From owner-svn-src-all@FreeBSD.ORG Fri Feb 6 12:22:01 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32AB6106566B; Fri, 6 Feb 2009 12:22:01 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 044AA8FC17; Fri, 6 Feb 2009 12:22:01 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n16CM0Y6060995; Fri, 6 Feb 2009 12:22:00 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n16CM0OH060994; Fri, 6 Feb 2009 12:22:00 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <200902061222.n16CM0OH060994@svn.freebsd.org> From: Robert Watson Date: Fri, 6 Feb 2009 12:22:00 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r188227 - in stable/7/sys: . contrib/pf dev/ath/ath_hal dev/cxgb security/audit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2009 12:22:02 -0000 Author: rwatson Date: Fri Feb 6 12:22:00 2009 New Revision: 188227 URL: http://svn.freebsd.org/changeset/base/188227 Log: Merge r184489 from head to stable/7: When we drop an audit record going to and audit pipe because the audit pipe has overflowed, drop the newest, rather than oldest, record. This makes overflow drop behavior consistent with memory allocation failure leading to drop, avoids touching the consumer end of the queue from a producer, and lowers the CPU overhead of dropping a record by dropping before memory allocation and copying. Obtained from: Apple, Inc. Modified: stable/7/sys/ (props changed) stable/7/sys/contrib/pf/ (props changed) stable/7/sys/dev/ath/ath_hal/ (props changed) stable/7/sys/dev/cxgb/ (props changed) stable/7/sys/security/audit/audit_pipe.c Modified: stable/7/sys/security/audit/audit_pipe.c ============================================================================== --- stable/7/sys/security/audit/audit_pipe.c Fri Feb 6 12:20:08 2009 (r188226) +++ stable/7/sys/security/audit/audit_pipe.c Fri Feb 6 12:22:00 2009 (r188227) @@ -396,17 +396,22 @@ audit_pipe_preselect(au_id_t auid, au_ev /* * Append individual record to a queue -- allocate queue-local buffer, and - * add to the queue. We try to drop from the head of the queue so that more - * recent events take precedence over older ones, but if allocation fails we - * do drop the new event. + * add to the queue. If the queue is full or we can't allocate memory, drop + * the newest record. */ static void audit_pipe_append(struct audit_pipe *ap, void *record, u_int record_len) { - struct audit_pipe_entry *ape, *ape_remove; + struct audit_pipe_entry *ape; mtx_assert(&audit_pipe_mtx, MA_OWNED); + if (ap->ap_qlen >= ap->ap_qlimit) { + ap->ap_drops++; + audit_pipe_drops++; + return; + } + ape = malloc(sizeof(*ape), M_AUDIT_PIPE_ENTRY, M_NOWAIT | M_ZERO); if (ape == NULL) { ap->ap_drops++; @@ -425,15 +430,6 @@ audit_pipe_append(struct audit_pipe *ap, bcopy(record, ape->ape_record, record_len); ape->ape_record_len = record_len; - if (ap->ap_qlen >= ap->ap_qlimit) { - ape_remove = TAILQ_FIRST(&ap->ap_queue); - TAILQ_REMOVE(&ap->ap_queue, ape_remove, ape_queue); - audit_pipe_entry_free(ape_remove); - ap->ap_qlen--; - ap->ap_drops++; - audit_pipe_drops++; - } - TAILQ_INSERT_TAIL(&ap->ap_queue, ape, ape_queue); ap->ap_inserts++; ap->ap_qlen++;