[PATCH 00/15] Rework tty audit
Peter Hurley
peter at hurleysoftware.com
Fri Nov 13 02:31:17 UTC 2015
On 11/10/2015 09:05 PM, Peter Hurley wrote:
> Hi Greg,
>
> This patch series overhauls tty audit support. The goal was to simplify
> and speed up tty auditing, which was a significant performance hit even
> when disabled.
>
> The main features of this series are:
> * Remove reference counting; the purpose of reference counting the per-
> process tty_audit_buf was to prevent premature deletion if the
> buffer was in-use when tty auditing was exited for the process.
> However, since the process is single-threaded at tty_audit_exit(),
> the buffer cannot be in-use by another thread. Patch 11/15.
> * Remove functionally dead code, such as tty_put_user(). Patch 2/15.
> * Atomically modify tty audit enable/disable flags to support lockless
> read. Patch 9/15.
>
> Cc: Ingo Molnar <mingo at redhat.com>
> Cc: Peter Zijlstra <peterz at infradead.org>
> for patch 9/15 which removes an audit field from the signal_struct.
>
> Cc: Oleg Nesterov <oleg at redhat.com>
> to confirm my understanding of the single-threadedness of
> if (group_dead) tty_audit_exit(), called from do_exit(). Patch 11/15
>
> Requires: "tty: audit: Fix audit source"
and as brought to my attention by Richard Guy Briggs also
Requires: "n_tty: Uninline tty_copy_to_user()"
Apologies for any inconvenience caused.
> Regards,
>
> Peter Hurley (15):
> tty: audit: Early-out pty master reads earlier
> tty: audit: Never audit packet mode
> tty: audit: Remove icanon mode from call chain
> tty: audit: Defer audit buffer association
> tty: audit: Take siglock directly
> tty: audit: Ignore current association for audit push
> tty: audit: Combine push functions
> tty: audit: Track tty association with dev_t
> tty: audit: Handle tty audit enable atomically
> tty: audit: Remove false memory optimization
> tty: audit: Remove tty_audit_buf reference counting
> tty: audit: Simplify first-use allocation
> tty: audit: Check audit enable first
> tty: audit: Always push audit buffer before TIOCSTI
> tty: audit: Poison tty_audit_buf while process exits
>
> drivers/tty/n_tty.c | 25 ++----
> drivers/tty/tty_audit.c | 231 ++++++++++++++----------------------------------
> include/linux/audit.h | 4 +
> include/linux/sched.h | 1 -
> include/linux/tty.h | 12 +--
> kernel/audit.c | 27 +++---
> 6 files changed, 97 insertions(+), 203 deletions(-)
>
More information about the Linux-audit
mailing list