Re: [PATCH v2 1/2] audit: add global auditd_pid to make auditd_test_task() faster
From: Paul Moore
Date: Tue Apr 18 2023 - 09:19:58 EST
On Tue, Apr 18, 2023 at 7:10 AM Eiichi Tsukata
<eiichi.tsukata@xxxxxxxxxxx> wrote:
>
> auditd_test_task() is a hot path of system call auditing. This patch
> introduces a global auditd_pid pid struct which can be used for faster
> check of registered audit daemon.
>
> Benchmarks
> ==========
>
> Run the following micro benchmarks:
>
> (1) dd:
> dd if=/dev/zero of=/dev/null bs=1 count=5M
>
> (2) UnixBench syscall:
> ./Run syscall -i 10 -c 1
>
> With rule:
>
> -a never,exit -F arch=b64 -S uname
>
> Results:
>
> (1) dd
> Base line : 2.572 sec
> /w this patch: 2.418 sec (6.3% faster)
>
> (2) UnixBench syscall Index Score
> Base line : 860
> /w this patch: 953 (10.8% faster)
>
> Signed-off-by: Eiichi Tsukata <eiichi.tsukata@xxxxxxxxxxx>
> ---
> kernel/audit.c | 39 +++++++++++----------------------------
> kernel/audit.h | 4 +++-
> 2 files changed, 14 insertions(+), 29 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 9bc0b0301198..9426980368e4 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -71,6 +71,7 @@ static int audit_initialized = AUDIT_UNINITIALIZED;
>
> u32 audit_enabled = AUDIT_OFF;
> bool audit_ever_enabled = !!AUDIT_OFF;
> +struct pid *auditd_pid;
As discussed previously, I want to keep the auditd tracking PID in the
auditd_connection struct.
--
paul-moore.com