audit.49 kernel

[Timothy R. Chavez]

On Wednesday 25 May 2005 12:29, Steve Grubb wrote:
> On Wednesday 25 May 2005 12:34, Timothy R. Chavez wrote:
> > Schnikies.  That's awfully suspicious.  I'll look into this after lunch
> 
> Try this script with audit-0.9:
> 
> #!/bin/bash
> while [ 1 ] ;
> do
>         echo "Inserting..."
>         auditctl -w /etc/passwd -k fk_passwd -p rwea
>         auditctl -w /var/run/dbus/system_bus_socket -k dbus-test -p rwea
>         echo "Deleting..."
>         auditctl -D
> done

Just a quick update.  I've let this run for 5 minutes on x86_64 (UP) using 
audit-0.9 and will be attempting SMP momentarily.  Still, the problems
you're getting are quite unnatural.  I've been given some others machines
to test on and will do so promptly... I'm having a hard time figuring out
what this problem could be...

David did bring up a good point about me allocating memory in 
audit_notify_watch(), but not handling it, should -ENOMEM be
returned  (yikes), but I'm not sure this is related to what you're
seeing right now.
 
> The common issue is that path= is empty???

I'm not sure how this could happen... I'm thinking it has to do with sending 
information back to user space.  I also saw that audit_update_watch() crapped
out on yah too.  So these are the two places I'm focusing my attention.

> 
> This also deadlocked my computer once and I had to hit the reset button. No 
> oops. The mouse & keys did not work.

Yeah seems like there are two locking issues.  One locking issue where a spinlock
that's held is trying to be held within it and the true deadlock.... ah locking *cough*

-tim