[PATCH] fs.h: ifdef security fields

[assuming BSD security levels are deleted]
The only user of i_security, f_security, s_security fields is SELinux,
however, quite a few security modules are trying to get into kernel.
So, wrap them under CONFIG_SECURITY. Adding config option for each
security field is likely an overkill.

Following Stephen Smalley's suggestion, i_security initialization is
moved to security_inode_alloc() to not clutter core code with ifdefs
and make alloc_inode() codepath tiny little bit smaller and faster.

The user of (highly greppable) struct fown_struct::security field is
still to be found. I've checked every "fown_struct" and every "f_owner"
occurence. Additionally it's removal doesn't break i386 allmodconfig
build.

struct inode, struct file, struct super_block, struct fown_struct
become smaller.

P.S. Combined with two reiserfs inode shrinking patches sent to
linux-fsdevel, I can finally suck 12 reiserfs inodes into one page.

		/proc/slabinfo

	-ext2_inode_cache	388	10
	+ext2_inode_cache	384	10
	-inode_cache		280	14
	+inode_cache		276	14
	-proc_inode_cache	296	13
	+proc_inode_cache	292	13
	-reiser_inode_cache	336	11
	+reiser_inode_cache	332	12 <=
	-shmem_inode_cache	372	10
	+shmem_inode_cache	368	10

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/fs/inode.c b/fs/inode.c
index f5c04dd9ae8ae54ba32ebfd4c8cba3bb4001f219..abf77471e6c4a68701421dc6df6994de6e7000eb 100644 (file)
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -133,7 +133,6 @@ static struct inode *alloc_inode(struct super_block *sb)
                inode->i_bdev = NULL;
                inode->i_cdev = NULL;
                inode->i_rdev = 0;
-               inode->i_security = NULL;
                inode->dirtied_when = 0;
                if (security_inode_alloc(inode)) {
                        if (inode->i_sb->s_op->destroy_inode)

diff --git a/include/linux/fs.h b/include/linux/fs.h
index 4caec6cebc4295cf9f9ec2a6fb5e4ddbca297909..6eafbe309483a56c91ec3ae4176dc9525321d457 100644 (file)
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -553,7 +553,9 @@ struct inode {
        unsigned int            i_flags;
 
        atomic_t                i_writecount;
+#ifdef CONFIG_SECURITY
        void                    *i_security;
+#endif
        void                    *i_private; /* fs or device private pointer */
 #ifdef __NEED_I_SIZE_ORDERED
        seqcount_t              i_size_seqcount;
@@ -645,7 +647,6 @@ struct fown_struct {
        rwlock_t lock;          /* protects pid, uid, euid fields */
        int pid;                /* pid or -pgrp where SIGIO should be sent */
        uid_t uid, euid;        /* uid/euid of process setting the owner */
-       void *security;
        int signum;             /* posix.1b rt signal to be delivered on IO */
 };
 
@@ -688,8 +689,9 @@ struct file {
        struct file_ra_state    f_ra;
 
        unsigned long           f_version;
+#ifdef CONFIG_SECURITY
        void                    *f_security;
-
+#endif
        /* needed for tty driver, and maybe others */
        void                    *private_data;
 
@@ -877,7 +879,9 @@ struct super_block {
        int                     s_syncing;
        int                     s_need_sync_fs;
        atomic_t                s_active;
+#ifdef CONFIG_SECURITY
        void                    *s_security;
+#endif
        struct xattr_handler    **s_xattr;
 
        struct list_head        s_inodes;       /* all inodes */

diff --git a/include/linux/security.h b/include/linux/security.h
index 9f56fb8a4a6c358091915aa34e5fae8c045a585d..9b5fea81f55e4e96dfdca7fb83a3ecd0834c2137 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1595,6 +1595,7 @@ static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
 
 static inline int security_inode_alloc (struct inode *inode)
 {
+       inode->i_security = NULL;
        return security_ops->inode_alloc_security (inode);
 }