If audit is disabled, who cares if there is a bug indicating syscall in process or names already recorded. Bail immediately on audit disabled.
Signed-off-by: Richard Guy Briggs <r...@redhat.com> --- kernel/auditsc.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index bc534bf..4e0a4ac 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1511,14 +1511,11 @@ void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, struct audit_context *context = tsk->audit_context; enum audit_state state; - if (!context) + if (!audit_enabled || !context) return; BUG_ON(context->in_syscall || context->name_count); - if (!audit_enabled) - return; - state = context->state; if (state == AUDIT_DISABLED) return; -- 1.8.3.1