libaudit large stack requirement in audit_send()

[Luciano Chavez <lnx1138@linux.vnet.ibm.com>]

Hello,

I am working with a development team developing a J2EE application. They
reported a problem with a crash in audit_send(). The crash occurred in a
ppc64 architecture environment early on in the invocation to audit send.

The crash occurs in this instruction which is establishing the size of
the local stack:

=> 0xfff73237994 <audit_send+52>:	stdu    r1,-27232(r1)

I found one large struct defined to a local variable

(gdb) print sizeof(struct audit_message)
$4 = 8988

but you will note that it asks for much more than that and after looking
at the audit_send() routine, it calls a function called check_ack()
which appears to be inlined and it contains two even larger definitions
on the stack for the following structure:

struct audit_reply

(gdb) print sizeof(struct audit_reply)
$3 = 9016

So, the combination of the three is what requires almost 26.5K of local
stack usage in this frame alone.

Is there a requirement for libaudit to have the structs on the stack
versus allocated from heap? Is so, is this requirement documented
somewhere?

To be fair, the Java application has some heavy stack usage as it is
since it is deployed in a web application server and there is a JNI
function that is somewhere in the call stack as well. However, the stack
usage in the audit_send() function seems ... excessive.

Originally the thread stacksize size was set to 256K and that did not
help but once we raised it to 1MB it did but I think that is probably
more than we really need.

I have looked at the source for the audit 2.2.3 release from March and
don't see a difference in how the structs are allocated. So once again,
if there is not a requirement that the structs be on the stack, should
they not be allocated off the heap?

regards,
-- 
Luciano Chavez <lnx1138@linux.vnet.ibm.com>