Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless

Conflicts:
	net/mac80211/debugfs_sta.c
	net/mac80211/sta_info.h

21 files changed, 136 insertions, 137 deletions

diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
index 38ccaea08204..df3649560818 100644
--- a/security/apparmor/include/apparmor.h
+++ b/security/apparmor/include/apparmor.h
@@ -21,11 +21,11 @@
 
 /* Control parameters settable through module/boot flags */
 extern enum audit_mode aa_g_audit;
-extern int aa_g_audit_header;
-extern int aa_g_debug;
-extern int aa_g_lock_policy;
-extern int aa_g_logsyscall;
-extern int aa_g_paranoid_load;
+extern bool aa_g_audit_header;
+extern bool aa_g_debug;
+extern bool aa_g_lock_policy;
+extern bool aa_g_logsyscall;
+extern bool aa_g_paranoid_load;
 extern unsigned int aa_g_path_max;
 
 /*
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index d7f06f8b2837..97ce8fae49b3 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -136,16 +136,16 @@ static int apparmor_capget(struct task_struct *target, kernel_cap_t *effective,
         return 0;
 }
 
-static int apparmor_capable(struct task_struct *task, const struct cred *cred,
-                            struct user_namespace *ns, int cap, int audit)
+static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
+                            int cap, int audit)
 {
         struct aa_profile *profile;
         /* cap_capable returns 0 on success, else -EPERM */
-        int error = cap_capable(task, cred, ns, cap, audit);
+        int error = cap_capable(cred, ns, cap, audit);
         if (!error) {
                 profile = aa_cred_profile(cred);
                 if (!unconfined(profile))
-                        error = aa_capable(task, profile, cap, audit);
+                        error = aa_capable(current, profile, cap, audit);
         }
         return error;
 }
@@ -708,7 +708,7 @@ module_param_call(mode, param_set_mode, param_get_mode,
                   &aa_g_profile_mode, S_IRUSR | S_IWUSR);
 
 /* Debug mode */
-int aa_g_debug;
+bool aa_g_debug;
 module_param_named(debug, aa_g_debug, aabool, S_IRUSR | S_IWUSR);
 
 /* Audit mode */
@@ -719,7 +719,7 @@ module_param_call(audit, param_set_audit, param_get_audit,
 /* Determines if audit header is included in audited messages.  This
  * provides more context if the audit daemon is not running
  */
-int aa_g_audit_header = 1;
+bool aa_g_audit_header = 1;
 module_param_named(audit_header, aa_g_audit_header, aabool,
                    S_IRUSR | S_IWUSR);
 
@@ -727,12 +727,12 @@ module_param_named(audit_header, aa_g_audit_header, aabool,
  * TODO: add in at boot loading of policy, which is the only way to
  *       load policy, if lock_policy is set
  */
-int aa_g_lock_policy;
+bool aa_g_lock_policy;
 module_param_named(lock_policy, aa_g_lock_policy, aalockpolicy,
                    S_IRUSR | S_IWUSR);
 
 /* Syscall logging mode */
-int aa_g_logsyscall;
+bool aa_g_logsyscall;
 module_param_named(logsyscall, aa_g_logsyscall, aabool, S_IRUSR | S_IWUSR);
 
 /* Maximum pathname length before accesses will start getting rejected */
@@ -742,12 +742,12 @@ module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR | S_IWUSR);
 /* Determines how paranoid loading of policy is and how much verification
  * on the loaded policy is done.
  */
-int aa_g_paranoid_load = 1;
+bool aa_g_paranoid_load = 1;
 module_param_named(paranoid_load, aa_g_paranoid_load, aabool,
                    S_IRUSR | S_IWUSR);
 
 /* Boot time disable flag */
-static unsigned int apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE;
+static bool apparmor_enabled = CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE;
 module_param_named(enabled, apparmor_enabled, aabool, S_IRUSR);
 
 static int __init apparmor_enabled_setup(char *str)
diff --git a/security/capability.c b/security/capability.c
index 3b5883b7179f..2f680eb02b59 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -998,7 +998,6 @@ void __init security_fixup_ops(struct security_operations *ops)
         set_to_cap_if_null(ops, sem_semctl);
         set_to_cap_if_null(ops, sem_semop);
         set_to_cap_if_null(ops, netlink_send);
-        set_to_cap_if_null(ops, netlink_recv);
         set_to_cap_if_null(ops, d_instantiate);
         set_to_cap_if_null(ops, getprocattr);
         set_to_cap_if_null(ops, setprocattr);
diff --git a/security/commoncap.c b/security/commoncap.c
index ee4f8486e5f5..7ce191ea29a0 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -56,17 +56,8 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
         return 0;
 }
 
-int cap_netlink_recv(struct sk_buff *skb, int cap)
-{
-        if (!cap_raised(current_cap(), cap))
-                return -EPERM;
-        return 0;
-}
-EXPORT_SYMBOL(cap_netlink_recv);
-
 /**
  * cap_capable - Determine whether a task has a particular effective capability
- * @tsk: The task to query
  * @cred: The credentials to use
  * @ns:  The user namespace in which we need the capability
  * @cap: The capability to check for
@@ -80,8 +71,8 @@ EXPORT_SYMBOL(cap_netlink_recv);
  * cap_has_capability() returns 0 when a task has a capability, but the
  * kernel's capable() and has_capability() returns 1 for this case.
  */
-int cap_capable(struct task_struct *tsk, const struct cred *cred,
-                struct user_namespace *targ_ns, int cap, int audit)
+int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
+                int cap, int audit)
 {
         for (;;) {
                 /* The creator of the user namespace has all caps. */
@@ -222,9 +213,8 @@ static inline int cap_inh_is_capped(void)
         /* they are so limited unless the current task has the CAP_SETPCAP
          * capability
          */
-        if (cap_capable(current, current_cred(),
-                        current_cred()->user->user_ns, CAP_SETPCAP,
-                        SECURITY_CAP_AUDIT) == 0)
+        if (cap_capable(current_cred(), current_cred()->user->user_ns,
+                        CAP_SETPCAP, SECURITY_CAP_AUDIT) == 0)
                 return 0;
         return 1;
 }
@@ -874,7 +864,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
                      & (new->securebits ^ arg2))                        /*[1]*/
                     || ((new->securebits & SECURE_ALL_LOCKS & ~arg2))   /*[2]*/
                     || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS))   /*[3]*/
-                    || (cap_capable(current, current_cred(),
+                    || (cap_capable(current_cred(),
                                     current_cred()->user->user_ns, CAP_SETPCAP,
                                     SECURITY_CAP_AUDIT) != 0)           /*[4]*/
                         /*
@@ -940,7 +930,7 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
 {
         int cap_sys_admin = 0;
 
-        if (cap_capable(current, current_cred(), &init_user_ns, CAP_SYS_ADMIN,
+        if (cap_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
                         SECURITY_CAP_NOAUDIT) == 0)
                 cap_sys_admin = 1;
         return __vm_enough_memory(mm, pages, cap_sys_admin);
@@ -967,7 +957,7 @@ int cap_file_mmap(struct file *file, unsigned long reqprot,
         int ret = 0;
 
         if (addr < dac_mmap_min_addr) {
-                ret = cap_capable(current, current_cred(), &init_user_ns, CAP_SYS_RAWIO,
+                ret = cap_capable(current_cred(), &init_user_ns, CAP_SYS_RAWIO,
                                   SECURITY_CAP_AUDIT);
                 /* set PF_SUPERPRIV if it turns out we allow the low mmap */
                 if (ret == 0)
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index d384ea921482..5bd1cc1b4a54 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -3,11 +3,11 @@ config INTEGRITY
         def_bool y
         depends on IMA || EVM
 
-config INTEGRITY_DIGSIG
+config INTEGRITY_SIGNATURE
         boolean "Digital signature verification using multiple keyrings"
         depends on INTEGRITY && KEYS
         default n
-        select DIGSIG
+        select SIGNATURE
         help
           This option enables digital signature verification support
           using multiple keyrings. It defines separate keyrings for each
diff --git a/security/integrity/Makefile b/security/integrity/Makefile
index bece0563ee5e..d43799cc14f6 100644
--- a/security/integrity/Makefile
+++ b/security/integrity/Makefile
@@ -3,7 +3,7 @@
 #
 
