[PATCH v2] entry: Use syscall work for auditing in

[Khalid Ali]

Use SYSCALL_WORK_SYSCALL_AUDIT to check if audit needs to be done
instead of audit context for consistency to other syscall work bit
checks.

While audit_syscall_entry() also checks the audit context, this patch 
replaces the upper audit context check (i.e in syscall_enter_audit())
from using audit context to syscall work.

This makes consistent with other syscall works. It also determines the
auditing should be done earlier before syscall_enter_audit() called.

As privious versions of this patch discussed, using syscall work is
cheaper and more cleaner than checking audit context in terms of
readability.

Signed-off-by: Khalid Ali <khaliidcaliy@xxxxxxxxx>
---
 kernel/entry/common.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/kernel/entry/common.c b/kernel/entry/common.c
index f49e3440204d..3e9f2d40230f 100644
--- a/kernel/entry/common.c
+++ b/kernel/entry/common.c
@@ -17,12 +17,10 @@
 
 static inline void syscall_enter_audit(struct pt_regs *regs, long syscall)
 {
-	if (unlikely(audit_context())) {
-		unsigned long args[6];
+	unsigned long args[6];
 
-		syscall_get_arguments(current, regs, args);
-		audit_syscall_entry(syscall, args[0], args[1], args[2], args[3]);
-	}
+	syscall_get_arguments(current, regs, args);
+	audit_syscall_entry(syscall, args[0], args[1], args[2], args[3]);
 }
 
 long syscall_trace_enter(struct pt_regs *regs, long syscall,
@@ -65,8 +63,9 @@ long syscall_trace_enter(struct pt_regs *regs, long syscall,
 		 */
 		syscall = syscall_get_nr(current, regs);
 	}
-
-	syscall_enter_audit(regs, syscall);
+	
+	if (unlikely(work & SYSCALL_WORK_SYSCALL_AUDIT))
+		syscall_enter_audit(regs, syscall);
 
 	return ret ? : syscall;
 }
-- 
2.49.0