[patch] fix syscall speedup patch mips typo
Amy Griffis
amy.griffis at hp.com
Wed Mar 15 20:33:29 UTC 2006
On Wed, Mar 15, 2006 at 03:36:42PM -0500, Jason Baron wrote:
>
> On Wed, 15 Mar 2006, Amy Griffis wrote:
>
> > Hi Jason,
> >
> > On Mon, Mar 06, 2006 at 10:32:01AM -0500, Jason Baron wrote:
> > > Patch is below. The idea behind this patch is based on a suggestion from
> > > Steve Grubb to not call 'audit_syscall_entry' and 'audit_syscall_exit' if
> > > there are no audit rules loaded. This is problematic for the case where
> > > audit_log() is called in the middle of a system call (since we don't have
> > > the entry parameters). We address this issue by creating a partial system
> > > call record for this case, which contains the system call data that is
> > > available at exit time. The patch shows a 30% performance increase for the
> > > case where no rules are loaded on testing system calls in a tight loop.
> >
> > For your baseline measurement, was syscall auditing enabled or
> > disabled?
> >
>
> the baseline is audit enabled (ie audit_enabled=1) with no rules and no
> speedup patch. This was compared with audit enabled with no rules but with
> the speedup patch.
I would be interested seeing numbers for audit_enabled=0 versus
audit_enabled=1 with speedup patch (both cases having no rules).
Why can't a user just disable syscall auditing if they aren't
interested in adding rules?
Thanks,
Amy
More information about the Linux-audit
mailing list