audit 0.9.17 released

[David Woodhouse]

On Wed, 2005-07-13 at 17:19 -0400, Linda Knippers wrote:
> 
> Since that last problem was so easy, I'll mention another that I
> have less info on as I've only seen it twice, both times on my ia64
> box, and I couldn't capture much data.
> 
> The problem I've seen is a panic while shutting down when there's
> a heavy audit load.  The message is this:

Bah. I should know better than to set precedents like that. audit.76 is
uploading; audit.77 is building with this...

--- linux-2.6.9/kernel/auditsc.c~	2005-07-13 21:34:12.000000000 +0100
+++ linux-2.6.9/kernel/auditsc.c	2005-07-13 22:29:33.000000000 +0100
@@ -802,7 +802,7 @@ static void audit_log_task_info(struct a
 	up_read(&mm->mmap_sem);
 }
 
-static void audit_log_exit(struct audit_context *context)
+static void audit_log_exit(struct audit_context *context, unsigned int gfp_mask)
 {
 	int i;
 	struct audit_buffer *ab;
@@ -810,7 +810,7 @@ static void audit_log_exit(struct audit_
 	struct audit_watch_info *winfo;
 	struct hlist_node *pos;
 
-	ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
+	ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL);
 	if (!ab)
 		return;		/* audit_panic has been called */
 	audit_log_format(ab, "arch=%x syscall=%d",
@@ -957,9 +947,11 @@ void audit_free(struct task_struct *tsk)
 		return;
 
 	/* Check for system calls that do not go through the exit
-	 * function (e.g., exit_group), then free context block. */
+	 * function (e.g., exit_group), then free context block. 
+	 * We use GFP_ATOMIC here because we might be doing this 
+	 * in the context of the idle thread */
 	if (context->in_syscall && context->auditable)
-		audit_log_exit(context);
+		audit_log_exit(context, GFP_ATOMIC);
 
 	audit_free_context(context);
 }
@@ -1064,7 +1056,7 @@ void audit_syscall_exit(struct task_stru
 		return;
 
 	if (context->in_syscall && context->auditable)
-		audit_log_exit(context);
+		audit_log_exit(context, GFP_KERNEL);
 
 	context->in_syscall = 0;
 	context->auditable  = 0;

-- 
dwmw2