From mboxrd@z Thu Jan  1 00:00:00 1970
From: Amy Griffis <amy.griffis@hp.com>
Subject: Re: {PATCH] Audit Filter Performance
Date: Mon, 10 Apr 2006 19:46:45 -0400
Message-ID: <20060410234645.GA32612@sage.flatmonk>
References: <200604081646.26172.sgrubb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
In-Reply-To: <200604081646.26172.sgrubb@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

Steve Grubb wrote:  [Sat Apr 08 2006, 04:46:26PM EDT]
> While testing the watch performance, I noticed that selinux_task_ctxid() was
> creeping into the results more than it should. Investigation showed that the
> function call was being called whether it was needed or not. The below patch
> fixes this.

You've moved selinux_task_ctxid() inside a for loop.  Now it will be
called for each selinux field in a rule.  I don't think that's what
you want.  

A better solution would be to set a rule flag in
audit_data_to_entry(), then check that flag outside the for loop.

>
> 
> Signed-off-by: Steve Grubb
> 
> 
> diff -ur linux-2.6.16.x86_64.orig/kernel/auditsc.c linux-2.6.16.x86_64/kernel/auditsc.c
> --- linux-2.6.16.x86_64.orig/kernel/auditsc.c	2006-04-08 16:28:16.000000000 -0400
> +++ linux-2.6.16.x86_64/kernel/auditsc.c	2006-04-08 16:33:33.000000000 -0400
> @@ -190,9 +190,6 @@
>  			      enum audit_state *state)
>  {
>  	int i, j;
> -	u32 sid;
> -
> -	selinux_task_ctxid(tsk, &sid);
>  
>  	for (i = 0; i < rule->field_count; i++) {
>  		struct audit_field *f = &rule->fields[i];
> @@ -295,11 +292,15 @@
>  			   match for now to avoid losing information that
>  			   may be wanted.   An error message will also be
>  			   logged upon error */
> -			if (f->se_rule)
> +			if (f->se_rule) {
> +				u32 sid;
> +
> +				selinux_task_ctxid(tsk, &sid);
>  				result = selinux_audit_rule_match(sid, f->type,
>  				                                  f->op,
>  				                                  f->se_rule,
>  				                                  ctx);
> +			}
>  			break;
>  		case AUDIT_ARG0:
>  		case AUDIT_ARG1:
> 
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>