From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: {PATCH] Audit Filter Performance
Date: Tue, 11 Apr 2006 08:50:56 -0400
Message-ID: <200604110850.56573.sgrubb@redhat.com>
References: <200604081646.26172.sgrubb@redhat.com>
	<20060410234645.GA32612@sage.flatmonk>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <20060410234645.GA32612@sage.flatmonk>
Content-Disposition: inline
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Amy Griffis <amy.griffis@hp.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Monday 10 April 2006 19:46, Amy Griffis wrote:
> > While testing the watch performance, I noticed that selinux_task_ctxi=
d()
> > was creeping into the results more than it should. Investigation show=
ed
> > that the function call was being called whether it was needed or not.=
 The
> > below patch fixes this.
>
> You've moved selinux_task_ctxid() inside a for loop. =C2=A0Now it will =
be
> called for each selinux field in a rule. =C2=A0I don't think that's wha=
t
> you want. =C2=A0
>
> A better solution would be to set a rule flag in
> audit_data_to_entry(), then check that flag outside the for loop.

Yes, you are right - Thanks!  New patch below.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>


diff -urp linux-2.6.16.x86_64.orig/kernel/auditsc.c linux-2.6.16.x86_64/k=
ernel/auditsc.c
--- linux-2.6.16.x86_64.orig/kernel/auditsc.c	2006-04-11 08:44:02.0000000=
00 -0400
+++ linux-2.6.16.x86_64/kernel/auditsc.c	2006-04-11 08:43:17.000000000 -0=
400
@@ -189,11 +189,9 @@ static int audit_filter_rules(struct tas
 			      struct audit_context *ctx,
 			      enum audit_state *state)
 {
-	int i, j;
+	int i, j, need_sid =3D 1;
 	u32 sid;
=20
-	selinux_task_ctxid(tsk, &sid);
-
 	for (i =3D 0; i < rule->field_count; i++) {
 		struct audit_field *f =3D &rule->fields[i];
 		int result =3D 0;
@@ -295,11 +293,16 @@ static int audit_filter_rules(struct tas
 			   match for now to avoid losing information that
 			   may be wanted.   An error message will also be
 			   logged upon error */
-			if (f->se_rule)
+			if (f->se_rule) {
+				if (need_sid) {
+					selinux_task_ctxid(tsk, &sid);
+					need_sid =3D 0;
+				}
 				result =3D selinux_audit_rule_match(sid, f->type,
 				                                  f->op,
 				                                  f->se_rule,
 				                                  ctx);
+			}
 			break;
 		case AUDIT_ARG0:
 		case AUDIT_ARG1: