linux/security/tomoyo
Dmitry Vyukov 04e57a2d95 tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().
If tomoyo is used in a testing/fuzzing environment in learning mode,
for lots of domains the quota will be exceeded and stay exceeded
for prolonged periods of time. In such cases it's pointless (and slow)
to walk the whole acl list again and again just to rediscover that
the quota is exceeded. We already have the TOMOYO_DIF_QUOTA_WARNED flag
that notes the overflow condition. Check it early to avoid the slowdown.

[penguin-kernel]
This patch causes a user visible change that the learning mode will not be
automatically resumed after the quota is increased. To resume the learning
mode, administrator will need to explicitly clear TOMOYO_DIF_QUOTA_WARNED
flag after increasing the quota. But I think that this change is generally
preferable, for administrator likely wants to optimize the acl list for
that domain before increasing the quota, or that domain likely hits the
quota again. Therefore, don't try to care to clear TOMOYO_DIF_QUOTA_WARNED
flag automatically when the quota for that domain changed.

Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
2021-12-15 20:11:07 +09:00
..
policy
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
audit.c tomoyo: fix doc warnings 2021-06-16 00:01:28 +09:00
common.c tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
common.h exec: Implement kernel_execve 2020-07-21 08:24:52 -05:00
condition.c tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
domain.c mm/pagemap: add mmap_assert_locked() annotations to find_vma*() 2021-09-03 09:58:13 -07:00
environ.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file.c tomoyo: ignore data race while checking quota 2021-02-01 11:52:11 +09:00
gc.c tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
group.c tomoyo: Suppress RCU warning at list_for_each_entry_rcu(). 2019-12-16 23:02:27 +09:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
load_policy.c tomoyo: Coding style fix. 2019-01-24 14:50:27 -08:00
Makefile kbuild: move bin2c back to scripts/ from scripts/basic/ 2018-07-18 01:18:05 +09:00
memory.c tomoyo: Fix null pointer check 2020-11-27 19:36:11 +09:00
mount.c tomoyo: Coding style fix. 2019-01-24 14:50:27 -08:00
network.c tomoyo: don't special case PF_IO_WORKER for PF_KTHREAD 2021-03-28 13:11:29 +09:00
realpath.c proc: proc_pid_ns takes super_block as an argument 2020-05-19 07:07:50 -05:00
securityfs_if.c tomoyo: fix doc warnings 2021-06-16 00:01:28 +09:00
tomoyo.c tomoyo: fix doc warnings 2021-06-16 00:01:28 +09:00
util.c tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok(). 2021-12-15 20:11:07 +09:00