On Wed, Mar 31, 2021 at 11:28:04AM -0500, Eric W. Biederman wrote: > Al Viro <viro@xxxxxxxxxxxxxxxxxx> writes: > > > On Mon, Feb 01, 2021 at 03:00:42PM +0000, Al Viro wrote: > > > >> The last one is the easiest to answer - we want to keep the imported strings > >> around for audit. It's not so much a proper refcounting as it is "we might > >> want freeing delayed" implemented as refcount. > > > > BTW, regarding io_uring + audit interactions - just how is that supposed to > > work if you offload any work that might lead to audit records (on permission > > checks, etc.) to helper threads? > > For people looking into these details. Things have gotten much better > recently. > > The big change is that io_uring helper threads are now proper > threads of the process that is using io_uring. The io_uring helper > threads just happen to never execute any userspace code. audit context is per-thread (as it has to be, obviously - multiple threads can have overlapping syscalls), so getname()/putname() interplay with that is still not obvious. I agree that these threads have gotten better, though.
