f2a471c5b97db2551402e067b9559a8989d
parentcf01efd098597f7ee88a61e645afacba987c4531 (diff)
[PATCH] SELinux: add slab cache for inode security struct
Add a slab cache for the SELinux inode security struct, one of which is allocated for every inode instantiated by the system. The memory savings are considerable. On 64-bit, instead of the size-128 cache, we have a slab object of 96 bytes, saving 32 bytes per object. After booting, I see about 4000 of these and then about 17,000 after a kernel compile. With this patch, we save around 530KB of kernel memory in the latter case. On 32-bit, the savings are about half of this. Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--security/selinux/hooks.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index bdd0b32f0104..ccaf988f3729 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -117,6 +117,8 @@ static struct security_operations *secondary_ops = NULL;
117static LIST_HEAD(superblock_security_head); 117static LIST_HEAD(superblock_security_head);
118static DEFINE_SPINLOCK(sb_security_lock); 118static DEFINE_SPINLOCK(sb_security_lock);
119 119
120static kmem_cache_t *sel_inode_cache;
121
120/* Allocate and free functions for each kind of security blob. */ 122/* Allocate and free functions for each kind of security blob. */
121 123
122static int task_alloc_security(struct task_struct *task) 124static int task_alloc_security(struct task_struct *task)
@@ -146,10 +148,11 @@ static int inode_alloc_security(struct inode *inode)
146 struct task_security_struct *tsec = current->security; 148 struct task_security_struct *tsec = current->security;
147 struct inode_security_struct *isec; 149 struct inode_security_struct *isec;
148 150
149 isec = kzalloc(sizeof(struct inode_security_struct), GFP_KERNEL); 151 isec = kmem_cache_alloc(sel_inode_cache, SLAB_KERNEL);
150 if (!isec) 152 if (!isec)
151 return -ENOMEM; 153 return -ENOMEM;
152 154
155 memset(isec, 0, sizeof(*isec));
153 init_MUTEX(&isec->sem); 156 init_MUTEX(&isec->sem);
154 INIT_LIST_HEAD(&isec->list); 157 INIT_LIST_HEAD(&isec->list);
155 isec->inode = inode; 158 isec->inode = inode;
@@ -172,7 +175,7 @@ static void inode_free_security(struct inode *inode)
172 spin_unlock(&sbsec->isec_lock); 175 spin_unlock(&sbsec->isec_lock);
173 176
174 inode->i_security = NULL; 177 inode->i_security = NULL;
175 kfree(isec); 178 kmem_cache_free(sel_inode_cache, isec);
176} 179}
177 180
178static int file_alloc_security(struct file *file) 181static int file_alloc_security(struct file *file)
@@ -4406,6 +4409,9 @@ static __init int selinux_init(void)
4406 tsec = current->security; 4409 tsec = current->security;
4407 tsec->osid = tsec->sid = SECINITSID_KERNEL; 4410 tsec->osid = tsec->sid = SECINITSID_KERNEL;
4408 4411
4412 sel_inode_cache = kmem_cache_create("selinux_inode_security",
4413 sizeof(struct inode_security_struct),
4414 0, SLAB_PANIC, NULL, NULL);
4409 avc_init(); 4415 avc_init();
4410 4416
4411 original_ops = secondary_ops = security_ops; 4417 original_ops = secondary_ops = security_ops;