Re: [PATCH 2/2] audit: shrink audit_krule by using smaller bitfields
On 14/12/23, Paris, Eric wrote:
It's probably not a problem, but one needs to remember that all
updates to all bit fields need to be under the same lock/protection.
Bitfields + concurrent access is dangerous, but may well be
appropriate in this case.
Good point. I'll go back and check for any issues, but as you point
out, in this case it may be appropriate. All these fields should only
change during a rule addition in a newly allocated struct (under
audit_cmd_mutex) before they are referenceable by other parts of the
code.
Thanks, Eric.
-Eric
On Tue, Dec 23, 2014 at 1:20 PM, Richard Guy Briggs <rgb(a)redhat.com> wrote:
> Replace five 32-bit fields with one. Move a nearby 32-bit field to enable
> 64-bit alignment.
>
> Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
> ---
> include/linux/audit.h | 13 +++++++------
> 1 files changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index b481779..bd06f92 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -46,13 +46,14 @@ struct audit_tree;
> struct sk_buff;
>
> struct audit_krule {
> - u32 pflags;
> - u32 flags;
> - u32 listnr;
> - u32 action;
> - u32 mask[AUDIT_BITMASK_SIZE];
> + u32 listnr:4,
> + flags:5,
> + action:2,
> + pflags:1,
> + field_count:7,
> + reserved:13;
> u32 buflen; /* for data alloc on list rules */
> - u32 field_count;
> + u32 mask[AUDIT_BITMASK_SIZE];
> char *filterkey; /* ties events to rules */
> struct audit_field *fields;
> struct audit_field *arch_f; /* quick access to arch field */
> --
> 1.7.1
- RGB
--
Richard Guy Briggs <rbriggs(a)redhat.com>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545