git.baikalelectronics.ru Git - kernel.git/commit

author	Dmitry Vyukov <dvyukov@google.com>
	Tue, 14 Dec 2021 09:45:26 +0000 (10:45 +0100)
committer	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	Wed, 15 Dec 2021 11:11:07 +0000 (20:11 +0900)
commit	704b536c0c51e74e6d9149410f457947cafaca21
tree	672e92876fcf0d63d97290f42e21fa2fea2a084a	tree \| snapshot
parent	817f08c12a0ca9faf0b2f320d9c0f5c3df33cb4b	commit \| diff

tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().

If tomoyo is used in a testing/fuzzing environment in learning mode,
for lots of domains the quota will be exceeded and stay exceeded
for prolonged periods of time. In such cases it's pointless (and slow)
to walk the whole acl list again and again just to rediscover that
the quota is exceeded. We already have the TOMOYO_DIF_QUOTA_WARNED flag
that notes the overflow condition. Check it early to avoid the slowdown.

[penguin-kernel]
This patch causes a user visible change that the learning mode will not be
automatically resumed after the quota is increased. To resume the learning
mode, administrator will need to explicitly clear TOMOYO_DIF_QUOTA_WARNED
flag after increasing the quota. But I think that this change is generally
preferable, for administrator likely wants to optimize the acl list for
that domain before increasing the quota, or that domain likely hits the
quota again. Therefore, don't try to care to clear TOMOYO_DIF_QUOTA_WARNED
flag automatically when the quota for that domain changed.

Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>