diff options
author | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-08-17 14:49:57 +0100 |
---|---|---|
committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-08-17 14:49:57 +0100 |
commit | c3896495942392f1a792da1cafba7a573cbf6fc2 (patch) | |
tree | 1a042845b7a57118b1eb993b6dacdfe9cca7d440 | |
parent | 413a1c7520ad6207c9122a749983c500f29e3e32 (diff) | |
download | op-kernel-dev-c3896495942392f1a792da1cafba7a573cbf6fc2.zip op-kernel-dev-c3896495942392f1a792da1cafba7a573cbf6fc2.tar.gz |
AUDIT: Speed up audit_filter_syscall() for the non-auditable case.
It was showing up fairly high on profiles even when no rules were set.
Make sure the common path stays as fast as possible.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
-rw-r--r-- | kernel/auditsc.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index a73176e..818ef9f 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -513,20 +513,23 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, struct list_head *list) { struct audit_entry *e; - enum audit_state state; - int word = AUDIT_WORD(ctx->major); - int bit = AUDIT_BIT(ctx->major); + enum audit_state state; if (audit_pid && tsk->tgid == audit_pid) return AUDIT_DISABLED; rcu_read_lock(); - list_for_each_entry_rcu(e, list, list) { - if ((e->rule.mask[word] & bit) == bit - && audit_filter_rules(tsk, &e->rule, ctx, &state)) { - rcu_read_unlock(); - return state; - } + if (!list_empty(list)) { + int word = AUDIT_WORD(ctx->major); + int bit = AUDIT_BIT(ctx->major); + + list_for_each_entry_rcu(e, list, list) { + if ((e->rule.mask[word] & bit) == bit + && audit_filter_rules(tsk, &e->rule, ctx, &state)) { + rcu_read_unlock(); + return state; + } + } } rcu_read_unlock(); return AUDIT_BUILD_CONTEXT; @@ -1023,7 +1026,6 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code) } else { audit_free_names(context); audit_free_aux(context); - audit_zero_context(context, context->state); tsk->audit_context = context; } out: |