LSM: shrink sizeof LSM specific portion of common_audit_data

Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop.  This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union.  Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 files changed, 5 insertions, 3 deletions

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 97ce8fae49b3..ad05d391974d 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -588,10 +588,12 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
                         error = aa_setprocattr_permipc(args);
                 } else {
                         struct common_audit_data sa;
+                        struct apparmor_audit_data aad = {0,};
                         COMMON_AUDIT_DATA_INIT(&sa, NONE);
-                        sa.aad.op = OP_SETPROCATTR;
-                        sa.aad.info = name;
-                        sa.aad.error = -EINVAL;
+                        sa.aad = &aad;
+                        aad.op = OP_SETPROCATTR;
+                        aad.info = name;
+                        aad.error = -EINVAL;
                         return aa_audit(AUDIT_APPARMOR_DENIED,
                                         __aa_current_profile(), GFP_KERNEL,
                                         &sa, NULL);