From: Alexey Dobriyan <adobriyan@gmail.com>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: [PATCH -mm] fs.h: ifdef security fields
Date: Sun, 6 Aug 2006 06:38:06 +0400 [thread overview]
Message-ID: <20060806023806.GA13480@martell.zuzino.mipt.ru> (raw)
[BSD security levels are deleted in -mm, assuming this below]
The only user of i_security, f_security, s_security fields is SELinux,
so ifdef them with CONFIG_SECURITY_SELINUX. Following Stephen Smalley's
suggestion, i_security initialization is moved to security_inode_alloc()
to not clutter core code with ifdefs and make alloc_inode() codepath
tiny little bit smaller and faster.
The user of (highly greppable) struct fown_struct::security field is
still to be found. I've checked every "fown_struct" and every "f_owner"
occurence. Additionally, it's removal doesn't break i386 allmodconfig
build.
struct inode, struct file, struct super_block, struct fown_struct
become smaller.
P.S. Combined with two reiserfs inode shrinking patches sent to
linux-fsdevel, I can finally suck 12 reiserfs inodes into one page.
/proc/slabinfo
-ext2_inode_cache 388 10
+ext2_inode_cache 384 10
-inode_cache 280 14
+inode_cache 276 14
-proc_inode_cache 296 13
+proc_inode_cache 292 13
-reiser_inode_cache 336 11
+reiser_inode_cache 332 12 <=
-shmem_inode_cache 372 10
+shmem_inode_cache 368 10
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---
fs/inode.c | 1 -
include/linux/fs.h | 8 ++++++--
include/linux/security.h | 1 +
3 files changed, 7 insertions(+), 3 deletions(-)
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -133,7 +133,6 @@ #endif
inode->i_bdev = NULL;
inode->i_cdev = NULL;
inode->i_rdev = 0;
- inode->i_security = NULL;
inode->dirtied_when = 0;
if (security_inode_alloc(inode)) {
if (inode->i_sb->s_op->destroy_inode)
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -552,7 +552,9 @@ struct inode {
unsigned int i_flags;
atomic_t i_writecount;
+#ifdef CONFIG_SECURITY_SELINUX
void *i_security;
+#endif
union {
void *generic_ip;
} u;
@@ -645,7 +647,6 @@ struct fown_struct {
rwlock_t lock; /* protects pid, uid, euid fields */
int pid; /* pid or -pgrp where SIGIO should be sent */
uid_t uid, euid; /* uid/euid of process setting the owner */
- void *security;
int signum; /* posix.1b rt signal to be delivered on IO */
};
@@ -688,8 +689,9 @@ struct file {
struct file_ra_state f_ra;
unsigned long f_version;
+#ifdef CONFIG_SECURITY_SELINUX
void *f_security;
-
+#endif
/* needed for tty driver, and maybe others */
void *private_data;
@@ -877,7 +879,9 @@ struct super_block {
int s_syncing;
int s_need_sync_fs;
atomic_t s_active;
+#ifdef CONFIG_SECURITY_SELINUX
void *s_security;
+#endif
struct xattr_handler **s_xattr;
struct list_head s_inodes; /* all inodes */
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1549,6 +1549,7 @@ static inline void security_sb_post_pivo
static inline int security_inode_alloc (struct inode *inode)
{
+ inode->i_security = NULL;
return security_ops->inode_alloc_security (inode);
}
next reply other threads:[~2006-08-06 2:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-06 2:38 Alexey Dobriyan [this message]
2006-08-06 4:25 ` [PATCH -mm] fs.h: ifdef security fields Serge E. Hallyn
2006-08-06 5:23 ` Alexey Dobriyan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060806023806.GA13480@martell.zuzino.mipt.ru \
--to=adobriyan@gmail.com \
--cc=akpm@osdl.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).