43 files changed, 204 insertions, 180 deletions
diff --git a/arch/alpha/include/asm/syscall.h b/arch/alpha/include/asm/syscall.h
new file mode 100644
index 000000000000..88d28eb2a566
--- /dev/null
+++ b/arch/alpha/include/asm/syscall.h
@@ -0,0 +1,11 @@
+#ifndef _ASM_ALPHA_SYSCALL_H
+#define _ASM_ALPHA_SYSCALL_H
+#include <uapi/linux/audit.h>
+static inline int syscall_get_arch(void)
+{
+        return AUDIT_ARCH_ALPHA;
+}
+#endif  /* _ASM_ALPHA_SYSCALL_H */
diff --git a/arch/alpha/kernel/ptrace.c b/arch/alpha/kernel/ptrace.c
index 86d835157b54..d9ee81769899 100644
--- a/arch/alpha/kernel/ptrace.c
+++ b/arch/alpha/kernel/ptrace.c
@@ -321,7 +321,7 @@ asmlinkage unsigned long syscall_trace_enter(void)
        if (test_thread_flag(TIF_SYSCALL_TRACE) &&
            tracehook_report_syscall_entry(current_pt_regs()))
                ret = -1UL;
-        audit_syscall_entry(AUDIT_ARCH_ALPHA, regs->r0, regs->r16, regs->r17, regs->r18, regs->r19);
+        audit_syscall_entry(regs->r0, regs->r16, regs->r17, regs->r18, regs->r19);
        return ret ?: current_pt_regs()->r0;
 }
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index 5e772a21ab97..ef9119f7462e 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -949,8 +949,8 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno)
        if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
                trace_sys_enter(regs, scno);
-        audit_syscall_entry(AUDIT_ARCH_ARM, scno, regs->ARM_r0, regs->ARM_r1,
+        audit_syscall_entry(scno, regs->ARM_r0, regs->ARM_r1, regs->ARM_r2,
-                            regs->ARM_r2, regs->ARM_r3);
+                            regs->ARM_r3);
        return scno;
 }
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index fe63ac5e9bf5..8a4ae8e73213 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -1120,8 +1120,8 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs)
        if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
                trace_sys_enter(regs, regs->syscallno);
-        audit_syscall_entry(syscall_get_arch(), regs->syscallno,
+        audit_syscall_entry(regs->syscallno, regs->orig_x0, regs->regs[1],
-                regs->orig_x0, regs->regs[1], regs->regs[2], regs->regs[3]);
+                            regs->regs[2], regs->regs[3]);
        return regs->syscallno;
 }
diff --git a/arch/ia64/include/asm/syscall.h b/arch/ia64/include/asm/syscall.h
index a7ff1c6ab068..1d0b875fec44 100644
--- a/arch/ia64/include/asm/syscall.h
+++ b/arch/ia64/include/asm/syscall.h
@@ -13,6 +13,7 @@
 #ifndef _ASM_SYSCALL_H
 #define _ASM_SYSCALL_H  1
+#include <uapi/linux/audit.h>
 #include <linux/sched.h>
 #include <linux/err.h>
@@ -79,4 +80,9 @@ static inline void syscall_set_arguments(struct task_struct *task,
        ia64_syscall_get_set_arguments(task, regs, i, n, args, 1);
 }
+static inline int syscall_get_arch(void)
+{
+        return AUDIT_ARCH_IA64;
+}
 #endif  /* _ASM_SYSCALL_H */
diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
index b7a5fffe0924..6f54d511cc50 100644
--- a/arch/ia64/kernel/ptrace.c
+++ b/arch/ia64/kernel/ptrace.c
@@ -1219,7 +1219,7 @@ syscall_trace_enter (long arg0, long arg1, long arg2, long arg3,
                ia64_sync_krbs();
-        audit_syscall_entry(AUDIT_ARCH_IA64, regs.r15, arg0, arg1, arg2, arg3);
+        audit_syscall_entry(regs.r15, arg0, arg1, arg2, arg3);
        return 0;
 }
diff --git a/arch/microblaze/include/asm/syscall.h b/arch/microblaze/include/asm/syscall.h
index 9bc431783105..53cfaf34c343 100644
--- a/arch/microblaze/include/asm/syscall.h
+++ b/arch/microblaze/include/asm/syscall.h
@@ -1,6 +1,7 @@
 #ifndef __ASM_MICROBLAZE_SYSCALL_H
 #define __ASM_MICROBLAZE_SYSCALL_H
+#include <uapi/linux/audit.h>
 #include <linux/kernel.h>
 #include <linux/sched.h>
 #include <asm/ptrace.h>
@@ -99,4 +100,8 @@ static inline void syscall_set_arguments(struct task_struct *task,
 asmlinkage long do_syscall_trace_enter(struct pt_regs *regs);
 asmlinkage void do_syscall_trace_leave(struct pt_regs *regs);
+static inline int syscall_get_arch(void)
+{
+        return AUDIT_ARCH_MICROBLAZE;
+}
 #endif /* __ASM_MICROBLAZE_SYSCALL_H */
diff --git a/arch/microblaze/kernel/ptrace.c b/arch/microblaze/kernel/ptrace.c
index 39cf50841f6d..bb10637ce688 100644
--- a/arch/microblaze/kernel/ptrace.c
+++ b/arch/microblaze/kernel/ptrace.c
@@ -147,8 +147,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
                 */
                ret = -1L;
-        audit_syscall_entry(EM_MICROBLAZE, regs->r12, regs->r5, regs->r6,
+        audit_syscall_entry(regs->r12, regs->r5, regs->r6, regs->r7, regs->r8);
-                            regs->r7, regs->r8);
        return ret ?: regs->r12;
 }
diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h
index cdf68b33bd65..bb7963753730 100644
--- a/arch/mips/include/asm/syscall.h
