Re: [PATCH V2] audit: log 32-bit socketcalls

On 2017-01-16 15:04, Paul Moore wrote: > On Fri, Jan 13, 2017 at 9:42 AM, Eric Paris <eparis(a)redhat.com&gt; wrote: > > On Fri, 2017-01-13 at 04:51 -0500, Richard Guy Briggs wrote: > >> diff --git a/include/linux/audit.h b/include/linux/audit.h > >> index 9d4443f..43d8003 100644 > >> --- a/include/linux/audit.h > >> +++ b/include/linux/audit.h > >> @@ -387,6 +387,18 @@ static inline int audit_socketcall(int nargs, > >> unsigned long *args) > >> return __audit_socketcall(nargs, args); > >> return 0; > >> } > >> +static inline int audit_socketcall_compat(int nargs, u32 *args) > >> +{ > >> + if (unlikely(!audit_dummy_context())) { > > > > I've always hated these likely/unlikely. Mostly because I think they > > are so often wrong. I believe this says that you compiled audit in but > > you expect it to be explicitly disabled. While that is (recently) true > > in Fedora I highly doubt that's true on the vast majority of systems > > that have audit compiled in. > > Richard and I have talked about the likely/unlikely optimization > before and I know Richard likes to use them, but I don't for the > reasons Eric has already mentioned. Richard, since you're respinning > the patch, go ahead and yank out the unlikely() call. I don't "like to use them". I'm simply following the use and style of existing code and the arguments of others in places of critical performance.

If I "fix" that one, then I would feel compelled to yank out the one in the function immediately above, audit_socketcall() for consistency to ease my conscience. Eric conceded that argument.