diff options
| author | Eric Paris <eparis@redhat.com> | 2012-04-03 12:37:02 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-04-03 12:48:40 -0400 |
| commit | 3b3b0e4fc15efa507b902d90cea39e496a523c3b (patch) | |
| tree | d7b91c21ad6c6f4ac21dd51297b74eec47c61684 /security/apparmor/policy_unpack.c | |
| parent | 95694129b43165911dc4e8a972f0d39ad98d86be (diff) | |
LSM: shrink sizeof LSM specific portion of common_audit_data
Linus found that the gigantic size of the common audit data caused a big
perf hit on something as simple as running stat() in a loop. This patch
requires LSMs to declare the LSM specific portion separately rather than
doing it in a union. Thus each LSM can be responsible for shrinking their
portion and don't have to pay a penalty just because other LSMs have a
bigger space requirement.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/apparmor/policy_unpack.c')
| -rw-r--r-- | security/apparmor/policy_unpack.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 25fd51edc8da..deab7c7e8dc0 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c | |||
| @@ -70,13 +70,13 @@ struct aa_ext { | |||
| 70 | static void audit_cb(struct audit_buffer *ab, void *va) | 70 | static void audit_cb(struct audit_buffer *ab, void *va) |
| 71 | { | 71 | { |
| 72 | struct common_audit_data *sa = va; | 72 | struct common_audit_data *sa = va; |
| 73 | if (sa->aad.iface.target) { | 73 | if (sa->aad->iface.target) { |
| 74 | struct aa_profile *name = sa->aad.iface.target; | 74 | struct aa_profile *name = sa->aad->iface.target; |
| 75 | audit_log_format(ab, " name="); | 75 | audit_log_format(ab, " name="); |
| 76 | audit_log_untrustedstring(ab, name->base.hname); | 76 | audit_log_untrustedstring(ab, name->base.hname); |
| 77 | } | 77 | } |
| 78 | if (sa->aad.iface.pos) | 78 | if (sa->aad->iface.pos) |
| 79 | audit_log_format(ab, " offset=%ld", sa->aad.iface.pos); | 79 | audit_log_format(ab, " offset=%ld", sa->aad->iface.pos); |
| 80 | } | 80 | } |
| 81 | 81 | ||
| 82 | /** | 82 | /** |
| @@ -94,13 +94,15 @@ static int audit_iface(struct aa_profile *new, const char *name, | |||
| 94 | { | 94 | { |
| 95 | struct aa_profile *profile = __aa_current_profile(); | 95 | struct aa_profile *profile = __aa_current_profile(); |
| 96 | struct common_audit_data sa; | 96 | struct common_audit_data sa; |
| 97 | struct apparmor_audit_data aad = {0,}; | ||
| 97 | COMMON_AUDIT_DATA_INIT(&sa, NONE); | 98 | COMMON_AUDIT_DATA_INIT(&sa, NONE); |
| 99 | sa.aad = &aad; | ||
| 98 | if (e) | 100 | if (e) |
| 99 | sa.aad.iface.pos = e->pos - e->start; | 101 | aad.iface.pos = e->pos - e->start; |
| 100 | sa.aad.iface.target = new; | 102 | aad.iface.target = new; |
| 101 | sa.aad.name = name; | 103 | aad.name = name; |
| 102 | sa.aad.info = info; | 104 | aad.info = info; |
| 103 | sa.aad.error = error; | 105 | aad.error = error; |
| 104 | 106 | ||
| 105 | return aa_audit(AUDIT_APPARMOR_STATUS, profile, GFP_KERNEL, &sa, | 107 | return aa_audit(AUDIT_APPARMOR_STATUS, profile, GFP_KERNEL, &sa, |
| 106 | audit_cb); | 108 | audit_cb); |