diff options
author | Tony Jones <tonyj@suse.de> | 2011-04-27 15:10:49 +0200 |
---|---|---|
committer | Jiri Kosina <jkosina@suse.cz> | 2011-04-27 15:11:03 +0200 |
commit | f562988350361bf4118dd3c3e192dff763b493d9 (patch) | |
tree | 37acb6cfdb47681f38e0aa68d20ffd2934710666 /security | |
parent | 80e8ff562ad775758634a58e7ea998e011519d98 (diff) | |
download | op-kernel-dev-f562988350361bf4118dd3c3e192dff763b493d9.zip op-kernel-dev-f562988350361bf4118dd3c3e192dff763b493d9.tar.gz |
audit: acquire creds selectively to reduce atomic op overhead
Commit c69e8d9c01db ("CRED: Use RCU to access another task's creds and to
release a task's own creds") added calls to get_task_cred and put_cred in
audit_filter_rules. Profiling with a large number of audit rules active
on the exit chain shows that we are spending upto 48% in this routine for
syscall intensive tests, most of which is in the atomic ops.
1. The code should be accessing tsk->cred rather than tsk->real_cred.
2. Since tsk is current (or tsk is being created by copy_process) access to
tsk->cred without rcu read lock is possible. At the request of the audit
maintainer, a new flag has been added to audit_filter_rules in order to make
this explicit and guide future code.
Signed-off-by: Tony Jones <tonyj@suse.de>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions