Page MenuHomeFreeBSD
Differential D50879

audit: move the wait from the queue length from the commit to alloc
ClosedPublic
Actions

Authored by kib on Jun 16 2025, 4:07 PM.
Tags
None
Referenced Files
F132288575: D50879.id157263.diff
Wed, Oct 15, 1:37 PM
Unknown Object (File)
Tue, Oct 14, 7:01 AM
Unknown Object (File)
Wed, Oct 8, 2:32 PM
Unknown Object (File)
Tue, Sep 23, 3:06 PM
Unknown Object (File)
Sep 13 2025, 6:05 AM
Unknown Object (File)
Sep 3 2025, 12:16 AM
Unknown Object (File)
Aug 3 2025, 3:21 PM
Unknown Object (File)
Aug 2 2025, 8:26 PM
View All 47 Files
Subscribers
imp
pho

Details

Reviewers
markj
Commits
rG0452f5f7b37a: audit: move the wait from the queue length from the commit to alloc
Summary
AUDIT_SYSCALL_EXIT() and indirectly audit_commit() is intended to be
called from arbitrary top-level context.  This means that any sleepable
locks can be owned by the caller, and which makes the sleeping in
audit_commit() forbidden.

Since we need to sleep for the record in audit_alloc() anyway, move the
sleep for the queue limit there.  At worst, if the audit is suspended is
disabled when we actually reach the commit location, this means that we
lost time uselessly.

PR:     287566

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.Jun 16 2025, 4:07 PM
Herald added a subscriber: imp. · View Herald TranscriptJun 16 2025, 4:07 PM
kib requested review of this revision.Jun 16 2025, 4:07 PM
markj added inline comments.Jun 16 2025, 4:15 PM
sys/security/audit/audit.c
443

Shouldn't this come before the increment of audit_pre_q_len? Otherwise there is some theoretical risk of deadlock if audit_qctrl.aq_hiwater threads enter this sleep.

kib added inline comments.Jun 16 2025, 4:23 PM
sys/security/audit/audit.c
443

I am not sure why. Note that we still check for audit_q_len, not audit_pre_q_len against high watermark. audit_q_len should eventually go down while audit records are processed.

Also it is really not different from the current watermark organization, I only moved the wait place earlier, still before audit_q_len increment.

markj accepted this revision.Jun 16 2025, 4:33 PM
markj added inline comments.
sys/security/audit/audit.c
443

Ok, I see now.

I might also move the allocation of ar to the end of the function.

This revision is now accepted and ready to land.Jun 16 2025, 4:33 PM
kib updated this revision to Diff 157115.Jun 16 2025, 5:01 PM

Allocate after sleep.

This revision now requires review to proceed.Jun 16 2025, 5:01 PM
markj accepted this revision.Jun 16 2025, 5:17 PM
This revision is now accepted and ready to land.Jun 16 2025, 5:17 PM
kib added a subscriber: pho.Jun 17 2025, 6:37 PM
Closed by commit rG0452f5f7b37a: audit: move the wait from the queue length from the commit to alloc (authored by kib). · Explain WhyJun 18 2025, 5:58 PM
This revision was automatically updated to reflect the committed changes.
kib added a commit: rG0452f5f7b37a: audit: move the wait from the queue length from the commit to alloc.

Revision Contents
Changeset List

PathSize
sys/
security/
audit/
27 lines

Diff 157263

View Options

sys/security/audit/audit.c

Loading...