git.baikalelectronics.ru Git - kernel.git/commit

author	Dmitry Vyukov <dvyukov@google.com>
	Tue, 14 Dec 2021 09:45:26 +0000 (10:45 +0100)
committer	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	Wed, 15 Dec 2021 11:11:07 +0000 (20:11 +0900)
commit	858f7cf3927992027fbf0156eb9c06df1e9d4093
tree	672e92876fcf0d63d97290f42e21fa2fea2a084a	tree \| snapshot
parent	12eedf34d18d065b6dba94dd7023221e1536ca8a	commit \| diff

tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().

If tomoyo is used in a testing/fuzzing environment in learning mode,
for lots of domains the quota will be exceeded and stay exceeded
for prolonged periods of time. In such cases it's pointless (and slow)
to walk the whole acl list again and again just to rediscover that
the quota is exceeded. We already have the TOMOYO_DIF_QUOTA_WARNED flag
that notes the overflow condition. Check it early to avoid the slowdown.

[penguin-kernel]
This patch causes a user visible change that the learning mode will not be
automatically resumed after the quota is increased. To resume the learning
mode, administrator will need to explicitly clear TOMOYO_DIF_QUOTA_WARNED
flag after increasing the quota. But I think that this change is generally
preferable, for administrator likely wants to optimize the acl list for
that domain before increasing the quota, or that domain likely hits the
quota again. Therefore, don't try to care to clear TOMOYO_DIF_QUOTA_WARNED
flag automatically when the quota for that domain changed.

Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>