| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Apr 2023 10:44:40 -0400
From: Paul Moore <paul@...l-moore.com>
To: Eiichi Tsukata <eiichi.tsukata@...anix.com>
Cc: eparis@...hat.com, linux-kernel@...r.kernel.org,
audit@...r.kernel.org
Subject: Re: [PATCH] audit: use pid.is_auditd to make auditd_test_task() faster
On Thu, Apr 13, 2023 at 11:14 PM Eiichi Tsukata
<eiichi.tsukata@...anix.com> wrote:
>
> auditd_test_task() is a hot path of system call auditing. This patch
> introduces a new bit field "is_auditd" in pid struct which can be used
> for faster check of registered audit daemon.
>
> Benchmark
> =========
>
> Run the following command:
>
> dd if=/dev/zero of=/dev/null bs=1 count=5M
>
> With rule:
>
> -a never,exit -F arch=b64 -S uname
>
> Result:
>
> Base line : 2.572 sec
> /w this patch: 2.412 sec (6.6% faster)
>
> Signed-off-by: Eiichi Tsukata <eiichi.tsukata@...anix.com>
> ---
> include/linux/pid.h | 4 ++++
> kernel/audit.c | 22 ++--------------------
> kernel/audit.h | 3 ++-
> kernel/pid.c | 3 +++
> 4 files changed, 11 insertions(+), 21 deletions(-)
>
> diff --git a/include/linux/pid.h b/include/linux/pid.h
> index 343abf22092e..5fe38e254c9a 100644
> --- a/include/linux/pid.h
> +++ b/include/linux/pid.h
> @@ -68,6 +68,10 @@ struct pid
> wait_queue_head_t wait_pidfd;
> struct rcu_head rcu;
> struct upid numbers[1];
> +#ifdef CONFIG_AUDIT
> + /* registered audit daemon tgid */
> + unsigned is_auditd:1;
> +#endif
> };
Thank you for the patch, but I don't think we want to add an audit
specific field to the pid struct at this time.
--
paul-moore.com
Powered by blists - more mailing lists