On Fri, Feb 9, 2018 at 9:40 PM, Richard Guy Briggs <r...@redhat.com> wrote: > Since removing the audit entry filter, test for early return before > setting up any context state. > > Signed-off-by: Richard Guy Briggs <r...@redhat.com> > --- > kernel/auditsc.c | 18 +++++++++--------- > 1 file changed, 9 insertions(+), 9 deletions(-)
Sigh. First off, thanks for making the changes, I think the end result of 1/3+2/3 is better than the v1 patch. However, this really didn't need to be two patches, please combine 1/3 and 2/3 and resubmit. I know I've done the patch squashing for you in the past, but I think it's time to start pushing some of this work back to you. Moving forward, if I provide feedback and do not explicitly suggest creating a new patch, please incorporate the changes into the existing patches. > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 9348302..bc534bf 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -1519,23 +1519,23 @@ void __audit_syscall_entry(int major, unsigned long > a1, unsigned long a2, > if (!audit_enabled) > return; > > - context->arch = syscall_get_arch(); > - context->major = major; > - context->argv[0] = a1; > - context->argv[1] = a2; > - context->argv[2] = a3; > - context->argv[3] = a4; > - > state = context->state; > + if (state == AUDIT_DISABLED) > + return; > + > context->dummy = !audit_n_rules; > if (!context->dummy && state == AUDIT_BUILD_CONTEXT) { > context->prio = 0; > if (auditd_test_task(tsk)) > return; > } > - if (state == AUDIT_DISABLED) > - return; > > + context->arch = syscall_get_arch(); > + context->major = major; > + context->argv[0] = a1; > + context->argv[1] = a2; > + context->argv[2] = a3; > + context->argv[3] = a4; > context->serial = 0; > context->ctime = current_kernel_time64(); > context->in_syscall = 1; > -- > 1.8.3.1 > -- paul moore www.paul-moore.com