1 files changed, 27 insertions, 37 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 98a98e6dca05..51a2ceb3a1ca 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -771,15 +771,13 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
                return AUDIT_DISABLED;
        rcu_read_lock();
-        if (!list_empty(list)) {
+        list_for_each_entry_rcu(e, list, list) {
-                list_for_each_entry_rcu(e, list, list) {
+                if (audit_in_mask(&e->rule, ctx->major) &&
-                        if (audit_in_mask(&e->rule, ctx->major) &&
+                    audit_filter_rules(tsk, &e->rule, ctx, NULL,
-                            audit_filter_rules(tsk, &e->rule, ctx, NULL,
+                                       &state, false)) {
-                                               &state, false)) {
+                        rcu_read_unlock();
-                                rcu_read_unlock();
+                        ctx->current_state = state;
-                                ctx->current_state = state;
+                        return state;
-                                return state;
-                        }
                }
        }
        rcu_read_unlock();
@@ -798,9 +796,6 @@ static int audit_filter_inode_name(struct task_struct *tsk,
        struct audit_entry *e;
        enum audit_state state;
-        if (list_empty(list))
-                return 0;
        list_for_each_entry_rcu(e, list, list) {
                if (audit_in_mask(&e->rule, ctx->major) &&
                    audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) {
@@ -808,7 +803,6 @@ static int audit_filter_inode_name(struct task_struct *tsk,
                        return 1;
                }
        }
        return 0;
 }
@@ -1945,18 +1939,16 @@ void __audit_inode(struct filename *name, const struct dentry *dentry,
                return;
        rcu_read_lock();
-        if (!list_empty(list)) {
+        list_for_each_entry_rcu(e, list, list) {
-                list_for_each_entry_rcu(e, list, list) {
+                for (i = 0; i < e->rule.field_count; i++) {
-                        for (i = 0; i < e->rule.field_count; i++) {
+                        struct audit_field *f = &e->rule.fields[i];
-                                struct audit_field *f = &e->rule.fields[i];
+                        if (f->type == AUDIT_FSTYPE
-                                if (f->type == AUDIT_FSTYPE
+                            && audit_comparator(inode->i_sb->s_magic,
-                                    && audit_comparator(inode->i_sb->s_magic,
+                                                f->op, f->val)
-                                                        f->op, f->val)
+                            && e->rule.action == AUDIT_NEVER) {
-                                    && e->rule.action == AUDIT_NEVER) {
+                                rcu_read_unlock();
-                                        rcu_read_unlock();
+                                return;
-                                        return;
-                                }
                        }
                }
        }
@@ -2065,18 +2057,16 @@ void __audit_inode_child(struct inode *parent,
                return;
        rcu_read_lock();
-        if (!list_empty(list)) {
+        list_for_each_entry_rcu(e, list, list) {
-                list_for_each_entry_rcu(e, list, list) {
+                for (i = 0; i < e->rule.field_count; i++) {
-                        for (i = 0; i < e->rule.field_count; i++) {
+                        struct audit_field *f = &e->rule.fields[i];
-                                struct audit_field *f = &e->rule.fields[i];
+                        if (f->type == AUDIT_FSTYPE
-                                if (f->type == AUDIT_FSTYPE
+                            && audit_comparator(parent->i_sb->s_magic,
-                                    && audit_comparator(parent->i_sb->s_magic,
