Audit Kernel Events, weekly report #2

Efstratios Karatzas gpf.kira at
Mon Jun 7 23:55:24 UTC 2010

The weekly report for week #2 of gsoc:

- implemented "exhaustive search" for UFS through VOP_GEPARENT (it
actually works)
exhaustive search means searching the whole filesystem to find a
parent directory with said vnode as a child
- made vn_fullpath_nocache friendly to mp unsafe file systems, also a
few minor changes and refactoring

current nfs implementation:
- made my changes friendly to mp unsafe file systems, i.e. now they
won't crash n burn if such a filesystem gets exported
- removed any race conditions I had previously introduced
- some code refactoring

experimental nfs implementation:
- managed to set up experimental server/client on my pcs
- ino_t hints are now stored inside file handles
- we are actually auditing most of the needed information for
non-compound rpcs, that is for nfs v2 & 3 rpcs
the only thing left to audit -for these rpcs- is file paths and we're
done (or so I think)

- thought about handling multiple simultaneous audit records per
single kernel thread. I e-mailed these thoughts to my mentor and as
soon as I hear from him, I'll start coding a sample solution for this
- a few bugs fixes here

plans for next week:
experimental nfs server:
-finish audit support for non compound rpcs
-begin audit support for compound rpcs

Personal note:
I believe that my code @ the current nfs server, vn_fullpath_nocache,
VOP_GETPARENT & audit framework has reached a point that I could
present it to the public; this means that, if my mentor agrees, it
won't be long before patches are shown to the community so that I may
get some feedback


Efstratios "GPF" Karatzas

More information about the soc-status mailing list