summaryrefslogtreecommitdiffstats
path: root/security/selinux/netport.c
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2014-06-26 20:33:56 +0200
committerPaul Moore <pmoore@redhat.com>2014-06-26 20:33:56 +0200
commit615e51fdda6f274e94b1e905fcaf6111e0d9aa20 (patch)
treed0ce12f9f5e086c293a7255e3e712d2a42be02b9 /security/selinux/netport.c
parentselinux: no recursive read_lock of policy_rwlock in security_genfs_sid() (diff)
downloadlinux-615e51fdda6f274e94b1e905fcaf6111e0d9aa20.tar.xz
linux-615e51fdda6f274e94b1e905fcaf6111e0d9aa20.zip
selinux: reduce the number of calls to synchronize_net() when flushing caches
When flushing the AVC, such as during a policy load, the various network caches are also flushed, with each making a call to synchronize_net() which has shown to be expensive in some cases. This patch consolidates the network cache flushes into a single AVC callback which only calls synchronize_net() once for each AVC cache flush. Reported-by: Jaejyn Shin <flagon22bass@gmail.com> Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security/selinux/netport.c')
-rw-r--r--security/selinux/netport.c15
1 files changed, 1 insertions, 14 deletions
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index d35379781c2c..73ac6784d091 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -217,7 +217,7 @@ int sel_netport_sid(u8 protocol, u16 pnum, u32 *sid)
* Remove all entries from the network address table.
*
*/
-static void sel_netport_flush(void)
+void sel_netport_flush(void)
{
unsigned int idx;
struct sel_netport *port, *port_tmp;
@@ -234,15 +234,6 @@ static void sel_netport_flush(void)
spin_unlock_bh(&sel_netport_lock);
}
-static int sel_netport_avc_callback(u32 event)
-{
- if (event == AVC_CALLBACK_RESET) {
- sel_netport_flush();
- synchronize_net();
- }
- return 0;
-}
-
static __init int sel_netport_init(void)
{
int iter;
@@ -256,10 +247,6 @@ static __init int sel_netport_init(void)
sel_netport_hash[iter].size = 0;
}
- ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET);
- if (ret != 0)
- panic("avc_add_callback() failed, error %d\n", ret);
-
return ret;
}