Merge branch 'stable-4.8' of git://git.infradead.org/users/pcmoore/audit

Pull audit updates from Paul Moore:
 "Six audit patches for 4.8.

  There are a couple of style and minor whitespace tweaks for the logs,
  as well as a minor fixup to catch errors on user filter rules, however
  the major improvements are a fix to the s390 syscall argument masking
  code (reviewed by the nice s390 folks), some consolidation around the
  exclude filtering (less code, always a win), and a double-fetch fix
  for recording the execve arguments"

* 'stable-4.8' of git://git.infradead.org/users/pcmoore/audit:
  audit: fix a double fetch in audit_log_single_execve_arg()
  audit: fix whitespace in CWD record
  audit: add fields to exclude filter by reusing user filter
  s390: ensure that syscall arguments are properly masked on s390
  audit: fix some horrible switch statement style crimes
  audit: fixup: log on errors from filter user rules

diff --cc arch/s390/kernel/ptrace.c
index cea17010448feaff4b4443e1a2fa7a6584e66ea5,defc0dca4510c7c7e4b9d8f7bc73786cdeb1788e..9336e824e2db5e119810b438c8c0e272487937b4
--- 1/arch/s390/kernel/ptrace.c
--- 2/arch/s390/kernel/ptrace.c
+++ b/arch/s390/kernel/ptrace.c
@@@ -821,6 -821,16 +821,8 @@@ long compat_arch_ptrace(struct task_str
  
  asmlinkage long do_syscall_trace_enter(struct pt_regs *regs)
  {
 -      long ret = 0;
+       unsigned long mask = -1UL;
+ 
 -      /* Do the secure computing check first. */
 -      if (secure_computing()) {
 -              /* seccomp failures shouldn't expose any additional code. */
 -              ret = -1;
 -              goto out;
 -      }
 -
        /*
         * The sysc_tracesys code in entry.S stored the system
         * call number to gprs[2].
@@@ -846,11 -850,14 +848,14 @@@
        if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
                trace_sys_enter(regs, regs->gprs[2]);
  
-       audit_syscall_entry(regs->gprs[2], regs->orig_gpr2,
-                           regs->gprs[3], regs->gprs[4],
-                           regs->gprs[5]);
+       if (is_compat_task())
+               mask = 0xffffffff;
+ 
+       audit_syscall_entry(regs->gprs[2], regs->orig_gpr2 & mask,
 -                          regs->gprs[3] & mask, regs->gprs[4] & mask,
 -                          regs->gprs[5] & mask);
 -out:
 -      return ret ?: regs->gprs[2];
++                          regs->gprs[3] &mask, regs->gprs[4] &mask,
++                          regs->gprs[5] &mask);
 +
 +      return regs->gprs[2];
  }
  
  asmlinkage void do_syscall_trace_exit(struct pt_regs *regs)

diff --cc kernel/audit.c
Simple merge

diff --cc kernel/audit.h
Simple merge

diff --cc kernel/auditsc.c
Simple merge