diff options
author | James Morris <jmorris@namei.org> | 2006-03-22 03:09:22 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-22 10:54:07 -0500 |
commit | 7cae7e26f245151b9ccad868bf2edf8c8048d307 (patch) | |
tree | db785f2a471c5b97db2551402e067b9559a8989d /security/selinux/hooks.c | |
parent | cf01efd098597f7ee88a61e645afacba987c4531 (diff) |
[PATCH] SELinux: add slab cache for inode security struct
Add a slab cache for the SELinux inode security struct, one of which is
allocated for every inode instantiated by the system.
The memory savings are considerable.
On 64-bit, instead of the size-128 cache, we have a slab object of 96
bytes, saving 32 bytes per object. After booting, I see about 4000 of
these and then about 17,000 after a kernel compile. With this patch, we
save around 530KB of kernel memory in the latter case. On 32-bit, the
savings are about half of this.
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index bdd0b32f0104..ccaf988f3729 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -117,6 +117,8 @@ static struct security_operations *secondary_ops = NULL; | |||
117 | static LIST_HEAD(superblock_security_head); | 117 | static LIST_HEAD(superblock_security_head); |
118 | static DEFINE_SPINLOCK(sb_security_lock); | 118 | static DEFINE_SPINLOCK(sb_security_lock); |
119 | 119 | ||
120 | static kmem_cache_t *sel_inode_cache; | ||
121 | |||
120 | /* Allocate and free functions for each kind of security blob. */ | 122 | /* Allocate and free functions for each kind of security blob. */ |
121 | 123 | ||
122 | static int task_alloc_security(struct task_struct *task) | 124 | static int task_alloc_security(struct task_struct *task) |
@@ -146,10 +148,11 @@ static int inode_alloc_security(struct inode *inode) | |||
146 | struct task_security_struct *tsec = current->security; | 148 | struct task_security_struct *tsec = current->security; |
147 | struct inode_security_struct *isec; | 149 | struct inode_security_struct *isec; |
148 | 150 | ||
149 | isec = kzalloc(sizeof(struct inode_security_struct), GFP_KERNEL); | 151 | isec = kmem_cache_alloc(sel_inode_cache, SLAB_KERNEL); |
150 | if (!isec) | 152 | if (!isec) |
151 | return -ENOMEM; | 153 | return -ENOMEM; |
152 | 154 | ||
155 | memset(isec, 0, sizeof(*isec)); | ||
153 | init_MUTEX(&isec->sem); | 156 | init_MUTEX(&isec->sem); |
154 | INIT_LIST_HEAD(&isec->list); | 157 | INIT_LIST_HEAD(&isec->list); |
155 | isec->inode = inode; | 158 | isec->inode = inode; |
@@ -172,7 +175,7 @@ static void inode_free_security(struct inode *inode) | |||
172 | spin_unlock(&sbsec->isec_lock); | 175 | spin_unlock(&sbsec->isec_lock); |
173 | 176 | ||
174 | inode->i_security = NULL; | 177 | inode->i_security = NULL; |
175 | kfree(isec); | 178 | kmem_cache_free(sel_inode_cache, isec); |
176 | } | 179 | } |
177 | 180 | ||
178 | static int file_alloc_security(struct file *file) | 181 | static int file_alloc_security(struct file *file) |
@@ -4406,6 +4409,9 @@ static __init int selinux_init(void) | |||
4406 | tsec = current->security; | 4409 | tsec = current->security; |
4407 | tsec->osid = tsec->sid = SECINITSID_KERNEL; | 4410 | tsec->osid = tsec->sid = SECINITSID_KERNEL; |
4408 | 4411 | ||
4412 | sel_inode_cache = kmem_cache_create("selinux_inode_security", | ||
4413 | sizeof(struct inode_security_struct), | ||
4414 | 0, SLAB_PANIC, NULL, NULL); | ||
4409 | avc_init(); | 4415 | avc_init(); |
4410 | 4416 | ||
4411 | original_ops = secondary_ops = security_ops; | 4417 | original_ops = secondary_ops = security_ops; |