Merge branch 'core/xen' into x86/xen

author: Ingo Molnar <mingo@elte.hu> 2008-09-10 08:05:45 -0400
committer: Ingo Molnar <mingo@elte.hu> 2008-09-10 08:05:45 -0400
commit: 3ce9bcb583536c45a46c7302747029450e22279c (patch)
tree: 7a4167189ffc6dc909151d1a5d040f9f0656a9f4 /security
parent: 26fd10517e810dd59ea050b052de24a75ee6dc07 (diff)
parent: f7d0b926ac8c8ec0c7a83ee69409bd2e6bb39f81 (diff)
2 files changed, 12 insertions, 12 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 7bd296cca041..46f23971f7e4 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -508,12 +508,11 @@ int devcgroup_inode_permission(struct inode *inode, int mask)
                return 0;
        if (!S_ISBLK(inode->i_mode) && !S_ISCHR(inode->i_mode))
                return 0;
-        dev_cgroup = css_to_devcgroup(task_subsys_state(current,
-                                devices_subsys_id));
-        if (!dev_cgroup)
-                return 0;
        rcu_read_lock();
+        dev_cgroup = task_devcgroup(current);
        list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) {
                if (wh->type & DEV_ALL)
                        goto acc_check;
@@ -533,6 +532,7 @@ acc_check:
                rcu_read_unlock();
                return 0;
        }
        rcu_read_unlock();
        return -EPERM;
@@ -543,12 +543,10 @@ int devcgroup_inode_mknod(int mode, dev_t dev)
        struct dev_cgroup *dev_cgroup;
        struct dev_whitelist_item *wh;
-        dev_cgroup = css_to_devcgroup(task_subsys_state(current,
-                                devices_subsys_id));
-        if (!dev_cgroup)
-                return 0;
        rcu_read_lock();
+        dev_cgroup = task_devcgroup(current);
        list_for_each_entry(wh, &dev_cgroup->whitelist, list) {
                if (wh->type & DEV_ALL)
                        goto acc_check;
@@ -566,6 +564,8 @@ acc_check:
                rcu_read_unlock();
                return 0;
        }
        rcu_read_unlock();
        return -EPERM;
 }
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index b52f923ce680..d11a8154500f 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -811,11 +811,12 @@ static int string_to_context_struct(struct policydb *pol,
        /* Check the validity of the new context. */
        if (!policydb_context_isvalid(pol, ctx)) {
                rc = -EINVAL;
-                context_destroy(ctx);
                goto out;
        }
        rc = 0;
 out:
+        if (rc)
+                context_destroy(ctx);
        return rc;
 }
@@ -868,8 +869,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
        } else if (rc)
                goto out;
        rc = sidtab_context_to_sid(&sidtab, &context, sid);
-        if (rc)
+        context_destroy(&context);
-                context_destroy(&context);
 out:
        read_unlock(&policy_rwlock);
        kfree(scontext2);
author	Ingo Molnar <mingo@elte.hu>	2008-09-10 08:05:45 -0400
committer	Ingo Molnar <mingo@elte.hu>	2008-09-10 08:05:45 -0400
commit	3ce9bcb583536c45a46c7302747029450e22279c (patch)
tree	7a4167189ffc6dc909151d1a5d040f9f0656a9f4 /security
parent	26fd10517e810dd59ea050b052de24a75ee6dc07 (diff)
parent	f7d0b926ac8c8ec0c7a83ee69409bd2e6bb39f81 (diff)