* [PATCH -next] audit: refactor audit_log_cap to improve performance
@ 2023-03-07 12:25 Gaosheng Cui
2023-03-08 17:14 ` Paul Moore
0 siblings, 1 reply; 2+ messages in thread
From: Gaosheng Cui @ 2023-03-07 12:25 UTC (permalink / raw)
To: paul, eparis, cuigaosheng1; +Cc: audit
By testing the performance of snprintf on qemu, I found that
snprintf("%s", str) performed much better than snprintf("xx%s", str),
the former takes 2ns while the latter takes 60ns.
Based on the test results, using audit_log_format(ab, "%s", prefix)
instead of audit_log_format(ab, " %s=0", prefix) will get better
performance, so refactor the audit_log_cap() to improve performance.
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
---
kernel/auditsc.c | 37 +++++++++++++++++++------------------
1 file changed, 19 insertions(+), 18 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index addeed3df15d..d04d0a57a603 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1295,11 +1295,12 @@ static void audit_log_execve_info(struct audit_context *context,
static void audit_log_cap(struct audit_buffer *ab, char *prefix,
kernel_cap_t *cap)
{
+ audit_log_format(ab, "%s", prefix);
if (cap_isclear(*cap)) {
- audit_log_format(ab, " %s=0", prefix);
+ audit_log_format(ab, "0");
return;
}
- audit_log_format(ab, " %s=%016llx", prefix, cap->val);
+ audit_log_format(ab, "%016llx", cap->val);
}
static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
@@ -1308,8 +1309,8 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
audit_log_format(ab, " cap_fe=? cap_fver=? cap_fp=? cap_fi=?");
return;
}
- audit_log_cap(ab, "cap_fp", &name->fcap.permitted);
- audit_log_cap(ab, "cap_fi", &name->fcap.inheritable);
+ audit_log_cap(ab, " cap_fp=", &name->fcap.permitted);
+ audit_log_cap(ab, " cap_fi=", &name->fcap.inheritable);
audit_log_format(ab, " cap_fe=%d cap_fver=%x cap_frootid=%d",
name->fcap.fE, name->fcap_ver,
from_kuid(&init_user_ns, name->fcap.rootid));
@@ -1450,10 +1451,10 @@ static void show_special(struct audit_context *context, int *call_panic)
break; }
case AUDIT_CAPSET:
audit_log_format(ab, "pid=%d", context->capset.pid);
- audit_log_cap(ab, "cap_pi", &context->capset.cap.inheritable);
- audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);
- audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);
- audit_log_cap(ab, "cap_pa", &context->capset.cap.ambient);
+ audit_log_cap(ab, " cap_pi=", &context->capset.cap.inheritable);
+ audit_log_cap(ab, " cap_pp=", &context->capset.cap.permitted);
+ audit_log_cap(ab, " cap_pe=", &context->capset.cap.effective);
+ audit_log_cap(ab, " cap_pa=", &context->capset.cap.ambient);
break;
case AUDIT_MMAP:
audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd,
@@ -1726,17 +1727,17 @@ static void audit_log_exit(void)
struct audit_aux_data_bprm_fcaps *axs = (void *)aux;
audit_log_format(ab, "fver=%x", axs->fcap_ver);
- audit_log_cap(ab, "fp", &axs->fcap.permitted);
- audit_log_cap(ab, "fi", &axs->fcap.inheritable);
+ audit_log_cap(ab, " fp=", &axs->fcap.permitted);
+ audit_log_cap(ab, " fi=", &axs->fcap.inheritable);
audit_log_format(ab, " fe=%d", axs->fcap.fE);
- audit_log_cap(ab, "old_pp", &axs->old_pcap.permitted);
- audit_log_cap(ab, "old_pi", &axs->old_pcap.inheritable);
- audit_log_cap(ab, "old_pe", &axs->old_pcap.effective);
- audit_log_cap(ab, "old_pa", &axs->old_pcap.ambient);
- audit_log_cap(ab, "pp", &axs->new_pcap.permitted);
- audit_log_cap(ab, "pi", &axs->new_pcap.inheritable);
- audit_log_cap(ab, "pe", &axs->new_pcap.effective);
- audit_log_cap(ab, "pa", &axs->new_pcap.ambient);
+ audit_log_cap(ab, " old_pp=", &axs->old_pcap.permitted);
+ audit_log_cap(ab, " old_pi=", &axs->old_pcap.inheritable);
+ audit_log_cap(ab, " old_pe=", &axs->old_pcap.effective);
+ audit_log_cap(ab, " old_pa=", &axs->old_pcap.ambient);
+ audit_log_cap(ab, " pp=", &axs->new_pcap.permitted);
+ audit_log_cap(ab, " pi=", &axs->new_pcap.inheritable);
+ audit_log_cap(ab, " pe=", &axs->new_pcap.effective);
+ audit_log_cap(ab, " pa=", &axs->new_pcap.ambient);
audit_log_format(ab, " frootid=%d",
from_kuid(&init_user_ns,
axs->fcap.rootid));
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH -next] audit: refactor audit_log_cap to improve performance
2023-03-07 12:25 [PATCH -next] audit: refactor audit_log_cap to improve performance Gaosheng Cui
@ 2023-03-08 17:14 ` Paul Moore
0 siblings, 0 replies; 2+ messages in thread
From: Paul Moore @ 2023-03-08 17:14 UTC (permalink / raw)
To: Gaosheng Cui; +Cc: eparis, audit
On Tue, Mar 7, 2023 at 7:25 AM Gaosheng Cui <cuigaosheng1@huawei.com> wrote:
>
> By testing the performance of snprintf on qemu, I found that
> snprintf("%s", str) performed much better than snprintf("xx%s", str),
> the former takes 2ns while the latter takes 60ns.
>
> Based on the test results, using audit_log_format(ab, "%s", prefix)
> instead of audit_log_format(ab, " %s=0", prefix) will get better
> performance, so refactor the audit_log_cap() to improve performance.
>
> Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
> ---
> kernel/auditsc.c | 37 +++++++++++++++++++------------------
> 1 file changed, 19 insertions(+), 18 deletions(-)
>
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index addeed3df15d..d04d0a57a603 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1295,11 +1295,12 @@ static void audit_log_execve_info(struct audit_context *context,
> static void audit_log_cap(struct audit_buffer *ab, char *prefix,
> kernel_cap_t *cap)
> {
> + audit_log_format(ab, "%s", prefix);
> if (cap_isclear(*cap)) {
> - audit_log_format(ab, " %s=0", prefix);
> + audit_log_format(ab, "0");
> return;
> }
> - audit_log_format(ab, " %s=%016llx", prefix, cap->val);
> + audit_log_format(ab, "%016llx", cap->val);
> }
Have you specifically measured the impact to audit? I worry that any
improvements gained by using snprintf() differently will be lost by
the additional audit_log_format() call for every capability logged.
--
paul-moore.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-03-08 17:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-07 12:25 [PATCH -next] audit: refactor audit_log_cap to improve performance Gaosheng Cui
2023-03-08 17:14 ` Paul Moore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).