On Fri, Feb 9, 2018 at 9:40 PM, Richard Guy Briggs <r...@redhat.com> wrote:
> Since removing the audit entry filter, test for early return before
> setting up any context state.
>
> Signed-off-by: Richard Guy Briggs <r...@redhat.com>
> ---
> kernel/auditsc.c | 18 +++++++++---------
> 1 file changed, 9 insertions(+), 9 deletions(-)
Sigh.
First off, thanks for making the changes, I think the end result of
1/3+2/3 is better than the v1 patch.
However, this really didn't need to be two patches, please combine 1/3
and 2/3 and resubmit. I know I've done the patch squashing for you in
the past, but I think it's time to start pushing some of this work
back to you.
Moving forward, if I provide feedback and do not explicitly suggest
creating a new patch, please incorporate the changes into the existing
patches.
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 9348302..bc534bf 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1519,23 +1519,23 @@ void __audit_syscall_entry(int major, unsigned long
> a1, unsigned long a2,
> if (!audit_enabled)
> return;
>
> - context->arch = syscall_get_arch();
> - context->major = major;
> - context->argv[0] = a1;
> - context->argv[1] = a2;
> - context->argv[2] = a3;
> - context->argv[3] = a4;
> -
> state = context->state;
> + if (state == AUDIT_DISABLED)
> + return;
> +
> context->dummy = !audit_n_rules;
> if (!context->dummy && state == AUDIT_BUILD_CONTEXT) {
> context->prio = 0;
> if (auditd_test_task(tsk))
> return;
> }
> - if (state == AUDIT_DISABLED)
> - return;
>
> + context->arch = syscall_get_arch();
> + context->major = major;
> + context->argv[0] = a1;
> + context->argv[1] = a2;
> + context->argv[2] = a3;
> + context->argv[3] = a4;
> context->serial = 0;
> context->ctime = current_kernel_time64();
> context->in_syscall = 1;
> --
> 1.8.3.1
>
--
paul moore
www.paul-moore.com
