From: Paul Moore <paul@paul-moore.com>
To: Peter Hurley <peter@hurleysoftware.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Oleg Nesterov <oleg@redhat.com>,
linux-audit@redhat.com, Jiri Slaby <jslaby@suse.cz>,
Ingo Molnar <mingo@redhat.com>
Subject: Re: [PATCH 00/15] Rework tty audit
Date: Sun, 20 Dec 2015 19:39:04 -0500 [thread overview]
Message-ID: <4568123.PiWQmDAB4z@sifl> (raw)
In-Reply-To: <1447207560-16410-1-git-send-email-peter@hurleysoftware.com>
On Tuesday, November 10, 2015 09:05:45 PM Peter Hurley wrote:
> Hi Greg,
>
> This patch series overhauls tty audit support. The goal was to simplify
> and speed up tty auditing, which was a significant performance hit even
> when disabled.
>
> The main features of this series are:
> * Remove reference counting; the purpose of reference counting the per-
> process tty_audit_buf was to prevent premature deletion if the
> buffer was in-use when tty auditing was exited for the process.
> However, since the process is single-threaded at tty_audit_exit(),
> the buffer cannot be in-use by another thread. Patch 11/15.
> * Remove functionally dead code, such as tty_put_user(). Patch 2/15.
> * Atomically modify tty audit enable/disable flags to support lockless
> read. Patch 9/15.
>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> for patch 9/15 which removes an audit field from the signal_struct.
>
> Cc: Oleg Nesterov <oleg@redhat.com>
> to confirm my understanding of the single-threadedness of
> if (group_dead) tty_audit_exit(), called from do_exit(). Patch 11/15
>
> Requires: "tty: audit: Fix audit source"
This is definitely more of a tty patchset than it is an audit patchset, but it
all looks reasonable to me from an audit perspective.
--
paul moore
www.paul-moore.com
next prev parent reply other threads:[~2015-12-21 0:39 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-11 2:05 [PATCH 00/15] Rework tty audit Peter Hurley
2015-11-11 2:05 ` [PATCH 01/15] tty: audit: Early-out pty master reads earlier Peter Hurley
2015-11-11 2:05 ` [PATCH 02/15] tty: audit: Never audit packet mode Peter Hurley
2015-11-11 2:05 ` [PATCH 03/15] tty: audit: Remove icanon mode from call chain Peter Hurley
2015-11-12 19:10 ` Richard Guy Briggs
2015-11-12 19:58 ` Peter Hurley
2015-11-13 2:15 ` Richard Guy Briggs
2015-11-13 2:27 ` Peter Hurley
2015-11-13 3:28 ` Richard Guy Briggs
2015-11-16 13:25 ` Peter Hurley
2015-11-11 2:05 ` [PATCH 04/15] tty: audit: Defer audit buffer association Peter Hurley
2015-11-11 2:05 ` [PATCH 05/15] tty: audit: Take siglock directly Peter Hurley
2015-11-11 2:05 ` [PATCH 06/15] tty: audit: Ignore current association for audit push Peter Hurley
2015-11-11 2:05 ` [PATCH 07/15] tty: audit: Combine push functions Peter Hurley
2015-11-11 2:05 ` [PATCH 08/15] tty: audit: Track tty association with dev_t Peter Hurley
2015-11-11 2:05 ` [PATCH 09/15] tty: audit: Handle tty audit enable atomically Peter Hurley
2015-11-11 2:05 ` [PATCH 10/15] tty: audit: Remove false memory optimization Peter Hurley
2015-11-11 2:05 ` [PATCH 11/15] tty: audit: Remove tty_audit_buf reference counting Peter Hurley
2015-11-11 2:05 ` [PATCH 12/15] tty: audit: Simplify first-use allocation Peter Hurley
2015-11-11 2:05 ` [PATCH 13/15] tty: audit: Check audit enable first Peter Hurley
2015-11-11 2:05 ` [PATCH 14/15] tty: audit: Always push audit buffer before TIOCSTI Peter Hurley
2015-11-11 2:06 ` [PATCH 15/15] tty: audit: Poison tty_audit_buf while process exits Peter Hurley
2015-11-13 2:31 ` [PATCH 00/15] Rework tty audit Peter Hurley
2015-12-21 0:39 ` Paul Moore [this message]
2016-01-10 4:58 ` [RESEND][PATCH " Peter Hurley
2016-01-10 4:58 ` [RESEND][PATCH 01/15] tty: audit: Early-out pty master reads earlier Peter Hurley
2016-01-10 4:58 ` [RESEND][PATCH 02/15] tty: audit: Never audit packet mode Peter Hurley
2016-01-10 4:58 ` [RESEND][PATCH 03/15] tty: audit: Remove icanon mode from call chain Peter Hurley
2016-01-10 4:58 ` [RESEND][PATCH 04/15] tty: audit: Defer audit buffer association Peter Hurley
2016-01-10 4:58 ` [RESEND][PATCH 05/15] tty: audit: Take siglock directly Peter Hurley
2016-01-10 4:58 ` [RESEND][PATCH 06/15] tty: audit: Ignore current association for audit push Peter Hurley
2016-01-10 5:36 ` kbuild test robot
2016-01-10 7:00 ` Peter Hurley
2016-01-10 4:59 ` [RESEND][PATCH 07/15] tty: audit: Combine push functions Peter Hurley
2016-01-10 4:59 ` [RESEND][PATCH 08/15] tty: audit: Track tty association with dev_t Peter Hurley
2016-01-10 4:59 ` [RESEND][PATCH 09/15] tty: audit: Handle tty audit enable atomically Peter Hurley
2016-01-10 4:59 ` [RESEND][PATCH 10/15] tty: audit: Remove false memory optimization Peter Hurley
2016-01-10 4:59 ` [RESEND][PATCH 11/15] tty: audit: Remove tty_audit_buf reference counting Peter Hurley
2016-01-10 4:59 ` [RESEND][PATCH 12/15] tty: audit: Simplify first-use allocation Peter Hurley
2016-01-10 4:59 ` [RESEND][PATCH 13/15] tty: audit: Check audit enable first Peter Hurley
2016-01-10 4:59 ` [RESEND][PATCH 14/15] tty: audit: Always push audit buffer before TIOCSTI Peter Hurley
2016-01-10 4:59 ` [RESEND][PATCH 15/15] tty: audit: Poison tty_audit_buf while process exits Peter Hurley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4568123.PiWQmDAB4z@sifl \
--to=paul@paul-moore.com \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.cz \
--cc=linux-audit@redhat.com \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=peter@hurleysoftware.com \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).