Hello, I am working with a development team developing a J2EE application. They reported a problem with a crash in audit_send(). The crash occurred in a ppc64 architecture environment early on in the invocation to audit send.
The crash occurs in this instruction which is establishing the size of the local stack: => 0xfff73237994 <audit_send+52>: stdu r1,-27232(r1) I found one large struct defined to a local variable (gdb) print sizeof(struct audit_message) $4 = 8988 but you will note that it asks for much more than that and after looking at the audit_send() routine, it calls a function called check_ack() which appears to be inlined and it contains two even larger definitions on the stack for the following structure: struct audit_reply (gdb) print sizeof(struct audit_reply) $3 = 9016 So, the combination of the three is what requires almost 26.5K of local stack usage in this frame alone. Is there a requirement for libaudit to have the structs on the stack versus allocated from heap? Is so, is this requirement documented somewhere? To be fair, the Java application has some heavy stack usage as it is since it is deployed in a web application server and there is a JNI function that is somewhere in the call stack as well. However, the stack usage in the audit_send() function seems ... excessive. Originally the thread stacksize size was set to 256K and that did not help but once we raised it to 1MB it did but I think that is probably more than we really need. I have looked at the source for the audit 2.2.3 release from March and don't see a difference in how the structs are allocated. So once again, if there is not a requirement that the structs be on the stack, should they not be allocated off the heap? regards, -- Luciano Chavez <[email protected]> -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
