[SERVER-59774] Separate locks for Encrypting Audit Log Lines and Writes to Log File Created: 03/Sep/21  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Shreyas Kalyan Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Assigned Teams:
Server Security
Participants:

 Description   

When writing audit logs to disk, we need to ensure that the IVs are allocated under a lock. We also need to ensure that when writing an audit entry to disk, the IVs are written in the right order. We currently do this by taking a lock from the start of encrypting a log line until the log has been written to disk. This can be very slow.

An alternate proposal would be to perform the encryption under lock A and add the encrypted log line to a heap, then release the lock. Later, when the file writer is free, take the file writer lock under lock B and write the first item from the heap to disk.


Generated at Thu Feb 08 05:48:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.