From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Paris Subject: Re: [PATCH 1/3] IMA: move read/write counters into struct inode Date: Mon, 18 Oct 2010 22:46:07 -0400 Message-ID: <1287456367.2530.126.camel@localhost.localdomain> References: <20101019011650.25346.99614.stgit@paris.rdu.redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, hch@infradead.org, zohar@us.ibm.com, warthog9@kernel.org, david@fromorbit.com, jmorris@namei.org, kyle@mcmartin.ca, hpa@zytor.com, akpm@linux-foundation.org, torvalds@linux-foundation.org, mingo@elte.hu, viro@zeniv.linux.org.uk To: linux-kernel@vger.kenel.org Return-path: In-Reply-To: <20101019011650.25346.99614.stgit@paris.rdu.redhat.com> Sender: linux-security-module-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Mon, 2010-10-18 at 21:16 -0400, Eric Paris wrote: > IMA currently alocated an inode integrity structure for every inode in > core. This stucture is about 120 bytes long. Most files however > (especially on a system which doesn't make use of IMA) will never need any > of this space. The problem is that if IMA is enabled we need to know > information about the number of readers and the number of writers for every > inode on the box. At the moment we collect that information in the per > inode iint structure and waste the rest of the space. This patch moves those > counters into the struct inode so we can eventually stop allocating an IMA > integrity structure except when absolutely needed. > > This patch does the minimum needed to move the location of the data. Further > cleanups, especially the location of counter updates, may still be possible. > > Signed-off-by: Eric Paris Noone should apply this, it doesn't build on !CONFIG_IMA. Notice my extra ; on the end of the line :( > +static inline void ima_check_counters(struct inode *inode); > +{ > + return; > +} > #endif /* CONFIG_IMA_H */ > #endif /* _LINUX_IMA_H */