Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (71 commits) SELinux: inode_doinit_with_dentry drop no dentry printk SELinux: new permission between tty audit and audit socket SELinux: open perm for sock files smack: fixes for unlabeled host support keys: make procfiles per-user-namespace keys: skip keys from another user namespace keys: consider user namespace in key_permission keys: distinguish per-uid keys in different namespaces integrity: ima iint radix_tree_lookup locking fix TOMOYO: Do not call tomoyo_realpath_init unless registered. integrity: ima scatterlist bug fix smack: fix lots of kernel-doc notation TOMOYO: Don't create securityfs entries unless registered. TOMOYO: Fix exception policy read failure. SELinux: convert the avc cache hash list to an hlist SELinux: code readability with avc_cache SELinux: remove unused av.decided field SELinux: more careful use of avd in avc_has_perm_noaudit SELinux: remove the unused ae.used SELinux: check seqno when updating an avc_node ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2009-03-26 14:03:39 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2009-03-26 14:03:39 -0400
commit: 8d80ce80e1d58ba9cd3e3972b112cccd6b4008f4 (patch)
tree: 16d3cca8d260c731d02a4e5e1ea5b9817c9c3626 /fs/inode.c
parent: 1646df40bb111715a90ce0b86448dabbcc5b3f3d (diff)
parent: 703a3cd72817e99201cef84a8a7aecc60b2b3581 (diff)
1 files changed, 17 insertions, 7 deletions
diff --git a/fs/inode.c b/fs/inode.c
index 6ac0cef6c5f5..643ac43e5a5c 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -17,6 +17,7 @@
 #include <linux/hash.h>
 #include <linux/swap.h>
 #include <linux/security.h>
+#include <linux/ima.h>
 #include <linux/pagemap.h>
 #include <linux/cdev.h>
 #include <linux/bootmem.h>
@@ -147,13 +148,13 @@ struct inode *inode_init_always(struct super_block *sb, struct inode *inode)
        inode->i_cdev = NULL;
        inode->i_rdev = 0;
        inode->dirtied_when = 0;
-        if (security_inode_alloc(inode)) {
-                if (inode->i_sb->s_op->destroy_inode)
+        if (security_inode_alloc(inode))
-                        inode->i_sb->s_op->destroy_inode(inode);
+                goto out_free_inode;
-                else
-                        kmem_cache_free(inode_cachep, (inode));
+        /* allocate and initialize an i_integrity */
-                return NULL;
+        if (ima_inode_alloc(inode))
-        }
+                goto out_free_security;
        spin_lock_init(&inode->i_lock);
        lockdep_set_class(&inode->i_lock, &sb->s_type->i_lock_key);
@@ -189,6 +190,15 @@ struct inode *inode_init_always(struct super_block *sb, struct inode *inode)
        inode->i_mapping = mapping;
        return inode;
+out_free_security:
+        security_inode_free(inode);
+out_free_inode:
+        if (inode->i_sb->s_op->destroy_inode)
+                inode->i_sb->s_op->destroy_inode(inode);
+        else
+                kmem_cache_free(inode_cachep, (inode));
+        return NULL;
 }
 EXPORT_SYMBOL(inode_init_always);
author	Linus Torvalds <torvalds@linux-foundation.org>	2009-03-26 14:03:39 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2009-03-26 14:03:39 -0400
commit	8d80ce80e1d58ba9cd3e3972b112cccd6b4008f4 (patch)
tree	16d3cca8d260c731d02a4e5e1ea5b9817c9c3626 /fs/inode.c
parent	1646df40bb111715a90ce0b86448dabbcc5b3f3d (diff)
parent	703a3cd72817e99201cef84a8a7aecc60b2b3581 (diff)

diff --git a/fs/inode.c b/fs/inode.c index 6ac0cef6c5f5..643ac43e5a5c 100644 --- a/fs/inode.c +++ b/fs/inode.c
@@ -17,6 +17,7 @@
17	#include <linux/hash.h>	17	#include <linux/hash.h>
18	#include <linux/swap.h>	18	#include <linux/swap.h>
19	#include <linux/security.h>	19	#include <linux/security.h>
		20	#include <linux/ima.h>
20	#include <linux/pagemap.h>	21	#include <linux/pagemap.h>
21	#include <linux/cdev.h>	22	#include <linux/cdev.h>
22	#include <linux/bootmem.h>	23	#include <linux/bootmem.h>
@@ -147,13 +148,13 @@ struct inode inode_init_always(struct super_block sb, struct inode *inode)
147	inode->i_cdev = NULL;	148	inode->i_cdev = NULL;
148	inode->i_rdev = 0;	149	inode->i_rdev = 0;
149	inode->dirtied_when = 0;	150	inode->dirtied_when = 0;
150	if (security_inode_alloc(inode)) {	151
151	if (inode->i_sb->s_op->destroy_inode)	152	if (security_inode_alloc(inode))
152	inode->i_sb->s_op->destroy_inode(inode);	153	goto out_free_inode;
153	else	154
154	kmem_cache_free(inode_cachep, (inode));	155	/* allocate and initialize an i_integrity */
155	return NULL;	156	if (ima_inode_alloc(inode))
156	}	157	goto out_free_security;
157		158
158	spin_lock_init(&inode->i_lock);	159	spin_lock_init(&inode->i_lock);
159	lockdep_set_class(&inode->i_lock, &sb->s_type->i_lock_key);	160	lockdep_set_class(&inode->i_lock, &sb->s_type->i_lock_key);
@@ -189,6 +190,15 @@ struct inode inode_init_always(struct super_block sb, struct inode *inode)
189	inode->i_mapping = mapping;	190	inode->i_mapping = mapping;
190		191
191	return inode;	192	return inode;
		193
		194	out_free_security:
		195	security_inode_free(inode);
		196	out_free_inode:
		197	if (inode->i_sb->s_op->destroy_inode)
		198	inode->i_sb->s_op->destroy_inode(inode);
		199	else
		200	kmem_cache_free(inode_cachep, (inode));
		201	return NULL;
192	}	202	}
193	EXPORT_SYMBOL(inode_init_always);	203	EXPORT_SYMBOL(inode_init_always);
194		204