[PATCH] fs.h: ifdef security fields
Alexey Dobriyan [Fri, 29 Sep 2006 09:00:01 +0000 (02:00 -0700)]
[assuming BSD security levels are deleted]
The only user of i_security, f_security, s_security fields is SELinux,
however, quite a few security modules are trying to get into kernel.
So, wrap them under CONFIG_SECURITY. Adding config option for each
security field is likely an overkill.

Following Stephen Smalley's suggestion, i_security initialization is
moved to security_inode_alloc() to not clutter core code with ifdefs
and make alloc_inode() codepath tiny little bit smaller and faster.

The user of (highly greppable) struct fown_struct::security field is
still to be found. I've checked every "fown_struct" and every "f_owner"
occurence. Additionally it's removal doesn't break i386 allmodconfig
build.

struct inode, struct file, struct super_block, struct fown_struct
become smaller.

P.S. Combined with two reiserfs inode shrinking patches sent to
linux-fsdevel, I can finally suck 12 reiserfs inodes into one page.

/proc/slabinfo

-ext2_inode_cache 388 10
+ext2_inode_cache 384 10
-inode_cache 280 14
+inode_cache 276 14
-proc_inode_cache 296 13
+proc_inode_cache 292 13
-reiser_inode_cache 336 11
+reiser_inode_cache 332 12 <=
-shmem_inode_cache 372 10
+shmem_inode_cache 368 10

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

fs/inode.c
include/linux/fs.h
include/linux/security.h

index f5c04dd..abf7747 100644 (file)
@@ -133,7 +133,6 @@ static struct inode *alloc_inode(struct super_block *sb)
                inode->i_bdev = NULL;
                inode->i_cdev = NULL;
                inode->i_rdev = 0;
-               inode->i_security = NULL;
                inode->dirtied_when = 0;
                if (security_inode_alloc(inode)) {
                        if (inode->i_sb->s_op->destroy_inode)
index 4caec6c..6eafbe3 100644 (file)
@@ -553,7 +553,9 @@ struct inode {
        unsigned int            i_flags;
 
        atomic_t                i_writecount;
+#ifdef CONFIG_SECURITY
        void                    *i_security;
+#endif
        void                    *i_private; /* fs or device private pointer */
 #ifdef __NEED_I_SIZE_ORDERED
        seqcount_t              i_size_seqcount;
@@ -645,7 +647,6 @@ struct fown_struct {
        rwlock_t lock;          /* protects pid, uid, euid fields */
        int pid;                /* pid or -pgrp where SIGIO should be sent */
        uid_t uid, euid;        /* uid/euid of process setting the owner */
-       void *security;
        int signum;             /* posix.1b rt signal to be delivered on IO */
 };
 
@@ -688,8 +689,9 @@ struct file {
        struct file_ra_state    f_ra;
 
        unsigned long           f_version;
+#ifdef CONFIG_SECURITY
        void                    *f_security;
-
+#endif
        /* needed for tty driver, and maybe others */
        void                    *private_data;
 
@@ -877,7 +879,9 @@ struct super_block {
        int                     s_syncing;
        int                     s_need_sync_fs;
        atomic_t                s_active;
+#ifdef CONFIG_SECURITY
        void                    *s_security;
+#endif
        struct xattr_handler    **s_xattr;
 
        struct list_head        s_inodes;       /* all inodes */
index 9f56fb8..9b5fea8 100644 (file)
@@ -1595,6 +1595,7 @@ static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
 
 static inline int security_inode_alloc (struct inode *inode)
 {
+       inode->i_security = NULL;
        return security_ops->inode_alloc_security (inode);
 }