Merge git://git.infradead.org/users/eparis/audit

Pull audit update from Eric Paris:
 "Again we stayed pretty well contained inside the audit system.
  Venturing out was fixing a couple of function prototypes which were
  inconsistent (didn't hurt anything, but we used the same value as an
  int, uint, u32, and I think even a long in a couple of places).

  We also made a couple of minor changes to when a couple of LSMs called
  the audit system.  We hoped to add aarch64 audit support this go
  round, but it wasn't ready.

  I'm disappearing on vacation on Thursday.  I should have internet
  access, but it'll be spotty.  If anything goes wrong please be sure to
  cc rgb@redhat.com.  He'll make fixing things his top priority"

* git://git.infradead.org/users/eparis/audit: (50 commits)
  audit: whitespace fix in kernel-parameters.txt
  audit: fix location of __net_initdata for audit_net_ops
  audit: remove pr_info for every network namespace
  audit: Modify a set of system calls in audit class definitions
  audit: Convert int limit uses to u32
  audit: Use more current logging style
  audit: Use hex_byte_pack_upper
  audit: correct a type mismatch in audit_syscall_exit()
  audit: reorder AUDIT_TTY_SET arguments
  audit: rework AUDIT_TTY_SET to only grab spin_lock once
  audit: remove needless switch in AUDIT_SET
  audit: use define's for audit version
  audit: documentation of audit= kernel parameter
  audit: wait_for_auditd rework for readability
  audit: update MAINTAINERS
  audit: log task info on feature change
  audit: fix incorrect set of audit_sock
  audit: print error message when fail to create audit socket
  audit: fix dangling keywords in audit_log_set_loginuid() output
  audit: log on errors from filter user rules
  ...

2 files changed, 6 insertions, 11 deletions

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index fc5a63a05a1c..c93c21127f0c 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2948,25 +2948,21 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
         struct selinux_audit_rule *rule = vrule;
         int match = 0;
 
-        if (!rule) {
-                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                          "selinux_audit_rule_match: missing rule\n");
+        if (unlikely(!rule)) {
+                WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n");
                 return -ENOENT;
         }
 
         read_lock(&policy_rwlock);
 
         if (rule->au_seqno < latest_granting) {
-                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                          "selinux_audit_rule_match: stale rule\n");
                 match = -ESTALE;
                 goto out;
         }
 
         ctxt = sidtab_search(&sidtab, sid);
-        if (!ctxt) {
-                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                          "selinux_audit_rule_match: unrecognized SID %d\n",
+        if (unlikely(!ctxt)) {
+                WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
                           sid);
                 match = -ENOENT;
                 goto out;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index d814e35987be..14f52be78c75 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3616,9 +3616,8 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
         struct smack_known *skp;
         char *rule = vrule;
 
-        if (!rule) {
-                audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                          "Smack: missing rule\n");
+        if (unlikely(!rule)) {
+                WARN_ONCE(1, "Smack: missing rule\n");
                 return -ENOENT;
         }