Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c3896495 authored by David Woodhouse's avatar David Woodhouse
Browse files

AUDIT: Speed up audit_filter_syscall() for the non-auditable case. 



It was showing up fairly high on profiles even when no rules were set.
Make sure the common path stays as fast as possible.

Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent 413a1c75

kernel/auditsc.c

+12 −10
Original line number Diff line number Diff line
@@ -514,13 +514,15 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, 
{

	struct audit_entry *e;

	enum audit_state state;

	int		   word = AUDIT_WORD(ctx->major);

	int		   bit  = AUDIT_BIT(ctx->major);



	if (audit_pid && tsk->tgid == audit_pid)

		return AUDIT_DISABLED;



	rcu_read_lock();

	if (!list_empty(list)) {

		    int word = AUDIT_WORD(ctx->major);

		    int bit  = AUDIT_BIT(ctx->major);



		    list_for_each_entry_rcu(e, list, list) {

			    if ((e->rule.mask[word] & bit) == bit

				&& audit_filter_rules(tsk, &e->rule, ctx, &state)) {
@@ -528,6 +530,7 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, 
				    return state;

			    }

		    }

	}

	rcu_read_unlock();

	return AUDIT_BUILD_CONTEXT;

}
@@ -1023,7 +1026,6 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code) 
	} else {

		audit_free_names(context);

		audit_free_aux(context);

		audit_zero_context(context, context->state);

		tsk->audit_context = context;

	}

 out: