On Mar 7, 2025 Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
>
> Replace the timestamp and serial number pair used in audit records
> with a structure containing the two elements.
>
> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> ---
> kernel/audit.c | 17 +++++++++--------
> kernel/audit.h | 13 +++++++++----
> kernel/auditsc.c | 22 +++++++++-------------
> 3 files changed, 27 insertions(+), 25 deletions(-)
...
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 9c853cde9abe..2ec3a0d85447 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -994,10 +994,10 @@ static void audit_reset_context(struct audit_context *ctx)
> */
>
> ctx->current_state = ctx->state;
> - ctx->serial = 0;
> + ctx->stamp.serial = 0;
> ctx->major = 0;
> ctx->uring_op = 0;
> - ctx->ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 };
> + ctx->stamp.ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 };
> memset(ctx->argv, 0, sizeof(ctx->argv));
> ctx->return_code = 0;
> ctx->prio = (ctx->state == AUDIT_STATE_RECORD ? ~0ULL : 0);
Since we are now combining the timestamp and serial number into a single
struct, let's move both clear/reset instructions together up to where
we currently reset ctx->serial.
--
paul-moore.com
