---
 security/apparmor/apparmor.h |    2 +-
 security/apparmor/lsm.c      |    4 ++--
 security/apparmor/main.c     |   10 +++++++---
 3 files changed, 10 insertions(+), 6 deletions(-)

--- a/security/apparmor/apparmor.h
+++ b/security/apparmor/apparmor.h
@@ -347,7 +347,7 @@ extern void aa_change_task_context(struc
 extern int aa_may_ptrace(struct aa_task_context *cxt,
 			 struct aa_profile *tracee);
 extern int aa_net_perm(struct aa_profile *profile, char *operation,
-			int family, int type, int protocol);
+		       int int_state, int family, int type, int protocol);
 extern int aa_revalidate_sk(struct sock *sk, char *operation);
 extern int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource,
 			     struct rlimit *new_rlim);
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -669,8 +669,8 @@ static int apparmor_socket_create(int fa
 
 	profile = aa_get_profile(current);
 	if (profile)
-		error = aa_net_perm(profile, "socket_create", family,
-							type, protocol);
+		error = aa_net_perm(profile, "socket_create", 0, family,
+				    type, protocol);
 	aa_put_profile(profile);
 
 	return error;
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -818,7 +818,7 @@ int aa_link(struct aa_profile *profile,
 	return error;
 }
 
-int aa_net_perm(struct aa_profile *profile, char *operation,
+int aa_net_perm(struct aa_profile *profile, char *operation, int int_state,
 		int family, int type, int protocol)
 {
 	struct aa_audit sa;
@@ -843,7 +843,7 @@ int aa_net_perm(struct aa_profile *profi
 
 	memset(&sa, 0, sizeof(sa));
 	sa.operation = operation;
-	sa.gfp_mask = GFP_KERNEL;
+	sa.gfp_mask = int_state ? GFP_ATOMIC : GFP_KERNEL;
 	sa.family = family;
 	sa.type = type;
 	sa.protocol = protocol;
@@ -868,15 +868,19 @@ int aa_revalidate_sk(struct sock *sk, ch
 
 	/* this is some debugging code to flush out the network hooks that
 	   that are called in interrupt context */
+	int int_state = in_interrupt();
+
+	/*
 	if (in_interrupt()) {
 		printk(KERN_WARNING "AppArmor Debug: Hook being called from interrupt context\n");
 		dump_stack();
 		return 0;
 	}
+	*/
 
 	profile = aa_get_profile(current);
 	if (profile)
-		error = aa_net_perm(profile, operation,
+		error = aa_net_perm(profile, operation, int_state,
 				    sk->sk_family, sk->sk_type,
 				    sk->sk_protocol);
 	aa_put_profile(profile);