SELinux: do not allocate stack space for AVC data unless needed

Instead of declaring the entire selinux_audit_data on the stack when we start an operation on declare it on the stack if we are going to use it. We know it's usefulness at the end of the security decision and can declare it there. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Eric Paris <eparis@redhat.com> 2012-04-03 12:38:00 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-04-03 12:49:41 -0400
commit: 3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09 (patch)
tree: 20a7485417c8528d975ef4ff6e90467f63f67ab2 /security/selinux/avc.c
parent: f8294f1144ad0630075918df4bf94075f5384604 (diff)
1 files changed, 15 insertions, 12 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index b5545a84448a..36c42bb52d81 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -436,9 +436,9 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
 {
        struct common_audit_data *ad = a;
        audit_log_format(ab, "avc:  %s ",
-                         ad->selinux_audit_data->denied ? "denied" : "granted");
+                         ad->selinux_audit_data->slad->denied ? "denied" : "granted");
-        avc_dump_av(ab, ad->selinux_audit_data->tclass,
+        avc_dump_av(ab, ad->selinux_audit_data->slad->tclass,
-                        ad->selinux_audit_data->audited);
+                        ad->selinux_audit_data->slad->audited);
        audit_log_format(ab, " for ");
 }
@@ -452,9 +452,9 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
 {
        struct common_audit_data *ad = a;
        audit_log_format(ab, " ");
-        avc_dump_query(ab, ad->selinux_audit_data->ssid,
+        avc_dump_query(ab, ad->selinux_audit_data->slad->ssid,
-                           ad->selinux_audit_data->tsid,
+                           ad->selinux_audit_data->slad->tsid,
-                           ad->selinux_audit_data->tclass);
+                           ad->selinux_audit_data->slad->tclass);
 }
 /* This is the slow part of avc audit with big stack footprint */
@@ -465,6 +465,7 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
 {
        struct common_audit_data stack_data;
        struct selinux_audit_data sad = {0,};
+        struct selinux_late_audit_data slad;
        if (!a) {
                a = &stack_data;
@@ -483,12 +484,14 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
            (flags & MAY_NOT_BLOCK))
                return -ECHILD;
-        a->selinux_audit_data->tclass = tclass;
+        slad.tclass = tclass;
-        a->selinux_audit_data->requested = requested;
+        slad.requested = requested;
-        a->selinux_audit_data->ssid = ssid;
+        slad.ssid = ssid;
-        a->selinux_audit_data->tsid = tsid;
+        slad.tsid = tsid;
-        a->selinux_audit_data->audited = audited;
+        slad.audited = audited;
-        a->selinux_audit_data->denied = denied;
+        slad.denied = denied;
+        a->selinux_audit_data->slad = &slad;
        a->lsm_pre_audit = avc_audit_pre_callback;
        a->lsm_post_audit = avc_audit_post_callback;
        common_lsm_audit(a);
author	Eric Paris <eparis@redhat.com>	2012-04-03 12:38:00 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-04-03 12:49:41 -0400
commit	3f0882c48286e7bdb0bbdec9c4bfa934e0db8e09 (patch)
tree	20a7485417c8528d975ef4ff6e90467f63f67ab2 /security/selinux/avc.c
parent	f8294f1144ad0630075918df4bf94075f5384604 (diff)