From mboxrd@z Thu Jan 1 00:00:00 1970 From: Florian Westphal Subject: Re: [PATCH] audit: remove the audit freelist Date: Fri, 2 Dec 2016 01:09:04 +0100 Message-ID: <20161202000904.GA31010@breakpoint.cc> References: <1479215774-29810-1-git-send-email-fw@strlen.de> <20161201014455.GD26507@breakpoint.cc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org To: Paul Moore Cc: Florian Westphal , linux-kernel@vger.kernel.org, linux-audit@redhat.com, Eric Paris List-Id: linux-audit@redhat.com Paul Moore wrote: > On Wed, Nov 30, 2016 at 8:44 PM, Florian Westphal wrote: > > Paul Moore wrote: > >> On Tue, Nov 15, 2016 at 8:16 AM, Florian Westphal wrote: > >> > allows better debugging as freeing audit buffers now always honors slub > >> > debug hooks (e.g. object poisoning) and leak checker can detect the > >> > free operation. > >> > > >> > Removal also results in a small speedup (using > >> > single rule 'iptables -A INPUT -i lo -j AUDIT --type drop'): > >> > > >> > super_netperf 4 -H 127.0.0.1 -l 360 -t UDP_RR -- -R 1 -m 64 > >> > Before: > >> > 294953 > >> > After: > >> > 298013 > >> > > >> > (alloc/free no longer serializes on spinlock, allocator can use percpu > >> > pool). > >> > > >> > Signed-off-by: Florian Westphal > >> > --- > >> > kernel/audit.c | 53 ++++++++--------------------------------------------- > >> > 1 file changed, 8 insertions(+), 45 deletions(-) > >> > >> Sorry for the delay, I was hoping to have some time to play around > >> with this and offer a more meaningful comment ... I've often wondered > >> about converting audit_buffer, and audit_context for that matter, over > >> to their own kmem_cache; have you considered that? Or was this > >> proposed due to simplicity? > > > > Not sure I understand, you could still convert it on top of this. > > (Although audit_buffer is just 24 bytes after this patch so it will > > come from 32byte kmalloc slab). > > I'm not arguing against this patch, partly just musing out loud, > partly just seeing if you had experimented with creating a > audit_buffer specific kmem_cache (I'm guessing the answer here is > "no"). If we do convert to a kmem_cache this patch would be the > obvious first step. It does convert to a kmem_cache, indirectly. kmalloc() uses builtin_constant_size() magic to resolve the kmalloc to kmem_cache_alloc, using the precreated kmalloc_caches[] in slab_common.c .