[PATCH] audit: clear thread flag for new children

[Tony Jones]

From: Tony Jones <tonyj at suse.de>

Minor performance enhancement.

Thread flag TIF_SYSCALL_AUDIT is not cleared for new children when audit 
context creation has been disabled (auditctl -e0). This can cause new children 
forked from a parent created when audit was enabled to not take the fastest 
syscall path thru entry.S

Signed-off-by: Tony Jones <tonyj at suse.de>
---
 kernel/auditsc.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -814,8 +814,10 @@ int audit_alloc(struct task_struct *tsk)
 	struct audit_context *context;
 	enum audit_state     state;
 
-	if (likely(!audit_enabled))
+	if (likely(!audit_enabled)) {
+		clear_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
 		return 0; /* Return if not auditing. */
+	}
 
 	state = audit_filter_task(tsk);
 	if (likely(state == AUDIT_DISABLED))