1. 11 4月, 2012 1 次提交
  2. 04 4月, 2012 6 次提交
  3. 01 4月, 2012 4 次提交
    • A
      get rid of pointless includes of ext2_fs.h · 2f99c369
      Al Viro 提交于
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      2f99c369
    • A
      selinuxfs: merge dentry allocation into sel_make_dir() · a1c2aa1e
      Al Viro 提交于
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      a1c2aa1e
    • L
      selinux: inline avc_audit() and avc_has_perm_noaudit() into caller · cdb0f9a1
      Linus Torvalds 提交于
      Now that all the slow-path code is gone from these functions, we can
      inline them into the main caller - avc_has_perm_flags().
      
      Now the compiler can see that 'avc' is allocated on the stack for this
      case, which helps register pressure a bit.  It also actually shrinks the
      total stack frame, because the stack frame that avc_has_perm_flags()
      always needed (for that 'avc' allocation) is now sufficient for the
      inlined functions too.
      
      Inlining isn't bad - but mindless inlining of cold code (see the
      previous commit) is.
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      cdb0f9a1
    • L
      selinux: don't inline slow-path code into avc_has_perm_noaudit() · a554bea8
      Linus Torvalds 提交于
      The selinux AVC paths remain some of the hottest (and deepest) codepaths
      at filename lookup time, and we make it worse by having the slow path
      cases take up I$ and stack space even when they don't trigger.  Gcc
      tends to always want to inline functions that are just called once -
      never mind that this might make for slower and worse code in the caller.
      
      So this tries to improve on it a bit by making the slow-path cases
      explicitly separate functions that are marked noinline, causing gcc to
      at least no longer allocate stack space for them unless they are
      actually called.  It also seems to help register allocation a tiny bit,
      since gcc now doesn't take the slow case code into account.
      
      Uninlining the slow path may also allow us to inline the remaining hot
      path into the one caller that actually matters: avc_has_perm_flags().
      I'll have to look at that separately, but both avc_audit() and
      avc_has_perm_noaudit() are now small and lean enough that inlining them
      may make sense.
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a554bea8
  4. 29 3月, 2012 1 次提交
  5. 27 3月, 2012 1 次提交
  6. 26 3月, 2012 1 次提交
    • D
      SELinux: selinux/xfrm.h needs net/flow.h · 778aae84
      David Howells 提交于
      selinux/xfrm.h needs to #include net/flow.h or else suffer:
      
      In file included from security/selinux/ss/services.c:69:0:
      security/selinux/include/xfrm.h: In function 'selinux_xfrm_notify_policyload':
      security/selinux/include/xfrm.h:53:14: error: 'flow_cache_genid' undeclared (first use in this function)
      security/selinux/include/xfrm.h:53:14: note: each undeclared identifier is reported only once for each function it appears in
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      778aae84
  7. 24 3月, 2012 2 次提交
  8. 23 3月, 2012 1 次提交
    • L
      security: optimize avc_audit() common path · 48aab2f7
      Linus Torvalds 提交于
      avc_audit() did a lot of jumping around and had a big stack frame, all
      for the uncommon case.
      
      Split up the uncommon case (which we really can't make go fast anyway)
      into its own slow function, and mark the conditional branches
      appropriately for the common likely case.
      
      This causes avc_audit() to no longer show up as one of the hottest
      functions on the branch profiles (the new "perf -b" thing), and makes
      the cycle profiles look really nice and dense too.
      
      The whole audit path is still annoyingly very much one of the biggest
      costs of name lookup, so these things are worth optimizing for.  I wish
      we could just tell people to turn it off, but realistically we do need
      it: we just need to make sure that the overhead of the necessary evil is
      as low as possible.
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      48aab2f7
  9. 21 3月, 2012 1 次提交
  10. 20 3月, 2012 3 次提交
  11. 15 3月, 2012 3 次提交
  12. 14 3月, 2012 7 次提交
  13. 07 3月, 2012 1 次提交
  14. 02 3月, 2012 1 次提交
  15. 01 3月, 2012 1 次提交
    • T
      TOMOYO: Fix mount flags checking order. · df91e494
      Tetsuo Handa 提交于
      Userspace can pass in arbitrary combinations of MS_* flags to mount().
      
      If both MS_BIND and one of MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE are
      passed, device name which should be checked for MS_BIND was not checked because
      MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE had higher priority than MS_BIND.
      
      If both one of MS_BIND/MS_MOVE and MS_REMOUNT are passed, device name which
      should not be checked for MS_REMOUNT was checked because MS_BIND/MS_MOVE had
      higher priority than MS_REMOUNT.
      
      Fix these bugs by changing priority to MS_REMOUNT -> MS_BIND ->
      MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE -> MS_MOVE as with do_mount() does.
      
      Also, unconditionally return -EINVAL if more than one of
      MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE is passed so that TOMOYO will not
      generate inaccurate audit logs, for commit 7a2e8a8f "VFS: Sanity check mount
      flags passed to change_mnt_propagation()" clarified that these flags must be
      exclusively passed.
      Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: NJames Morris <james.l.morris@oracle.com>
      df91e494
  16. 28 2月, 2012 6 次提交