 obj-$(CONFIG_INTEGRITY) += integrity.o
-obj-$(CONFIG_INTEGRITY_DIGSIG) += digsig.o
+obj-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o
 
 integrity-y := iint.o
 
diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c
index c5c5a72c30be..2ad942fb1e23 100644
--- a/security/integrity/ima/ima_audit.c
+++ b/security/integrity/ima/ima_audit.c
@@ -56,9 +56,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
                 audit_log_format(ab, " name=");
                 audit_log_untrustedstring(ab, fname);
         }
-        if (inode)
-                audit_log_format(ab, " dev=%s ino=%lu",
-                                 inode->i_sb->s_id, inode->i_ino);
+        if (inode) {
+                audit_log_format(ab, " dev=");
+                audit_log_untrustedstring(ab, inode->i_sb->s_id);
+                audit_log_format(ab, " ino=%lu", inode->i_ino);
+        }
         audit_log_format(ab, " res=%d", !result ? 0 : 1);
         audit_log_end(ab);
 }
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index d661afbe474c..d45061d02fee 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -99,6 +99,7 @@ static bool ima_match_rules(struct ima_measure_rule_entry *rule,
                             struct inode *inode, enum ima_hooks func, int mask)
 {
         struct task_struct *tsk = current;
+        const struct cred *cred = current_cred();
         int i;
 
         if ((rule->flags & IMA_FUNC) && rule->func != func)
@@ -108,7 +109,7 @@ static bool ima_match_rules(struct ima_measure_rule_entry *rule,
         if ((rule->flags & IMA_FSMAGIC)
             && rule->fsmagic != inode->i_sb->s_magic)
                 return false;
-        if ((rule->flags & IMA_UID) && rule->uid != tsk->cred->uid)
+        if ((rule->flags & IMA_UID) && rule->uid != cred->uid)
                 return false;
         for (i = 0; i < MAX_LSM_RULES; i++) {
                 int rc = 0;
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 4da6ba81d153..7a25ecec5aaa 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -51,7 +51,7 @@ struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
 #define INTEGRITY_KEYRING_IMA           2
 #define INTEGRITY_KEYRING_MAX           3
 
-#ifdef CONFIG_INTEGRITY_DIGSIG
+#ifdef CONFIG_INTEGRITY_SIGNATURE
 
 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
                                         const char *digest, int digestlen);
@@ -65,7 +65,7 @@ static inline int integrity_digsig_verify(const unsigned int id,
         return -EOPNOTSUPP;
 }
 
-#endif /* CONFIG_INTEGRITY_DIGSIG */
+#endif /* CONFIG_INTEGRITY_SIGNATURE */
 
 /* set during initialization */
 extern int iint_initialized;
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 41144f71d615..2d1bb8af7696 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -314,7 +314,7 @@ static struct key *request_user_key(const char *master_desc, u8 **master_key,
                 goto error;
 
         down_read(&ukey->sem);
-        upayload = rcu_dereference(ukey->payload.data);
+        upayload = ukey->payload.data;
         *master_key = upayload->data;
         *master_keylen = upayload->datalen;
 error:
@@ -810,7 +810,7 @@ static int encrypted_instantiate(struct key *key, const void *data,
                 goto out;
         }
 
-        rcu_assign_pointer(key->payload.data, epayload);
+        rcu_assign_keypointer(key, epayload);
 out:
         kfree(datablob);
         return ret;
@@ -874,7 +874,7 @@ static int encrypted_update(struct key *key, const void *data, size_t datalen)
         memcpy(new_epayload->payload_data, epayload->payload_data,
                epayload->payload_datalen);
 
-        rcu_assign_pointer(key->payload.data, new_epayload);
+        rcu_assign_keypointer(key, new_epayload);
         call_rcu(&epayload->rcu, encrypted_rcu_free);
 out:
         kfree(buf);
diff --git a/security/keys/encrypted-keys/masterkey_trusted.c b/security/keys/encrypted-keys/masterkey_trusted.c
index df87272e3f51..013f7e5d3a2f 100644
--- a/security/keys/encrypted-keys/masterkey_trusted.c
+++ b/security/keys/encrypted-keys/masterkey_trusted.c
@@ -18,6 +18,8 @@
 #include <linux/module.h>
 #include <linux/err.h>
 #include <keys/trusted-type.h>
+#include <keys/encrypted-type.h>
+#include "encrypted.h"
 
 /*
  * request_trusted_key - request the trusted key
@@ -37,7 +39,7 @@ struct key *request_trusted_key(const char *trusted_desc,
                 goto error;
 
         down_read(&tkey->sem);
-        tpayload = rcu_dereference(tkey->payload.data);
+        tpayload = tkey->payload.data;
         *master_key = tpayload->key;
         *master_keylen = tpayload->key_len;
 error:
diff --git a/security/keys/gc.c b/security/keys/gc.c
index bf4d8da5a795..a42b45531aac 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -145,7 +145,9 @@ static void key_gc_keyring(struct key *keyring, time_t limit)
         if (!klist)
                 goto unlock_dont_gc;
 
-        for (loop = klist->nkeys - 1; loop >= 0; loop--) {
+        loop = klist->nkeys;
+        smp_rmb();
+        for (loop--; loop >= 0; loop--) {
                 key = klist->keys[loop];
                 if (test_bit(KEY_FLAG_DEAD, &key->flags) ||
                     (key->expiry > 0 && key->expiry <= limit))
diff --git a/security/keys/internal.h b/security/keys/internal.h
index c7a7caec4830..65647f825584 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -33,6 +33,7 @@
 
 extern struct key_type key_type_dead;
 extern struct key_type key_type_user;
+extern struct key_type key_type_logon;
 
 /*****************************************************************************/
 /*
diff --git a/security/keys/key.c b/security/keys/key.c
index 4f64c7267afb..7ada8019be1f 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -999,6 +999,7 @@ void __init key_init(void)
         list_add_tail(&key_type_keyring.link, &key_types_list);
         list_add_tail(&key_type_dead.link, &key_types_list);
         list_add_tail(&key_type_user.link, &key_types_list);
+        list_add_tail(&key_type_logon.link, &key_types_list);
 
         /* record the root user tracking */
         rb_link_node(&root_key_user.node,
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 37a7f3b28852..d605f75292e4 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -319,7 +319,7 @@ key_ref_t keyring_search_aux(key_ref_t keyring_ref,
         struct key *keyring, *key;
         key_ref_t key_ref;
         long err;
-        int sp, kix;
+        int sp, nkeys, kix;
 
         keyring = key_ref_to_ptr(keyring_ref);
         possessed = is_key_possessed(keyring_ref);
@@ -380,7 +380,9 @@ descend:
                 goto not_this_keyring;
 
         /* iterate through the keys in this keyring first */
-        for (kix = 0; kix < keylist->nkeys; kix++) {
+        nkeys = keylist->nkeys;
+        smp_rmb();
+        for (kix = 0; kix < nkeys; kix++) {
                 key = keylist->keys[kix];
                 kflags = key->flags;
 
@@ -421,7 +423,9 @@ descend:
         /* search through the keyrings nested in this one */
         kix = 0;
 ascend:
-        for (; kix < keylist->nkeys; kix++) {
+        nkeys = keylist->nkeys;
+        smp_rmb();
+        for (; kix < nkeys; kix++) {
                 key = keylist->keys[kix];
                 if (key->type != &key_type_keyring)
                         continue;
@@ -515,7 +519,7 @@ key_ref_t __keyring_search_one(key_ref_t keyring_ref,
         struct keyring_list *klist;
         unsigned long possessed;
         struct key *keyring, *key;
-        int loop;
+        int nkeys, loop;
 
         keyring = key_ref_to_ptr(keyring_ref);
         possessed = is_key_possessed(keyring_ref);
@@ -524,7 +528,9 @@ key_ref_t __keyring_search_one(key_ref_t keyring_ref,
 
         klist = rcu_dereference(keyring->payload.subscriptions);
         if (klist) {
-                for (loop = 0; loop < klist->nkeys; loop++) {
+                nkeys = klist->nkeys;
+                smp_rmb();
+                for (loop = 0; loop < nkeys ; loop++) {
                         key = klist->keys[loop];
 
                         if (key->type == ktype &&
@@ -622,7 +628,7 @@ static int keyring_detect_cycle(struct key *A, struct key *B)
 
         struct keyring_list *keylist;
         struct key *subtree, *key;
-        int sp, kix, ret;
+        int sp, nkeys, kix, ret;
 
         rcu_read_lock();
 
