[PATCH 2/2] audit: shrink audit_krule by using smaller bitfields
Steve Grubb
sgrubb at redhat.com
Tue Dec 23 19:04:07 UTC 2014
On Tuesday, December 23, 2014 01:20:15 PM Richard Guy Briggs wrote:
> Replace five 32-bit fields with one. Move a nearby 32-bit field to enable
> 64-bit alignment.
Are there performance impacts from handling bit fields? The syscall audit rules
affect each syscall of each program running. Also, setting bitfields so small
kind of boxes in any future capability enhancements.
-Steve
> Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> ---
> include/linux/audit.h | 13 +++++++------
> 1 files changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index b481779..bd06f92 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -46,13 +46,14 @@ struct audit_tree;
> struct sk_buff;
>
> struct audit_krule {
> - u32 pflags;
> - u32 flags;
> - u32 listnr;
> - u32 action;
> - u32 mask[AUDIT_BITMASK_SIZE];
> + u32 listnr:4,
> + flags:5,
> + action:2,
> + pflags:1,
> + field_count:7,
> + reserved:13;
> u32 buflen; /* for data alloc on list rules */
> - u32 field_count;
> + u32 mask[AUDIT_BITMASK_SIZE];
> char *filterkey; /* ties events to rules */
> struct audit_field *fields;
> struct audit_field *arch_f; /* quick access to arch field */
More information about the Linux-audit
mailing list