Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6

14 files changed, 61 insertions, 139 deletions

diff --git a/security/commoncap.c b/security/commoncap.c
index 7cd61a5f5205..beac0258c2a8 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -916,7 +916,6 @@ changed:
         return commit_creds(new);
 
 no_change:
-        error = 0;
 error:
         abort_creds(new);
         return error;
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 3aacd0fe7179..5fda7df19723 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -11,6 +11,7 @@
 #include <linux/uaccess.h>
 #include <linux/seq_file.h>
 #include <linux/rcupdate.h>
+#include <linux/mutex.h>
 
 #define ACC_MKNOD 1
 #define ACC_READ  2
@@ -21,9 +22,11 @@
 #define DEV_CHAR  2
 #define DEV_ALL   4  /* this represents all devices */
 
+static DEFINE_MUTEX(devcgroup_mutex);
+
 /*
  * whitelist locking rules:
- * hold cgroup_lock() for update/read.
+ * hold devcgroup_mutex for update/read.
  * hold rcu_read_lock() for read.
  */
 
@@ -67,7 +70,7 @@ static int devcgroup_can_attach(struct cgroup_subsys *ss,
 }
 
 /*
- * called under cgroup_lock()
+ * called under devcgroup_mutex
  */
 static int dev_whitelist_copy(struct list_head *dest, struct list_head *orig)
 {
@@ -92,7 +95,7 @@ free_and_exit:
 
 /* Stupid prototype - don't bother combining existing entries */
 /*
- * called under cgroup_lock()
+ * called under devcgroup_mutex
  */
 static int dev_whitelist_add(struct dev_cgroup *dev_cgroup,
                         struct dev_whitelist_item *wh)
@@ -130,7 +133,7 @@ static void whitelist_item_free(struct rcu_head *rcu)
 }
 
 /*
- * called under cgroup_lock()
+ * called under devcgroup_mutex
  */
 static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup,
                         struct dev_whitelist_item *wh)
@@ -185,8 +188,10 @@ static struct cgroup_subsys_state *devcgroup_create(struct cgroup_subsys *ss,
                 list_add(&wh->list, &dev_cgroup->whitelist);
         } else {
                 parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup);
+                mutex_lock(&devcgroup_mutex);
                 ret = dev_whitelist_copy(&dev_cgroup->whitelist,
                                 &parent_dev_cgroup->whitelist);
+                mutex_unlock(&devcgroup_mutex);
                 if (ret) {
                         kfree(dev_cgroup);
                         return ERR_PTR(ret);
@@ -273,7 +278,7 @@ static int devcgroup_seq_read(struct cgroup *cgroup, struct cftype *cft,
  * does the access granted to dev_cgroup c contain the access
  * requested in whitelist item refwh.
  * return 1 if yes, 0 if no.
- * call with c->lock held
+ * call with devcgroup_mutex held
  */
 static int may_access_whitelist(struct dev_cgroup *c,
                                        struct dev_whitelist_item *refwh)
@@ -426,11 +431,11 @@ static int devcgroup_access_write(struct cgroup *cgrp, struct cftype *cft,
                                   const char *buffer)
 {
         int retval;
-        if (!cgroup_lock_live_group(cgrp))
-                return -ENODEV;
+
+        mutex_lock(&devcgroup_mutex);
         retval = devcgroup_update_access(cgroup_to_devcgroup(cgrp),
                                          cft->private, buffer);
-        cgroup_unlock();
+        mutex_unlock(&devcgroup_mutex);
         return retval;
 }
 
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 22a31582bfaa..03fe63ed55bd 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -311,7 +311,8 @@ static int construct_alloc_key(struct key_type *type,
 
         set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
 
-        down_write(&dest_keyring->sem);
+        if (dest_keyring)
+                down_write(&dest_keyring->sem);
 
         /* attach the key to the destination keyring under lock, but we do need
          * to do another check just in case someone beat us to it whilst we
@@ -322,10 +323,12 @@ static int construct_alloc_key(struct key_type *type,
         if (!IS_ERR(key_ref))
                 goto key_already_present;
 
-        __key_link(dest_keyring, key);
+        if (dest_keyring)
+                __key_link(dest_keyring, key);
 
         mutex_unlock(&key_construction_mutex);
-        up_write(&dest_keyring->sem);
+        if (dest_keyring)
+                up_write(&dest_keyring->sem);
         mutex_unlock(&user->cons_lock);
         *_key = key;
         kleave(" = 0 [%d]", key_serial(key));
diff --git a/security/security.c b/security/security.c
index 206e53844d2f..5284255c5cdf 100644
--- a/security/security.c
+++ b/security/security.c
@@ -445,6 +445,7 @@ int security_inode_create(struct inode *dir, struct dentry *dentry, int mode)
                 return 0;
         return security_ops->inode_create(dir, dentry, mode);
 }
+EXPORT_SYMBOL_GPL(security_inode_create);
 
 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
                          struct dentry *new_dentry)
@@ -475,6 +476,7 @@ int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode)
                 return 0;
         return security_ops->inode_mkdir(dir, dentry, mode);
 }
+EXPORT_SYMBOL_GPL(security_inode_mkdir);
 
 int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
 {
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ba808ef6babb..2fcad7c33eaf 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3153,7 +3153,7 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
                                        struct fown_struct *fown, int signum)
 {
         struct file *file;
-        u32 sid = current_sid();
+        u32 sid = task_sid(tsk);
         u32 perm;
         struct file_security_struct *fsec;
 
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 921514902eca..98b3195347ab 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -609,8 +609,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
             strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
                 if (!capable(CAP_MAC_ADMIN))
                         rc = -EPERM;
-                /* a label cannot be void and cannot begin with '-' */
-                if (size == 0 || (size > 0 && ((char *)value)[0] == '-'))
+                /*
+                 * check label validity here so import wont fail on
+                 * post_setxattr
+                 */
+                if (size == 0 || size >= SMK_LABELLEN ||
+                    smk_import(value, size) == NULL)
                         rc = -EINVAL;
         } else
                 rc = cap_inode_setxattr(dentry, name, value, size, flags);
@@ -644,9 +648,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
         if (strcmp(name, XATTR_NAME_SMACK))
                 return;
 
-        if (size >= SMK_LABELLEN)
-                return;
-
         isp = dentry->d_inode->i_security;
 
         /*
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 92cea656ad21..ddfb9cccf468 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -5,7 +5,7 @@
  *
  * Copyright (C) 2005-2009  NTT DATA CORPORATION
  *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
  *
  */
 
@@ -1252,15 +1252,12 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
         struct tomoyo_domain_info *domain = head->write_var1;
         bool is_delete = false;
         bool is_select = false;
-        bool is_undelete = false;
         unsigned int profile;
 
         if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
                 is_delete = true;
         else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
                 is_select = true;
-        else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_UNDELETE))
-                is_undelete = true;
         if (is_select && tomoyo_is_select_one(head, data))
                 return 0;
         /* Don't allow updating policies by non manager programs. */
@@ -1274,9 +1271,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
                         down_read(&tomoyo_domain_list_lock);
                         domain = tomoyo_find_domain(data);
                         up_read(&tomoyo_domain_list_lock);
-                } else if (is_undelete)
-                        domain = tomoyo_undelete_domain(data);
-                else
+                } else
                         domain = tomoyo_find_or_assign_new_domain(data, 0);
                 head->write_var1 = domain;
                 return 0;
@@ -1725,14 +1720,14 @@ static bool tomoyo_policy_loader_exists(void)
          * policies are not loaded yet.
          * Thus, let do_execve() call this function everytime.
          */
-        struct nameidata nd;
+        struct path path;
 
-        if (path_lookup(tomoyo_loader, LOOKUP_FOLLOW, &nd)) {
+        if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
                 printk(KERN_INFO "Not activating Mandatory Access Control now "
                        "since %s doesn't exist.\n", tomoyo_loader);
                 return false;
         }
-        path_put(&nd.path);
+        path_put(&path);
         return true;
 }
 
@@ -1778,7 +1773,7 @@ void tomoyo_load_policy(const char *filename)
         envp[2] = NULL;
         call_usermodehelper(argv[0], argv, envp, 1);
 
