On Sat, Oct 7, 2023 at 12:07 AM Paul Moore <[email protected]> wrote: > > Does anyone else have any bright ideas or crazy thoughts on this? >
Well, not really an idea and for sure either crazy or dumb: Why not use the data already available from DEFINE_AUDIT_DATA() to determine the call path (or add a modifiable field to the struct) and handle locking accordingly? Anyway, this problem can be seen as a DoS vector. Any malicious code could trigger some audit causing a system lockup. So however ugly the solution this needs to be solved.