@@ -645,7 +651,9 @@ descend:
 
 ascend:
         /* iterate through the remaining keys in this keyring */
-        for (; kix < keylist->nkeys; kix++) {
+        nkeys = keylist->nkeys;
+        smp_rmb();
+        for (; kix < nkeys; kix++) {
                 key = keylist->keys[kix];
 
                 if (key == A)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 0ed5fdf238a2..2d5d041f2049 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -993,7 +993,7 @@ out:
         kfree(datablob);
         kfree(options);
         if (!ret)
-                rcu_assign_pointer(key->payload.data, payload);
+                rcu_assign_keypointer(key, payload);
         else
                 kfree(payload);
         return ret;
@@ -1067,7 +1067,7 @@ static int trusted_update(struct key *key, const void *data, size_t datalen)
                         goto out;
                 }
         }
-        rcu_assign_pointer(key->payload.data, new_p);
+        rcu_assign_keypointer(key, new_p);
         call_rcu(&p->rcu, trusted_rcu_free);
 out:
         kfree(datablob);
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 69ff52c08e97..c7660a25a3e4 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -18,6 +18,8 @@
 #include <asm/uaccess.h>
 #include "internal.h"
 
+static int logon_vet_description(const char *desc);
+
 /*
  * user defined keys take an arbitrary string as the description and an
  * arbitrary blob of data as the payload
@@ -36,6 +38,24 @@ struct key_type key_type_user = {
 EXPORT_SYMBOL_GPL(key_type_user);
 
 /*
+ * This key type is essentially the same as key_type_user, but it does
+ * not define a .read op. This is suitable for storing username and
+ * password pairs in the keyring that you do not want to be readable
+ * from userspace.
+ */
+struct key_type key_type_logon = {
+        .name                   = "logon",
+        .instantiate            = user_instantiate,
+        .update                 = user_update,
+        .match                  = user_match,
+        .revoke                 = user_revoke,
+        .destroy                = user_destroy,
+        .describe               = user_describe,
+        .vet_description        = logon_vet_description,
+};
+EXPORT_SYMBOL_GPL(key_type_logon);
+
+/*
  * instantiate a user defined key
  */
 int user_instantiate(struct key *key, const void *data, size_t datalen)
@@ -59,7 +79,7 @@ int user_instantiate(struct key *key, const void *data, size_t datalen)
         /* attach the data */
         upayload->datalen = datalen;
         memcpy(upayload->data, data, datalen);
-        rcu_assign_pointer(key->payload.data, upayload);
+        rcu_assign_keypointer(key, upayload);
         ret = 0;
 
 error:
@@ -98,7 +118,7 @@ int user_update(struct key *key, const void *data, size_t datalen)
         if (ret == 0) {
                 /* attach the new data, displacing the old */
                 zap = key->payload.data;
-                rcu_assign_pointer(key->payload.data, upayload);
+                rcu_assign_keypointer(key, upayload);
                 key->expiry = 0;
         }
 
@@ -133,7 +153,7 @@ void user_revoke(struct key *key)
         key_payload_reserve(key, 0);
 
         if (upayload) {
-                rcu_assign_pointer(key->payload.data, NULL);
+                rcu_assign_keypointer(key, NULL);
                 kfree_rcu(upayload, rcu);
         }
 }
@@ -189,3 +209,20 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen)
 }
 
 EXPORT_SYMBOL_GPL(user_read);
+
+/* Vet the description for a "logon" key */
+static int logon_vet_description(const char *desc)
+{
+        char *p;
+
+        /* require a "qualified" description string */
+        p = strchr(desc, ':');
+        if (!p)
+                return -EINVAL;
+
+        /* also reject description with ':' as first char */
+        if (p == desc)
+                return -EINVAL;
+
+        return 0;
+}
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 7bd6f138236b..293b8c45b1d1 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -232,13 +232,14 @@ static void dump_common_audit_data(struct audit_buffer *ab,
         case LSM_AUDIT_DATA_PATH: {
                 struct inode *inode;
 