+++ b/arch/mips/include/asm/syscall.h
@@ -129,7 +129,7 @@ extern const unsigned long sysn32_call_table[];
 static inline int syscall_get_arch(void)
 {
-        int arch = EM_MIPS;
+        int arch = AUDIT_ARCH_MIPS;
 #ifdef CONFIG_64BIT
        if (!test_thread_flag(TIF_32BIT_REGS)) {
                arch |= __AUDIT_ARCH_64BIT;
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
index f7aac5b57b4b..9d1487d83293 100644
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -780,9 +780,7 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall)
        if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
                trace_sys_enter(regs, regs->regs[2]);
-        audit_syscall_entry(syscall_get_arch(),
+        audit_syscall_entry(syscall, regs->regs[4], regs->regs[5],
-                            syscall,
-                            regs->regs[4], regs->regs[5],
                            regs->regs[6], regs->regs[7]);
        return syscall;
 }
diff --git a/arch/openrisc/include/asm/syscall.h b/arch/openrisc/include/asm/syscall.h
index b752bb67891d..2db9f1cf0694 100644
--- a/arch/openrisc/include/asm/syscall.h
+++ b/arch/openrisc/include/asm/syscall.h
@@ -19,6 +19,7 @@
 #ifndef __ASM_OPENRISC_SYSCALL_H__
 #define __ASM_OPENRISC_SYSCALL_H__
+#include <uapi/linux/audit.h>
 #include <linux/err.h>
 #include <linux/sched.h>
@@ -71,4 +72,8 @@ syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
        memcpy(&regs->gpr[3 + i], args, n * sizeof(args[0]));
 }
+static inline int syscall_get_arch(void)
+{
+        return AUDIT_ARCH_OPENRISC;
+}
 #endif
diff --git a/arch/openrisc/include/uapi/asm/elf.h b/arch/openrisc/include/uapi/asm/elf.h
index f02ea5830420..88842760e66f 100644
--- a/arch/openrisc/include/uapi/asm/elf.h
+++ b/arch/openrisc/include/uapi/asm/elf.h
@@ -55,9 +55,8 @@ typedef elf_greg_t elf_gregset_t[ELF_NGREG];
 /* A placeholder; OR32 does not have fp support yes, so no fp regs for now.  */
 typedef unsigned long elf_fpregset_t;
-/* This should be moved to include/linux/elf.h */
+/* EM_OPENRISC is defined in linux/elf-em.h */
 #define EM_OR32         0x8472
-#define EM_OPENRISC     92     /* OpenRISC 32-bit embedded processor */
 /*
 * These are used to set parameters in the core dumps.
diff --git a/arch/openrisc/kernel/ptrace.c b/arch/openrisc/kernel/ptrace.c
index 71a2a0c34c65..4f59fa4e34e5 100644
--- a/arch/openrisc/kernel/ptrace.c
+++ b/arch/openrisc/kernel/ptrace.c
@@ -187,8 +187,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
                 */
                ret = -1L;
-        audit_syscall_entry(AUDIT_ARCH_OPENRISC, regs->gpr[11],
+        audit_syscall_entry(regs->gpr[11], regs->gpr[3], regs->gpr[4],
-                            regs->gpr[3], regs->gpr[4],
                            regs->gpr[5], regs->gpr[6]);
        return ret ? : regs->gpr[11];
diff --git a/arch/parisc/include/asm/syscall.h b/arch/parisc/include/asm/syscall.h
index 8bdfd2c8c39f..a5eba95d87fe 100644
--- a/arch/parisc/include/asm/syscall.h
+++ b/arch/parisc/include/asm/syscall.h
@@ -3,6 +3,8 @@
 #ifndef _ASM_PARISC_SYSCALL_H_
 #define _ASM_PARISC_SYSCALL_H_
+#include <uapi/linux/audit.h>
+#include <linux/compat.h>
 #include <linux/err.h>
 #include <asm/ptrace.h>
@@ -37,4 +39,13 @@ static inline void syscall_get_arguments(struct task_struct *tsk,
        }
 }
+static inline int syscall_get_arch(void)
+{
+        int arch = AUDIT_ARCH_PARISC;
+#ifdef CONFIG_64BIT
+        if (!is_compat_task())
+                arch = AUDIT_ARCH_PARISC64;
+#endif
+        return arch;
+}
 #endif /*_ASM_PARISC_SYSCALL_H_*/
diff --git a/arch/parisc/kernel/ptrace.c b/arch/parisc/kernel/ptrace.c
index 92438c21d453..9585c81f755f 100644
--- a/arch/parisc/kernel/ptrace.c
+++ b/arch/parisc/kernel/ptrace.c
@@ -280,14 +280,11 @@ long do_syscall_trace_enter(struct pt_regs *regs)
 #ifdef CONFIG_64BIT
        if (!is_compat_task())
-                audit_syscall_entry(AUDIT_ARCH_PARISC64,
+                audit_syscall_entry(regs->gr[20], regs->gr[26], regs->gr[25],
-                        regs->gr[20],
+                                    regs->gr[24], regs->gr[23]);
-                        regs->gr[26], regs->gr[25],
-                        regs->gr[24], regs->gr[23]);
        else
 #endif
-                audit_syscall_entry(AUDIT_ARCH_PARISC,
+                audit_syscall_entry(regs->gr[20] & 0xffffffff,
-                        regs->gr[20] & 0xffffffff,
                        regs->gr[26] & 0xffffffff,
                        regs->gr[25] & 0xffffffff,
                        regs->gr[24] & 0xffffffff,
diff --git a/arch/powerpc/include/asm/syscall.h b/arch/powerpc/include/asm/syscall.h
index b54b2add07be..6fa2708da153 100644
--- a/arch/powerpc/include/asm/syscall.h
+++ b/arch/powerpc/include/asm/syscall.h
@@ -13,7 +13,9 @@
 #ifndef _ASM_SYSCALL_H
 #define _ASM_SYSCALL_H  1
+#include <uapi/linux/audit.h>
 #include <linux/sched.h>
+#include <linux/thread_info.h>
 /* ftrace syscalls requires exporting the sys_call_table */
 #ifdef CONFIG_FTRACE_SYSCALLS
@@ -86,4 +88,8 @@ static inline void syscall_set_arguments(struct task_struct *task,
        memcpy(&regs->gpr[3 + i], args, n * sizeof(args[0]));
 }
+static inline int syscall_get_arch(void)
+{
+        return is_32bit_task() ? AUDIT_ARCH_PPC : AUDIT_ARCH_PPC64;
+}
 #endif  /* _ASM_SYSCALL_H */
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index cdb404ea3468..f21897b42057 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -1788,14 +1788,11 @@ long do_syscall_trace_enter(struct pt_regs *regs)
 #ifdef CONFIG_PPC64
        if (!is_32bit_task())
-                audit_syscall_entry(AUDIT_ARCH_PPC64,
+                audit_syscall_entry(regs->gpr[0], regs->gpr[3], regs->gpr[4],
-                                    regs->gpr[0],
-                                    regs->gpr[3], regs->gpr[4],
                                    regs->gpr[5], regs->gpr[6]);
        else
 #endif
-                audit_syscall_entry(AUDIT_ARCH_PPC,
+                audit_syscall_entry(regs->gpr[0],
-                                    regs->gpr[0],
                                    regs->gpr[3] & 0xffffffff,
                                    regs->gpr[4] & 0xffffffff,
                                    regs->gpr[5] & 0xffffffff,
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c
index f537e937a988..99a567b70d16 100644
--- a/arch/s390/kernel/ptrace.c
+++ b/arch/s390/kernel/ptrace.c
@@ -834,9 +834,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
        if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
                trace_sys_enter(regs, regs->gprs[2]);
-        audit_syscall_entry(is_compat_task() ?
+        audit_syscall_entry(regs->gprs[2], regs->orig_gpr2,
-                                AUDIT_ARCH_S390 : AUDIT_ARCH_S390X,
-                            regs->gprs[2], regs->orig_gpr2,
                            regs->gprs[3], regs->gprs[4],
                            regs->gprs[5]);
 out:
diff --git a/arch/sh/include/asm/syscall_32.h b/arch/sh/include/asm/syscall_32.h
index 7d80df4f09cb..95be3b0ce0ac 100644
--- a/arch/sh/include/asm/syscall_32.h
+++ b/arch/sh/include/asm/syscall_32.h
@@ -1,6 +1,7 @@
 #ifndef __ASM_SH_SYSCALL_32_H
 #define __ASM_SH_SYSCALL_32_H
+#include <uapi/linux/audit.h>
 #include <linux/kernel.h>
 #include <linux/sched.h>
 #include <linux/err.h>
@@ -93,4 +94,13 @@ static inline void syscall_set_arguments(struct task_struct *task,
        }
 }
+static inline int syscall_get_arch(void)
+{
+        int arch = AUDIT_ARCH_SH;
+#ifdef CONFIG_CPU_LITTLE_ENDIAN
+        arch |= __AUDIT_ARCH_LE;
+#endif
+        return arch;
+}
 #endif /* __ASM_SH_SYSCALL_32_H */
diff --git a/arch/sh/include/asm/syscall_64.h b/arch/sh/include/asm/syscall_64.h
index c3561ca72bee..c6a797b90b80 100644
--- a/arch/sh/include/asm/syscall_64.h
+++ b/arch/sh/include/asm/syscall_64.h
@@ -1,6 +1,7 @@
 #ifndef __ASM_SH_SYSCALL_64_H
 #define __ASM_SH_SYSCALL_64_H
+#include <uapi/linux/audit.h>
 #include <linux/kernel.h>
 #include <linux/sched.h>
 #include <asm/ptrace.h>
@@ -61,4 +62,17 @@ static inline void syscall_set_arguments(struct task_struct *task,
        memcpy(&regs->regs[2 + i], args, n * sizeof(args[0]));
 }
+static inline int syscall_get_arch(void)
+{
+        int arch = AUDIT_ARCH_SH;
+#ifdef CONFIG_64BIT
+        arch |= __AUDIT_ARCH_64BIT;
+#endif
+#ifdef CONFIG_CPU_LITTLE_ENDIAN
+        arch |= __AUDIT_ARCH_LE;
+#endif
+        return arch;
+}
 #endif /* __ASM_SH_SYSCALL_64_H */
diff --git a/arch/sh/kernel/ptrace_32.c b/arch/sh/kernel/ptrace_32.c
index 668c81631c08..c1a6b89bfe70 100644
--- a/arch/sh/kernel/ptrace_32.c
+++ b/arch/sh/kernel/ptrace_32.c
@@ -484,17 +484,6 @@ long arch_ptrace(struct task_struct *child, long request,
        return ret;
 }
-static inline int audit_arch(void)
-{
-        int arch = EM_SH;
-#ifdef CONFIG_CPU_LITTLE_ENDIAN
-        arch |= __AUDIT_ARCH_LE;
-#endif
-        return arch;
-}
 asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
 {
        long ret = 0;
@@ -513,8 +502,7 @@ asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
        if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
                trace_sys_enter(regs, regs->regs[0]);
-        audit_syscall_entry(audit_arch(), regs->regs[3],
+        audit_syscall_entry(regs->regs[3], regs->regs[4], regs->regs[5],
-                            regs->regs[4], regs->regs[5],
                            regs->regs[6], regs->regs[7]);
        return ret ?: regs->regs[0];
diff --git a/arch/sh/kernel/ptrace_64.c b/arch/sh/kernel/ptrace_64.c
index af90339dadcd..5cea973a65b2 100644
--- a/arch/sh/kernel/ptrace_64.c
+++ b/arch/sh/kernel/ptrace_64.c
@@ -504,20 +504,6 @@ asmlinkage int sh64_ptrace(long request, long pid,
        return sys_ptrace(request, pid, addr, data);
 }
-static inline int audit_arch(void)
-{
-        int arch = EM_SH;
-#ifdef CONFIG_64BIT
-        arch |= __AUDIT_ARCH_64BIT;
-#endif
-#ifdef CONFIG_CPU_LITTLE_ENDIAN
-        arch |= __AUDIT_ARCH_LE;
-#endif
-        return arch;
-}
 asmlinkage long long do_syscall_trace_enter(struct pt_regs *regs)
 {
        long long ret = 0;
@@ -536,8 +522,7 @@ asmlinkage long long do_syscall_trace_enter(struct pt_regs *regs)
        if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
                trace_sys_enter(regs, regs->regs[9]);
-        audit_syscall_entry(audit_arch(), regs->regs[1],
+        audit_syscall_entry(regs->regs[1], regs->regs[2], regs->regs[3],
-                            regs->regs[2], regs->regs[3],
                            regs->regs[4], regs->regs[5]);
        return ret ?: regs->regs[9];
diff --git a/arch/sparc/include/asm/syscall.h b/arch/sparc/include/asm/syscall.h
index 025a02ad2e31..49f71fd5b56e 100644
--- a/arch/sparc/include/asm/syscall.h
+++ b/arch/sparc/include/asm/syscall.h
@@ -1,9 +1,11 @@
 #ifndef __ASM_SPARC_SYSCALL_H
 #define __ASM_SPARC_SYSCALL_H
+#include <uapi/linux/audit.h>
 #include <linux/kernel.h>
 #include <linux/sched.h>
 #include <asm/ptrace.h>
+#include <asm/thread_info.h>
 /*
 * The syscall table always contains 32 bit pointers since we know that the
@@ -124,4 +126,9 @@ static inline void syscall_set_arguments(struct task_struct *task,
                regs->u_regs[UREG_I0 + i + j] = args[j];
 }
+static inline int syscall_get_arch(void)
+{
+        return is_32bit_task() ? AUDIT_ARCH_SPARC : AUDIT_ARCH_SPARC64;
+}
 #endif /* __ASM_SPARC_SYSCALL_H */
diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h
index 96efa7adc223..025c98446b1e 100644
--- a/arch/sparc/include/asm/thread_info_32.h
+++ b/arch/sparc/include/asm/thread_info_32.h
@@ -130,6 +130,8 @@ register struct thread_info *current_thread_info_reg asm("g6");
 #define _TIF_DO_NOTIFY_RESUME_MASK      (_TIF_NOTIFY_RESUME | \
                                         _TIF_SIGPENDING)
+#define is_32bit_task() (1)
 #endif /* __KERNEL__ */
 #endif /* _ASM_THREAD_INFO_H */
diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
index cc6275c931a5..798f0279a4b5 100644
--- a/arch/sparc/include/asm/thread_info_64.h
+++ b/arch/sparc/include/asm/thread_info_64.h
@@ -221,6 +221,8 @@ register struct thread_info *current_thread_info_reg asm("g6");
                                 _TIF_NEED_RESCHED)
 #define _TIF_DO_NOTIFY_RESUME_MASK      (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING)
+#define is_32bit_task() (test_thread_flag(TIF_32BIT))
 /*
 * Thread-synchronous status.
 *
diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c
index c13c9f25d83a..9ddc4928a089 100644
--- a/arch/sparc/kernel/ptrace_64.c
+++ b/arch/sparc/kernel/ptrace_64.c
@@ -1076,13 +1076,8 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs)
        if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
                trace_sys_enter(regs, regs->u_regs[UREG_G1]);
-        audit_syscall_entry((test_thread_flag(TIF_32BIT) ?
+        audit_syscall_entry(regs->u_regs[UREG_G1], regs->u_regs[UREG_I0],
-                             AUDIT_ARCH_SPARC :
+                            regs->u_regs[UREG_I1], regs->u_regs[UREG_I2],
-                             AUDIT_ARCH_SPARC64),
-                            regs->u_regs[UREG_G1],
-                            regs->u_regs[UREG_I0],
-                            regs->u_regs[UREG_I1],
-                            regs->u_regs[UREG_I2],
                            regs->u_regs[UREG_I3]);
        return ret;
diff --git a/arch/um/kernel/ptrace.c b/arch/um/kernel/ptrace.c
index 694d551c8899..62435ef003d9 100644
--- a/arch/um/kernel/ptrace.c
+++ b/arch/um/kernel/ptrace.c
@@ -165,8 +165,7 @@ static void send_sigtrap(struct task_struct *tsk, struct uml_pt_regs *regs,
 */
 void syscall_trace_enter(struct pt_regs *regs)
 {
-        audit_syscall_entry(HOST_AUDIT_ARCH,
+        audit_syscall_entry(UPT_SYSCALL_NR(&regs->regs),
-                            UPT_SYSCALL_NR(&regs->regs),
                            UPT_SYSCALL_ARG1(&regs->regs),
                            UPT_SYSCALL_ARG2(&regs->regs),
                            UPT_SYSCALL_ARG3(&regs->regs),
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
index 711de084ab57..8ffba18395c8 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -198,12 +198,12 @@ sysexit_from_sys_call:
 #ifdef CONFIG_AUDITSYSCALL
        .macro auditsys_entry_common
-        movl %esi,%r9d                  /* 6th arg: 4th syscall arg */
+        movl %esi,%r8d                  /* 5th arg: 4th syscall arg */
