Audit: only set group mask when something is being watched
Currently the audit watch group always sets a mask equal to all events it
might care about. We instead should only set the group mask if we are
actually watching inodes. This should be a perf win when audit watches are
compiled in.
Signed-off-by: Eric Paris <eparis@redhat.com>
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 0f03a6a..87408b2 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -167,6 +167,8 @@
return ERR_PTR(ret);
}
+ fsnotify_recalc_group_mask(audit_watch_group);
+
return parent;
}
@@ -353,6 +355,9 @@
mutex_unlock(&audit_filter_mutex);
fsnotify_destroy_mark_by_entry(&parent->mark);
+
+ fsnotify_recalc_group_mask(audit_watch_group);
+
}
/* Get path information necessary for adding watches. */
@@ -503,6 +508,9 @@
audit_put_parent(parent);
}
}
+
+ fsnotify_recalc_group_mask(audit_watch_group);
+
}
static bool audit_watch_should_send_event(struct fsnotify_group *group, struct inode *inode,
@@ -577,8 +585,7 @@
static int __init audit_watch_init(void)
{
- audit_watch_group = fsnotify_alloc_group(AUDIT_FS_WATCH,
- &audit_watch_fsnotify_ops);
+ audit_watch_group = fsnotify_alloc_group(0, &audit_watch_fsnotify_ops);
if (IS_ERR(audit_watch_group)) {
audit_watch_group = NULL;
audit_panic("cannot create audit fsnotify group");