LSM: shrink the common_audit_data data union

After shrinking the common_audit_data stack usage for private LSM data I'm not going to shrink the data union. To do this I'm going to move anything larger than 2 void * ptrs to it's own structure and require it to be declared separately on the calling stack. Thus hot paths which don't need more than a couple pointer don't have to declare space to hold large unneeded structures. I could get this down to one void * by dealing with the key struct and the struct path. We'll see if that is helpful after taking care of networking. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Eric Paris <eparis@redhat.com> 2012-04-02 13:15:44 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-04-03 12:49:10 -0400
commit: 48c62af68a403ef1655546bd3e021070c8508573 (patch)
tree: ba938e4fb45d5bdaad2dad44071d0625f8e36945 /security/lsm_audit.c
parent: 3b3b0e4fc15efa507b902d90cea39e496a523c3b (diff)
1 files changed, 33 insertions, 33 deletions
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 8b8f0902f6e5..e96c6aa17bb0 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -49,8 +49,8 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
        if (ih == NULL)
                return -EINVAL;
-        ad->u.net.v4info.saddr = ih->saddr;
+        ad->u.net->v4info.saddr = ih->saddr;
-        ad->u.net.v4info.daddr = ih->daddr;
+        ad->u.net->v4info.daddr = ih->daddr;
        if (proto)
                *proto = ih->protocol;
@@ -64,8 +64,8 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
                if (th == NULL)
                        break;
-                ad->u.net.sport = th->source;
+                ad->u.net->sport = th->source;
-                ad->u.net.dport = th->dest;
+                ad->u.net->dport = th->dest;
                break;
        }
        case IPPROTO_UDP: {
@@ -73,8 +73,8 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
                if (uh == NULL)
                        break;
-                ad->u.net.sport = uh->source;
+                ad->u.net->sport = uh->source;
-                ad->u.net.dport = uh->dest;
+                ad->u.net->dport = uh->dest;
                break;
        }
        case IPPROTO_DCCP: {
@@ -82,16 +82,16 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
                if (dh == NULL)
                        break;
-                ad->u.net.sport = dh->dccph_sport;
+                ad->u.net->sport = dh->dccph_sport;
-                ad->u.net.dport = dh->dccph_dport;
+                ad->u.net->dport = dh->dccph_dport;
                break;
        }
        case IPPROTO_SCTP: {
                struct sctphdr *sh = sctp_hdr(skb);
                if (sh == NULL)
                        break;
-                ad->u.net.sport = sh->source;
+                ad->u.net->sport = sh->source;
-                ad->u.net.dport = sh->dest;
+                ad->u.net->dport = sh->dest;
                break;
        }
        default:
@@ -119,8 +119,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
        ip6 = ipv6_hdr(skb);
        if (ip6 == NULL)
                return -EINVAL;
-        ad->u.net.v6info.saddr = ip6->saddr;
+        ad->u.net->v6info.saddr = ip6->saddr;
-        ad->u.net.v6info.daddr = ip6->daddr;
+        ad->u.net->v6info.daddr = ip6->daddr;
        ret = 0;
        /* IPv6 can have several extension header before the Transport header
         * skip them */
@@ -140,8 +140,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
                if (th == NULL)
                        break;
-                ad->u.net.sport = th->source;
+                ad->u.net->sport = th->source;
-                ad->u.net.dport = th->dest;
+                ad->u.net->dport = th->dest;
                break;
        }
        case IPPROTO_UDP: {
@@ -151,8 +151,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
                if (uh == NULL)
                        break;
-                ad->u.net.sport = uh->source;
+                ad->u.net->sport = uh->source;
-                ad->u.net.dport = uh->dest;
+                ad->u.net->dport = uh->dest;
                break;
        }
        case IPPROTO_DCCP: {
@@ -162,8 +162,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
                if (dh == NULL)
                        break;
-                ad->u.net.sport = dh->dccph_sport;
+                ad->u.net->sport = dh->dccph_sport;
-                ad->u.net.dport = dh->dccph_dport;
+                ad->u.net->dport = dh->dccph_dport;
                break;
        }
        case IPPROTO_SCTP: {
@@ -172,8 +172,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
                sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
                if (sh == NULL)
                        break;
-                ad->u.net.sport = sh->source;
+                ad->u.net->sport = sh->source;
-                ad->u.net.dport = sh->dest;
+                ad->u.net->dport = sh->dest;
                break;
        }
        default:
@@ -281,8 +281,8 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                }
                break;
        case LSM_AUDIT_DATA_NET:
-                if (a->u.net.sk) {
+                if (a->u.net->sk) {
-                        struct sock *sk = a->u.net.sk;
+                        struct sock *sk = a->u.net->sk;
                        struct unix_sock *u;
                        int len = 0;
                        char *p = NULL;
@@ -330,29 +330,29 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                        }
                }
-                switch (a->u.net.family) {
+                switch (a->u.net->family) {
                case AF_INET:
-                        print_ipv4_addr(ab, a->u.net.v4info.saddr,
+                        print_ipv4_addr(ab, a->u.net->v4info.saddr,
-                                        a->u.net.sport,
+                                        a->u.net->sport,
                                        "saddr", "src");
-                        print_ipv4_addr(ab, a->u.net.v4info.daddr,
+                        print_ipv4_addr(ab, a->u.net->v4info.daddr,
-                                        a->u.net.dport,
+                                        a->u.net->dport,
                                        "daddr", "dest");
                        break;
                case AF_INET6:
-                        print_ipv6_addr(ab, &a->u.net.v6info.saddr,
+                        print_ipv6_addr(ab, &a->u.net->v6info.saddr,
-                                        a->u.net.sport,
+                                        a->u.net->sport,
                                        "saddr", "src");
-                        print_ipv6_addr(ab, &a->u.net.v6info.daddr,
+                        print_ipv6_addr(ab, &a->u.net->v6info.daddr,
-                                        a->u.net.dport,
+                                        a->u.net->dport,
                                        "daddr", "dest");
                        break;
                }
-                if (a->u.net.netif > 0) {
+                if (a->u.net->netif > 0) {
                        struct net_device *dev;
                        /* NOTE: we always use init's namespace */
-                        dev = dev_get_by_index(&init_net, a->u.net.netif);
+                        dev = dev_get_by_index(&init_net, a->u.net->netif);
                        if (dev) {
                                audit_log_format(ab, " netif=%s", dev->name);
                                dev_put(dev);
author	Eric Paris <eparis@redhat.com>	2012-04-02 13:15:44 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-04-03 12:49:10 -0400
commit	48c62af68a403ef1655546bd3e021070c8508573 (patch)
tree	ba938e4fb45d5bdaad2dad44071d0625f8e36945 /security/lsm_audit.c
parent	3b3b0e4fc15efa507b902d90cea39e496a523c3b (diff)

diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 8b8f0902f6e5..e96c6aa17bb0 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c
@@ -49,8 +49,8 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
49	if (ih == NULL)	49	if (ih == NULL)
50	return -EINVAL;	50	return -EINVAL;
51		51
52	ad->u.net.v4info.saddr = ih->saddr;	52	ad->u.net->v4info.saddr = ih->saddr;
53	ad->u.net.v4info.daddr = ih->daddr;	53	ad->u.net->v4info.daddr = ih->daddr;
54		54
55	if (proto)	55	if (proto)
56	*proto = ih->protocol;	56	*proto = ih->protocol;
@@ -64,8 +64,8 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
64	if (th == NULL)	64	if (th == NULL)
65	break;	65	break;
66		66
67	ad->u.net.sport = th->source;	67	ad->u.net->sport = th->source;
68	ad->u.net.dport = th->dest;	68	ad->u.net->dport = th->dest;
69	break;	69	break;
70	}	70	}
71	case IPPROTO_UDP: {	71	case IPPROTO_UDP: {
@@ -73,8 +73,8 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
73	if (uh == NULL)	73	if (uh == NULL)
74	break;	74	break;
75		75
76	ad->u.net.sport = uh->source;	76	ad->u.net->sport = uh->source;
77	ad->u.net.dport = uh->dest;	77	ad->u.net->dport = uh->dest;
78	break;	78	break;
79	}	79	}
80	case IPPROTO_DCCP: {	80	case IPPROTO_DCCP: {
@@ -82,16 +82,16 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
82	if (dh == NULL)	82	if (dh == NULL)
83	break;	83	break;
84		84
85	ad->u.net.sport = dh->dccph_sport;	85	ad->u.net->sport = dh->dccph_sport;
86	ad->u.net.dport = dh->dccph_dport;	86	ad->u.net->dport = dh->dccph_dport;
87	break;	87	break;
88	}	88	}
89	case IPPROTO_SCTP: {	89	case IPPROTO_SCTP: {
90	struct sctphdr *sh = sctp_hdr(skb);	90	struct sctphdr *sh = sctp_hdr(skb);
91	if (sh == NULL)	91	if (sh == NULL)
92	break;	92	break;
93	ad->u.net.sport = sh->source;	93	ad->u.net->sport = sh->source;
94	ad->u.net.dport = sh->dest;	94	ad->u.net->dport = sh->dest;
95	break;	95	break;
96	}	96	}
97	default:	97	default:
@@ -119,8 +119,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
119	ip6 = ipv6_hdr(skb);	119	ip6 = ipv6_hdr(skb);
120	if (ip6 == NULL)	120	if (ip6 == NULL)
121	return -EINVAL;	121	return -EINVAL;
122	ad->u.net.v6info.saddr = ip6->saddr;	122	ad->u.net->v6info.saddr = ip6->saddr;
123	ad->u.net.v6info.daddr = ip6->daddr;	123	ad->u.net->v6info.daddr = ip6->daddr;
124	ret = 0;	124	ret = 0;
125	/* IPv6 can have several extension header before the Transport header	125	/* IPv6 can have several extension header before the Transport header
126	* skip them */	126	* skip them */
@@ -140,8 +140,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
140	if (th == NULL)	140	if (th == NULL)
141	break;	141	break;
142		142
143	ad->u.net.sport = th->source;	143	ad->u.net->sport = th->source;
144	ad->u.net.dport = th->dest;	144	ad->u.net->dport = th->dest;
145	break;	145	break;
146	}	146	}
147	case IPPROTO_UDP: {	147	case IPPROTO_UDP: {
@@ -151,8 +151,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
151	if (uh == NULL)	151	if (uh == NULL)
152	break;	152	break;
153		153
154	ad->u.net.sport = uh->source;	154	ad->u.net->sport = uh->source;
155	ad->u.net.dport = uh->dest;	155	ad->u.net->dport = uh->dest;
156	break;	156	break;
157	}	157	}
158	case IPPROTO_DCCP: {	158	case IPPROTO_DCCP: {
@@ -162,8 +162,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
162	if (dh == NULL)	162	if (dh == NULL)
163	break;	163	break;
164		164
165	ad->u.net.sport = dh->dccph_sport;	165	ad->u.net->sport = dh->dccph_sport;
166	ad->u.net.dport = dh->dccph_dport;	166	ad->u.net->dport = dh->dccph_dport;
167	break;	167	break;
168	}	168	}
169	case IPPROTO_SCTP: {	169	case IPPROTO_SCTP: {
@@ -172,8 +172,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
172	sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);	172	sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
173	if (sh == NULL)	173	if (sh == NULL)
174	break;	174	break;
175	ad->u.net.sport = sh->source;	175	ad->u.net->sport = sh->source;
176	ad->u.net.dport = sh->dest;	176	ad->u.net->dport = sh->dest;
177	break;	177	break;
178	}	178	}
179	default:	179	default:
@@ -281,8 +281,8 @@ static void dump_common_audit_data(struct audit_buffer *ab,
281	}	281	}
282	break;	282	break;
283	case LSM_AUDIT_DATA_NET:	283	case LSM_AUDIT_DATA_NET:
284	if (a->u.net.sk) {	284	if (a->u.net->sk) {
285	struct sock *sk = a->u.net.sk;	285	struct sock *sk = a->u.net->sk;
286	struct unix_sock *u;	286	struct unix_sock *u;
287	int len = 0;	287	int len = 0;
288	char *p = NULL;	288	char *p = NULL;
@@ -330,29 +330,29 @@ static void dump_common_audit_data(struct audit_buffer *ab,
330	}	330	}
331	}	331	}
332		332
333	switch (a->u.net.family) {	333	switch (a->u.net->family) {
334	case AF_INET:	334	case AF_INET:
335	print_ipv4_addr(ab, a->u.net.v4info.saddr,	335	print_ipv4_addr(ab, a->u.net->v4info.saddr,
336	a->u.net.sport,	336	a->u.net->sport,
337	"saddr", "src");	337	"saddr", "src");
338	print_ipv4_addr(ab, a->u.net.v4info.daddr,	338	print_ipv4_addr(ab, a->u.net->v4info.daddr,
339	a->u.net.dport,	339	a->u.net->dport,
340	"daddr", "dest");	340	"daddr", "dest");
341	break;	341	break;
342	case AF_INET6:	342	case AF_INET6:
343	print_ipv6_addr(ab, &a->u.net.v6info.saddr,	343	print_ipv6_addr(ab, &a->u.net->v6info.saddr,
344	a->u.net.sport,	344	a->u.net->sport,
345	"saddr", "src");	345	"saddr", "src");
346	print_ipv6_addr(ab, &a->u.net.v6info.daddr,	346	print_ipv6_addr(ab, &a->u.net->v6info.daddr,
347	a->u.net.dport,	347	a->u.net->dport,
348	"daddr", "dest");	348	"daddr", "dest");
349	break;	349	break;
350	}	350	}
351	if (a->u.net.netif > 0) {	351	if (a->u.net->netif > 0) {
352	struct net_device *dev;	352	struct net_device *dev;
353		353
354	/* NOTE: we always use init's namespace */	354	/* NOTE: we always use init's namespace */
355	dev = dev_get_by_index(&init_net, a->u.net.netif);	355	dev = dev_get_by_index(&init_net, a->u.net->netif);
356	if (dev) {	356	if (dev) {
357	audit_log_format(ab, " netif=%s", dev->name);	357	audit_log_format(ab, " netif=%s", dev->name);
358	dev_put(dev);	358	dev_put(dev);