[PATCH v2] audit: unify audit_filter_{uring(), inode_name(), syscall()}
Paul Moore
paul at paul-moore.com
Thu Oct 13 23:11:50 UTC 2022
On Thu, Oct 6, 2022 at 8:49 PM Ankur Arora <ankur.a.arora at oracle.com> wrote:
>
> audit_filter_uring(), audit_filter_inode_name() are substantially
> similar to audit_filter_syscall(). Move the core logic to
> __audit_filter_op() which can be parametrized for all three.
>
> On a Skylakex system, getpid() latency (all results aggregated
> across 12 boot cycles):
>
> Min Mean Median Max pstdev
> (ns) (ns) (ns) (ns)
>
> - 196.63 207.86 206.60 230.98 (+- 3.92%)
> + 183.73 196.95 192.31 232.49 (+- 6.04%)
>
> Performance counter stats for 'bin/getpid' (3 runs) go from:
> cycles 805.58 ( +- 4.11% )
> instructions 1654.11 ( +- .05% )
> IPC 2.06 ( +- 3.39% )
> branches 430.02 ( +- .05% )
> branch-misses 1.55 ( +- 7.09% )
> L1-dcache-loads 440.01 ( +- .09% )
> L1-dcache-load-misses 9.05 ( +- 74.03% )
> to:
> cycles 765.37 ( +- 6.66% )
> instructions 1677.07 ( +- 0.04% )
> IPC 2.20 ( +- 5.90% )
> branches 431.10 ( +- 0.04% )
> branch-misses 1.60 ( +- 11.25% )
> L1-dcache-loads 521.04 ( +- 0.05% )
> L1-dcache-load-misses 6.92 ( +- 77.60% )
>
> (Both aggregated over 12 boot cycles.)
>
> The increased L1-dcache-loads are due to some intermediate values now
> coming from the stack.
>
> The improvement in cycles is due to a slightly denser loop (the list
> parameter in the list_for_each_entry_rcu() exit check now comes from
> a register rather than a constant as before.)
>
> Signed-off-by: Ankur Arora <ankur.a.arora at oracle.com>
> ---
> kernel/auditsc.c | 76 +++++++++++++++++++++++++-----------------------
> 1 file changed, 39 insertions(+), 37 deletions(-)
Thanks, this looks good to me. I'll queue this up for when the merge
window closes.
--
paul-moore.com
More information about the Linux-audit
mailing list