aboutsummaryrefslogtreecommitdiffstats
path: root/security/smack
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2012-04-02 13:15:44 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-04-03 12:49:10 -0400
commit48c62af68a403ef1655546bd3e021070c8508573 (patch)
treeba938e4fb45d5bdaad2dad44071d0625f8e36945 /security/smack
parent3b3b0e4fc15efa507b902d90cea39e496a523c3b (diff)
LSM: shrink the common_audit_data data union
After shrinking the common_audit_data stack usage for private LSM data I'm not going to shrink the data union. To do this I'm going to move anything larger than 2 void * ptrs to it's own structure and require it to be declared separately on the calling stack. Thus hot paths which don't need more than a couple pointer don't have to declare space to hold large unneeded structures. I could get this down to one void * by dealing with the key struct and the struct path. We'll see if that is helpful after taking care of networking. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smack.h10
-rw-r--r--security/smack/smack_lsm.c29
2 files changed, 26 insertions, 13 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index ccba3823d9ef..4ede719922ed 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -325,6 +325,14 @@ static inline void smk_ad_init(struct smk_audit_info *a, const char *func,
325 a->a.smack_audit_data->function = func; 325 a->a.smack_audit_data->function = func;
326} 326}
327 327
328static inline void smk_ad_init_net(struct smk_audit_info *a, const char *func,
329 char type, struct lsm_network_audit *net)
330{
331 smk_ad_init(a, func, type);
332 memset(net, 0, sizeof(*net));
333 a->a.u.net = net;
334}
335
328static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, 336static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a,
329 struct task_struct *t) 337 struct task_struct *t)
330{ 338{
@@ -348,7 +356,7 @@ static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a,
348static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, 356static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a,
349 struct sock *sk) 357 struct sock *sk)
350{ 358{
351 a->a.u.net.sk = sk; 359 a->a.u.net->sk = sk;
352} 360}
353 361
354#else /* no AUDIT */ 362#else /* no AUDIT */
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index cd667b4089a5..81c03a597112 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1939,16 +1939,17 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
1939 char *hostsp; 1939 char *hostsp;
1940 struct socket_smack *ssp = sk->sk_security; 1940 struct socket_smack *ssp = sk->sk_security;
1941 struct smk_audit_info ad; 1941 struct smk_audit_info ad;
1942 struct lsm_network_audit net;
1942 1943
1943 rcu_read_lock(); 1944 rcu_read_lock();
1944 hostsp = smack_host_label(sap); 1945 hostsp = smack_host_label(sap);
1945 if (hostsp != NULL) { 1946 if (hostsp != NULL) {
1946 sk_lbl = SMACK_UNLABELED_SOCKET; 1947 sk_lbl = SMACK_UNLABELED_SOCKET;
1947#ifdef CONFIG_AUDIT 1948#ifdef CONFIG_AUDIT
1948 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 1949 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
1949 ad.a.u.net.family = sap->sin_family; 1950 ad.a.u.net->family = sap->sin_family;
1950 ad.a.u.net.dport = sap->sin_port; 1951 ad.a.u.net->dport = sap->sin_port;
1951 ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr; 1952 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
1952#endif 1953#endif
1953 rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad); 1954 rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad);
1954 } else { 1955 } else {
@@ -2808,9 +2809,10 @@ static int smack_unix_stream_connect(struct sock *sock,
2808 struct socket_smack *osp = other->sk_security; 2809 struct socket_smack *osp = other->sk_security;
2809 struct socket_smack *nsp = newsk->sk_security; 2810 struct socket_smack *nsp = newsk->sk_security;
2810 struct smk_audit_info ad; 2811 struct smk_audit_info ad;
2812 struct lsm_network_audit net;
2811 int rc = 0; 2813 int rc = 0;
2812 2814
2813 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 2815 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2814 smk_ad_setfield_u_net_sk(&ad, other); 2816 smk_ad_setfield_u_net_sk(&ad, other);
2815 2817
2816 if (!capable(CAP_MAC_OVERRIDE)) 2818 if (!capable(CAP_MAC_OVERRIDE))
@@ -2840,9 +2842,10 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other)
2840 struct socket_smack *ssp = sock->sk->sk_security; 2842 struct socket_smack *ssp = sock->sk->sk_security;
2841 struct socket_smack *osp = other->sk->sk_security; 2843 struct socket_smack *osp = other->sk->sk_security;
2842 struct smk_audit_info ad; 2844 struct smk_audit_info ad;
2845 struct lsm_network_audit net;
2843 int rc = 0; 2846 int rc = 0;
2844 2847
2845 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 2848 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2846 smk_ad_setfield_u_net_sk(&ad, other->sk); 2849 smk_ad_setfield_u_net_sk(&ad, other->sk);
2847 2850
2848 if (!capable(CAP_MAC_OVERRIDE)) 2851 if (!capable(CAP_MAC_OVERRIDE))
@@ -2990,6 +2993,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
2990 char *csp; 2993 char *csp;
2991 int rc; 2994 int rc;
2992 struct smk_audit_info ad; 2995 struct smk_audit_info ad;
2996 struct lsm_network_audit net;
2993 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) 2997 if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6)
2994 return 0; 2998 return 0;
2995 2999
@@ -3007,9 +3011,9 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3007 netlbl_secattr_destroy(&secattr); 3011 netlbl_secattr_destroy(&secattr);
3008 3012
3009#ifdef CONFIG_AUDIT 3013#ifdef CONFIG_AUDIT
3010 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 3014 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3011 ad.a.u.net.family = sk->sk_family; 3015 ad.a.u.net->family = sk->sk_family;
3012 ad.a.u.net.netif = skb->skb_iif; 3016 ad.a.u.net->netif = skb->skb_iif;
3013 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3017 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3014#endif 3018#endif
3015 /* 3019 /*
@@ -3152,6 +3156,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3152 char *sp; 3156 char *sp;
3153 int rc; 3157 int rc;
3154 struct smk_audit_info ad; 3158 struct smk_audit_info ad;
3159 struct lsm_network_audit net;
3155 3160
3156 /* handle mapped IPv4 packets arriving via IPv6 sockets */ 3161 /* handle mapped IPv4 packets arriving via IPv6 sockets */
3157 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) 3162 if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
@@ -3166,9 +3171,9 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
3166 netlbl_secattr_destroy(&secattr); 3171 netlbl_secattr_destroy(&secattr);
3167 3172
3168#ifdef CONFIG_AUDIT 3173#ifdef CONFIG_AUDIT
3169 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); 3174 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3170 ad.a.u.net.family = family; 3175 ad.a.u.net->family = family;
3171 ad.a.u.net.netif = skb->skb_iif; 3176 ad.a.u.net->netif = skb->skb_iif;
3172 ipv4_skb_to_auditdata(skb, &ad.a, NULL); 3177 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
3173#endif 3178#endif
3174 /* 3179 /*
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-09 17:20:53 -0500