Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Merge 'net' bug fixes into 'net-next' as we have patches that will build on top of them. This merge commit includes a change from Emil Goode (emilgoode@gmail.com) that fixes a warning that would have been introduced by this merge. Specifically it fixes the pingv6_ops method ipv6_chk_addr() to add a "const" to the "struct net_device *dev" argument and likewise update the dummy_ipv6_chk_addr() declaration. Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-06-05 18:56:43 -0400
committer: David S. Miller <davem@davemloft.net> 2013-06-05 19:37:30 -0400
commit: 6bc19fb82d4c05a9eee19d6d2aab2ce26e499ec2 (patch)
tree: 8b049ef383307f5dae91b5c9cf78dbfb9b74a4d1 /security/selinux
parent: 11a164a04382d735230b01f4cc46ad78a7c4abf6 (diff)
parent: 4d3797d7e1861ac1af150a6189315786c5e1c820 (diff)
1 files changed, 14 insertions, 20 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 8ab295154517..d03081886214 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -316,6 +316,7 @@ int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
                memcpy(new_ctx, old_ctx, sizeof(*new_ctx));
                memcpy(new_ctx->ctx_str, old_ctx->ctx_str, new_ctx->ctx_len);
+                atomic_inc(&selinux_xfrm_refcount);
                *new_ctxp = new_ctx;
        }
        return 0;
@@ -326,6 +327,7 @@ int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
 */
 void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
 {
+        atomic_dec(&selinux_xfrm_refcount);
        kfree(ctx);
 }
@@ -335,17 +337,13 @@ void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
 int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
 {
        const struct task_security_struct *tsec = current_security();
-        int rc = 0;
-        if (ctx) {
+        if (!ctx)
-                rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
+                return 0;
-                                  SECCLASS_ASSOCIATION,
-                                  ASSOCIATION__SETCONTEXT, NULL);
-                if (rc == 0)
-                        atomic_dec(&selinux_xfrm_refcount);
-        }
-        return rc;
+        return avc_has_perm(tsec->sid, ctx->ctx_sid,
+                            SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT,
+                            NULL);
 }
 /*
@@ -370,8 +368,8 @@ int selinux_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *uct
 */
 void selinux_xfrm_state_free(struct xfrm_state *x)
 {
-        struct xfrm_sec_ctx *ctx = x->security;
+        atomic_dec(&selinux_xfrm_refcount);
-        kfree(ctx);
+        kfree(x->security);
 }
 /*
@@ -381,17 +379,13 @@ int selinux_xfrm_state_delete(struct xfrm_state *x)
 {
        const struct task_security_struct *tsec = current_security();
        struct xfrm_sec_ctx *ctx = x->security;
-        int rc = 0;
-        if (ctx) {
+        if (!ctx)
-                rc = avc_has_perm(tsec->sid, ctx->ctx_sid,
+                return 0;
-                                  SECCLASS_ASSOCIATION,
-                                  ASSOCIATION__SETCONTEXT, NULL);
-                if (rc == 0)
-                        atomic_dec(&selinux_xfrm_refcount);
-        }
-        return rc;
+        return avc_has_perm(tsec->sid, ctx->ctx_sid,
+                            SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT,
+                            NULL);
 }
 /*
author	David S. Miller <davem@davemloft.net>	2013-06-05 18:56:43 -0400
committer	David S. Miller <davem@davemloft.net>	2013-06-05 19:37:30 -0400
commit	6bc19fb82d4c05a9eee19d6d2aab2ce26e499ec2 (patch)
tree	8b049ef383307f5dae91b5c9cf78dbfb9b74a4d1 /security/selinux
parent	11a164a04382d735230b01f4cc46ad78a7c4abf6 (diff)
parent	4d3797d7e1861ac1af150a6189315786c5e1c820 (diff)