From: Casey Schaufler <casey@schaufler-ca.com>
To: LSM <linux-security-module@vger.kernel.org>,
LKLM <linux-kernel@vger.kernel.org>,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
SE Linux <selinux@tycho.nsa.gov>,
"SMACK-discuss@lists.01.org" <SMACK-discuss@lists.01.org>,
John Johansen <john.johansen@canonical.com>,
Kees Cook <keescook@chromium.org>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
James Morris <jmorris@namei.org>
Subject: [PATCH 15/23] LSM: Mark security blob allocation failures as unlikely
Date: Thu, 10 May 2018 17:55:06 -0700 [thread overview]
Message-ID: <2e03ca7d-35b7-4af0-a328-ad280a59f001@schaufler-ca.com> (raw)
In-Reply-To: <7e8702ce-2598-e0a3-31a2-bc29157fb73d@schaufler-ca.com>
From: Casey Schaufler <casey@schaufler-ca.com>
Date: Thu, 10 May 2018 14:33:57 -0700
Subject: [PATCH 15/23] LSM: Mark security blob allocation failures as unlikely
The allocation of security blobs is unlikely to fail.
Mark the checks thus for performance reasons.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
security/security.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/security.c b/security/security.c
index 359ed1137c00..412dba75da65 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1245,7 +1245,7 @@ int security_file_alloc(struct file *file)
{
int rc = lsm_file_alloc(file);
- if (rc)
+ if (unlikely(rc))
return rc;
rc = call_int_hook(file_alloc_security, 0, file);
if (unlikely(rc))
@@ -1368,7 +1368,7 @@ int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
{
int rc = lsm_task_alloc(task);
- if (rc)
+ if (unlikely(rc))
return rc;
rc = call_int_hook(task_alloc, 0, task, clone_flags);
if (unlikely(rc))
@@ -1388,7 +1388,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
{
int rc = lsm_cred_alloc(cred, gfp);
- if (rc)
+ if (unlikely(rc))
return rc;
rc = call_int_hook(cred_alloc_blank, 0, cred, gfp);
@@ -1409,7 +1409,7 @@ int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
{
int rc = lsm_cred_alloc(new, gfp);
- if (rc)
+ if (unlikely(rc))
return rc;
rc = call_int_hook(cred_prepare, 0, new, old, gfp);
--
2.14.3
WARNING: multiple messages have this Message-ID (diff)
From: casey@schaufler-ca.com (Casey Schaufler)
To: linux-security-module@vger.kernel.org
Subject: [PATCH 15/23] LSM: Mark security blob allocation failures as unlikely
Date: Thu, 10 May 2018 17:55:06 -0700 [thread overview]
Message-ID: <2e03ca7d-35b7-4af0-a328-ad280a59f001@schaufler-ca.com> (raw)
In-Reply-To: <7e8702ce-2598-e0a3-31a2-bc29157fb73d@schaufler-ca.com>
From: Casey Schaufler <casey@schaufler-ca.com>
Date: Thu, 10 May 2018 14:33:57 -0700
Subject: [PATCH 15/23] LSM: Mark security blob allocation failures as unlikely
The allocation of security blobs is unlikely to fail.
Mark the checks thus for performance reasons.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
security/security.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/security.c b/security/security.c
index 359ed1137c00..412dba75da65 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1245,7 +1245,7 @@ int security_file_alloc(struct file *file)
{
int rc = lsm_file_alloc(file);
- if (rc)
+ if (unlikely(rc))
return rc;
rc = call_int_hook(file_alloc_security, 0, file);
if (unlikely(rc))
@@ -1368,7 +1368,7 @@ int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
{
int rc = lsm_task_alloc(task);
- if (rc)
+ if (unlikely(rc))
return rc;
rc = call_int_hook(task_alloc, 0, task, clone_flags);
if (unlikely(rc))
@@ -1388,7 +1388,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
{
int rc = lsm_cred_alloc(cred, gfp);
- if (rc)
+ if (unlikely(rc))
return rc;
rc = call_int_hook(cred_alloc_blank, 0, cred, gfp);
@@ -1409,7 +1409,7 @@ int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
{
int rc = lsm_cred_alloc(new, gfp);
- if (rc)
+ if (unlikely(rc))
return rc;
rc = call_int_hook(cred_prepare, 0, new, old, gfp);
--
2.14.3
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-05-11 0:55 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-11 0:30 [PATCH 00/23] LSM: Full security module stacking Casey Schaufler
2018-05-11 0:30 ` Casey Schaufler
2018-05-11 0:30 ` Casey Schaufler
2018-05-11 0:52 ` [PATCH 01/23] procfs: add smack subdir to attrs Casey Schaufler
2018-05-11 0:52 ` Casey Schaufler
2018-05-11 0:52 ` [PATCH 02/23] Smack: Abstract use of cred security blob Casey Schaufler
