From owner-svn-src-all@FreeBSD.ORG  Mon Mar 16 17:15:02 2009
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A67F61065673;
	Mon, 16 Mar 2009 17:15:02 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 92A318FC12;
	Mon, 16 Mar 2009 17:15:02 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n2GHF24g067024;
	Mon, 16 Mar 2009 17:15:02 GMT (envelope-from rwatson@svn.freebsd.org)
Received: (from rwatson@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n2GHF2ek067023;
	Mon, 16 Mar 2009 17:15:02 GMT (envelope-from rwatson@svn.freebsd.org)
Message-Id: <200903161715.n2GHF2ek067023@svn.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Mon, 16 Mar 2009 17:15:02 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
X-SVN-Group: stable-7
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r189889 - in stable/7/sys: . contrib/pf dev/ath/ath_hal
	dev/cxgb security/audit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2009 17:15:03 -0000

Author: rwatson
Date: Mon Mar 16 17:15:02 2009
New Revision: 189889
URL: http://svn.freebsd.org/changeset/base/189889

Log:
  Merge r186822 from head to stable/7:
  
    In AUDIT_SYSCALL_EXIT(), invoke audit_syscall_exit() only if an audit
    record is active on the current thread--historically we may always
    have wanted to enter the audit code if auditing was enabled, but now
    we just commit the audit record so don't need to enter if there isn't
    one.
  
    Obtained from:	TrustedBSD Project
    Sponsored by:		Apple, Inc.

Modified:
  stable/7/sys/   (props changed)
  stable/7/sys/contrib/pf/   (props changed)
  stable/7/sys/dev/ath/ath_hal/   (props changed)
  stable/7/sys/dev/cxgb/   (props changed)
  stable/7/sys/security/audit/audit.h

Modified: stable/7/sys/security/audit/audit.h
==============================================================================
--- stable/7/sys/security/audit/audit.h	Mon Mar 16 17:08:10 2009	(r189888)
+++ stable/7/sys/security/audit/audit.h	Mon Mar 16 17:15:02 2009	(r189889)
@@ -198,11 +198,11 @@ void	 audit_thread_free(struct thread *t
 
 /*
  * Wrap the audit_syscall_exit() function so that it is called only when
- * auditing is enabled, or we have a audit record on the thread.  It is
- * possible that an audit record was begun before auditing was turned off.
+ * we have a audit record on the thread.  Audit records can persist after
+ * auditing is disabled, so we don't just check audit_enabled here.
  */
 #define	AUDIT_SYSCALL_EXIT(error, td)	do {				\
-	if (audit_enabled || (td->td_ar != NULL))			\
+	if (td->td_ar != NULL)						\
 		audit_syscall_exit(error, td);				\
 } while (0)