Merge commit 'v2.6.30-rc1' into core/urgent

Merge reason: need latest upstream to queue up dependent fix

Signed-off-by: Ingo Molnar <mingo@elte.hu>

6 files changed, 21 insertions, 108 deletions

diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 3aacd0fe7179..5fda7df19723 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -11,6 +11,7 @@
 #include <linux/uaccess.h>
 #include <linux/seq_file.h>
 #include <linux/rcupdate.h>
+#include <linux/mutex.h>
 
 #define ACC_MKNOD 1
 #define ACC_READ  2
@@ -21,9 +22,11 @@
 #define DEV_CHAR  2
 #define DEV_ALL   4  /* this represents all devices */
 
+static DEFINE_MUTEX(devcgroup_mutex);
+
 /*
  * whitelist locking rules:
- * hold cgroup_lock() for update/read.
+ * hold devcgroup_mutex for update/read.
  * hold rcu_read_lock() for read.
  */
 
@@ -67,7 +70,7 @@ static int devcgroup_can_attach(struct cgroup_subsys *ss,
 }
 
 /*
- * called under cgroup_lock()
+ * called under devcgroup_mutex
  */
 static int dev_whitelist_copy(struct list_head *dest, struct list_head *orig)
 {
@@ -92,7 +95,7 @@ free_and_exit:
 
 /* Stupid prototype - don't bother combining existing entries */
 /*
- * called under cgroup_lock()
+ * called under devcgroup_mutex
  */
 static int dev_whitelist_add(struct dev_cgroup *dev_cgroup,
                         struct dev_whitelist_item *wh)
@@ -130,7 +133,7 @@ static void whitelist_item_free(struct rcu_head *rcu)
 }
 
 /*
- * called under cgroup_lock()
+ * called under devcgroup_mutex
  */
 static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup,
                         struct dev_whitelist_item *wh)
@@ -185,8 +188,10 @@ static struct cgroup_subsys_state *devcgroup_create(struct cgroup_subsys *ss,
                 list_add(&wh->list, &dev_cgroup->whitelist);
         } else {
                 parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup);
+                mutex_lock(&devcgroup_mutex);
                 ret = dev_whitelist_copy(&dev_cgroup->whitelist,
                                 &parent_dev_cgroup->whitelist);
+                mutex_unlock(&devcgroup_mutex);
                 if (ret) {
                         kfree(dev_cgroup);
                         return ERR_PTR(ret);
@@ -273,7 +278,7 @@ static int devcgroup_seq_read(struct cgroup *cgroup, struct cftype *cft,
  * does the access granted to dev_cgroup c contain the access
  * requested in whitelist item refwh.
  * return 1 if yes, 0 if no.
- * call with c->lock held
+ * call with devcgroup_mutex held
  */
 static int may_access_whitelist(struct dev_cgroup *c,
                                        struct dev_whitelist_item *refwh)
@@ -426,11 +431,11 @@ static int devcgroup_access_write(struct cgroup *cgrp, struct cftype *cft,
                                   const char *buffer)
 {
         int retval;
-        if (!cgroup_lock_live_group(cgrp))
-                return -ENODEV;
+
+        mutex_lock(&devcgroup_mutex);
         retval = devcgroup_update_access(cgroup_to_devcgroup(cgrp),
                                          cft->private, buffer);
-        cgroup_unlock();
+        mutex_unlock(&devcgroup_mutex);
         return retval;
 }
 
diff --git a/security/security.c b/security/security.c
index 206e53844d2f..5284255c5cdf 100644
--- a/security/security.c
+++ b/security/security.c
@@ -445,6 +445,7 @@ int security_inode_create(struct inode *dir, struct dentry *dentry, int mode)
                 return 0;
         return security_ops->inode_create(dir, dentry, mode);
 }
+EXPORT_SYMBOL_GPL(security_inode_create);
 
 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
                          struct dentry *new_dentry)
@@ -475,6 +476,7 @@ int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode)
                 return 0;
         return security_ops->inode_mkdir(dir, dentry, mode);
 }
+EXPORT_SYMBOL_GPL(security_inode_mkdir);
 
 int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
 {
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 92cea656ad21..a0affd9cfca8 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1252,15 +1252,12 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
         struct tomoyo_domain_info *domain = head->write_var1;
         bool is_delete = false;
         bool is_select = false;
-        bool is_undelete = false;
         unsigned int profile;
 
         if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
                 is_delete = true;
         else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
                 is_select = true;
-        else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_UNDELETE))
-                is_undelete = true;
         if (is_select && tomoyo_is_select_one(head, data))
                 return 0;
         /* Don't allow updating policies by non manager programs. */
@@ -1274,9 +1271,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
                         down_read(&tomoyo_domain_list_lock);
                         domain = tomoyo_find_domain(data);
                         up_read(&tomoyo_domain_list_lock);
-                } else if (is_undelete)
-                        domain = tomoyo_undelete_domain(data);
-                else
+                } else
                         domain = tomoyo_find_or_assign_new_domain(data, 0);
                 head->write_var1 = domain;
                 return 0;
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 26a76d67aa1c..e77e6a6de0f2 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -88,10 +88,7 @@ struct tomoyo_domain_info {
         /* Name of this domain. Never NULL.          */
         const struct tomoyo_path_info *domainname;
         u8 profile;        /* Profile number to use. */
-        u8 is_deleted;     /* Delete flag.
-                              0 = active.
-                              1 = deleted but undeletable.
-                              255 = deleted and no longer undeletable. */
+        bool is_deleted;   /* Delete flag.           */
         bool quota_warned; /* Quota warnning flag.   */
         /* DOMAIN_FLAGS_*. Use tomoyo_set_domain_flag() to modify. */
         u8 flags;
@@ -144,7 +141,6 @@ struct tomoyo_double_path_acl_record {
 #define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN      "no_initialize_domain "
 #define TOMOYO_KEYWORD_NO_KEEP_DOMAIN            "no_keep_domain "
 #define TOMOYO_KEYWORD_SELECT                    "select "
-#define TOMOYO_KEYWORD_UNDELETE                  "undelete "
 #define TOMOYO_KEYWORD_USE_PROFILE               "use_profile "
 #define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ  "ignore_global_allow_read"
 /* A domain definition starts with <kernel>. */
@@ -267,8 +263,6 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
 struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                                                             domainname,
                                                             const u8 profile);
-/* Undelete a domain. */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname);
 /* Check mode for specified functionality. */
 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
                                 const u8 index);
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 093a756030bd..2f2b449ffd2d 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -551,9 +551,7 @@ int tomoyo_write_alias_policy(char *data, const bool is_delete)
         return tomoyo_update_alias_entry(data, cp, is_delete);
 }
 
