From 615e51fdda6f274e94b1e905fcaf6111e0d9aa20 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Thu, 26 Jun 2014 14:33:56 -0400 Subject: selinux: reduce the number of calls to synchronize_net() when flushing caches When flushing the AVC, such as during a policy load, the various network caches are also flushed, with each making a call to synchronize_net() which has shown to be expensive in some cases. This patch consolidates the network cache flushes into a single AVC callback which only calls synchronize_net() once for each AVC cache flush. Reported-by: Jaejyn Shin Signed-off-by: Paul Moore --- security/selinux/netnode.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) (limited to 'security/selinux/netnode.c') diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index 03a72c32afd7..ddf315260839 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c @@ -283,7 +283,7 @@ int sel_netnode_sid(void *addr, u16 family, u32 *sid) * Remove all entries from the network address table. * */ -static void sel_netnode_flush(void) +void sel_netnode_flush(void) { unsigned int idx; struct sel_netnode *node, *node_tmp; @@ -300,15 +300,6 @@ static void sel_netnode_flush(void) spin_unlock_bh(&sel_netnode_lock); } -static int sel_netnode_avc_callback(u32 event) -{ - if (event == AVC_CALLBACK_RESET) { - sel_netnode_flush(); - synchronize_net(); - } - return 0; -} - static __init int sel_netnode_init(void) { int iter; @@ -322,10 +313,6 @@ static __init int sel_netnode_init(void) sel_netnode_hash[iter].size = 0; } - ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET); - if (ret != 0) - panic("avc_add_callback() failed, error %d\n", ret); - return ret; } -- cgit v1.2.3 From 942ba3646543aeb3e5729c35d10ac43424bf0b68 Mon Sep 17 00:00:00 2001 From: Paul Moore Date: Thu, 7 Aug 2014 20:55:30 -0400 Subject: selinux: remove unused variabled in the netport, netnode, and netif caches This patch removes the unused return code variable in the netport, netnode, and netif initialization functions. Reported-by: fengguang.wu@intel.com Signed-off-by: Paul Moore --- security/selinux/netif.c | 4 ++-- security/selinux/netnode.c | 3 +-- security/selinux/netport.c | 3 +-- 3 files changed, 4 insertions(+), 6 deletions(-) (limited to 'security/selinux/netnode.c') diff --git a/security/selinux/netif.c b/security/selinux/netif.c index 3c3de4ca0ebc..50ce177d71a0 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c @@ -272,7 +272,7 @@ static struct notifier_block sel_netif_netdev_notifier = { static __init int sel_netif_init(void) { - int i, err; + int i; if (!selinux_enabled) return 0; @@ -282,7 +282,7 @@ static __init int sel_netif_init(void) register_netdevice_notifier(&sel_netif_netdev_notifier); - return err; + return 0; } __initcall(sel_netif_init); diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index ddf315260839..da923f89d2a9 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c @@ -303,7 +303,6 @@ void sel_netnode_flush(void) static __init int sel_netnode_init(void) { int iter; - int ret; if (!selinux_enabled) return 0; @@ -313,7 +312,7 @@ static __init int sel_netnode_init(void) sel_netnode_hash[iter].size = 0; } - return ret; + return 0; } __initcall(sel_netnode_init); diff --git a/security/selinux/netport.c b/security/selinux/netport.c index 73ac6784d091..3311cc393cb4 100644 --- a/security/selinux/netport.c +++ b/security/selinux/netport.c @@ -237,7 +237,6 @@ void sel_netport_flush(void) static __init int sel_netport_init(void) { int iter; - int ret; if (!selinux_enabled) return 0; @@ -247,7 +246,7 @@ static __init int sel_netport_init(void) sel_netport_hash[iter].size = 0; } - return ret; + return 0; } __initcall(sel_netport_init); -- cgit v1.2.3