SELinux: move common_audit_data to a noinline slow path function

selinux_inode_has_perm is a hot path.  Instead of declaring the
common_audit_data on the stack move it to a noinline function only used in
the rare case we need to send an audit message.

Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Eric Paris 2012-04-04 15:01:42 -04:00
parent 602a8dd6ea
commit d4cf970d07
1 changed files with 21 additions and 11 deletions

View File

@ -2658,11 +2658,29 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na
return dentry_has_perm(cred, dentry, FILE__READ);
}
static noinline int audit_inode_permission(struct inode *inode,
u32 perms, u32 audited, u32 denied,
unsigned flags)
{
struct common_audit_data ad;
struct selinux_audit_data sad = {0,};
struct inode_security_struct *isec = inode->i_security;
int rc;
COMMON_AUDIT_DATA_INIT(&ad, INODE);
ad.selinux_audit_data = &sad;
ad.u.inode = inode;
rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
audited, denied, &ad, flags);
if (rc)
return rc;
return 0;
}
static int selinux_inode_permission(struct inode *inode, int mask)
{
const struct cred *cred = current_cred();
struct common_audit_data ad;
struct selinux_audit_data sad = {0,};
u32 perms;
bool from_access;
unsigned flags = mask & MAY_NOT_BLOCK;
@ -2696,15 +2714,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
if (likely(!audited))
return rc;
COMMON_AUDIT_DATA_INIT(&ad, INODE);
ad.selinux_audit_data = &sad;
ad.u.inode = inode;
if (from_access)
ad.selinux_audit_data->auditdeny |= FILE__AUDIT_ACCESS;
rc2 = slow_avc_audit(sid, isec->sid, isec->sclass, perms,
audited, denied, &ad, flags);
rc2 = audit_inode_permission(inode, perms, audited, denied, flags);
if (rc2)
return rc2;
return rc;