2018-05-11 0:52 ` Casey Schaufler
2018-05-11 0:52 ` [PATCH 03/23] SELinux: " Casey Schaufler
2018-05-11 0:52 ` Casey Schaufler
2018-05-11 0:52 ` [PATCH 04/23] LSM: Infrastructure management of the cred security Casey Schaufler
2018-05-11 0:52 ` Casey Schaufler
2018-05-11 0:52 ` [PATCH 05/23] SELinux: Abstract use of file security blob Casey Schaufler
2018-05-11 0:52 ` Casey Schaufler
2018-05-11 0:53 ` [PATCH 06/23] LSM: Infrastructure management of the file security Casey Schaufler
2018-05-11 0:53 ` Casey Schaufler
2018-05-11 0:53 ` [PATCH 07/23] LSM: Infrastructure management of the task security Casey Schaufler
2018-05-11 0:53 ` Casey Schaufler
2018-05-11 0:53 ` [PATCH 08/23] SELinux: Abstract use of inode security blob Casey Schaufler
2018-05-11 0:53 ` Casey Schaufler
2018-05-11 0:53 ` [PATCH 09/23] Smack: " Casey Schaufler
2018-05-11 0:53 ` Casey Schaufler
2018-05-11 0:53 ` [PATCH 10/23] LSM: Infrastructure management of the inode security Casey Schaufler
2018-05-11 0:53 ` Casey Schaufler
2018-05-14 15:04 ` Stephen Smalley
2018-05-14 15:04 ` Stephen Smalley
2018-05-14 16:32 ` Casey Schaufler
2018-05-14 16:32 ` Casey Schaufler
2018-05-11 0:54 ` [PATCH 11/23] LSM: Infrastructure management of the superblock Casey Schaufler
2018-05-11 0:54 ` Casey Schaufler
2018-05-11 0:54 ` [PATCH 12/23] LSM: Infrastructure management of the sock security Casey Schaufler
2018-05-11 0:54 ` Casey Schaufler
2018-05-11 0:54 ` [PATCH 13/23] LSM: Infrastructure management of the ipc security blob Casey Schaufler
2018-05-11 0:54 ` Casey Schaufler
2018-05-11 0:54 ` [PATCH 14/23] LSM: Infrastructure management of the key " Casey Schaufler
2018-05-11 0:54 ` Casey Schaufler
2018-05-11 0:55 ` Casey Schaufler [this message]
2018-05-11 0:55 ` [PATCH 15/23] LSM: Mark security blob allocation failures as unlikely Casey Schaufler
2018-05-11 0:55 ` [PATCH 16/23] LSM: Sharing of security blobs Casey Schaufler
2018-05-11 0:55 ` Casey Schaufler
2018-05-11 0:55 ` [PATCH 17/23] LSM: Allow mount options from multiple security modules Casey Schaufler
2018-05-11 0:55 ` Casey Schaufler
2018-05-11 0:55 ` [PATCH 18/23] LSM: Use multiple secids in security module interfaces Casey Schaufler
2018-05-11 0:55 ` Casey Schaufler
2018-05-11 0:55 ` [PATCH 19/23] LSM: Use multiple secids in LSM interfaces Casey Schaufler
2018-05-11 0:55 ` Casey Schaufler
2018-05-11 0:55 ` [PATCH 20/23] LSM: Move common usercopy into Casey Schaufler
2018-05-11 0:55 ` Casey Schaufler
2018-05-14 15:12 ` Stephen Smalley
2018-05-14 15:12 ` Stephen Smalley
2018-05-14 16:53 ` Stephen Smalley
2018-05-14 16:53 ` Stephen Smalley
2018-05-14 18:55 ` Casey Schaufler
2018-05-14 18:55 ` Casey Schaufler
2018-05-11 0:56 ` [PATCH 21/23] LSM: Multiple concurrent major security modules Casey Schaufler
2018-05-11 0:56 ` Casey Schaufler
2018-05-28 11:42 ` [lkp-robot] [LSM] acde387a6d: vm-scalability.throughput -58.0% regression kernel test robot
2018-05-11 0:56 ` [PATCH 22/23] LSM: Fix setting of the IMA data in inode init Casey Schaufler
2018-05-11 0:56 ` Casey Schaufler
2018-05-11 0:56 ` [PATCH 23/23] Netfilter: Add a selection for Smack Casey Schaufler
2018-05-11 0:56 ` Casey Schaufler
2018-05-11 0:58 ` [PATCH 00/23] LSM: Full security module stacking Casey Schaufler
2018-05-11 0:58 ` Casey Schaufler
2018-05-11 20:25 ` [PATCH 24/23] LSM: Functions for dealing with struct secids Casey Schaufler
2018-05-11 20:25 ` Casey Schaufler
[not found] ` <523afc0b-5bfc-8b95-05ee-450679254a47@tycho.nsa.gov>
[not found] ` <5716ab22-4d3c-1935-41f1-ba848570ccab@tycho.nsa.gov>
[not found] ` <eab001ca-10ff-1cfe-9436-805840628784@schaufler-ca.com>
2018-05-15 12:33 ` [PATCH 00/23] LSM: Full security module stacking Stephen Smalley
2018-05-15 12:33 ` Stephen Smalley
2018-05-15 15:47 ` Casey Schaufler
2018-05-15 15:47 ` Casey Schaufler
2018-05-15 21:49 ` James Morris
2018-05-15 21:49 ` James Morris
2018-05-16 17:42 ` Casey Schaufler
2018-05-16 17:42 ` Casey Schaufler
2018-05-17 0:19 ` Paul Moore
2018-05-17 0:19 ` Paul Moore
2018-05-17 1:05 ` Casey Schaufler
2018-05-17 1:05 ` Casey Schaufler
2018-05-18 0:28 ` Paul Moore
2018-05-18 0:28 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2e03ca7d-35b7-4af0-a328-ad280a59f001@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=SMACK-discuss@lists.01.org \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.