+                                                f->op, f->val)
-                                                        f->op, f->val)
+                            && e->rule.action == AUDIT_NEVER) {
-                                    && e->rule.action == AUDIT_NEVER) {
+                                rcu_read_unlock();
-                                        rcu_read_unlock();
+                                return;
-                                        return;
-                                }
                        }
                }
        }

diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 98a98e6dca05..51a2ceb3a1ca 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -771,15 +771,13 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
771	return AUDIT_DISABLED;	771	return AUDIT_DISABLED;
772		772
773	rcu_read_lock();	773	rcu_read_lock();
774	if (!list_empty(list)) {	774	list_for_each_entry_rcu(e, list, list) {
775	list_for_each_entry_rcu(e, list, list) {	775	if (audit_in_mask(&e->rule, ctx->major) &&
776	if (audit_in_mask(&e->rule, ctx->major) &&	776	audit_filter_rules(tsk, &e->rule, ctx, NULL,
777	audit_filter_rules(tsk, &e->rule, ctx, NULL,	777	&state, false)) {
778	&state, false)) {	778	rcu_read_unlock();
779	rcu_read_unlock();	779	ctx->current_state = state;
780	ctx->current_state = state;	780	return state;
781	return state;
782	}
783	}	781	}
784	}	782	}
785	rcu_read_unlock();	783	rcu_read_unlock();
@@ -798,9 +796,6 @@ static int audit_filter_inode_name(struct task_struct *tsk,
798	struct audit_entry *e;	796	struct audit_entry *e;
799	enum audit_state state;	797	enum audit_state state;
800		798
801	if (list_empty(list))
802	return 0;
803
804	list_for_each_entry_rcu(e, list, list) {	799	list_for_each_entry_rcu(e, list, list) {
805	if (audit_in_mask(&e->rule, ctx->major) &&	800	if (audit_in_mask(&e->rule, ctx->major) &&
806	audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) {	801	audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) {
@@ -808,7 +803,6 @@ static int audit_filter_inode_name(struct task_struct *tsk,
808	return 1;	803	return 1;
809	}	804	}
810	}	805	}
811
812	return 0;	806	return 0;
813	}	807	}
814		808
@@ -1945,18 +1939,16 @@ void __audit_inode(struct filename name, const struct dentry dentry,
1945	return;	1939	return;
1946		1940
1947	rcu_read_lock();	1941	rcu_read_lock();
1948	if (!list_empty(list)) {	1942	list_for_each_entry_rcu(e, list, list) {
1949	list_for_each_entry_rcu(e, list, list) {	1943	for (i = 0; i < e->rule.field_count; i++) {
1950	for (i = 0; i < e->rule.field_count; i++) {	1944	struct audit_field *f = &e->rule.fields[i];
1951	struct audit_field *f = &e->rule.fields[i];	1945
1952		1946	if (f->type == AUDIT_FSTYPE
1953	if (f->type == AUDIT_FSTYPE	1947	&& audit_comparator(inode->i_sb->s_magic,
1954	&& audit_comparator(inode->i_sb->s_magic,	1948	f->op, f->val)
1955	f->op, f->val)	1949	&& e->rule.action == AUDIT_NEVER) {
1956	&& e->rule.action == AUDIT_NEVER) {	1950	rcu_read_unlock();
1957	rcu_read_unlock();	1951	return;
1958	return;
1959	}
1960	}	1952	}
1961	}	1953	}
1962	}	1954	}
@@ -2065,18 +2057,16 @@ void __audit_inode_child(struct inode *parent,
2065	return;	2057	return;
2066		2058
2067	rcu_read_lock();	2059	rcu_read_lock();
2068	if (!list_empty(list)) {	2060	list_for_each_entry_rcu(e, list, list) {
2069	list_for_each_entry_rcu(e, list, list) {	2061	for (i = 0; i < e->rule.field_count; i++) {
2070	for (i = 0; i < e->rule.field_count; i++) {	2062	struct audit_field *f = &e->rule.fields[i];
2071	struct audit_field *f = &e->rule.fields[i];	2063
2072		2064	if (f->type == AUDIT_FSTYPE
2073	if (f->type == AUDIT_FSTYPE	2065	&& audit_comparator(parent->i_sb->s_magic,
2074	&& audit_comparator(parent->i_sb->s_magic,	2066	f->op, f->val)
2075	f->op, f->val)	2067	&& e->rule.action == AUDIT_NEVER) {
2076	&& e->rule.action == AUDIT_NEVER) {	2068	rcu_read_unlock();
2077	rcu_read_unlock();	2069	return;
2078	return;
2079	}
2080	}	2070	}
2081	}	2071	}
2082	}	2072	}