| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 08 Jun 2011 14:13:36 -0400 From: Eric Paris <eparis@...hat.com> To: Oleg Nesterov <oleg@...hat.com> Cc: linux-kernel@...r.kernel.org, tony.luck@...el.com, fenghua.yu@...el.com, monstr@...str.eu, ralf@...ux-mips.org, benh@...nel.crashing.org, paulus@...ba.org, schwidefsky@...ibm.com, heiko.carstens@...ibm.com, linux390@...ibm.com, lethal@...ux-sh.org, davem@...emloft.net, jdike@...toit.com, richard@....at, tglx@...utronix.de, mingo@...hat.com, hpa@...or.com, x86@...nel.org, viro@...iv.linux.org.uk, akpm@...ux-foundation.org, linux-ia64@...r.kernel.org, microblaze-uclinux@...e.uq.edu.au, linux-mips@...ux-mips.org, linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org, linux-sh@...r.kernel.org, sparclinux@...r.kernel.org, user-mode-linux-devel@...ts.sourceforge.net Subject: Re: [PATCH -v2] Audit: push audit success and retcode into arch ptrace.h On Wed, 2011-06-08 at 18:36 +0200, Oleg Nesterov wrote: > On 06/07, Eric Paris wrote: > > > > On Tue, 2011-06-07 at 19:19 +0200, Oleg Nesterov wrote: > > > > > > With or without this patch, can't we call audit_syscall_exit() twice > > > if there is something else in _TIF_WORK_SYSCALL_EXIT mask apart from > > > SYSCALL_AUDIT ? First time it is called from asm, then from > > > syscall_trace_leave(), no? > > > > > > For example. The task has TIF_SYSCALL_AUDIT and nothing else, it does > > > system_call->auditsys->system_call_fastpath. What if it gets, say, > > > TIF_SYSCALL_TRACE before ret_from_sys_call? > > > > No harm is done calling twice. The first call will do the real work and > > cleanup. It will set a flag in the audit data that the work has been > > done (in_syscall == 0) thus the second call will then not do any real > > work and won't have anything to clean up. > > Hmm... and I assume context->previous != NULL is not possible on x86_64. > OK, thanks. > > And I guess, all CONFIG_AUDITSYSCALL code in entry.S is only needed to > microoptimize the case when TIF_SYSCALL_AUDIT is the only reason for the > slow path. I wonder if it really makes the measureble difference... All I know is what Roland put in the changelog: Avoiding the iret return path when syscall audit is enabled helps performance a lot. I believe this was a result of Fedora starting auditd by default and then Linus bitching about how slow a null syscall in a tight loop was. It was an optimization for a microbenchmark. How much it affects things on a real syscall that does real work is probably going to be determined by how much work is done in the syscall. (or just disable auditd in userspace) -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists