Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26: (1090 commits)
  [NET]: Fix and allocate less memory for ->priv'less netdevices
  [IPV6]: Fix dangling references on error in fib6_add().
  [NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not found
  [PKT_SCHED]: Fix datalen check in tcf_simp_init().
  [INET]: Uninline the __inet_inherit_port call.
  [INET]: Drop the inet_inherit_port() call.
  SCTP: Initialize partial_bytes_acked to 0, when all of the data is acked.
  [netdrvr] forcedeth: internal simplifications; changelog removal
  phylib: factor out get_phy_id from within get_phy_device
  PHY: add BCM5464 support to broadcom PHY driver
  cxgb3: Fix __must_check warning with dev_dbg.
  tc35815: Statistics cleanup
  natsemi: fix MMIO for PPC 44x platforms
  [TIPC]: Cleanup of TIPC reference table code
  [TIPC]: Optimized initialization of TIPC reference table
  [TIPC]: Remove inlining of reference table locking routines
  e1000: convert uint16_t style integers to u16
  ixgb: convert uint16_t style integers to u16
  sb1000.c: make const arrays static
  sb1000.c: stop inlining largish static functions
  ...

4 files changed, 25 insertions, 31 deletions

diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index 36b0510efa7b..289e24b39e3e 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -7,16 +7,17 @@
 #ifndef _SELINUX_XFRM_H_
 #define _SELINUX_XFRM_H_
 
-int selinux_xfrm_policy_alloc(struct xfrm_policy *xp,
-                struct xfrm_user_sec_ctx *sec_ctx);
-int selinux_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new);
-void selinux_xfrm_policy_free(struct xfrm_policy *xp);
-int selinux_xfrm_policy_delete(struct xfrm_policy *xp);
+int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
+                              struct xfrm_user_sec_ctx *sec_ctx);
+int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
+                              struct xfrm_sec_ctx **new_ctxp);
+void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
+int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
 int selinux_xfrm_state_alloc(struct xfrm_state *x,
         struct xfrm_user_sec_ctx *sec_ctx, u32 secid);
 void selinux_xfrm_state_free(struct xfrm_state *x);
 int selinux_xfrm_state_delete(struct xfrm_state *x);
-int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
+int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
 int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
                         struct xfrm_policy *xp, struct flowi *fl);
 
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index 013d3117a86b..9c8a82aa8baf 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -281,7 +281,7 @@ static int sel_netif_netdev_notifier_handler(struct notifier_block *this,
 {
         struct net_device *dev = ptr;
 
-        if (dev->nd_net != &init_net)
+        if (dev_net(dev) != &init_net)
                 return NOTIFY_DONE;
 
         if (event == NETDEV_DOWN)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index d75050819b06..33425b1ac8d6 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2674,7 +2674,7 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
                 goto netlbl_sid_to_secattr_failure;
         secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],
                                   GFP_ATOMIC);
-        secattr->flags |= NETLBL_SECATTR_DOMAIN;
+        secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY;
         mls_export_netlbl_lvl(ctx, secattr);
         rc = mls_export_netlbl_cat(ctx, secattr);
         if (rc != 0)
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 7e158205d081..874d17c83c61 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -77,20 +77,18 @@ static inline int selinux_authorizable_xfrm(struct xfrm_state *x)
  * LSM hook implementation that authorizes that a flow can use
  * a xfrm policy rule.
  */
-int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
+int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
 {
         int rc;
         u32 sel_sid;
-        struct xfrm_sec_ctx *ctx;
 
         /* Context sid is either set to label or ANY_ASSOC */
-        if ((ctx = xp->security)) {
+        if (ctx) {
                 if (!selinux_authorizable_ctx(ctx))
                         return -EINVAL;
 
                 sel_sid = ctx->ctx_sid;
-        }
-        else
+        } else
                 /*
                  * All flows should be treated as polmatch'ing an
                  * otherwise applicable "non-labeled" policy. This
@@ -103,7 +101,7 @@ int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
                           NULL);
 
         if (rc == -EACCES)
-                rc = -ESRCH;
+                return -ESRCH;
 
         return rc;
 }
@@ -287,15 +285,14 @@ out2:
  * LSM hook implementation that allocs and transfers uctx spec to
  * xfrm_policy.
  */
-int selinux_xfrm_policy_alloc(struct xfrm_policy *xp,
-                struct xfrm_user_sec_ctx *uctx)
+int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
+                              struct xfrm_user_sec_ctx *uctx)
 {
         int err;
 
-        BUG_ON(!xp);
         BUG_ON(!uctx);
 
-        err = selinux_xfrm_sec_ctx_alloc(&xp->security, uctx, 0);
+        err = selinux_xfrm_sec_ctx_alloc(ctxp, uctx, 0);
         if (err == 0)
                 atomic_inc(&selinux_xfrm_refcount);
 
@@ -307,32 +304,29 @@ int selinux_xfrm_policy_alloc(struct xfrm_policy *xp,
  * LSM hook implementation that copies security data structure from old to
  * new for policy cloning.
  */
-int selinux_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
+int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
+                              struct xfrm_sec_ctx **new_ctxp)
 {
-        struct xfrm_sec_ctx *old_ctx, *new_ctx;
-
-        old_ctx = old->security;
+        struct xfrm_sec_ctx *new_ctx;
 
         if (old_ctx) {
-                new_ctx = new->security = kmalloc(sizeof(*new_ctx) +
-                                                  old_ctx->ctx_len,
-                                                  GFP_KERNEL);
-
+                new_ctx = kmalloc(sizeof(*old_ctx) + old_ctx->ctx_len,
+                                  GFP_KERNEL);
                 if (!new_ctx)
                         return -ENOMEM;
 
                 memcpy(new_ctx, old_ctx, sizeof(*new_ctx));
                 memcpy(new_ctx->ctx_str, old_ctx->ctx_str, new_ctx->ctx_len);
+                *new_ctxp = new_ctx;
         }
         return 0;
 }
 
 /*
- * LSM hook implementation that frees xfrm_policy security information.
+ * LSM hook implementation that frees xfrm_sec_ctx security information.
  */
-void selinux_xfrm_policy_free(struct xfrm_policy *xp)
+void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
 {
-        struct xfrm_sec_ctx *ctx = xp->security;
         if (ctx)
                 kfree(ctx);
 }
@@ -340,10 +334,9 @@ void selinux_xfrm_policy_free(struct xfrm_policy *xp)
 /*
  * LSM hook implementation that authorizes deletion of labeled policies.
  */
-int selinux_xfrm_policy_delete(struct xfrm_policy *xp)
+int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
 {
         struct task_security_struct *tsec = current->security;
-        struct xfrm_sec_ctx *ctx = xp->security;
         int rc = 0;
 
         if (ctx) {