On Tue, Sep 27, 2022 at 6:59 PM Ankur Arora <ankur.a.ar...@oracle.com> wrote: > > ctx->major contains the current syscall number. This is, of course, a > constant for the duration of the syscall. Unfortunately, GCC's alias > analysis cannot prove that it is not modified via a pointer in the > audit_filter_syscall() loop, and so always loads it from memory. > > ... > > Signed-off-by: Ankur Arora <ankur.a.ar...@oracle.com> > --- > kernel/auditsc.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-)
This looks pretty trivial to me, but it's too late in the current -rc cycle for this to be merged, I'll queue it up for after the upcoming merge window closes. Thanks. > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 79a5da1bc5bb..533b087c3c02 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -843,13 +843,14 @@ static void audit_filter_syscall(struct task_struct > *tsk, > { > struct audit_entry *e; > enum audit_state state; > + unsigned long major = ctx->major; > > if (auditd_test_task(tsk)) > return; > > rcu_read_lock(); > list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_EXIT], > list) { > - if (audit_in_mask(&e->rule, ctx->major) && > + if (audit_in_mask(&e->rule, major) && > audit_filter_rules(tsk, &e->rule, ctx, NULL, > &state, false)) { > rcu_read_unlock(); > -- > 2.31.1 -- paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit