[RFC][PATCH] (#6) filesystem auditing
Timothy R. Chavez
tinytim at us.ibm.com
Fri Mar 18 23:12:32 UTC 2005
On Friday 18 March 2005 03:54 pm, Serge Hallyn wrote:
<snip>
>
> It looks like we could pare it down to
>
> struct audit_data {
> struct audit_wentry *wentry;
> struct hlist_head *watchlist;
> rwlock_t watchlist_lock;
> };
How about, we make it:
struct audit_data {
struct audit_wentry *wentry;
struct hlist_head *watchlist;
}
struct audit_wentry {
struct hlist_node w_list;
atomic_t w_count;
struct audit_watch *w_watch;
unsigned int w_valid;
spinlock_t w_lock;
};
I can protect the watchlist with RCU. And then perhaps the w_lock will be
used as a writer lock for any updates to w_valid (nothing else will ever be
updated other the atomic count).
I have to go. I'll talk more about this hopefully this weekend. Perhaps come
up with something as well.
> With spinlock debugging and preemption off, we're down to just three
> longs per inode, so I guess it's not so bad.
>
> Perhaps we could also use rcu to protect the watchlist, using the i_sem
> to guard against racing writers?
>
> -serge
--
-tim
More information about the Linux-audit
mailing list