Re: Audit issue
On Thu, Nov 08, 2007 at 09:47:40AM -0500, Steve Grubb wrote:
On Thursday 08 November 2007 09:32:18 Alexander Viro wrote:
> > Thanks for posting this patch. Is it impossible to "repair "
processes by
> > simply adding a context if the pointer is NULL?
>
> At which point would you do that?
Possibly on syscall exit? Shouldn't the kernel have released all locks by that
point? And what about syscall entry...isn't that before any locking starts to
occur?
You do not get there unless you have ->audit_context != NULL. And if
you remove that check, you are in for more overhead.
True, but I'm thinking this will cause performance to go down if
the audit
system was ever enabled. It doesn't look as bad as the audit system actually
being on, but it may be doing unnecessary allocations I think.
*shrug*
Easy enough to test - boot with audit disabled, run benchmarks, enable
it, flush all caches (e.g. by memory pressure), rerun the benchmarks,
compare... I don't think it will be serious problem, but if it will
we can always look for trickier solutions.