aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/domain.c2
-rw-r--r--security/apparmor/lib.c1
-rw-r--r--security/capability.c2
-rw-r--r--security/device_cgroup.c10
-rw-r--r--security/integrity/ima/ima_main.c2
-rw-r--r--security/keys/keyring.c1
-rw-r--r--security/security.c9
-rw-r--r--security/selinux/avc.c2
-rw-r--r--security/selinux/hooks.c9
-rw-r--r--security/selinux/netnode.c20
-rw-r--r--security/selinux/netport.c20
-rw-r--r--security/selinux/selinuxfs.c1
-rw-r--r--security/selinux/xfrm.c2
-rw-r--r--security/smack/smack_lsm.c5
14 files changed, 21 insertions, 65 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 78adc4303ef..c1e18ba5bdc 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -67,7 +67,7 @@ static int may_change_ptraced_domain(struct task_struct *task,
int error = 0;
rcu_read_lock();
- tracer = tracehook_tracer_task(task);
+ tracer = ptrace_parent(task);
if (tracer) {
/* released below */
cred = get_task_cred(tracer);
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 506d2baf614..b82e383beb7 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -12,6 +12,7 @@
* License.
*/
+#include <linux/mm.h>
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/vmalloc.h>
diff --git a/security/capability.c b/security/capability.c
index bbb51156261..2984ea4f776 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -181,7 +181,7 @@ static int cap_inode_follow_link(struct dentry *dentry,
return 0;
}
-static int cap_inode_permission(struct inode *inode, int mask, unsigned flags)
+static int cap_inode_permission(struct inode *inode, int mask)
{
return 0;
}
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 1be68269e1c..4450fbeec41 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -125,14 +125,6 @@ static int dev_whitelist_add(struct dev_cgroup *dev_cgroup,
return 0;
}
-static void whitelist_item_free(struct rcu_head *rcu)
-{
- struct dev_whitelist_item *item;
-
- item = container_of(rcu, struct dev_whitelist_item, rcu);
- kfree(item);
-}
-
/*
* called under devcgroup_mutex
*/
@@ -155,7 +147,7 @@ remove:
walk->access &= ~wh->access;
if (!walk->access) {
list_del_rcu(&walk->list);
- call_rcu(&walk->rcu, whitelist_item_free);
+ kfree_rcu(walk, rcu);
}
}
}
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 39d66dc2b8e..26b46ff7466 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -86,7 +86,7 @@ static void ima_check_last_writer(struct ima_iint_cache *iint,
struct inode *inode,
struct file *file)
{
- mode_t mode = file->f_mode;
+ fmode_t mode = file->f_mode;
mutex_lock(&iint->mutex);
if (mode & FMODE_WRITE &&
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index a06ffab3856..30e242f7bd0 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -155,7 +155,6 @@ static void keyring_destroy(struct key *keyring)
}
klist = rcu_dereference_check(keyring->payload.subscriptions,
- rcu_read_lock_held() ||
atomic_read(&keyring->usage) == 0);
if (klist) {
for (loop = klist->nkeys - 1; loop >= 0; loop--)
diff --git a/security/security.c b/security/security.c
index 4ba6d4cc061..0e4fccfef12 100644
--- a/security/security.c
+++ b/security/security.c
@@ -518,14 +518,7 @@ int security_inode_permission(struct inode *inode, int mask)
{
if (unlikely(IS_PRIVATE(inode)))
return 0;
- return security_ops->inode_permission(inode, mask, 0);
-}
-
-int security_inode_exec_permission(struct inode *inode, unsigned int flags)
-{
- if (unlikely(IS_PRIVATE(inode)))
- return 0;
- return security_ops->inode_permission(inode, MAY_EXEC, flags);
+ return security_ops->inode_permission(inode, mask);
}
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index d515b2128a4..dca1c22d927 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -527,7 +527,7 @@ int avc_audit(u32 ssid, u32 tsid,
* happened a little later.
*/
if ((a->type == LSM_AUDIT_DATA_INODE) &&
- (flags & IPERM_FLAG_RCU))
+ (flags & MAY_NOT_BLOCK))
return -ECHILD;
a->selinux_audit_data.tclass = tclass;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 20219ef5439..a38316b2e3f 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -57,7 +57,7 @@
#include <net/netlabel.h>
#include <linux/uaccess.h>
#include <asm/ioctls.h>
-#include <asm/atomic.h>
+#include <linux/atomic.h>
#include <linux/bitops.h>
#include <linux/interrupt.h>
#include <linux/netdevice.h> /* for network interface checks */
@@ -2053,7 +2053,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
u32 ptsid = 0;
rcu_read_lock();
- tracer = tracehook_tracer_task(current);
+ tracer = ptrace_parent(current);
if (likely(tracer != NULL)) {
sec = __task_cred(tracer)->security;
ptsid = sec->sid;
@@ -2659,12 +2659,13 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na
return dentry_has_perm(cred, dentry, FILE__READ);
}
-static int selinux_inode_permission(struct inode *inode, int mask, unsigned flags)
+static int selinux_inode_permission(struct inode *inode, int mask)
{
const struct cred *cred = current_cred();
struct common_audit_data ad;
u32 perms;
bool from_access;
+ unsigned flags = mask & MAY_NOT_BLOCK;
from_access = mask & MAY_ACCESS;
mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
@@ -5319,7 +5320,7 @@ static int selinux_setprocattr(struct task_struct *p,
Otherwise, leave SID unchanged and fail. */
ptsid = 0;
task_lock(p);
- tracer = tracehook_tracer_task(p);
+ tracer = ptrace_parent(p);
if (tracer)
ptsid = task_sid(tracer);
task_unlock(p);
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 3618251d0fd..8b691a86318 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -69,22 +69,6 @@ static DEFINE_SPINLOCK(sel_netnode_lock);
static struct sel_netnode_bkt sel_netnode_hash[SEL_NETNODE_HASH_SIZE];
/**
- * sel_netnode_free - Frees a node entry
- * @p: the entry's RCU field
- *
- * Description:
- * This function is designed to be used as a callback to the call_rcu()
- * function so that memory allocated to a hash table node entry can be
- * released safely.
