From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter Hurley <peter@hurleysoftware.com>
Subject: [PATCH 00/15] Rework tty audit
Date: Tue, 10 Nov 2015 21:05:45 -0500
Message-ID: <1447207560-16410-1-git-send-email-peter@hurleysoftware.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx1.redhat.com (ext-mx07.extmail.prod.ext.phx2.redhat.com
	[10.5.110.31])
	by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id tAB26JYE003144
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NO)
	for <linux-audit@redhat.com>; Tue, 10 Nov 2015 21:06:19 -0500
Received: from mail-io0-f176.google.com (mail-io0-f176.google.com
	[209.85.223.176])
	by mx1.redhat.com (Postfix) with ESMTPS id 148FDC0A1B13
	for <linux-audit@redhat.com>; Wed, 11 Nov 2015 02:06:18 +0000 (UTC)
Received: by iody8 with SMTP id y8so21408324iod.1
	for <linux-audit@redhat.com>; Tue, 10 Nov 2015 18:06:17 -0800 (PST)
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>, Oleg Nesterov <oleg@redhat.com>, Ingo Molnar <mingo@redhat.com>, linux-audit@redhat.com, Jiri Slaby <jslaby@suse.cz>, Peter Hurley <peter@hurleysoftware.com>
List-Id: linux-audit@redhat.com

Hi Greg,

This patch series overhauls tty audit support. The goal was to simplify
and speed up tty auditing, which was a significant performance hit even
when disabled.

The main features of this series are:
* Remove reference counting; the purpose of reference counting the per-
  process tty_audit_buf was to prevent premature deletion if the
  buffer was in-use when tty auditing was exited for the process.
  However, since the process is single-threaded at tty_audit_exit(),
  the buffer cannot be in-use by another thread. Patch 11/15.
* Remove functionally dead code, such as tty_put_user(). Patch 2/15.
* Atomically modify tty audit enable/disable flags to support lockless
  read. Patch 9/15.

Cc: Ingo Molnar <mingo@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
    for patch 9/15 which removes an audit field from the signal_struct.

Cc: Oleg Nesterov <oleg@redhat.com>
    to confirm my understanding of the single-threadedness of
    if (group_dead) tty_audit_exit(), called from do_exit(). Patch 11/15

Requires: "tty: audit: Fix audit source"

Regards,

Peter Hurley (15):
  tty: audit: Early-out pty master reads earlier
  tty: audit: Never audit packet mode
  tty: audit: Remove icanon mode from call chain
  tty: audit: Defer audit buffer association
  tty: audit: Take siglock directly
  tty: audit: Ignore current association for audit push
  tty: audit: Combine push functions
  tty: audit: Track tty association with dev_t
  tty: audit: Handle tty audit enable atomically
  tty: audit: Remove false memory optimization
  tty: audit: Remove tty_audit_buf reference counting
  tty: audit: Simplify first-use allocation
  tty: audit: Check audit enable first
  tty: audit: Always push audit buffer before TIOCSTI
  tty: audit: Poison tty_audit_buf while process exits

 drivers/tty/n_tty.c     |  25 ++----
 drivers/tty/tty_audit.c | 231 ++++++++++++++----------------------------------
 include/linux/audit.h   |   4 +
 include/linux/sched.h   |   1 -
 include/linux/tty.h     |  12 +--
 kernel/audit.c          |  27 +++---
 6 files changed, 97 insertions(+), 203 deletions(-)

-- 
2.6.3