From: Linus Torvalds Date: Tue, 4 Oct 2022 18:05:43 +0000 (-0700) Subject: Merge tag 'audit-pr-20221003' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoor... X-Git-Tag: v6.6.17~6506 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c645c11a2dba116bad3ee43e08e330db8f03ede6;p=platform%2Fkernel%2Flinux-rpi.git Merge tag 'audit-pr-20221003' of git://git./linux/kernel/git/pcmoore/audit Pull audit updates from Paul Moore: "Six audit patches for v6.1, most are pretty trivial, but a quick list of the highlights are below: - Only free the audit proctitle information on task exit. This allows us to cache the information and improve performance slightly. - Use the time_after() macro to do time comparisons instead of doing it directly and potentially causing ourselves problems when the timer wraps. - Convert an audit_context state comparison from a relative enum comparison, e.g. (x < y), to a not-equal comparison to ensure that we are not caught out at some unknown point in the future by an enum shuffle. - A handful of small cleanups such as tidying up comments and removing unused declarations" * tag 'audit-pr-20221003' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: remove selinux_audit_rule_update() declaration audit: use time_after to compare time audit: free audit_proctitle only on task exit audit: explicitly check audit_context->context enum value audit: audit_context pid unused, context enum comment fix audit: fix repeated words in comments --- c645c11a2dba116bad3ee43e08e330db8f03ede6 diff --cc kernel/auditsc.c index 79a5da1,280b472..9f8c052 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@@ -2069,9 -2068,10 +2069,9 @@@ void __audit_syscall_exit(int success, /* run through both filters to ensure we set the filterkey properly */ audit_filter_syscall(current, context); audit_filter_inodes(current, context); - if (context->current_state < AUDIT_STATE_RECORD) + if (context->current_state != AUDIT_STATE_RECORD) goto out; - audit_return_fixup(context, success, return_code); audit_log_exit(); out: