[patch] fix syscall speedup patch mips typo
Jason Baron
jbaron at redhat.com
Wed Mar 15 20:36:42 UTC 2006
On Wed, 15 Mar 2006, Amy Griffis wrote:
> Hi Jason,
>
> On Mon, Mar 06, 2006 at 10:32:01AM -0500, Jason Baron wrote:
> > Patch is below. The idea behind this patch is based on a suggestion from
> > Steve Grubb to not call 'audit_syscall_entry' and 'audit_syscall_exit' if
> > there are no audit rules loaded. This is problematic for the case where
> > audit_log() is called in the middle of a system call (since we don't have
> > the entry parameters). We address this issue by creating a partial system
> > call record for this case, which contains the system call data that is
> > available at exit time. The patch shows a 30% performance increase for the
> > case where no rules are loaded on testing system calls in a tight loop.
>
> For your baseline measurement, was syscall auditing enabled or
> disabled?
>
the baseline is audit enabled (ie audit_enabled=1) with no rules and no
speedup patch. This was compared with audit enabled with no rules but with
the speedup patch.
-Jason
More information about the Linux-audit
mailing list