-/* Domain create/delete/undelete handler. */
-
-/* #define TOMOYO_DEBUG_DOMAIN_UNDELETE */
+/* Domain create/delete handler. */
 
 /**
  * tomoyo_delete_domain - Delete a domain.
@@ -571,41 +569,15 @@ int tomoyo_delete_domain(char *domainname)
         tomoyo_fill_path_info(&name);
         /***** EXCLUSIVE SECTION START *****/
         down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-        printk(KERN_DEBUG "tomoyo_delete_domain %s\n", domainname);
-        list_for_each_entry(domain, &tomoyo_domain_list, list) {
-                if (tomoyo_pathcmp(domain->domainname, &name))
-                        continue;
-                printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
-        }
-#endif
         /* Is there an active domain? */
         list_for_each_entry(domain, &tomoyo_domain_list, list) {
-                struct tomoyo_domain_info *domain2;
                 /* Never delete tomoyo_kernel_domain */
                 if (domain == &tomoyo_kernel_domain)
                         continue;
                 if (domain->is_deleted ||
                     tomoyo_pathcmp(domain->domainname, &name))
                         continue;
-                /* Mark already deleted domains as non undeletable. */
-                list_for_each_entry(domain2, &tomoyo_domain_list, list) {
-                        if (!domain2->is_deleted ||
-                            tomoyo_pathcmp(domain2->domainname, &name))
-                                continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                        if (domain2->is_deleted != 255)
-                                printk(KERN_DEBUG
-                                       "Marked %p as non undeletable\n",
-                                       domain2);
-#endif
-                        domain2->is_deleted = 255;
-                }
-                /* Delete and mark active domain as undeletable. */
-                domain->is_deleted = 1;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                printk(KERN_DEBUG "Marked %p as undeletable\n", domain);
-#endif
+                domain->is_deleted = true;
                 break;
         }
         up_write(&tomoyo_domain_list_lock);
@@ -614,58 +586,6 @@ int tomoyo_delete_domain(char *domainname)
 }
 
 /**
- * tomoyo_undelete_domain - Undelete a domain.
- *
- * @domainname: The name of domain.
- *
- * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
- */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname)
-{
-        struct tomoyo_domain_info *domain;
-        struct tomoyo_domain_info *candidate_domain = NULL;
-        struct tomoyo_path_info name;
-
-        name.name = domainname;
-        tomoyo_fill_path_info(&name);
-        /***** EXCLUSIVE SECTION START *****/
-        down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-        printk(KERN_DEBUG "tomoyo_undelete_domain %s\n", domainname);
-        list_for_each_entry(domain, &tomoyo_domain_list, list) {
-                if (tomoyo_pathcmp(domain->domainname, &name))
-                        continue;
-                printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
-        }
-#endif
-        list_for_each_entry(domain, &tomoyo_domain_list, list) {
-                if (tomoyo_pathcmp(&name, domain->domainname))
-                        continue;
-                if (!domain->is_deleted) {
-                        /* This domain is active. I can't undelete. */
-                        candidate_domain = NULL;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                        printk(KERN_DEBUG "%p is active. I can't undelete.\n",
-                               domain);
-#endif
-                        break;
-                }
-                /* Is this domain undeletable? */
-                if (domain->is_deleted == 1)
-                        candidate_domain = domain;
-        }
-        if (candidate_domain) {
-                candidate_domain->is_deleted = 0;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain);
-#endif
-        }
-        up_write(&tomoyo_domain_list_lock);
-        /***** EXCLUSIVE SECTION END *****/
-        return candidate_domain;
-}
-
-/**
  * tomoyo_find_or_assign_new_domain - Create a domain.
  *
  * @domainname: The name of domain.
@@ -711,10 +631,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                 /***** CRITICAL SECTION END *****/
                 if (flag)
                         continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                printk(KERN_DEBUG "Reusing %p %s\n", domain,
-                       domain->domainname->name);
-#endif
                 list_for_each_entry(ptr, &domain->acl_info_list, list) {
                         ptr->type |= TOMOYO_ACL_DELETED;
                 }
@@ -722,7 +638,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                 domain->profile = profile;
                 domain->quota_warned = false;
                 mb(); /* Avoid out-of-order execution. */
-                domain->is_deleted = 0;
+                domain->is_deleted = false;
                 goto out;
         }
         /* No memory reusable. Create using new memory. */
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index d47f16b844b2..3bbe01a7a4b5 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -12,6 +12,7 @@
 #include <linux/types.h>
 #include <linux/mount.h>
 #include <linux/mnt_namespace.h>
+#include <linux/fs_struct.h>
 #include "common.h"
 #include "realpath.h"