diff options
author | Paul Moore <pmoore@redhat.com> | 2014-06-26 20:33:56 +0200 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2014-06-26 20:33:56 +0200 |
commit | 615e51fdda6f274e94b1e905fcaf6111e0d9aa20 (patch) | |
tree | d0ce12f9f5e086c293a7255e3e712d2a42be02b9 /security/selinux/netport.c | |
parent | selinux: no recursive read_lock of policy_rwlock in security_genfs_sid() (diff) | |
download | linux-615e51fdda6f274e94b1e905fcaf6111e0d9aa20.tar.xz linux-615e51fdda6f274e94b1e905fcaf6111e0d9aa20.zip |
selinux: reduce the number of calls to synchronize_net() when flushing caches
When flushing the AVC, such as during a policy load, the various
network caches are also flushed, with each making a call to
synchronize_net() which has shown to be expensive in some cases.
This patch consolidates the network cache flushes into a single AVC
callback which only calls synchronize_net() once for each AVC cache
flush.
Reported-by: Jaejyn Shin <flagon22bass@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security/selinux/netport.c')
-rw-r--r-- | security/selinux/netport.c | 15 |
1 files changed, 1 insertions, 14 deletions
diff --git a/security/selinux/netport.c b/security/selinux/netport.c index d35379781c2c..73ac6784d091 100644 --- a/security/selinux/netport.c +++ b/security/selinux/netport.c @@ -217,7 +217,7 @@ int sel_netport_sid(u8 protocol, u16 pnum, u32 *sid) * Remove all entries from the network address table. * */ -static void sel_netport_flush(void) +void sel_netport_flush(void) { unsigned int idx; struct sel_netport *port, *port_tmp; @@ -234,15 +234,6 @@ static void sel_netport_flush(void) spin_unlock_bh(&sel_netport_lock); } -static int sel_netport_avc_callback(u32 event) -{ - if (event == AVC_CALLBACK_RESET) { - sel_netport_flush(); - synchronize_net(); - } - return 0; -} - static __init int sel_netport_init(void) { int iter; @@ -256,10 +247,6 @@ static __init int sel_netport_init(void) sel_netport_hash[iter].size = 0; } - ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET); - if (ret != 0) - panic("avc_add_callback() failed, error %d\n", ret); - return ret; } |