Skip to content

Commit 219ca39

Browse files
rgbriggseparis
rgbriggs
authored and
eparis
committed
audit: use union for audit_field values since they are mutually exclusive
Since only one of val, uid, gid and lsm* are used at any given time, combine them to reduce the size of the struct audit_field. Signed-off-by: Richard Guy Briggs <[email protected]>
1 parent e7df61f commit 219ca39

File tree

2 files changed

+29
-14
lines changed

2 files changed

+29
-14
lines changed

include/linux/audit.h

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -66,12 +66,16 @@ struct audit_krule {
6666

6767
struct audit_field {
6868
u32 type;
69-
u32 val;
70-
kuid_t uid;
71-
kgid_t gid;
69+
union {
70+
u32 val;
71+
kuid_t uid;
72+
kgid_t gid;
73+
struct {
74+
char *lsm_str;
75+
void *lsm_rule;
76+
};
77+
};
7278
u32 op;
73-
char *lsm_str;
74-
void *lsm_rule;
7579
};
7680

7781
extern int is_audit_feature_set(int which);

kernel/auditfilter.c

Lines changed: 20 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,24 @@ static struct list_head audit_rules_list[AUDIT_NR_FILTERS] = {
7171

7272
DEFINE_MUTEX(audit_filter_mutex);
7373

74+
static void audit_free_lsm_field(struct audit_field *f)
75+
{
76+
switch (f->type) {
77+
case AUDIT_SUBJ_USER:
78+
case AUDIT_SUBJ_ROLE:
79+
case AUDIT_SUBJ_TYPE:
80+
case AUDIT_SUBJ_SEN:
81+
case AUDIT_SUBJ_CLR:
82+
case AUDIT_OBJ_USER:
83+
case AUDIT_OBJ_ROLE:
84+
case AUDIT_OBJ_TYPE:
85+
case AUDIT_OBJ_LEV_LOW:
86+
case AUDIT_OBJ_LEV_HIGH:
87+
kfree(f->lsm_str);
88+
security_audit_rule_free(f->lsm_rule);
89+
}
90+
}
91+
7492
static inline void audit_free_rule(struct audit_entry *e)
7593
{
7694
int i;
@@ -80,11 +98,8 @@ static inline void audit_free_rule(struct audit_entry *e)
8098
if (erule->watch)
8199
audit_put_watch(erule->watch);
82100
if (erule->fields)
83-
for (i = 0; i < erule->field_count; i++) {
84-
struct audit_field *f = &erule->fields[i];
85-
kfree(f->lsm_str);
86-
security_audit_rule_free(f->lsm_rule);
87-
}
101+
for (i = 0; i < erule->field_count; i++)
102+
audit_free_lsm_field(&erule->fields[i]);
88103
kfree(erule->fields);
89104
kfree(erule->filterkey);
90105
kfree(e);
@@ -422,10 +437,6 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
422437

423438
f->type = data->fields[i];
424439
f->val = data->values[i];
425-
f->uid = INVALID_UID;
426-
f->gid = INVALID_GID;
427-
f->lsm_str = NULL;
428-
f->lsm_rule = NULL;
429440

430441
/* Support legacy tests for a valid loginuid */
431442
if ((f->type == AUDIT_LOGINUID) && (f->val == AUDIT_UID_UNSET)) {

0 commit comments

Comments
 (0)