This is a note to let you know that I've just added the patch titled audit: explicitly check audit_context->context enum value to the 6.0-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: audit-explicitly-check-audit_context-context-enum-va.patch and it can be found in the queue-6.0 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit ad0960563cae29102cb1b89ea882207a950a4113 Author: Richard Guy Briggs <rgb@xxxxxxxxxx> Date: Thu Aug 25 15:32:38 2022 -0400 audit: explicitly check audit_context->context enum value [ Upstream commit 3ed66951f952ed8f1a5d03e171722bf2631e8d58 ] Be explicit in checking the struct audit_context "context" member enum value rather than assuming the order of context enum values. Fixes: 12c5e81d3fd0 ("audit: prepare audit_context for use in calling contexts beyond syscalls") Signed-off-by: Richard Guy Briggs <rgb@xxxxxxxxxx> Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 79a5da1bc5bb..0ee09447ad04 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2069,7 +2069,7 @@ void __audit_syscall_exit(int success, long return_code) /* run through both filters to ensure we set the filterkey properly */ audit_filter_syscall(current, context); audit_filter_inodes(current, context); - if (context->current_state < AUDIT_STATE_RECORD) + if (context->current_state != AUDIT_STATE_RECORD) goto out; audit_log_exit();