From: James Antill <james.antill@redhat.com>
To: Alexander Viro <aviro@redhat.com>
Cc: linux-audit@redhat.com
Subject: Re: [PATCH lazy audit
Date: Tue, 01 Aug 2006 11:45:58 -0400 [thread overview]
Message-ID: <1154447158.2103.8.camel@code.and.org> (raw)
In-Reply-To: <200608011522.k71FMcuq007786@devserv.devel.redhat.com>
[-- Attachment #1.1: Type: text/plain, Size: 1687 bytes --]
On Tue, 2006-08-01 at 11:22 -0400, Alexander Viro wrote:
> Killing audit overhead in case when no rules are loaded. More detailed
> log (this is a composite of patch series from audit git tree, see audit.b23..
> lspp.b23 in there for individual changesets):
> [PATCH] introduce audit rules counter
> [PATCH] mark context of syscall entered with no rules as dummy
> [PATCH] don't bother with aux entires for dummy context
> [PATCH] take filling ->pid, etc. out of audit_get_context()
> move that stuff downstream and into the only branch where it'll be
> used.
>
> diff --git a/fs/namei.c b/fs/namei.c
> index 0ab26cb..55a1312 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -159,7 +159,7 @@ char * getname(const char __user * filen
> #ifdef CONFIG_AUDITSYSCALL
> void putname(const char *name)
> {
> - if (unlikely(current->audit_context))
> + if (unlikely(!audit_dummy_context()))
> audit_putname(name);
> else
> __putname(name);
[...]
> +extern int audit_n_rules;
> #else
> #define audit_alloc(t) ({ 0; })
> #define audit_free(t) do { ; } while (0)
> #define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
> #define audit_syscall_exit(f,r) do { ; } while (0)
> +#define audit_dummy_context() 0
> #define audit_getname(n) do { ; } while (0)
> #define audit_putname(n) do { ; } while (0)
> #define __audit_inode(n,i) do { ; } while (0)
This should be:
+#define audit_dummy_context() 1
...no?
--
James Antill - <james.antill@redhat.com>
setsockopt(fd, IPPROTO_TCP, TCP_CONGESTION, ...);
setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, ...);
setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, ...);
[-- Attachment #1.2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
next prev parent reply other threads:[~2006-08-01 15:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-01 15:22 [PATCH lazy audit Alexander Viro
2006-08-01 15:45 ` James Antill [this message]
2006-08-01 16:04 ` Alexander Viro
2006-08-03 18:56 ` Amy Griffis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1154447158.2103.8.camel@code.and.org \
--to=james.antill@redhat.com \
--cc=aviro@redhat.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox