Merge branch 'selinux' ("struct common_audit_data" sanitizer)

Merge common_audit_data cleanup patches from Eric Paris. This is really too late, but it's a long-overdue cleanup of the costly wrapper functions for the security layer. The "struct common_audit_data" is used all over in critical paths, allocated and initialized on the stack. And used to be much too large, causing not only unnecessarily big stack frames but the clearing of the (mostly useless) data was also very visible in profiles. As a particular example, in one microbenchmark for just doing "stat()" over files a lot, selinux_inode_permission() used 7% of the CPU time. That's despite the fact that it doesn't actually *do* anything: it is just a helper wrapper function in the selinux security layer. This patch-series shrinks "struct common_audit_data" sufficiently that code generation for these kinds of wrapper functions is improved noticeably, and we spend much less time just initializing data that we will never use. The functions still get called all the time, and it still shows up at 3.5+% in my microbenchmark, but it's quite a bit lower down the list, and much less noticeable. * Emailed patches from Eric Paris <eparis@redhat.com>: lsm_audit: don't specify the audit pre/post callbacks in 'struct common_audit_data' SELinux: do not allocate stack space for AVC data unless needed SELinux: remove avd from slow_avc_audit() SELinux: remove avd from selinux_audit_data LSM: shrink the common_audit_data data union LSM: shrink sizeof LSM specific portion of common_audit_data
author: Linus Torvalds <torvalds@linux-foundation.org> 2012-04-04 10:11:24 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-04-04 10:11:24 -0700
commit: a5149bf3fed59b94207809704b5d06fec337a771 (patch)
tree: 7a2f0297d35c962040bdd90981376c4b41c40c0f /security/selinux/avc.c
parent: 3ff8f932bce11fc89e435acb30263a06cb8bd084 (diff)
parent: b61c37f57988567c84359645f8202a7c84bc798a (diff)
1 files changed, 24 insertions, 21 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 1a70fa26da72..8ee42b2a5f19 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -436,9 +436,9 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
 {
 	struct common_audit_data *ad = a;
 	audit_log_format(ab, "avc:  %s ",
-			 ad->selinux_audit_data.denied ? "denied" : "granted");
-	avc_dump_av(ab, ad->selinux_audit_data.tclass,
-			ad->selinux_audit_data.audited);
+			 ad->selinux_audit_data->slad->denied ? "denied" : "granted");
+	avc_dump_av(ab, ad->selinux_audit_data->slad->tclass,
+			ad->selinux_audit_data->slad->audited);
 	audit_log_format(ab, " for ");
 }
 
@@ -452,22 +452,25 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a)
 {
 	struct common_audit_data *ad = a;
 	audit_log_format(ab, " ");
-	avc_dump_query(ab, ad->selinux_audit_data.ssid,
-			   ad->selinux_audit_data.tsid,
-			   ad->selinux_audit_data.tclass);
+	avc_dump_query(ab, ad->selinux_audit_data->slad->ssid,
+			   ad->selinux_audit_data->slad->tsid,
+			   ad->selinux_audit_data->slad->tclass);
 }
 
 /* This is the slow part of avc audit with big stack footprint */
 static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
 		u32 requested, u32 audited, u32 denied,
-		struct av_decision *avd, struct common_audit_data *a,
+		struct common_audit_data *a,
 		unsigned flags)
 {
 	struct common_audit_data stack_data;
+	struct selinux_audit_data sad = {0,};
+	struct selinux_late_audit_data slad;
 
 	if (!a) {
 		a = &stack_data;
 		COMMON_AUDIT_DATA_INIT(a, NONE);
+		a->selinux_audit_data = &sad;
 	}
 
 	/*
@@ -481,15 +484,15 @@ static noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
 	    (flags & MAY_NOT_BLOCK))
 		return -ECHILD;
 
-	a->selinux_audit_data.tclass = tclass;
-	a->selinux_audit_data.requested = requested;
-	a->selinux_audit_data.ssid = ssid;
-	a->selinux_audit_data.tsid = tsid;
-	a->selinux_audit_data.audited = audited;
-	a->selinux_audit_data.denied = denied;
-	a->lsm_pre_audit = avc_audit_pre_callback;
-	a->lsm_post_audit = avc_audit_post_callback;
-	common_lsm_audit(a);
+	slad.tclass = tclass;
+	slad.requested = requested;
+	slad.ssid = ssid;
+	slad.tsid = tsid;
+	slad.audited = audited;
+	slad.denied = denied;
+
+	a->selinux_audit_data->slad = &slad;
+	common_lsm_audit(a, avc_audit_pre_callback, avc_audit_post_callback);
 	return 0;
 }
 
@@ -523,7 +526,7 @@ inline int avc_audit(u32 ssid, u32 tsid,
 	if (unlikely(denied)) {
 		audited = denied & avd->auditdeny;
 		/*
-		 * a->selinux_audit_data.auditdeny is TRICKY!  Setting a bit in
+		 * a->selinux_audit_data->auditdeny is TRICKY!  Setting a bit in
 		 * this field means that ANY denials should NOT be audited if
 		 * the policy contains an explicit dontaudit rule for that
 		 * permission.  Take notice that this is unrelated to the
@@ -532,15 +535,15 @@ inline int avc_audit(u32 ssid, u32 tsid,
 		 *
 		 * denied == READ
 		 * avd.auditdeny & ACCESS == 0 (not set means explicit rule)
-		 * selinux_audit_data.auditdeny & ACCESS == 1
+		 * selinux_audit_data->auditdeny & ACCESS == 1
 		 *
 		 * We will NOT audit the denial even though the denied
 		 * permission was READ and the auditdeny checks were for
 		 * ACCESS
 		 */
 		if (a &&
-		    a->selinux_audit_data.auditdeny &&
-		    !(a->selinux_audit_data.auditdeny & avd->auditdeny))
+		    a->selinux_audit_data->auditdeny &&
+		    !(a->selinux_audit_data->auditdeny & avd->auditdeny))
 			audited = 0;
 	} else if (result)
 		audited = denied = requested;
@@ -551,7 +554,7 @@ inline int avc_audit(u32 ssid, u32 tsid,
 
 	return slow_avc_audit(ssid, tsid, tclass,
 		requested, audited, denied,
-		avd, a, flags);
+		a, flags);
 }
 
 /**
author	Linus Torvalds <torvalds@linux-foundation.org>	2012-04-04 10:11:24 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-04-04 10:11:24 -0700
commit	a5149bf3fed59b94207809704b5d06fec337a771 (patch)
tree	7a2f0297d35c962040bdd90981376c4b41c40c0f /security/selinux/avc.c
parent	3ff8f932bce11fc89e435acb30263a06cb8bd084 (diff)
parent	b61c37f57988567c84359645f8202a7c84bc798a (diff)