Merge branch 'for-davem' into for-next

5 files changed, 12 insertions, 44 deletions

diff --git a/security/capability.c b/security/capability.c
index bdf22034a961..0d03fcc489a4 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -776,11 +776,6 @@ static int cap_tun_dev_open(void *security)
 {
         return 0;
 }
-
-static void cap_skb_owned_by(struct sk_buff *skb, struct sock *sk)
-{
-}
-
 #endif  /* CONFIG_SECURITY_NETWORK */
 
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -1134,7 +1129,6 @@ void __init security_fixup_ops(struct security_operations *ops)
         set_to_cap_if_null(ops, tun_dev_open);
         set_to_cap_if_null(ops, tun_dev_attach_queue);
         set_to_cap_if_null(ops, tun_dev_attach);
-        set_to_cap_if_null(ops, skb_owned_by);
 #endif  /* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
         set_to_cap_if_null(ops, xfrm_policy_alloc_security);
diff --git a/security/security.c b/security/security.c
index ed890c6d31c5..730ac65a5737 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1359,11 +1359,6 @@ int security_tun_dev_open(void *security)
 }
 EXPORT_SYMBOL(security_tun_dev_open);
 
-void security_skb_owned_by(struct sk_buff *skb, struct sock *sk)
-{
-        security_ops->skb_owned_by(skb, sk);
-}
-
 #endif  /* CONFIG_SECURITY_NETWORK */
 
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e119cdcffc87..c318b304ee2f 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -51,7 +51,6 @@
 #include <linux/tty.h>
 #include <net/icmp.h>
 #include <net/ip.h>             /* for local_port_range[] */
-#include <net/sock.h>
 #include <net/tcp.h>            /* struct or_callable used in sock_rcv_skb */
 #include <net/inet_connection_sock.h>
 #include <net/net_namespace.h>
@@ -4646,11 +4645,6 @@ static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb)
         selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid);
 }
 
-static void selinux_skb_owned_by(struct sk_buff *skb, struct sock *sk)
-{
-        skb_set_owner_w(skb, sk);
-}
-
 static int selinux_secmark_relabel_packet(u32 sid)
 {
         const struct task_security_struct *__tsec;
@@ -4852,21 +4846,17 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb,
 
 static unsigned int selinux_ipv4_forward(const struct nf_hook_ops *ops,
                                          struct sk_buff *skb,
-                                         const struct net_device *in,
-                                         const struct net_device *out,
-                                         int (*okfn)(struct sk_buff *))
+                                         const struct nf_hook_state *state)
 {
-        return selinux_ip_forward(skb, in, PF_INET);
+        return selinux_ip_forward(skb, state->in, PF_INET);
 }
 
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 static unsigned int selinux_ipv6_forward(const struct nf_hook_ops *ops,
                                          struct sk_buff *skb,
-                                         const struct net_device *in,
-                                         const struct net_device *out,
-                                         int (*okfn)(struct sk_buff *))
+                                         const struct nf_hook_state *state)
 {
-        return selinux_ip_forward(skb, in, PF_INET6);
+        return selinux_ip_forward(skb, state->in, PF_INET6);
 }
 #endif  /* IPV6 */
 
@@ -4914,9 +4904,7 @@ static unsigned int selinux_ip_output(struct sk_buff *skb,
 
 static unsigned int selinux_ipv4_output(const struct nf_hook_ops *ops,
                                         struct sk_buff *skb,
-                                        const struct net_device *in,
-                                        const struct net_device *out,
-                                        int (*okfn)(struct sk_buff *))
+                                        const struct nf_hook_state *state)
 {
         return selinux_ip_output(skb, PF_INET);
 }
@@ -5091,21 +5079,17 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb,
 
 static unsigned int selinux_ipv4_postroute(const struct nf_hook_ops *ops,
                                            struct sk_buff *skb,
-                                           const struct net_device *in,
-                                           const struct net_device *out,
-                                           int (*okfn)(struct sk_buff *))
+                                           const struct nf_hook_state *state)
 {
-        return selinux_ip_postroute(skb, out, PF_INET);
+        return selinux_ip_postroute(skb, state->out, PF_INET);
 }
 
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 static unsigned int selinux_ipv6_postroute(const struct nf_hook_ops *ops,
                                            struct sk_buff *skb,
-                                           const struct net_device *in,
-                                           const struct net_device *out,
-                                           int (*okfn)(struct sk_buff *))
+                                           const struct nf_hook_state *state)
 {
-        return selinux_ip_postroute(skb, out, PF_INET6);
+        return selinux_ip_postroute(skb, state->out, PF_INET6);
 }
 #endif  /* IPV6 */
 
@@ -6035,7 +6019,6 @@ static struct security_operations selinux_ops = {
         .tun_dev_attach_queue =         selinux_tun_dev_attach_queue,
         .tun_dev_attach =               selinux_tun_dev_attach,
         .tun_dev_open =                 selinux_tun_dev_open,
-        .skb_owned_by =                 selinux_skb_owned_by,
 
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
         .xfrm_policy_alloc_security =   selinux_xfrm_policy_alloc,
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 1684bcc78b34..5fde34326dcf 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -152,7 +152,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
                 goto out;
 
         /* No partial writes. */
-        length = EINVAL;
+        length = -EINVAL;
         if (*ppos != 0)
                 goto out;
 
diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c
index c952632afb0d..a455cfc9ec1f 100644
--- a/security/smack/smack_netfilter.c
+++ b/security/smack/smack_netfilter.c
@@ -23,9 +23,7 @@
 
 static unsigned int smack_ipv6_output(const struct nf_hook_ops *ops,
                                         struct sk_buff *skb,
-                                        const struct net_device *in,
-                                        const struct net_device *out,
-                                        int (*okfn)(struct sk_buff *))
+                                        const struct nf_hook_state *state)
 {
         struct socket_smack *ssp;
         struct smack_known *skp;
@@ -42,9 +40,7 @@ static unsigned int smack_ipv6_output(const struct nf_hook_ops *ops,
 
 static unsigned int smack_ipv4_output(const struct nf_hook_ops *ops,
                                         struct sk_buff *skb,
-                                        const struct net_device *in,
-                                        const struct net_device *out,
-                                        int (*okfn)(struct sk_buff *))
+                                        const struct nf_hook_state *state)
 {
         struct socket_smack *ssp;
         struct smack_known *skp;