audit.82 kernel

[David Woodhouse]

Profiling showed up a couple more bottlenecks Steve spotted a task
refcounting leak too. I'm _fairly_ sure the removal of
audit_zero_context() is OK. We'll be filling it in again before we use
it anyway.

* Fri Jul 29 2005 David Woodhouse <dwmw2 at redhat.com> audit.82
- Speed up audit_filter_syscall() for the fast path
- Fix task refcounting in audit_free() and audit_syscall_exit()
- Remove audit_zero_context() in audit_syscall_exit()

--- linux-2.6.9/kernel/auditsc.c.p20064	2005-07-29 15:46:05.000000000 +0100
+++ linux-2.6.9/kernel/auditsc.c	2005-07-29 15:46:05.000000000 +0100
@@ -523,20 +523,23 @@ static enum audit_state audit_filter_sys
 					     struct list_head *list)
 {
 	struct audit_entry *e;
-	enum audit_state   state;
-	int		   word = AUDIT_WORD(ctx->major);
-	int		   bit  = AUDIT_BIT(ctx->major);
+	enum audit_state state;
 
 	if (audit_pid && tsk->tgid == audit_pid)
 		return AUDIT_DISABLED;
 
 	rcu_read_lock();
-	list_for_each_entry_rcu(e, list, list) {
-		if ((e->rule.mask[word] & bit) == bit
- 		    && audit_filter_rules(tsk, &e->rule, ctx, &state)) {
-			rcu_read_unlock();
-			return state;
-		}
+	if (!list_empty(list)) {
+		    int word = AUDIT_WORD(ctx->major);
+		    int bit  = AUDIT_BIT(ctx->major);
+
+		    list_for_each_entry_rcu(e, list, list) {
+			    if ((e->rule.mask[word] & bit) == bit
+				&& audit_filter_rules(tsk, &e->rule, ctx, &state)) {
+				    rcu_read_unlock();
+				    return state;
+			    }
+		    }
 	}
 	rcu_read_unlock();
 	return AUDIT_BUILD_CONTEXT;
@@ -944,7 +947,7 @@ void audit_free(struct task_struct *tsk)
 	task_unlock(tsk);
 
 	if (likely(!context))
-		return;
+		goto out;
 
 	/* Check for system calls that do not go through the exit
 	 * function (e.g., exit_group), then free context block. 
@@ -953,6 +956,7 @@ void audit_free(struct task_struct *tsk)
 	if (context->in_syscall && context->auditable)
 		audit_log_exit(context, GFP_ATOMIC);
 
+ out:
 	audit_free_context(context);
 }
 
@@ -1053,7 +1057,7 @@ void audit_syscall_exit(struct task_stru
 	/* Not having a context here is ok, since the parent may have
 	 * called __put_task_struct. */
 	if (likely(!context))
-		return;
+		goto out;
 
 	if (context->in_syscall && context->auditable)
 		audit_log_exit(context, GFP_KERNEL);
@@ -1069,9 +1073,9 @@ void audit_syscall_exit(struct task_stru
 	} else {
 		audit_free_names(context);
 		audit_free_aux(context);
-		audit_zero_context(context, context->state);
 		tsk->audit_context = context;
 	}
+ out:
 	put_task_struct(tsk);
 }
 


-- 
dwmw2