On 11/10/2015 09:05 PM, Peter Hurley wrote: > Hi Greg, > > This patch series overhauls tty audit support. The goal was to simplify > and speed up tty auditing, which was a significant performance hit even > when disabled. > > The main features of this series are: > * Remove reference counting; the purpose of reference counting the per- > process tty_audit_buf was to prevent premature deletion if the > buffer was in-use when tty auditing was exited for the process. > However, since the process is single-threaded at tty_audit_exit(), > the buffer cannot be in-use by another thread. Patch 11/15. > * Remove functionally dead code, such as tty_put_user(). Patch 2/15. > * Atomically modify tty audit enable/disable flags to support lockless > read. Patch 9/15. > > Cc: Ingo Molnar <[email protected]> > Cc: Peter Zijlstra <[email protected]> > for patch 9/15 which removes an audit field from the signal_struct. > > Cc: Oleg Nesterov <[email protected]> > to confirm my understanding of the single-threadedness of > if (group_dead) tty_audit_exit(), called from do_exit(). Patch 11/15 > > Requires: "tty: audit: Fix audit source"
and as brought to my attention by Richard Guy Briggs also Requires: "n_tty: Uninline tty_copy_to_user()" Apologies for any inconvenience caused. > Regards, > > Peter Hurley (15): > tty: audit: Early-out pty master reads earlier > tty: audit: Never audit packet mode > tty: audit: Remove icanon mode from call chain > tty: audit: Defer audit buffer association > tty: audit: Take siglock directly > tty: audit: Ignore current association for audit push > tty: audit: Combine push functions > tty: audit: Track tty association with dev_t > tty: audit: Handle tty audit enable atomically > tty: audit: Remove false memory optimization > tty: audit: Remove tty_audit_buf reference counting > tty: audit: Simplify first-use allocation > tty: audit: Check audit enable first > tty: audit: Always push audit buffer before TIOCSTI > tty: audit: Poison tty_audit_buf while process exits > > drivers/tty/n_tty.c | 25 ++---- > drivers/tty/tty_audit.c | 231 > ++++++++++++++---------------------------------- > include/linux/audit.h | 4 + > include/linux/sched.h | 1 - > include/linux/tty.h | 12 +-- > kernel/audit.c | 27 +++--- > 6 files changed, 97 insertions(+), 203 deletions(-) > -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