-                audit_log_d_path(ab, "path=", &a->u.path);
+                audit_log_d_path(ab, " path=", &a->u.path);
 
                 inode = a->u.path.dentry->d_inode;
-                if (inode)
-                        audit_log_format(ab, " dev=%s ino=%lu",
-                                        inode->i_sb->s_id,
-                                        inode->i_ino);
+                if (inode) {
+                        audit_log_format(ab, " dev=");
+                        audit_log_untrustedstring(ab, inode->i_sb->s_id);
+                        audit_log_format(ab, " ino=%lu", inode->i_ino);
+                }
                 break;
         }
         case LSM_AUDIT_DATA_DENTRY: {
@@ -248,10 +249,11 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                 audit_log_untrustedstring(ab, a->u.dentry->d_name.name);
 
                 inode = a->u.dentry->d_inode;
-                if (inode)
-                        audit_log_format(ab, " dev=%s ino=%lu",
-                                        inode->i_sb->s_id,
-                                        inode->i_ino);
+                if (inode) {
+                        audit_log_format(ab, " dev=");
+                        audit_log_untrustedstring(ab, inode->i_sb->s_id);
+                        audit_log_format(ab, " ino=%lu", inode->i_ino);
+                }
                 break;
         }
         case LSM_AUDIT_DATA_INODE: {
@@ -266,8 +268,9 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                                          dentry->d_name.name);
                         dput(dentry);
                 }
-                audit_log_format(ab, " dev=%s ino=%lu", inode->i_sb->s_id,
-                                 inode->i_ino);
+                audit_log_format(ab, " dev=");
+                audit_log_untrustedstring(ab, inode->i_sb->s_id);
+                audit_log_format(ab, " ino=%lu", inode->i_ino);
                 break;
         }
         case LSM_AUDIT_DATA_TASK:
@@ -315,7 +318,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                                                 .dentry = u->dentry,
                                                 .mnt = u->mnt
                                         };
-                                        audit_log_d_path(ab, "path=", &path);
+                                        audit_log_d_path(ab, " path=", &path);
                                         break;
                                 }
                                 if (!u->addr)
diff --git a/security/security.c b/security/security.c
index 214502c772ab..d7542493454d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -155,35 +155,16 @@ int security_capset(struct cred *new, const struct cred *old,
                                     effective, inheritable, permitted);
 }
 
-int security_capable(struct user_namespace *ns, const struct cred *cred,
+int security_capable(const struct cred *cred, struct user_namespace *ns,
                      int cap)
 {
-        return security_ops->capable(current, cred, ns, cap,
-                                     SECURITY_CAP_AUDIT);
+        return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
 }
 
-int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
-                          int cap)
+int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
+                             int cap)
 {
-        const struct cred *cred;
-        int ret;
-
-        cred = get_task_cred(tsk);
-        ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_AUDIT);
-        put_cred(cred);
-        return ret;
-}
-
-int security_real_capable_noaudit(struct task_struct *tsk,
-                                  struct user_namespace *ns, int cap)
-{
-        const struct cred *cred;
-        int ret;
-
-        cred = get_task_cred(tsk);
-        ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_NOAUDIT);
-        put_cred(cred);
-        return ret;
+        return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
 }
 
 int security_quotactl(int cmds, int type, int id, struct super_block *sb)
@@ -994,12 +975,6 @@ int security_netlink_send(struct sock *sk, struct sk_buff *skb)
         return security_ops->netlink_send(sk, skb);
 }
 
-int security_netlink_recv(struct sk_buff *skb, int cap)
-{
-        return security_ops->netlink_recv(skb, cap);
-}
-EXPORT_SYMBOL(security_netlink_recv);
-
 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 {
         return security_ops->secid_to_secctx(secid, secdata, seclen);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7cd4c3affac8..6a3683e28426 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1415,8 +1415,7 @@ static int current_has_perm(const struct task_struct *tsk,
 #endif
 
 /* Check whether a task is allowed to use a capability. */
-static int task_has_capability(struct task_struct *tsk,
-                               const struct cred *cred,
+static int cred_has_capability(const struct cred *cred,
                                int cap, int audit)
 {
         struct common_audit_data ad;
@@ -1427,7 +1426,7 @@ static int task_has_capability(struct task_struct *tsk,
         int rc;
 