-        movl %edx,%r8d                  /* 5th arg: 3rd syscall arg */
+        movl %ecx,%r9d                  /*swap with edx*/
-        /* (already in %ecx)               4th arg: 2nd syscall arg */
+        movl %edx,%ecx                  /* 4th arg: 3rd syscall arg */
-        movl %ebx,%edx                  /* 3rd arg: 1st syscall arg */
+        movl %r9d,%edx                  /* 3rd arg: 2nd syscall arg */
-        movl %eax,%esi                  /* 2nd arg: syscall number */
+        movl %ebx,%esi                  /* 2nd arg: 1st syscall arg */
-        movl $AUDIT_ARCH_I386,%edi      /* 1st arg: audit arch */
+        movl %eax,%edi                  /* 1st arg: syscall number */
        call __audit_syscall_entry
        movl RAX-ARGOFFSET(%rsp),%eax   /* reload syscall number */
        cmpq $(IA32_NR_syscalls-1),%rax
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
index 4b0e1dfa2226..b553ed89e5f5 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -449,12 +449,11 @@ sysenter_audit:
        jnz syscall_trace_entry
        addl $4,%esp
        CFI_ADJUST_CFA_OFFSET -4
-        /* %esi already in 8(%esp)         6th arg: 4th syscall arg */
+        movl %esi,4(%esp)               /* 5th arg: 4th syscall arg */
-        /* %edx already in 4(%esp)         5th arg: 3rd syscall arg */
+        movl %edx,(%esp)                /* 4th arg: 3rd syscall arg */
-        /* %ecx already in 0(%esp)         4th arg: 2nd syscall arg */
+        /* %ecx already in %ecx            3rd arg: 2nd syscall arg */
-        movl %ebx,%ecx                  /* 3rd arg: 1st syscall arg */
+        movl %ebx,%edx                  /* 2nd arg: 1st syscall arg */
-        movl %eax,%edx                  /* 2nd arg: syscall number */
+        /* %eax already in %eax            1st arg: syscall number */
-        movl $AUDIT_ARCH_I386,%eax      /* 1st arg: audit arch */
        call __audit_syscall_entry
        pushl_cfi %ebx
        movl PT_EAX(%esp),%eax          /* reload syscall number */
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index 29576c244699..749b0e423419 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -1445,12 +1445,12 @@ static void do_audit_syscall_entry(struct pt_regs *regs, u32 arch)
 {
 #ifdef CONFIG_X86_64
        if (arch == AUDIT_ARCH_X86_64) {
-                audit_syscall_entry(arch, regs->orig_ax, regs->di,
+                audit_syscall_entry(regs->orig_ax, regs->di,
                                    regs->si, regs->dx, regs->r10);
        } else
 #endif
        {
-                audit_syscall_entry(arch, regs->orig_ax, regs->bx,
+                audit_syscall_entry(regs->orig_ax, regs->bx,
                                    regs->cx, regs->dx, regs->si);
        }
 }
diff --git a/arch/x86/um/asm/ptrace.h b/arch/x86/um/asm/ptrace.h
index 54f8102ccde5..e59eef20647b 100644
--- a/arch/x86/um/asm/ptrace.h
+++ b/arch/x86/um/asm/ptrace.h
@@ -47,8 +47,6 @@ struct user_desc;
 #ifdef CONFIG_X86_32
-#define HOST_AUDIT_ARCH AUDIT_ARCH_I386
 extern int ptrace_get_thread_area(struct task_struct *child, int idx,
                                  struct user_desc __user *user_desc);
@@ -57,8 +55,6 @@ extern int ptrace_set_thread_area(struct task_struct *child, int idx,
 #else
-#define HOST_AUDIT_ARCH AUDIT_ARCH_X86_64
 #define PT_REGS_R8(r) UPT_R8(&(r)->regs)
 #define PT_REGS_R9(r) UPT_R9(&(r)->regs)
 #define PT_REGS_R10(r) UPT_R10(&(r)->regs)
diff --git a/arch/x86/um/asm/syscall.h b/arch/x86/um/asm/syscall.h
new file mode 100644
index 000000000000..9fe77b7b5a0e
--- /dev/null
+++ b/arch/x86/um/asm/syscall.h
@@ -0,0 +1,15 @@
+#ifndef __UM_ASM_SYSCALL_H
+#define __UM_ASM_SYSCALL_H
+#include <uapi/linux/audit.h>
+static inline int syscall_get_arch(void)
+{
+#ifdef CONFIG_X86_32
+        return AUDIT_ARCH_I386;
+#else
+        return AUDIT_ARCH_X86_64;
+#endif
+}
+#endif /* __UM_ASM_SYSCALL_H */
diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c
index 562fac664751..4d54b481123b 100644
--- a/arch/xtensa/kernel/ptrace.c
+++ b/arch/xtensa/kernel/ptrace.c
@@ -342,7 +342,7 @@ void do_syscall_trace_enter(struct pt_regs *regs)
                do_syscall_trace();
 #if 0
-        audit_syscall_entry(current, AUDIT_ARCH_XTENSA..);
+        audit_syscall_entry(...);
 #endif
 }
diff --git a/include/asm-generic/syscall.h b/include/asm-generic/syscall.h
index d401e5463fb0..0c938a4354f6 100644
--- a/include/asm-generic/syscall.h
+++ b/include/asm-generic/syscall.h
@@ -147,7 +147,7 @@ void syscall_set_arguments(struct task_struct *task, struct pt_regs *regs,
 *
 * Returns the AUDIT_ARCH_* based on the system call convention in use.
 *
- * It's only valid to call this when @task is stopped on entry to a system
+ * It's only valid to call this when current is stopped on entry to a system
 * call, due to %TIF_SYSCALL_TRACE, %TIF_SYSCALL_AUDIT, or %TIF_SECCOMP.
 *
 * Architectures which permit CONFIG_HAVE_ARCH_SECCOMP_FILTER must
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 22cfddb75566..36dffeccebdb 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -66,12 +66,16 @@ struct audit_krule {
 struct audit_field {
        u32                             type;
-        u32                             val;
+        union {
-        kuid_t                          uid;
+                u32                     val;
-        kgid_t                          gid;
+                kuid_t                  uid;
+                kgid_t                  gid;
+                struct {
+                        char            *lsm_str;
+                        void            *lsm_rule;
+                };
+        };
        u32                             op;
-        char                            *lsm_str;
-        void                            *lsm_rule;
 };
 extern int is_audit_feature_set(int which);
@@ -109,12 +113,13 @@ extern void audit_log_session_info(struct audit_buffer *ab);
 #endif
 #ifdef CONFIG_AUDITSYSCALL
+#include <asm/syscall.h> /* for syscall_get_arch() */
 /* These are defined in auditsc.c */
                                /* Public API */
 extern int  audit_alloc(struct task_struct *task);
 extern void __audit_free(struct task_struct *task);
-extern void __audit_syscall_entry(int arch,
+extern void __audit_syscall_entry(int major, unsigned long a0, unsigned long a1,
-                                  int major, unsigned long a0, unsigned long a1,
                                  unsigned long a2, unsigned long a3);
 extern void __audit_syscall_exit(int ret_success, long ret_value);
 extern struct filename *__audit_reusename(const __user char *uptr);
@@ -141,12 +146,12 @@ static inline void audit_free(struct task_struct *task)
        if (unlikely(task->audit_context))
                __audit_free(task);
 }
-static inline void audit_syscall_entry(int arch, int major, unsigned long a0,
+static inline void audit_syscall_entry(int major, unsigned long a0,
                                       unsigned long a1, unsigned long a2,
                                       unsigned long a3)
 {
        if (unlikely(current->audit_context))
-                __audit_syscall_entry(arch, major, a0, a1, a2, a3);
+                __audit_syscall_entry(major, a0, a1, a2, a3);
 }
 static inline void audit_syscall_exit(void *pt_regs)
 {
@@ -322,7 +327,7 @@ static inline int audit_alloc(struct task_struct *task)
 }
 static inline void audit_free(struct task_struct *task)
 { }
-static inline void audit_syscall_entry(int arch, int major, unsigned long a0,
+static inline void audit_syscall_entry(int major, unsigned long a0,
                                       unsigned long a1, unsigned long a2,
                                       unsigned long a3)
 { }
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 3b9ff33e1768..d4dbef14d4df 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -352,6 +352,7 @@ enum {
 #define AUDIT_ARCH_IA64         (EM_IA_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_M32R         (EM_M32R)
 #define AUDIT_ARCH_M68K         (EM_68K)
+#define AUDIT_ARCH_MICROBLAZE   (EM_MICROBLAZE)
 #define AUDIT_ARCH_MIPS         (EM_MIPS)
 #define AUDIT_ARCH_MIPSEL       (EM_MIPS|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_MIPS64       (EM_MIPS|__AUDIT_ARCH_64BIT)
@@ -445,17 +446,4 @@ struct audit_rule_data {
        char            buf[0]; /* string fields buffer */
 };
-/* audit_rule is supported to maintain backward compatibility with
- * userspace.  It supports integer fields only and corresponds to
- * AUDIT_ADD, AUDIT_DEL and AUDIT_LIST requests.
- */
-struct audit_rule {             /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */
-        __u32           flags;  /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
-        __u32           action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
-        __u32           field_count;
-        __u32           mask[AUDIT_BITMASK_SIZE];
-        __u32           fields[AUDIT_MAX_FIELDS];
-        __u32           values[AUDIT_MAX_FIELDS];
-};
 #endif /* _UAPI_LINUX_AUDIT_H_ */
diff --git a/include/uapi/linux/elf-em.h b/include/uapi/linux/elf-em.h
index 01529bd96438..aa90bc98b6e2 100644
--- a/include/uapi/linux/elf-em.h
+++ b/include/uapi/linux/elf-em.h
@@ -32,6 +32,7 @@
 #define EM_V850         87      /* NEC v850 */
 #define EM_M32R         88      /* Renesas M32R */
 #define EM_MN10300      89      /* Panasonic/MEI MN10300, AM33 */
+#define EM_OPENRISC     92     /* OpenRISC 32-bit embedded processor */
 #define EM_BLACKFIN     106     /* ADI Blackfin Processor */
 #define EM_TI_C6000     140     /* TI C6X DSPs */
 #define EM_AARCH64      183     /* ARM 64 bit */
diff --git a/kernel/audit.c b/kernel/audit.c
index ba2ff5a5c600..80983df92cd4 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -126,7 +126,7 @@ static atomic_t    audit_lost = ATOMIC_INIT(0);
 /* The netlink socket. */
 static struct sock *audit_sock;
-int audit_net_id;
+static int audit_net_id;
 /* Hash for inode-based rules */
 struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS];
@@ -724,7 +724,7 @@ static int audit_get_feature(struct sk_buff *skb)
        seq = nlmsg_hdr(skb)->nlmsg_seq;
-        audit_send_reply(skb, seq, AUDIT_GET, 0, 0, &af, sizeof(af));
+        audit_send_reply(skb, seq, AUDIT_GET_FEATURE, 0, 0, &af, sizeof(af));
        return 0;
 }
@@ -750,7 +750,7 @@ static int audit_set_feature(struct sk_buff *skb)
        struct audit_features *uaf;
        int i;
-        BUILD_BUG_ON(AUDIT_LAST_FEATURE + 1 > sizeof(audit_feature_names)/sizeof(audit_feature_names[0]));
+        BUILD_BUG_ON(AUDIT_LAST_FEATURE + 1 > ARRAY_SIZE(audit_feature_names));
        uaf = nlmsg_data(nlmsg_hdr(skb));
        /* if there is ever a version 2 we should handle that here */
@@ -1301,19 +1301,9 @@ err:
 */
 unsigned int audit_serial(void)
 {
-        static DEFINE_SPINLOCK(serial_lock);
+        static atomic_t serial = ATOMIC_INIT(0);
-        static unsigned int serial = 0;
-        unsigned long flags;
+        return atomic_add_return(1, &serial);
-        unsigned int ret;
-        spin_lock_irqsave(&serial_lock, flags);
-        do {
-                ret = ++serial;
-        } while (unlikely(!ret));
-        spin_unlock_irqrestore(&serial_lock, flags);
-        return ret;
 }
 static inline void audit_get_stamp(struct audit_context *ctx,
@@ -1681,7 +1671,7 @@ void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap)
        }
 }
-void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
+static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
 {
        kernel_cap_t *perm = &name->fcap.permitted;
        kernel_cap_t *inh = &name->fcap.inheritable;
@@ -1860,7 +1850,7 @@ EXPORT_SYMBOL(audit_log_task_context);
 void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 {
        const struct cred *cred;
-        char name[sizeof(tsk->comm)];
+        char comm[sizeof(tsk->comm)];
        struct mm_struct *mm = tsk->mm;
        char *tty;
@@ -1894,9 +1884,8 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
                         from_kgid(&init_user_ns, cred->fsgid),
                         tty, audit_get_sessionid(tsk));
-        get_task_comm(name, tsk);
        audit_log_format(ab, " comm=");
-        audit_log_untrustedstring(ab, name);
+        audit_log_untrustedstring(ab, get_task_comm(comm, tsk));
        if (mm) {
                down_read(&mm->mmap_sem);
@@ -1959,6 +1948,7 @@ void audit_log_end(struct audit_buffer *ab)
        } else {
                struct nlmsghdr *nlh = nlmsg_hdr(ab->skb);
+                nlh->nlmsg_len = ab->skb->len;
                kauditd_send_multicast_skb(ab->skb);
                /*
@@ -1970,7 +1960,7 @@ void audit_log_end(struct audit_buffer *ab)
                 * protocol between the kaudit kernel subsystem and the auditd
                 * userspace code.
                 */
-                nlh->nlmsg_len = ab->skb->len - NLMSG_HDRLEN;
+                nlh->nlmsg_len -= NLMSG_HDRLEN;
                if (audit_pid) {
                        skb_queue_tail(&audit_skb_queue, ab->skb);
diff --git a/kernel/audit.h b/kernel/audit.h
index 7bb65730c890..3cdffad5a1d9 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -222,7 +222,6 @@ extern void audit_copy_inode(struct audit_names *name,
                             const struct inode *inode);
 extern void audit_log_cap(struct audit_buffer *ab, char *prefix,
                          kernel_cap_t *cap);
-extern void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name);
 extern void audit_log_name(struct audit_context *context,
                           struct audit_names *n, struct path *path,
                           int record_num, int *call_panic);
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index 135944a7b28a..e242e3a9864a 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -449,7 +449,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
        return 0;
 }
-static void audit_log_remove_rule(struct audit_krule *rule)
+static void audit_tree_log_remove_rule(struct audit_krule *rule)
 {
        struct audit_buffer *ab;
@@ -457,7 +457,7 @@ static void audit_log_remove_rule(struct audit_krule *rule)
        if (unlikely(!ab))
                return;
        audit_log_format(ab, "op=");
-        audit_log_string(ab, "remove rule");
+        audit_log_string(ab, "remove_rule");
        audit_log_format(ab, " dir=");
        audit_log_untrustedstring(ab, rule->tree->pathname);
        audit_log_key(ab, rule->filterkey);
@@ -476,7 +476,7 @@ static void kill_rules(struct audit_tree *tree)
                list_del_init(&rule->rlist);
                if (rule->tree) {
                        /* not a half-baked one */
-                        audit_log_remove_rule(rule);
+                        audit_tree_log_remove_rule(rule);
                        rule->tree = NULL;
                        list_del_rcu(&entry->list);
                        list_del(&entry->rule.list);
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 70b4554d2fbe..ad9c1682f616 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -314,7 +314,7 @@ static void audit_update_watch(struct audit_parent *parent,
                                             &nentry->rule.list);
                        }
-                        audit_watch_log_rule_change(r, owatch, "updated rules");
+                        audit_watch_log_rule_change(r, owatch, "updated_rules");
                        call_rcu(&oentry->rcu, audit_free_rule_rcu);
                }
@@ -342,7 +342,7 @@ static void audit_remove_parent_watches(struct audit_parent *parent)
        list_for_each_entry_safe(w, nextw, &parent->watches, wlist) {
                list_for_each_entry_safe(r, nextr, &w->rules, rlist) {
                        e = container_of(r, struct audit_entry, rule);
-                        audit_watch_log_rule_change(r, w, "remove rule");
+                        audit_watch_log_rule_change(r, w, "remove_rule");
                        list_del(&r->rlist);
                        list_del(&r->list);
                        list_del_rcu(&e->list);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index c447cd9848d1..3598e13f2a65 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -71,6 +71,24 @@ static struct list_head audit_rules_list[AUDIT_NR_FILTERS] = {
 DEFINE_MUTEX(audit_filter_mutex);
+static void audit_free_lsm_field(struct audit_field *f)
+{
+        switch (f->type) {
+        case AUDIT_SUBJ_USER:
+        case AUDIT_SUBJ_ROLE:
+        case AUDIT_SUBJ_TYPE:
+        case AUDIT_SUBJ_SEN:
+        case AUDIT_SUBJ_CLR:
+        case AUDIT_OBJ_USER:
+        case AUDIT_OBJ_ROLE:
+        case AUDIT_OBJ_TYPE:
+        case AUDIT_OBJ_LEV_LOW:
+        case AUDIT_OBJ_LEV_HIGH:
+                kfree(f->lsm_str);
+                security_audit_rule_free(f->lsm_rule);
+        }
+}
 static inline void audit_free_rule(struct audit_entry *e)
 {
        int i;
@@ -80,11 +98,8 @@ static inline void audit_free_rule(struct audit_entry *e)
        if (erule->watch)
                audit_put_watch(erule->watch);
        if (erule->fields)
-                for (i = 0; i < erule->field_count; i++) {
+                for (i = 0; i < erule->field_count; i++)
-                        struct audit_field *f = &erule->fields[i];
+                        audit_free_lsm_field(&erule->fields[i]);
-                        kfree(f->lsm_str);
-                        security_audit_rule_free(f->lsm_rule);
-                }
        kfree(erule->fields);
        kfree(erule->filterkey);
        kfree(e);
@@ -148,7 +163,7 @@ static inline int audit_to_inode(struct audit_krule *krule,
                                 struct audit_field *f)
 {
        if (krule->listnr != AUDIT_FILTER_EXIT ||
-            krule->watch || krule->inode_f || krule->tree ||
+            krule->inode_f || krule->watch || krule->tree ||
            (f->op != Audit_equal && f->op != Audit_not_equal))
                return -EINVAL;
@@ -422,10 +437,6 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
                f->type = data->fields[i];
                f->val = data->values[i];
-                f->uid = INVALID_UID;
-                f->gid = INVALID_GID;
-                f->lsm_str = NULL;
-                f->lsm_rule = NULL;
                /* Support legacy tests for a valid loginuid */
                if ((f->type == AUDIT_LOGINUID) && (f->val == AUDIT_UID_UNSET)) {
@@ -1053,30 +1064,27 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data,
        int err = 0;
        struct audit_entry *entry;
+        entry = audit_data_to_entry(data, datasz);
+        if (IS_ERR(entry))
+                return PTR_ERR(entry);
        switch (type) {
        case AUDIT_ADD_RULE:
-                entry = audit_data_to_entry(data, datasz);
-                if (IS_ERR(entry))
-                        return PTR_ERR(entry);
                err = audit_add_rule(entry);
-                audit_log_rule_change("add rule", &entry->rule, !err);
+                audit_log_rule_change("add_rule", &entry->rule, !err);
-                if (err)
-                        audit_free_rule(entry);
                break;
        case AUDIT_DEL_RULE:
-                entry = audit_data_to_entry(data, datasz);
-                if (IS_ERR(entry))
-                        return PTR_ERR(entry);
                err = audit_del_rule(entry);
-                audit_log_rule_change("remove rule", &entry->rule, !err);
+                audit_log_rule_change("remove_rule", &entry->rule, !err);
-                audit_free_rule(entry);
                break;
        default:
-                return -EINVAL;
+                err = -EINVAL;
+                WARN_ON(1);
        }
+        if (err || type == AUDIT_DEL_RULE)
+                audit_free_rule(entry);
        return err;
 }
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 7208c1df248d..e420a0c41b5f 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -67,6 +67,7 @@
 #include <linux/binfmts.h>
 #include <linux/highmem.h>
 #include <linux/syscalls.h>
+#include <asm/syscall.h>
 #include <linux/capability.h>
 #include <linux/fs_struct.h>
 #include <linux/compat.h>
@@ -125,14 +126,6 @@ struct audit_tree_refs {
        struct audit_chunk *c[31];
 };
-static inline int open_arg(int flags, int mask)
-{
-        int n = ACC_MODE(flags);
-        if (flags & (O_TRUNC | O_CREAT))
-                n |= AUDIT_PERM_WRITE;
-        return n & mask;
-}
 static int audit_match_perm(struct audit_context *ctx, int mask)
 {
        unsigned n;
@@ -1505,7 +1498,6 @@ void __audit_free(struct task_struct *tsk)
 /**
 * audit_syscall_entry - fill in an audit record at syscall entry
- * @arch: architecture type
 * @major: major syscall type (function)
 * @a1: additional syscall register 1
 * @a2: additional syscall register 2
@@ -1520,9 +1512,8 @@ void __audit_free(struct task_struct *tsk)
 * will only be written if another part of the kernel requests that it
 * be written).
 */
-void __audit_syscall_entry(int arch, int major,
+void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2,
-                         unsigned long a1, unsigned long a2,
+                           unsigned long a3, unsigned long a4)
-                         unsigned long a3, unsigned long a4)
 {
        struct task_struct *tsk = current;
        struct audit_context *context = tsk->audit_context;
@@ -1536,7 +1527,7 @@ void __audit_syscall_entry(int arch, int major,
        if (!audit_enabled)
                return;
-        context->arch       = arch;
+        context->arch       = syscall_get_arch();
        context->major      = major;
        context->argv[0]    = a1;
        context->argv[1]    = a2;
@@ -2433,6 +2424,7 @@ static void audit_log_task(struct audit_buffer *ab)
        kgid_t gid;
        unsigned int sessionid;
        struct mm_struct *mm = current->mm;
+        char comm[sizeof(current->comm)];
        auid = audit_get_loginuid(current);
        sessionid = audit_get_sessionid(current);
@@ -2445,7 +2437,7 @@ static void audit_log_task(struct audit_buffer *ab)
                         sessionid);
        audit_log_task_context(ab);
        audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));
-        audit_log_untrustedstring(ab, current->comm);
+        audit_log_untrustedstring(ab, get_task_comm(comm, current));
        if (mm) {
                down_read(&mm->mmap_sem);
                if (mm->exe_file)
@@ -2488,11 +2480,9 @@ void __audit_seccomp(unsigned long syscall, long signr, int code)
        if (unlikely(!ab))
                return;
        audit_log_task(ab);
-        audit_log_format(ab, " sig=%ld", signr);
+        audit_log_format(ab, " sig=%ld arch=%x syscall=%ld compat=%d ip=0x%lx code=0x%x",
-        audit_log_format(ab, " syscall=%ld", syscall);
+                         signr, syscall_get_arch(), syscall, is_compat_task(),
-        audit_log_format(ab, " compat=%d", is_compat_task());
+                         KSTK_EIP(current), code);
-        audit_log_format(ab, " ip=0x%lx", KSTK_EIP(current));
-        audit_log_format(ab, " code=0x%x", code);
        audit_log_end(ab);
 }