Received: by 10.192.165.156 with SMTP id m28csp690831imm;
        Wed, 11 Apr 2018 05:56:08 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4/AD1KgU0DHscTIKQDBHzWOSczwwVtha51rxJdO7dyks2kTWLLIH5uKTPovWLJvAfVXBAAn
X-Received: by 10.167.134.70 with SMTP id a6mr3943495pfo.203.1523451368360;
        Wed, 11 Apr 2018 05:56:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523451368; cv=none;
        d=google.com; s=arc-20160816;
        b=diX1ssVWMYFnO2+EoII5/qKXR+OM+9D63t0jG6i+FA0DbbR15jOqRYYt7+oQDa0rVC
         V0xX4fiuSrf7DXfUHkoCVF4hYawDqC+xP/T7uADItSQ/yb44p2ijJAfyZYpWhi/x1ewB
         Goep55wDFtaRUG9M4idIbY26ymWCk5HuwVuR1RT+dGrIE0E4Dpy6T1sCgZWV4Q/HYv8t
         TboFGZDT9ecarzazrmSracib+pOV0jQnCHEo5aqBAaNkAyTEOFXsTe36qZd/QnKJZLzS
         454XyOxP05bHwabiD84fP8ebtOddwXO9Wv74FBpTtFzHSrqXwGP9wY7G+8noBO+gQj9K
         ++6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=ZbNy/ZIDrZ299vQ4k7W/a9VxFBWAL4SNTOgpyKlkwBs=;
        b=gYSat9p8oaEZLbjjB3pSAYXIcxLo2FbVvNZiUzAB98HuKINw4w+XCWo2q1Xf3X+k6X
         KucTUoR2EwneGtYoDLzi8UREZBaJqmH/VzrrxTtEUR3r2uQnHAqfcjcGvCuW//PYH2VA
         DSCEaieqwvTDPSKMLANUpv5MpcKFRSp7i+2ynkYM2ogzQltpqM0fT1yhhPKdzRl9zOn1
         PxWAKds1k+hAzM0X1EFwyFtPWNG7RMVbQEKq95Cs4Rc9C3/BKtvn/EhzzbxwNEU+2Gew
         HroslYECT3OGEscHtAzr4aDzlLzJCOlXEB0k+IRzT8J6f+RAN114bS+gbSHKybsiXH18
         xTVg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k15si741104pgp.278.2018.04.11.05.55.31;
        Wed, 11 Apr 2018 05:56:08 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753138AbeDKMwz (ORCPT <rfc822;zxj546700287@gmail.com>
        + 99 others); Wed, 11 Apr 2018 08:52:55 -0400
Received: from mx3-rdu2.redhat.com ([66.187.233.73]:38008 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1752904AbeDKMwy (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 11 Apr 2018 08:52:54 -0400
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 9D15B82FC481;
        Wed, 11 Apr 2018 12:52:53 +0000 (UTC)
Received: from madcap2.tricolour.ca (ovpn-112-12.rdu2.redhat.com [10.10.112.12])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 373A321B2F59;
        Wed, 11 Apr 2018 12:52:52 +0000 (UTC)
From:   Richard Guy Briggs <rgb@redhat.com>
To:     Linux-Audit Mailing List <linux-audit@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>
Cc:     Eric Paris <eparis@redhat.com>, Paul Moore <paul@paul-moore.com>,
        Steve Grubb <sgrubb@redhat.com>,
        Richard Guy Briggs <rgb@redhat.com>
Subject: [PATCH ghak80 V1] audit: add syscall information to FEATURE_CHANGE records
Date:   Wed, 11 Apr 2018 08:46:52 -0400
Message-Id: <08bd08ee9bc70f6e98b9e298ba6a2c0f4dcadb4b.1523372093.git.rgb@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Wed, 11 Apr 2018 12:52:53 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Wed, 11 Apr 2018 12:52:53 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'rgb@redhat.com' RCPT:''
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Tie syscall information to FEATURE_CHANGE calls since it is a result of
user action.

See: https://github.com/linux-audit/audit-kernel/issues/80

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
---
 kernel/audit.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/kernel/audit.c b/kernel/audit.c
index 8da24ef..23f125b 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1103,10 +1103,9 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature
 {
 	struct audit_buffer *ab;
 
-	if (audit_enabled == AUDIT_OFF)
+	if (!audit_enabled)
 		return;
-
-	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_FEATURE_CHANGE);
+	ab = audit_log_start(current->audit_context, GFP_KERNEL, AUDIT_FEATURE_CHANGE);
 	if (!ab)
 		return;
 	audit_log_task_info(ab, current);
-- 
1.8.3.1