Commit c3896495 authored by David Woodhouse's avatar David Woodhouse

AUDIT: Speed up audit_filter_syscall() for the non-auditable case.

It was showing up fairly high on profiles even when no rules were set.
Make sure the common path stays as fast as possible.
Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent 413a1c75
...@@ -514,13 +514,15 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, ...@@ -514,13 +514,15 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
{ {
struct audit_entry *e; struct audit_entry *e;
enum audit_state state; enum audit_state state;
int word = AUDIT_WORD(ctx->major);
int bit = AUDIT_BIT(ctx->major);
if (audit_pid && tsk->tgid == audit_pid) if (audit_pid && tsk->tgid == audit_pid)
return AUDIT_DISABLED; return AUDIT_DISABLED;
rcu_read_lock(); rcu_read_lock();
if (!list_empty(list)) {
int word = AUDIT_WORD(ctx->major);
int bit = AUDIT_BIT(ctx->major);
list_for_each_entry_rcu(e, list, list) { list_for_each_entry_rcu(e, list, list) {
if ((e->rule.mask[word] & bit) == bit if ((e->rule.mask[word] & bit) == bit
&& audit_filter_rules(tsk, &e->rule, ctx, &state)) { && audit_filter_rules(tsk, &e->rule, ctx, &state)) {
...@@ -528,6 +530,7 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, ...@@ -528,6 +530,7 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
return state; return state;
} }
} }
}
rcu_read_unlock(); rcu_read_unlock();
return AUDIT_BUILD_CONTEXT; return AUDIT_BUILD_CONTEXT;
} }
...@@ -1023,7 +1026,6 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code) ...@@ -1023,7 +1026,6 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code)
} else { } else {
audit_free_names(context); audit_free_names(context);
audit_free_aux(context); audit_free_aux(context);
audit_zero_context(context, context->state);
tsk->audit_context = context; tsk->audit_context = context;
} }
out: out:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment