From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: {PATCH] Audit Filter Performance Date: Sat, 8 Apr 2006 16:46:26 -0400 Message-ID: <200604081646.26172.sgrubb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com, aviro@redhat.com List-Id: linux-audit@redhat.com Hi, While testing the watch performance, I noticed that selinux_task_ctxid() was creeping into the results more than it should. Investigation showed that the function call was being called whether it was needed or not. The below patch fixes this. Signed-off-by: Steve Grubb diff -ur linux-2.6.16.x86_64.orig/kernel/auditsc.c linux-2.6.16.x86_64/kernel/auditsc.c --- linux-2.6.16.x86_64.orig/kernel/auditsc.c 2006-04-08 16:28:16.000000000 -0400 +++ linux-2.6.16.x86_64/kernel/auditsc.c 2006-04-08 16:33:33.000000000 -0400 @@ -190,9 +190,6 @@ enum audit_state *state) { int i, j; - u32 sid; - - selinux_task_ctxid(tsk, &sid); for (i = 0; i < rule->field_count; i++) { struct audit_field *f = &rule->fields[i]; @@ -295,11 +292,15 @@ match for now to avoid losing information that may be wanted. An error message will also be logged upon error */ - if (f->se_rule) + if (f->se_rule) { + u32 sid; + + selinux_task_ctxid(tsk, &sid); result = selinux_audit_rule_match(sid, f->type, f->op, f->se_rule, ctx); + } break; case AUDIT_ARG0: case AUDIT_ARG1: