From: "Mickaël Salaün" <mic@digikod.net>
To: linux-security-module@vger.kernel.org
Cc: "Mickaël Salaün" <mic@digikod.net>
Subject: [PATCH v1] landlock: Optimize stack usage when !CONFIG_AUDIT
Date: Fri, 19 Dec 2025 15:22:59 +0100 [thread overview]
Message-ID: <20251219142302.744917-2-mic@digikod.net> (raw)
Until now, each landlock_request struct were allocated on the stack, even
if not really used, because is_access_to_paths_allowed() unconditionally
modified the passed references. Even if the changed landlock_request
variables are not used, the compiler is not smart enough to detect this
case.
To avoid this issue, explicitly disable the related code when
CONFIG_AUDIT is not set, which enables elision of log_request_parent*
and associated caller's stack variables thanks to dead code elimination.
This makes it possible to reduce the stack frame by 192 bytes for the
path_link and path_rename hooks, and by 96 bytes for most other
filesystem hooks.
Here is a summary of scripts/checkstack.pl before and after this change
when CONFIG_AUDIT is disabled:
Function Old size New size Diff
----------------------------------------------------------
current_check_refer_path 384 208 -176
current_check_access_path 192 112 -80
hook_file_open 208 128 -80
is_access_to_paths_allowed 240 224 -16
Also, add extra pointer checks to be more future-proof.
Fixes: 2fc80c69df82 ("landlock: Log file-related denials")
Signed-off-by: Mickaël Salaün <mic@digikod.net>
---
security/landlock/fs.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/security/landlock/fs.c b/security/landlock/fs.c
index fe794875ad46..722f950307f6 100644
--- a/security/landlock/fs.c
+++ b/security/landlock/fs.c
@@ -939,7 +939,12 @@ static bool is_access_to_paths_allowed(
}
path_put(&walker_path);
- if (!allowed_parent1) {
+ /*
+ * Check CONFIG_AUDIT to enable elision of log_request_parent* and
+ * associated caller's stack variables thanks to dead code elimination.
+ */
+#ifdef CONFIG_AUDIT
+ if (!allowed_parent1 && log_request_parent1) {
log_request_parent1->type = LANDLOCK_REQUEST_FS_ACCESS;
log_request_parent1->audit.type = LSM_AUDIT_DATA_PATH;
log_request_parent1->audit.u.path = *path;
@@ -949,7 +954,7 @@ static bool is_access_to_paths_allowed(
ARRAY_SIZE(*layer_masks_parent1);
}
- if (!allowed_parent2) {
+ if (!allowed_parent2 && log_request_parent2) {
log_request_parent2->type = LANDLOCK_REQUEST_FS_ACCESS;
log_request_parent2->audit.type = LSM_AUDIT_DATA_PATH;
log_request_parent2->audit.u.path = *path;
@@ -958,6 +963,8 @@ static bool is_access_to_paths_allowed(
log_request_parent2->layer_masks_size =
ARRAY_SIZE(*layer_masks_parent2);
}
+#endif /* CONFIG_AUDIT */
+
return allowed_parent1 && allowed_parent2;
}
--
2.52.0
next reply other threads:[~2025-12-19 14:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-19 14:22 Mickaël Salaün [this message]
2025-12-19 14:26 ` [PATCH v1] landlock: Optimize stack usage when !CONFIG_AUDIT Mickaël Salaün
2025-12-23 23:11 ` Günther Noack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251219142302.744917-2-mic@digikod.net \
--to=mic@digikod.net \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).