Re: [RFC] bpf: Emit audit messages upon successful prog load and unload

> + > +static void bpf_audit_prog(const struct bpf_prog *prog, enum bpf_audit op) > +{ > + struct audit_buffer *ab; > + > + if (audit_enabled == AUDIT_OFF) > + return; I think you would probably also want to check the results of audit_dummy_context() here as well, see all the various audit_XXX() functions in include/linux/audit.h as an example. You'll see a pattern similar to the following: static inline void audit_foo(...) { if (unlikely(!audit_dummy_context())) __audit_foo(...) } > + ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_BPF); > + if (unlikely(!ab)) > + return; > + audit_log_format(ab, "prog-id=%u op=%s", > + prog->aux->id, bpf_audit_str[op]); Is it worth putting some checks in here to make sure that you don't blow past the end of the bpf_audit_str array?