audit: optimize audit_compare_dname_path (e3d6b07b) · Commits · 戴 / test

kernel/audit.h

+4 −1

Original line number	Diff line number	Diff line
		@@ -74,12 +74,15 @@ static inline int audit_hash_ino(u32 ino)
		return (ino & (AUDIT_INODE_BUCKETS-1));
		}

		/* Indicates that audit should log the full pathname. */
		#define AUDIT_NAME_FULL -1

		extern int audit_match_class(int class, unsigned syscall);
		extern int audit_comparator(const u32 left, const u32 op, const u32 right);
		extern int audit_uid_comparator(kuid_t left, u32 op, kuid_t right);
		extern int audit_gid_comparator(kgid_t left, u32 op, kgid_t right);
		extern int parent_len(const char *path);
		extern int audit_compare_dname_path(const char dname, const char path);
		extern int audit_compare_dname_path(const char dname, const char path, int plen);
		extern struct sk_buff * audit_make_reply(int pid, int seq, int type,
		int done, int multi,
		const void *payload, int size);

+2 −1

Original line number	Diff line number	Diff line
		@@ -265,7 +265,8 @@ static void audit_update_watch(struct audit_parent *parent,
		/* Run all of the watches on this parent looking for the one that
		* matches the given dname */
		list_for_each_entry_safe(owatch, nextw, &parent->watches, wlist) {
		if (audit_compare_dname_path(dname, owatch->path))
		if (audit_compare_dname_path(dname, owatch->path,
		AUDIT_NAME_FULL))
		continue;

		/* If the update involves invalidating rules, do the inode-based

+11 −5

Original line number	Diff line number	Diff line
		@@ -1328,11 +1328,17 @@ int parent_len(const char *path)
		return p - path;
		}

		/* Compare given dentry name with last component in given path,
		* return of 0 indicates a match. */
		int audit_compare_dname_path(const char dname, const char path)
		/**
		* audit_compare_dname_path - compare given dentry name with last component in
		* given path. Return of 0 indicates a match.
		* @dname: dentry name that we're comparing
		* @path: full pathname that we're comparing
		* @parentlen: length of the parent if known. Passing in AUDIT_NAME_FULL
		* here indicates that we must compute this value.
		*/
		int audit_compare_dname_path(const char dname, const char path, int parentlen)
		{
		int dlen, pathlen, parentlen;
		int dlen, pathlen;
		const char *p;

		dlen = strlen(dname);
		@@ -1340,7 +1346,7 @@ int audit_compare_dname_path(const char dname, const char path)
		if (pathlen < dlen)
		return 1;

		parentlen = parent_len(path);
		parentlen = parentlen == AUDIT_NAME_FULL ? parent_len(path) : parentlen;
		if (pathlen - parentlen != dlen)
		return 1;

+3 −5

Original line number	Diff line number	Diff line
		@@ -81,9 +81,6 @@
		* a name dynamically and also add those to the list anchored by names_list. */
		#define AUDIT_NAMES 5

		/* Indicates that audit should log the full pathname. */
		#define AUDIT_NAME_FULL -1

		/* no execve audit message should be longer than this (userspace limits) */
		#define MAX_EXECVE_AUDIT_LEN 7500

		@@ -2222,7 +2219,7 @@ void __audit_inode_child(const struct inode *parent,
		continue;

		if (n->ino == parent->i_ino &&
		!audit_compare_dname_path(dname, n->name)) {
		!audit_compare_dname_path(dname, n->name, n->name_len)) {
		found_parent = n->name;
		goto add_names;
		}
		@@ -2235,7 +2232,8 @@ void __audit_inode_child(const struct inode *parent,

		/* strcmp() is the more likely scenario */
		if (!strcmp(dname, n->name) \|\|
		!audit_compare_dname_path(dname, n->name)) {
		!audit_compare_dname_path(dname, n->name,
		AUDIT_NAME_FULL)) {
		if (inode)
		audit_copy_inode(n, dentry, inode);
		else