From mboxrd@z Thu Jan  1 00:00:00 1970
From: James Antill <james.antill@redhat.com>
Subject: Re: [PATCH lazy audit
Date: Tue, 01 Aug 2006 11:45:58 -0400
Message-ID: <1154447158.2103.8.camel@code.and.org>
References: <200608011522.k71FMcuq007786@devserv.devel.redhat.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0263149989=="
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <200608011522.k71FMcuq007786@devserv.devel.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Alexander Viro <aviro@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com


--===============0263149989==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="=-zQpLPC4hKxYIxXZRv/18"


--=-zQpLPC4hKxYIxXZRv/18
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2006-08-01 at 11:22 -0400, Alexander Viro wrote:
> 	Killing audit overhead in case when no rules are loaded.  More detailed
> log (this is a composite of patch series from audit git tree, see audit.b=
23..
> lspp.b23 in there for individual changesets):


> [PATCH] introduce audit rules counter
> [PATCH] mark context of syscall entered with no rules as dummy
> [PATCH] don't bother with aux entires for dummy context
> [PATCH] take filling ->pid, etc. out of audit_get_context()
>     move that stuff downstream and into the only branch where it'll be
>     used.
>=20
> diff --git a/fs/namei.c b/fs/namei.c
> index 0ab26cb..55a1312 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -159,7 +159,7 @@ char * getname(const char __user * filen
>  #ifdef CONFIG_AUDITSYSCALL
>  void putname(const char *name)
>  {
> -	if (unlikely(current->audit_context))
> +	if (unlikely(!audit_dummy_context()))
>  		audit_putname(name);
>  	else
>  		__putname(name);
[...]
> +extern int audit_n_rules;
>  #else
>  #define audit_alloc(t) ({ 0; })
>  #define audit_free(t) do { ; } while (0)
>  #define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
>  #define audit_syscall_exit(f,r) do { ; } while (0)
> +#define audit_dummy_context() 0
>  #define audit_getname(n) do { ; } while (0)
>  #define audit_putname(n) do { ; } while (0)
>  #define __audit_inode(n,i) do { ; } while (0)

 This should be:

+#define audit_dummy_context() 1

...no?

--=20
James Antill - <james.antill@redhat.com>
setsockopt(fd, IPPROTO_TCP, TCP_CONGESTION, ...);
setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, ...);
setsockopt(fd, SOL_SOCKET,  SO_ATTACH_FILTER, ...);


--=-zQpLPC4hKxYIxXZRv/18
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQBEz3c211eXTEMrxtQRAvxaAJ4lzTedBKQFP8RUzstK+S6J1TokOQCeLXoO
flaHdsuPz1RPOfLNOJ5tc1Y=
=aKNE
-----END PGP SIGNATURE-----

--=-zQpLPC4hKxYIxXZRv/18--


--===============0263149989==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============0263149989==--