Two overhead reduction patches for testing/fuzzing environment.
tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok(). security/tomoyo/util.c | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAABAgAGBQJhwyxIAAoJEEJfEo0MZPUqo8wP/1JRtcV9r5IoZ4ZSiC059j5i gfg6IXgRlfMcTxOlERinRQOEf6yR6nAnfvvh4Hfs92XexzKDTVXjilXXevDMlnoo FMqPI+4N0YGdw87YGj8rFu/Juwrkebt0psz516V36wR9PBCvw3/s/qF3cGLNfb3K 5cksHifJ6vGb8zEzyyXMRJjYbTrKhix7f3T7WNTAzUPn9Hr3OzIqjmFrsDfFuSXc xNIEezoODiGwjtx7JUCLLEcIJ5NtE84oDKiF4FTSp9J/RSrnOPHWHfunXH8XGYCQ Fs1DaiEkzcgRI+zhOnc7cOYJBXi3XHA8ncCUb59z3C5xsSZyUmnapV4ZRv6eUmbx zwKYCPSFjIsHheadEjyKnLRFQ8n1uhMLB68VMusKAyhEbY2hZ9GvJ10Bdf3hltoz /GRyjvkuUB9wdZM06H5F9NgnEg4Acj1285ynWRSTQ6P91Z7Wsfu4db00mXf2Xhxf m1SbWjKsi0fayFTZQ0ttCX3jrHPAJZcWXXxNIOmxrmqBgCcpGAukcdrFWI4TO433 xy3Fj0Z4PrztuR9MzJiGrmd5KlHS0uymHvB8HcxzMmlfsHQK41bYBu6lKjMnhGVH 1L6+T5PcHzAm1/PPNfHgIazmM+/igdgCd+l3DLS58sFbyz9pdaYFxCYerHU9SEvW rrqAi8WWzWLPh7AZIyYV =MN+/ -----END PGP SIGNATURE----- Merge tag 'tomoyo-pr-20211222' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1 Pull tomoyo fixes from Tetsuo Handa: "Two overhead reduction patches for testing/fuzzing environment" * tag 'tomoyo-pr-20211222' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1: tomoyo: use hweight16() in tomoyo_domain_quota_is_ok() tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().
This commit is contained in:
Linus Torvalds
commit
c9ea870c6e
|
|
@ -1051,10 +1051,11 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
|
|||
return false;
|
||||
if (!domain)
|
||||
return true;
|
||||
if (READ_ONCE(domain->flags[TOMOYO_DIF_QUOTA_WARNED]))
|
||||
return false;
|
||||
list_for_each_entry_rcu(ptr, &domain->acl_info_list, list,
|
||||
srcu_read_lock_held(&tomoyo_ss)) {
|
||||
u16 perm;
|
||||
u8 i;
|
||||
|
||||
if (ptr->is_deleted)
|
||||
continue;
|
||||
|
|
@ -1065,23 +1066,23 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
|
|||
*/
|
||||
switch (ptr->type) {
|
||||
case TOMOYO_TYPE_PATH_ACL:
|
||||
data_race(perm = container_of(ptr, struct tomoyo_path_acl, head)->perm);
|
||||
perm = data_race(container_of(ptr, struct tomoyo_path_acl, head)->perm);
|
||||
break;
|
||||
case TOMOYO_TYPE_PATH2_ACL:
|
||||
data_race(perm = container_of(ptr, struct tomoyo_path2_acl, head)->perm);
|
||||
perm = data_race(container_of(ptr, struct tomoyo_path2_acl, head)->perm);
|
||||
break;
|
||||
case TOMOYO_TYPE_PATH_NUMBER_ACL:
|
||||
data_race(perm = container_of(ptr, struct tomoyo_path_number_acl, head)
|
||||
perm = data_race(container_of(ptr, struct tomoyo_path_number_acl, head)
|
||||
->perm);
|
||||
break;
|
||||
case TOMOYO_TYPE_MKDEV_ACL:
|
||||
data_race(perm = container_of(ptr, struct tomoyo_mkdev_acl, head)->perm);
|
||||
perm = data_race(container_of(ptr, struct tomoyo_mkdev_acl, head)->perm);
|
||||
break;
|
||||
case TOMOYO_TYPE_INET_ACL:
|
||||
data_race(perm = container_of(ptr, struct tomoyo_inet_acl, head)->perm);
|
||||
perm = data_race(container_of(ptr, struct tomoyo_inet_acl, head)->perm);
|
||||
break;
|
||||
case TOMOYO_TYPE_UNIX_ACL:
|
||||
data_race(perm = container_of(ptr, struct tomoyo_unix_acl, head)->perm);
|
||||
perm = data_race(container_of(ptr, struct tomoyo_unix_acl, head)->perm);
|
||||
break;
|
||||
case TOMOYO_TYPE_MANUAL_TASK_ACL:
|
||||
perm = 0;
|
||||
|
|
@ -1089,21 +1090,17 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
|
|||
default:
|
||||
perm = 1;
|
||||
}
|
||||
for (i = 0; i < 16; i++)
|
||||
if (perm & (1 << i))
|
||||
count++;
|
||||
count += hweight16(perm);
|
||||
}
|
||||
if (count < tomoyo_profile(domain->ns, domain->profile)->
|
||||
pref[TOMOYO_PREF_MAX_LEARNING_ENTRY])
|
||||
return true;
|
||||
if (!domain->flags[TOMOYO_DIF_QUOTA_WARNED]) {
|
||||
domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true;
|
||||
/* r->granted = false; */
|
||||
tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]);
|
||||
WRITE_ONCE(domain->flags[TOMOYO_DIF_QUOTA_WARNED], true);
|
||||
/* r->granted = false; */
|
||||
tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]);
|
||||
#ifndef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
|
||||
pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n",
|
||||
domain->domainname->name);
|
||||
pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n",
|
||||
domain->domainname->name);
|
||||
#endif
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue