On Fri, 2005-05-20 at 15:59 +0100, David Woodhouse wrote:
On Fri, 2005-05-20 at 10:30 -0400, Valdis.Kletnieks(a)vt.edu wrote:
> Looks like we either only swatted half the bug, or the patch moved it
> around. Slightly different trace this time:
OK. Steve's audit_log_d_path() change, which I pulled in because it had
the side-effect of NUL-terminating the buffer, is now using GFP_KERNEL
where previously it was not.
We could make it use GFP_ATOMIC, but I suspect the better answer if at
all possible would be to make sure that avc_audit doesn't call it with
spinlocks held. Or maybe to make avc_audit() pass a gfp_mask to it, but
I don't like that much.
The lock is being held by the af_unix code (unix_state_wlock), not
avc_audit; the AVC is called under all kinds of circumstances (softirq,
hard irq, caller holding locks on relevant objects) for permission
checking and must never sleep.
One option might be to defer some of the AVC auditing to the audit
framework (e.g. save the vfsmount and dentry on the current audit
context and let audit_log_exit perform the audit_log_d_path).
--
Stephen Smalley
National Security Agency