On Tuesday, November 10, 2015 09:05:45 PM Peter Hurley wrote: > Hi Greg, > > This patch series overhauls tty audit support. The goal was to simplify > and speed up tty auditing, which was a significant performance hit even > when disabled. > > The main features of this series are: > * Remove reference counting; the purpose of reference counting the per- > process tty_audit_buf was to prevent premature deletion if the > buffer was in-use when tty auditing was exited for the process. > However, since the process is single-threaded at tty_audit_exit(), > the buffer cannot be in-use by another thread. Patch 11/15. > * Remove functionally dead code, such as tty_put_user(). Patch 2/15. > * Atomically modify tty audit enable/disable flags to support lockless > read. Patch 9/15. > > Cc: Ingo Molnar <[email protected]> > Cc: Peter Zijlstra <[email protected]> > for patch 9/15 which removes an audit field from the signal_struct. > > Cc: Oleg Nesterov <[email protected]> > to confirm my understanding of the single-threadedness of > if (group_dead) tty_audit_exit(), called from do_exit(). Patch 11/15 > > Requires: "tty: audit: Fix audit source"
This is definitely more of a tty patchset than it is an audit patchset, but it all looks reasonable to me from an audit perspective. -- paul moore www.paul-moore.com -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
