mirror of https://github.com/torvalds/linux.git
audit/stable-6.19 PR 20251201
-----BEGIN PGP SIGNATURE----- iQJIBAABCgAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmkuAIcUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXMWlhAAgydMY1/oYPKbP3xdJTPJU6uc4GLk o1lRaO59FkwogA2iupU6rltKiqhPYH7lIzebMcOuRLzaHpO0sGk0anyCMjNW2Agl P/Zu+xkF+uGnzpO3gpaOLYFbCkpT98hNbyZu33l6ftxr37+S+DWHuThUhmOnxcgQ z7Kguq0jaruiW8oc219HjNI/VCWW0F1W/+PVjFUSZogty2K2UttsabZQFMJ8MHg6 9C2jP/f+tN2KD55u7oEA5QiucC/8BdNdyLGke4TvjhG38FG4bh71Q59LknHa5yMa 6+NeftpE76+Inb8e+ze7iNv1InRccBXurm0p6lZ/lU5nYrjRT245CleQ7nq9ppD1 hyhuGQP/fvvYExKdTl1VWXA0zGLb6+1rIn6f//MpDSbXShGj/5vK82Qo/ug1ZEGH QEAr6g2/S6xgudl2ui5OHSDb87nDWxzNo1t9TxGPBoQ6TG3ryPcm1ccTB0tb59+3 Poej26MOuZUrTpiQl3SLnfwjN0WnkiqGX5y/Cjh9tHFVk2OzOe/VqImZk9oeFgxt O+IEB2cUO/U0D/3tdECqiRVS/RFe3jSn/qYCzP9fQaLhD0IpqlhfJ5TXbWiQam8Y vGjNCx17a7mwvfxCIofEANw0wu3ooajq68UjRVhTpoKka0USKvktAoFirAB8r54I oNSBfWKl4polguo= =3hKh -----END PGP SIGNATURE----- Merge tag 'audit-pr-20251201' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit Pull audit updates from Paul Moore: - Consolidate the loops in __audit_inode_child() to improve performance When logging a child inode in __audit_inode_child(), we first run through the list of recorded inodes looking for the parent and then we repeat the search looking for a matching child entry. This pull request consolidates both searches into one pass through the recorded inodes, resuling in approximately a 50% reduction in audit overhead. See the commit description for the testing details. - Combine kmalloc()/memset() into kzalloc() in audit_krule_to_data() - Comment fixes * tag 'audit-pr-20251201' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: merge loops in __audit_inode_child() audit: Use kzalloc() instead of kmalloc()/memset() in audit_krule_to_data() audit: fix comment misindentation in audit.h
This commit is contained in:
Linus Torvalds
commit
0eae3283c3
|
|
@ -138,7 +138,7 @@ struct audit_context {
|
|||
struct audit_aux_data *aux_pids;
|
||||
struct sockaddr_storage *sockaddr;
|
||||
size_t sockaddr_len;
|
||||
/* Save things to print about task_struct */
|
||||
/* Save things to print about task_struct */
|
||||
pid_t ppid;
|
||||
kuid_t uid, euid, suid, fsuid;
|
||||
kgid_t gid, egid, sgid, fsgid;
|
||||
|
|
|
|||
|
|
@ -638,10 +638,9 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
|
|||
void *bufp;
|
||||
int i;
|
||||
|
||||
data = kmalloc(struct_size(data, buf, krule->buflen), GFP_KERNEL);
|
||||
data = kzalloc(struct_size(data, buf, krule->buflen), GFP_KERNEL);
|
||||
if (unlikely(!data))
|
||||
return NULL;
|
||||
memset(data, 0, sizeof(*data));
|
||||
|
||||
data->flags = krule->flags | krule->listnr;
|
||||
data->action = krule->action;
|
||||
|
|
|
|||
|
|
@ -2416,41 +2416,36 @@ void __audit_inode_child(struct inode *parent,
|
|||
if (inode)
|
||||
handle_one(inode);
|
||||
|
||||
/* look for a parent entry first */
|
||||
list_for_each_entry(n, &context->names_list, list) {
|
||||
if (!n->name ||
|
||||
(n->type != AUDIT_TYPE_PARENT &&
|
||||
n->type != AUDIT_TYPE_UNKNOWN))
|
||||
continue;
|
||||
|
||||
if (n->ino == parent->i_ino && n->dev == parent->i_sb->s_dev &&
|
||||
!audit_compare_dname_path(dname,
|
||||
n->name->name, n->name_len)) {
|
||||
if (n->type == AUDIT_TYPE_UNKNOWN)
|
||||
n->type = AUDIT_TYPE_PARENT;
|
||||
found_parent = n;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
cond_resched();
|
||||
|
||||
/* is there a matching child entry? */
|
||||
list_for_each_entry(n, &context->names_list, list) {
|
||||
/* can only match entries that have a name */
|
||||
if (!n->name ||
|
||||
(n->type != type && n->type != AUDIT_TYPE_UNKNOWN))
|
||||
if (!n->name)
|
||||
continue;
|
||||
|
||||
if (!strcmp(dname->name, n->name->name) ||
|
||||
!audit_compare_dname_path(dname, n->name->name,
|
||||
/* look for a parent entry first */
|
||||
if (!found_parent &&
|
||||
(n->type == AUDIT_TYPE_PARENT || n->type == AUDIT_TYPE_UNKNOWN) &&
|
||||
(n->ino == parent->i_ino && n->dev == parent->i_sb->s_dev &&
|
||||
!audit_compare_dname_path(dname, n->name->name, n->name_len))) {
|
||||
n->type = AUDIT_TYPE_PARENT;
|
||||
found_parent = n;
|
||||
if (found_child)
|
||||
break;
|
||||
continue;
|
||||
}
|
||||
|
||||
/* is there a matching child entry? */
|
||||
if (!found_child &&
|
||||
(n->type == type || n->type == AUDIT_TYPE_UNKNOWN) &&
|
||||
(!strcmp(dname->name, n->name->name) ||
|
||||
!audit_compare_dname_path(dname, n->name->name,
|
||||
found_parent ?
|
||||
found_parent->name_len :
|
||||
AUDIT_NAME_FULL)) {
|
||||
AUDIT_NAME_FULL))) {
|
||||
if (n->type == AUDIT_TYPE_UNKNOWN)
|
||||
n->type = type;
|
||||
found_child = n;
|
||||
break;
|
||||
if (found_parent)
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue