git: 0452f5f7b37a - main - audit: move the wait from the queue length from the commit to alloc
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 18 Jun 2025 17:57:56 UTC
The branch main has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=0452f5f7b37af81dba3953c7127385fe6f307790
commit 0452f5f7b37af81dba3953c7127385fe6f307790
Author: Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-06-16 16:01:12 +0000
Commit: Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-06-18 17:57:49 +0000
audit: move the wait from the queue length from the commit to alloc
AUDIT_SYSCALL_EXIT() and indirectly audit_commit() is intended to be
called from arbitrary top-level context. This means that any sleepable
locks can be owned by the caller, and which makes the sleeping in
audit_commit() forbidden.
Since we need to sleep for the record in audit_alloc() anyway, move the
sleep for the queue limit there. At worst, if the audit is suspended is
disabled when we actually reach the commit location, this means that we
lost time uselessly.
PR: 287566
Reviewed by: markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D50879
---
sys/security/audit/audit.c | 27 +++++++++++----------------
1 file changed, 11 insertions(+), 16 deletions(-)
diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c
index a47bc9554712..05928f1c33e8 100644
--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@@ -411,15 +411,22 @@ currecord(void)
return (curthread->td_ar);
}
-/*
- * XXXAUDIT: Shouldn't there be logic here to sleep waiting on available
- * pre_q space, suspending the system call until there is room?
- */
struct kaudit_record *
audit_new(int event, struct thread *td)
{
struct kaudit_record *ar;
+ mtx_lock(&audit_mtx);
+ audit_pre_q_len++;
+
+ /*
+ * Constrain the number of committed audit records based on
+ * the configurable parameter.
+ */
+ while (audit_q_len >= audit_qctrl.aq_hiwater)
+ cv_wait(&audit_watermark_cv, &audit_mtx);
+ mtx_unlock(&audit_mtx);
+
/*
* Note: the number of outstanding uncommitted audit records is
* limited to the number of concurrent threads servicing system calls
@@ -427,11 +434,6 @@ audit_new(int event, struct thread *td)
*/
ar = uma_zalloc_arg(audit_record_zone, td, M_WAITOK);
ar->k_ar.ar_event = event;
-
- mtx_lock(&audit_mtx);
- audit_pre_q_len++;
- mtx_unlock(&audit_mtx);
-
return (ar);
}
@@ -565,13 +567,6 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
return;
}
- /*
- * Constrain the number of committed audit records based on the
- * configurable parameter.
- */
- while (audit_q_len >= audit_qctrl.aq_hiwater)
- cv_wait(&audit_watermark_cv, &audit_mtx);
-
TAILQ_INSERT_TAIL(&audit_q, ar, k_q);
audit_q_len++;
audit_pre_q_len--;