best way to audit in vfs

Hello, I've been kind of thinking about this. Presumably, we want to audit both failed and successful attempts in whatever vfs function we happen to be in. For instance, if we fall out of vfs_mkdir because may_create returned an error, we'd like to receive an audit message that said something like, "filename=myfile syscall= mkdir() error=<errno>.....", but, would I want to do this by hooking each conditional statement? Is there a better approach? The only other one I can think of would be to have one exit point in the functions and audit right before we exit... i.e.: int vfs_create(struct inode *dir, struct dentry *dentry, int mode, struct nameidata *nd) { int error = may_create(dir, dentry, nd); if (error) goto vfs_create_exit; if (!dir->i_op || !dir->i_op->create) { error = -EACCES; goto vfs_create_exit; } mode &= S_IALLUGO; mode |= S_IFREG; error = security_inode_create(dir, dentry, mode); if (error) goto vfs_create_exit; DQUOT_INIT(dir); error = dir->i_op->create(dir, dentry, mode, nd); if (!error) { inode_dir_notify(dir, DN_CREATE); security_inode_post_create(dir, dentry, mode); } vfs_create_exit: audit_inode_create(dir, dentry, error, mode); return error; } -- - Timothy R. Chavez