LSM: shrink the common_audit_data data union
After shrinking the common_audit_data stack usage for private LSM data I'm not going to shrink the data union. To do this I'm going to move anything larger than 2 void * ptrs to it's own structure and require it to be declared separately on the calling stack. Thus hot paths which don't need more than a couple pointer don't have to declare space to hold large unneeded structures. I could get this down to one void * by dealing with the key struct and the struct path. We'll see if that is helpful after taking care of networking. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Eric Paris
committed by
Linus Torvalds
Linus Torvalds
parent
3b3b0e4fc1
commit
48c62af68a
@@ -49,8 +49,8 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
|
||||
if (ih == NULL)
|
||||
return -EINVAL;
|
||||
|
||||
ad->u.net.v4info.saddr = ih->saddr;
|
||||
ad->u.net.v4info.daddr = ih->daddr;
|
||||
ad->u.net->v4info.saddr = ih->saddr;
|
||||
ad->u.net->v4info.daddr = ih->daddr;
|
||||
|
||||
if (proto)
|
||||
*proto = ih->protocol;
|
||||
@@ -64,8 +64,8 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
|
||||
if (th == NULL)
|
||||
break;
|
||||
|
||||
ad->u.net.sport = th->source;
|
||||
ad->u.net.dport = th->dest;
|
||||
ad->u.net->sport = th->source;
|
||||
ad->u.net->dport = th->dest;
|
||||
break;
|
||||
}
|
||||
case IPPROTO_UDP: {
|
||||
@@ -73,8 +73,8 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
|
||||
if (uh == NULL)
|
||||
break;
|
||||
|
||||
ad->u.net.sport = uh->source;
|
||||
ad->u.net.dport = uh->dest;
|
||||
ad->u.net->sport = uh->source;
|
||||
ad->u.net->dport = uh->dest;
|
||||
break;
|
||||
}
|
||||
case IPPROTO_DCCP: {
|
||||
@@ -82,16 +82,16 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb,
|
||||
if (dh == NULL)
|
||||
break;
|
||||
|
||||
ad->u.net.sport = dh->dccph_sport;
|
||||
ad->u.net.dport = dh->dccph_dport;
|
||||
ad->u.net->sport = dh->dccph_sport;
|
||||
ad->u.net->dport = dh->dccph_dport;
|
||||
break;
|
||||
}
|
||||
case IPPROTO_SCTP: {
|
||||
struct sctphdr *sh = sctp_hdr(skb);
|
||||
if (sh == NULL)
|
||||
break;
|
||||
ad->u.net.sport = sh->source;
|
||||
ad->u.net.dport = sh->dest;
|
||||
ad->u.net->sport = sh->source;
|
||||
ad->u.net->dport = sh->dest;
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@@ -119,8 +119,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
|
||||
ip6 = ipv6_hdr(skb);
|
||||
if (ip6 == NULL)
|
||||
return -EINVAL;
|
||||
ad->u.net.v6info.saddr = ip6->saddr;
|
||||
ad->u.net.v6info.daddr = ip6->daddr;
|
||||
ad->u.net->v6info.saddr = ip6->saddr;
|
||||
ad->u.net->v6info.daddr = ip6->daddr;
|
||||
ret = 0;
|
||||
/* IPv6 can have several extension header before the Transport header
|
||||
* skip them */
|
||||
@@ -140,8 +140,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
|
||||
if (th == NULL)
|
||||
break;
|
||||
|
||||
ad->u.net.sport = th->source;
|
||||
ad->u.net.dport = th->dest;
|
||||
ad->u.net->sport = th->source;
|
||||
ad->u.net->dport = th->dest;
|
||||
break;
|
||||
}
|
||||
case IPPROTO_UDP: {
|
||||
@@ -151,8 +151,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
|
||||
if (uh == NULL)
|
||||
break;
|
||||
|
||||
ad->u.net.sport = uh->source;
|
||||
ad->u.net.dport = uh->dest;
|
||||
ad->u.net->sport = uh->source;
|
||||
ad->u.net->dport = uh->dest;
|
||||
break;
|
||||
}
|
||||
case IPPROTO_DCCP: {
|
||||
@@ -162,8 +162,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
|
||||
if (dh == NULL)
|
||||
break;
|
||||
|
||||
ad->u.net.sport = dh->dccph_sport;
|
||||
ad->u.net.dport = dh->dccph_dport;
|
||||
ad->u.net->sport = dh->dccph_sport;
|
||||
ad->u.net->dport = dh->dccph_dport;
|
||||
break;
|
||||
}
|
||||
case IPPROTO_SCTP: {
|
||||
@@ -172,8 +172,8 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
|
||||
sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
|
||||
if (sh == NULL)
|
||||
break;
|
||||
ad->u.net.sport = sh->source;
|
||||
ad->u.net.dport = sh->dest;
|
||||
ad->u.net->sport = sh->source;
|
||||
ad->u.net->dport = sh->dest;
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@@ -281,8 +281,8 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
||||
}
|
||||
break;
|
||||
case LSM_AUDIT_DATA_NET:
|
||||
if (a->u.net.sk) {
|
||||
struct sock *sk = a->u.net.sk;
|
||||
if (a->u.net->sk) {
|
||||
struct sock *sk = a->u.net->sk;
|
||||
struct unix_sock *u;
|
||||
int len = 0;
|
||||
char *p = NULL;
|
||||
@@ -330,29 +330,29 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
||||
}
|
||||
}
|
||||
|
||||
switch (a->u.net.family) {
|
||||
switch (a->u.net->family) {
|
||||
case AF_INET:
|
||||
print_ipv4_addr(ab, a->u.net.v4info.saddr,
|
||||
a->u.net.sport,
|
||||
print_ipv4_addr(ab, a->u.net->v4info.saddr,
|
||||
a->u.net->sport,
|
||||
"saddr", "src");
|
||||
print_ipv4_addr(ab, a->u.net.v4info.daddr,
|
||||
a->u.net.dport,
|
||||
print_ipv4_addr(ab, a->u.net->v4info.daddr,
|
||||
a->u.net->dport,
|
||||
"daddr", "dest");
|
||||
break;
|
||||
case AF_INET6:
|
||||
print_ipv6_addr(ab, &a->u.net.v6info.saddr,
|
||||
a->u.net.sport,
|
||||
print_ipv6_addr(ab, &a->u.net->v6info.saddr,
|
||||
a->u.net->sport,
|
||||
"saddr", "src");
|
||||
print_ipv6_addr(ab, &a->u.net.v6info.daddr,
|
||||
a->u.net.dport,
|
||||
print_ipv6_addr(ab, &a->u.net->v6info.daddr,
|
||||
a->u.net->dport,
|
||||
"daddr", "dest");
|
||||
break;
|
||||
}
|
||||
if (a->u.net.netif > 0) {
|
||||
if (a->u.net->netif > 0) {
|
||||
struct net_device *dev;
|
||||
|
||||
/* NOTE: we always use init's namespace */
|
||||
dev = dev_get_by_index(&init_net, a->u.net.netif);
|
||||
dev = dev_get_by_index(&init_net, a->u.net->netif);
|
||||
if (dev) {
|
||||
audit_log_format(ab, " netif=%s", dev->name);
|
||||
dev_put(dev);
|
||||
|
||||
Reference in New Issue
Block a user