Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
 "Nothing groundbreaking for this kernel, just cleanups and fixes, and a
  couple of Smack enhancements."

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (21 commits)
  Smack: Maintainer Record
  Smack: don't show empty rules when /smack/load or /smack/load2 is read
  Smack: user access check bounds
  Smack: onlycap limits on CAP_MAC_ADMIN
  Smack: fix smack_new_inode bogosities
  ima: audit is compiled only when enabled
  ima: ima_initialized is set only if successful
  ima: add policy for pseudo fs
  ima: remove unused cleanup functions
  ima: free securityfs violations file
  ima: use full pathnames in measurement list
  security: Fix nommu build.
  samples: seccomp: add .gitignore for untracked executables
  tpm: check the chip reference before using it
  TPM: fix memleak when register hardware fails
  TPM: chip disabled state erronously being reported as error
  MAINTAINERS: TPM maintainers' contacts update
  Merge branches 'next-queue' and 'next' into next
  Remove unused code from MPI library
  Revert "crypto: GnuPG based MPI lib - additional sources (part 4)"
  ...

4 files changed, 6 insertions, 4 deletions

diff --git a/security/keys/compat.c b/security/keys/compat.c
index c92d42b021aa..1c261763f479 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -24,7 +24,7 @@
  *
  * If successful, 0 will be returned.
  */
-long compat_keyctl_instantiate_key_iov(
+static long compat_keyctl_instantiate_key_iov(
         key_serial_t id,
         const struct compat_iovec __user *_payload_iov,
         unsigned ioc,
@@ -33,7 +33,7 @@ long compat_keyctl_instantiate_key_iov(
         struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
         long ret;
 
-        if (_payload_iov == 0 || ioc == 0)
+        if (!_payload_iov || !ioc)
                 goto no_payload;
 
         ret = compat_rw_copy_check_uvector(WRITE, _payload_iov, ioc,
diff --git a/security/keys/internal.h b/security/keys/internal.h
index c246ba5d43ab..22ff05269e3d 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -242,7 +242,7 @@ extern long keyctl_instantiate_key_iov(key_serial_t,
 extern long keyctl_invalidate_key(key_serial_t);
 
 extern long keyctl_instantiate_key_common(key_serial_t,
-                                          const struct iovec __user *,
+                                          const struct iovec *,
                                           unsigned, size_t, key_serial_t);
 
 /*
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index f1b59ae39d7e..3364fbf46807 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1106,7 +1106,7 @@ long keyctl_instantiate_key_iov(key_serial_t id,
         struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
         long ret;
 
-        if (_payload_iov == 0 || ioc == 0)
+        if (!_payload_iov || !ioc)
                 goto no_payload;
 
         ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc,
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 7445875f6818..81e7852d281d 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -751,6 +751,7 @@ static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
 int __key_link_begin(struct key *keyring, const struct key_type *type,
                      const char *description, unsigned long *_prealloc)
         __acquires(&keyring->sem)
+        __acquires(&keyring_serialise_link_sem)
 {
         struct keyring_list *klist, *nklist;
         unsigned long prealloc;
@@ -960,6 +961,7 @@ void __key_link(struct key *keyring, struct key *key,
 void __key_link_end(struct key *keyring, struct key_type *type,
                     unsigned long prealloc)
         __releases(&keyring->sem)
+        __releases(&keyring_serialise_link_sem)
 {
         BUG_ON(type == NULL);
         BUG_ON(type->name == NULL);