         COMMON_AUDIT_DATA_INIT(&ad, CAP);
-        ad.tsk = tsk;
+        ad.tsk = current;
         ad.u.cap = cap;
 
         switch (CAP_TO_INDEX(cap)) {
@@ -1811,7 +1810,7 @@ static int selinux_ptrace_access_check(struct task_struct *child,
         if (rc)
                 return rc;
 
-        if (mode == PTRACE_MODE_READ) {
+        if (mode & PTRACE_MODE_READ) {
                 u32 sid = current_sid();
                 u32 csid = task_sid(child);
                 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL);
@@ -1868,16 +1867,16 @@ static int selinux_capset(struct cred *new, const struct cred *old,
  * the CAP_SETUID and CAP_SETGID capabilities using the capable hook.
  */
 
-static int selinux_capable(struct task_struct *tsk, const struct cred *cred,
-                           struct user_namespace *ns, int cap, int audit)
+static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
+                           int cap, int audit)
 {
         int rc;
 
-        rc = cap_capable(tsk, cred, ns, cap, audit);
+        rc = cap_capable(cred, ns, cap, audit);
         if (rc)
                 return rc;
 
-        return task_has_capability(tsk, cred, cap, audit);
+        return cred_has_capability(cred, cap, audit);
 }
 
 static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
@@ -1954,8 +1953,7 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
 {
         int rc, cap_sys_admin = 0;
 
-        rc = selinux_capable(current, current_cred(),
-                             &init_user_ns, CAP_SYS_ADMIN,
+        rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN,
                              SECURITY_CAP_NOAUDIT);
         if (rc == 0)
                 cap_sys_admin = 1;
@@ -2859,8 +2857,7 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name
          * and lack of permission just means that we fall back to the
          * in-core context value, not a denial.
          */
-        error = selinux_capable(current, current_cred(),
-                                &init_user_ns, CAP_MAC_ADMIN,
+        error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
                                 SECURITY_CAP_NOAUDIT);
         if (!error)
                 error = security_sid_to_context_force(isec->sid, &context,
@@ -2993,8 +2990,8 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
 
         case KDSKBENT:
         case KDSKBSENT:
-                error = task_has_capability(current, cred, CAP_SYS_TTY_CONFIG,
-                                        SECURITY_CAP_AUDIT);
+                error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
+                                            SECURITY_CAP_AUDIT);
                 break;
 
         /* default case assumes that the command will go
@@ -4718,24 +4715,6 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
         return selinux_nlmsg_perm(sk, skb);
 }
 
-static int selinux_netlink_recv(struct sk_buff *skb, int capability)
-{
-        int err;
-        struct common_audit_data ad;
-        u32 sid;
-
-        err = cap_netlink_recv(skb, capability);
-        if (err)
-                return err;
-
-        COMMON_AUDIT_DATA_INIT(&ad, CAP);
-        ad.u.cap = capability;
-
-        security_task_getsecid(current, &sid);
-        return avc_has_perm(sid, sid, SECCLASS_CAPABILITY,
-                            CAP_TO_MASK(capability), &ad);
-}
-
 static int ipc_alloc_security(struct task_struct *task,
                               struct kern_ipc_perm *perm,
                               u16 sclass)
@@ -5464,7 +5443,6 @@ static struct security_operations selinux_ops = {
         .vm_enough_memory =             selinux_vm_enough_memory,
 
         .netlink_send =                 selinux_netlink_send,
-        .netlink_recv =                 selinux_netlink_recv,
 
         .bprm_set_creds =               selinux_bprm_set_creds,
         .bprm_committing_creds =        selinux_bprm_committing_creds,
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index 4a9b4b2eb755..867558c98334 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -492,13 +492,13 @@ static bool tomoyo_correct_word2(const char *string, size_t len)
                                 if (d < '0' || d > '7' || e < '0' || e > '7')
                                         break;
                                 c = tomoyo_make_byte(c, d, e);
-                                if (tomoyo_invalid(c))
-                                        continue; /* pattern is not \000 */
+                                if (c <= ' ' || c >= 127)
+                                        continue;
                         }
                         goto out;
                 } else if (in_repetition && c == '/') {
                         goto out;
-                } else if (tomoyo_invalid(c)) {
+                } else if (c <= ' ' || c >= 127) {
                         goto out;
                 }
         }