- *
- */
-static void sel_netnode_free(struct rcu_head *p)
-{
- struct sel_netnode *node = container_of(p, struct sel_netnode, rcu);
- kfree(node);
-}
-
-/**
* sel_netnode_hashfn_ipv4 - IPv4 hashing function for the node table
* @addr: IPv4 address
*
@@ -193,7 +177,7 @@ static void sel_netnode_insert(struct sel_netnode *node)
rcu_dereference(sel_netnode_hash[idx].list.prev),
struct sel_netnode, list);
list_del_rcu(&tail->list);
- call_rcu(&tail->rcu, sel_netnode_free);
+ kfree_rcu(tail, rcu);
} else
sel_netnode_hash[idx].size++;
}
@@ -306,7 +290,7 @@ static void sel_netnode_flush(void)
list_for_each_entry_safe(node, node_tmp,
&sel_netnode_hash[idx].list, list) {
list_del_rcu(&node->list);
- call_rcu(&node->rcu, sel_netnode_free);
+ kfree_rcu(node, rcu);
}
sel_netnode_hash[idx].size = 0;
}
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index cfe2d72d3fb..ae76e298de7 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -68,22 +68,6 @@ static DEFINE_SPINLOCK(sel_netport_lock);
static struct sel_netport_bkt sel_netport_hash[SEL_NETPORT_HASH_SIZE];
/**
- * sel_netport_free - Frees a port entry
- * @p: the entry's RCU field
- *
- * Description:
- * This function is designed to be used as a callback to the call_rcu()
- * function so that memory allocated to a hash table port entry can be
- * released safely.
- *
- */
-static void sel_netport_free(struct rcu_head *p)
-{
- struct sel_netport *port = container_of(p, struct sel_netport, rcu);
- kfree(port);
-}
-
-/**
* sel_netport_hashfn - Hashing function for the port table
* @pnum: port number
*
@@ -142,7 +126,7 @@ static void sel_netport_insert(struct sel_netport *port)
rcu_dereference(sel_netport_hash[idx].list.prev),
struct sel_netport, list);
list_del_rcu(&tail->list);
- call_rcu(&tail->rcu, sel_netport_free);
+ kfree_rcu(tail, rcu);
} else
sel_netport_hash[idx].size++;
}
@@ -241,7 +225,7 @@ static void sel_netport_flush(void)
list_for_each_entry_safe(port, port_tmp,
&sel_netport_hash[idx].list, list) {
list_del_rcu(&port->list);
- call_rcu(&port->rcu, sel_netport_free);
+ kfree_rcu(port, rcu);
}
sel_netport_hash[idx].size = 0;
}
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 35459340019..de7900ef53d 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1984,6 +1984,7 @@ __initcall(init_sel_fs);
void exit_sel_fs(void)
{
kobject_put(selinuxfs_kobj);
+ kern_unmount(selinuxfs_mount);
unregister_filesystem(&sel_fs_type);
}
#endif
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 68178b76a2b..48665ecd119 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -46,7 +46,7 @@
#include <net/xfrm.h>
#include <net/checksum.h>
#include <net/udp.h>
-#include <asm/atomic.h>
+#include <linux/atomic.h>
#include "avc.h"
#include "objsec.h"
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 9831a39c11f..f375eb2e195 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -689,9 +689,10 @@ static int smack_inode_rename(struct inode *old_inode,
*
* Returns 0 if access is permitted, -EACCES otherwise
*/
-static int smack_inode_permission(struct inode *inode, int mask, unsigned flags)
+static int smack_inode_permission(struct inode *inode, int mask)
{
struct smk_audit_info ad;
+ int no_block = mask & MAY_NOT_BLOCK;
mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
/*
@@ -701,7 +702,7 @@ static int smack_inode_permission(struct inode *inode, int mask, unsigned flags)
return 0;
/* May be droppable after audit */
- if (flags & IPERM_FLAG_RCU)
+ if (no_block)
return -ECHILD;
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
smk_ad_setfield_u_fs_inode(&ad, inode);