Merge branch 'linus' into x86/x2apic

Conflicts: arch/x86/kernel/genapic_64.c Manual merge: arch/x86/kernel/genx2apic_uv_x.c Signed-off-by: Ingo Molnar <mingo@elte.hu>
author: Ingo Molnar <mingo@elte.hu> 2008-08-11 05:19:20 -0400
committer: Ingo Molnar <mingo@elte.hu> 2008-08-11 05:19:20 -0400
commit: 8067794bec1cc5de1431102cf0a6a1c7ce75cd85 (patch)
tree: 2bfa0fba060d253bbd972282b29a3d60c3e7cb7f /security/selinux/hooks.c
parent: 7ab6af7ab69df8c9c5fbc380004fb81187742096 (diff)
parent: 796aadeb1b2db9b5d463946766c5bbfd7717158c (diff)
1 files changed, 18 insertions, 42 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 63f131fc42e4..3ae9bec5a508 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -25,7 +25,7 @@
 #include <linux/init.h>
 #include <linux/kernel.h>
-#include <linux/ptrace.h>
+#include <linux/tracehook.h>
 #include <linux/errno.h>
 #include <linux/sched.h>
 #include <linux/security.h>
@@ -998,8 +998,12 @@ static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
        int rc;
        rc = selinux_get_mnt_opts(sb, &opts);
-        if (rc)
+        if (rc) {
+                /* before policy load we may get EINVAL, don't show anything */
+                if (rc == -EINVAL)
+                        rc = 0;
                return rc;
+        }
        selinux_write_opts(m, &opts);
@@ -1971,22 +1975,6 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
        return __vm_enough_memory(mm, pages, cap_sys_admin);
 }
-/**
- * task_tracer_task - return the task that is tracing the given task
- * @task:               task to consider
- *
- * Returns NULL if noone is tracing @task, or the &struct task_struct
- * pointer to its tracer.
- *
- * Must be called under rcu_read_lock().
- */
-static struct task_struct *task_tracer_task(struct task_struct *task)
-{
-        if (task->ptrace & PT_PTRACED)
-                return rcu_dereference(task->parent);
-        return NULL;
-}
 /* binprm security operations */
 static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
@@ -2238,7 +2226,7 @@ static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
                        u32 ptsid = 0;
                        rcu_read_lock();
-                        tracer = task_tracer_task(current);
+                        tracer = tracehook_tracer_task(current);
                        if (likely(tracer != NULL)) {
                                sec = tracer->security;
                                ptsid = sec->sid;
@@ -2640,12 +2628,11 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na
        return dentry_has_perm(current, NULL, dentry, FILE__READ);
 }
-static int selinux_inode_permission(struct inode *inode, int mask,
+static int selinux_inode_permission(struct inode *inode, int mask)
-                                    struct nameidata *nd)
 {
        int rc;
-        rc = secondary_ops->inode_permission(inode, mask, nd);
+        rc = secondary_ops->inode_permission(inode, mask);
        if (rc)
                return rc;
@@ -5247,7 +5234,7 @@ static int selinux_setprocattr(struct task_struct *p,
                   Otherwise, leave SID unchanged and fail. */
                task_lock(p);
                rcu_read_lock();
-                tracer = task_tracer_task(p);
+                tracer = tracehook_tracer_task(p);
                if (tracer != NULL) {
                        struct task_security_struct *ptsec = tracer->security;
                        u32 ptsid = ptsec->sid;
@@ -5670,27 +5657,20 @@ static struct nf_hook_ops selinux_ipv6_ops[] = {
 static int __init selinux_nf_ip_init(void)
 {
        int err = 0;
-        u32 iter;
        if (!selinux_enabled)
                goto out;
        printk(KERN_DEBUG "SELinux:  Registering netfilter hooks\n");
-        for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++) {
+        err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
-                err = nf_register_hook(&selinux_ipv4_ops[iter]);
+        if (err)
-                if (err)
+                panic("SELinux: nf_register_hooks for IPv4: error %d\n", err);
-                        panic("SELinux: nf_register_hook for IPv4: error %d\n",
-                              err);
-        }
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-        for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++) {
+        err = nf_register_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
-                err = nf_register_hook(&selinux_ipv6_ops[iter]);
+        if (err)
-                if (err)
+                panic("SELinux: nf_register_hooks for IPv6: error %d\n", err);
-                        panic("SELinux: nf_register_hook for IPv6: error %d\n",
-                              err);
-        }
 #endif  /* IPV6 */
 out:
@@ -5702,15 +5682,11 @@ __initcall(selinux_nf_ip_init);
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
 static void selinux_nf_ip_exit(void)
 {
-        u32 iter;
        printk(KERN_DEBUG "SELinux:  Unregistering netfilter hooks\n");
-        for (iter = 0; iter < ARRAY_SIZE(selinux_ipv4_ops); iter++)
+        nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
-                nf_unregister_hook(&selinux_ipv4_ops[iter]);
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-        for (iter = 0; iter < ARRAY_SIZE(selinux_ipv6_ops); iter++)
+        nf_unregister_hooks(selinux_ipv6_ops, ARRAY_SIZE(selinux_ipv6_ops));
-                nf_unregister_hook(&selinux_ipv6_ops[iter]);
 #endif  /* IPV6 */
 }
 #endif
author	Ingo Molnar <mingo@elte.hu>	2008-08-11 05:19:20 -0400
committer	Ingo Molnar <mingo@elte.hu>	2008-08-11 05:19:20 -0400
commit	8067794bec1cc5de1431102cf0a6a1c7ce75cd85 (patch)
tree	2bfa0fba060d253bbd972282b29a3d60c3e7cb7f /security/selinux/hooks.c
parent	7ab6af7ab69df8c9c5fbc380004fb81187742096 (diff)
parent	796aadeb1b2db9b5d463946766c5bbfd7717158c (diff)