Merge tag 'v3.13' into next

Linux 3.13

Minor fixup needed in selinux_inet_conn_request()

Conflicts:
	security/selinux/hooks.c

3 files changed, 30 insertions, 9 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6ace9b3abf0d..4b34847208cc 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -233,6 +233,14 @@ static int inode_alloc_security(struct inode *inode)
         return 0;
 }
 
+static void inode_free_rcu(struct rcu_head *head)
+{
+        struct inode_security_struct *isec;
+
+        isec = container_of(head, struct inode_security_struct, rcu);
+        kmem_cache_free(sel_inode_cache, isec);
+}
+
 static void inode_free_security(struct inode *inode)
 {
         struct inode_security_struct *isec = inode->i_security;
@@ -243,8 +251,16 @@ static void inode_free_security(struct inode *inode)
                 list_del_init(&isec->list);
         spin_unlock(&sbsec->isec_lock);
 
-        inode->i_security = NULL;
-        kmem_cache_free(sel_inode_cache, isec);
+        /*
+         * The inode may still be referenced in a path walk and
+         * a call to selinux_inode_permission() can be made
+         * after inode_free_security() is called. Ideally, the VFS
+         * wouldn't do this, but fixing that is a much harder
+         * job. For now, simply free the i_security via RCU, and
+         * leave the current inode->i_security pointer intact.
+         * The inode will be freed after the RCU grace period too.
+         */
+        call_rcu(&isec->rcu, inode_free_rcu);
 }
 
 static int file_alloc_security(struct file *file)
@@ -3989,7 +4005,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
                 if (snum) {
                         int low, high;
 
-                        inet_get_local_port_range(&low, &high);
+                        inet_get_local_port_range(sock_net(sk), &low, &high);
 
                         if (snum < max(PROT_SOCK, low) || snum > high) {
                                 err = sel_netport_sid(sk->sk_protocol,
@@ -4721,7 +4737,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb, int ifindex,
         return NF_ACCEPT;
 }
 
-static unsigned int selinux_ipv4_forward(unsigned int hooknum,
+static unsigned int selinux_ipv4_forward(const struct nf_hook_ops *ops,
                                          struct sk_buff *skb,
                                          const struct net_device *in,
                                          const struct net_device *out,
@@ -4731,7 +4747,7 @@ static unsigned int selinux_ipv4_forward(unsigned int hooknum,
 }
 
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-static unsigned int selinux_ipv6_forward(unsigned int hooknum,
+static unsigned int selinux_ipv6_forward(const struct nf_hook_ops *ops,
                                          struct sk_buff *skb,
                                          const struct net_device *in,
                                          const struct net_device *out,
@@ -4783,7 +4799,7 @@ static unsigned int selinux_ip_output(struct sk_buff *skb,
         return NF_ACCEPT;
 }
 
-static unsigned int selinux_ipv4_output(unsigned int hooknum,
+static unsigned int selinux_ipv4_output(const struct nf_hook_ops *ops,
                                         struct sk_buff *skb,
                                         const struct net_device *in,
                                         const struct net_device *out,
@@ -4957,7 +4973,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
         return NF_ACCEPT;
 }
 
-static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
+static unsigned int selinux_ipv4_postroute(const struct nf_hook_ops *ops,
                                            struct sk_buff *skb,
                                            const struct net_device *in,
                                            const struct net_device *out,
@@ -4967,7 +4983,7 @@ static unsigned int selinux_ipv4_postroute(unsigned int hooknum,
 }
 
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-static unsigned int selinux_ipv6_postroute(unsigned int hooknum,
+static unsigned int selinux_ipv6_postroute(const struct nf_hook_ops *ops,
                                            struct sk_buff *skb,
                                            const struct net_device *in,
                                            const struct net_device *out,
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index b1dfe1049450..078e553f52f2 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -38,7 +38,10 @@ struct task_security_struct {
 
 struct inode_security_struct {
         struct inode *inode;    /* back pointer to inode object */
-        struct list_head list;  /* list of inode_security_struct */
+        union {
+                struct list_head list;  /* list of inode_security_struct */
+                struct rcu_head rcu;    /* for freeing the inode_security_struct */
+        };
         u32 task_sid;           /* SID of creating task */
         u32 sid;                /* SID of this object */
         u16 sclass;             /* security class of this object */
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 855e464e92ef..332ac8a80cf5 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -116,6 +116,8 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
         { AUDIT_MAKE_EQUIV,     NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
         { AUDIT_TTY_GET,        NETLINK_AUDIT_SOCKET__NLMSG_READ     },
         { AUDIT_TTY_SET,        NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT   },
+        { AUDIT_GET_FEATURE,    NETLINK_AUDIT_SOCKET__NLMSG_READ     },
+        { AUDIT_SET_FEATURE,    NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
 };