-        printk(KERN_INFO "TOMOYO: 2.2.0-pre   2009/02/01\n");
+        printk(KERN_INFO "TOMOYO: 2.2.0   2009/04/01\n");
         printk(KERN_INFO "Mandatory Access Control activated.\n");
         tomoyo_policy_loaded = true;
         { /* Check all profiles currently assigned to domains are defined. */
@@ -1805,7 +1800,7 @@ void tomoyo_load_policy(const char *filename)
 static int tomoyo_read_version(struct tomoyo_io_buffer *head)
 {
         if (!head->read_eof) {
-                tomoyo_io_printf(head, "2.2.0-pre");
+                tomoyo_io_printf(head, "2.2.0");
                 head->read_eof = true;
         }
         return 0;
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 26a76d67aa1c..678f4ff16aa4 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -5,7 +5,7 @@
  *
  * Copyright (C) 2005-2009  NTT DATA CORPORATION
  *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
  *
  */
 
@@ -88,10 +88,7 @@ struct tomoyo_domain_info {
         /* Name of this domain. Never NULL.          */
         const struct tomoyo_path_info *domainname;
         u8 profile;        /* Profile number to use. */
-        u8 is_deleted;     /* Delete flag.
-                              0 = active.
-                              1 = deleted but undeletable.
-                              255 = deleted and no longer undeletable. */
+        bool is_deleted;   /* Delete flag.           */
         bool quota_warned; /* Quota warnning flag.   */
         /* DOMAIN_FLAGS_*. Use tomoyo_set_domain_flag() to modify. */
         u8 flags;
@@ -144,7 +141,6 @@ struct tomoyo_double_path_acl_record {
 #define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN      "no_initialize_domain "
 #define TOMOYO_KEYWORD_NO_KEEP_DOMAIN            "no_keep_domain "
 #define TOMOYO_KEYWORD_SELECT                    "select "
-#define TOMOYO_KEYWORD_UNDELETE                  "undelete "
 #define TOMOYO_KEYWORD_USE_PROFILE               "use_profile "
 #define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ  "ignore_global_allow_read"
 /* A domain definition starts with <kernel>. */
@@ -267,8 +263,6 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
 struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                                                             domainname,
                                                             const u8 profile);
-/* Undelete a domain. */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname);
 /* Check mode for specified functionality. */
 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
                                 const u8 index);
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 093a756030bd..2d6748741a26 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -5,7 +5,7 @@
  *
  * Copyright (C) 2005-2009  NTT DATA CORPORATION
  *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
  *
  */
 
@@ -551,9 +551,7 @@ int tomoyo_write_alias_policy(char *data, const bool is_delete)
         return tomoyo_update_alias_entry(data, cp, is_delete);
 }
 
-/* Domain create/delete/undelete handler. */
-
-/* #define TOMOYO_DEBUG_DOMAIN_UNDELETE */
+/* Domain create/delete handler. */
 
 /**
  * tomoyo_delete_domain - Delete a domain.
@@ -571,41 +569,15 @@ int tomoyo_delete_domain(char *domainname)
         tomoyo_fill_path_info(&name);
         /***** EXCLUSIVE SECTION START *****/
         down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-        printk(KERN_DEBUG "tomoyo_delete_domain %s\n", domainname);
-        list_for_each_entry(domain, &tomoyo_domain_list, list) {
-                if (tomoyo_pathcmp(domain->domainname, &name))
-                        continue;
-                printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
-        }
-#endif
         /* Is there an active domain? */
         list_for_each_entry(domain, &tomoyo_domain_list, list) {
-                struct tomoyo_domain_info *domain2;
                 /* Never delete tomoyo_kernel_domain */
                 if (domain == &tomoyo_kernel_domain)
                         continue;
                 if (domain->is_deleted ||
                     tomoyo_pathcmp(domain->domainname, &name))
                         continue;
-                /* Mark already deleted domains as non undeletable. */
-                list_for_each_entry(domain2, &tomoyo_domain_list, list) {
-                        if (!domain2->is_deleted ||
-                            tomoyo_pathcmp(domain2->domainname, &name))
-                                continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                        if (domain2->is_deleted != 255)
-                                printk(KERN_DEBUG
-                                       "Marked %p as non undeletable\n",
-                                       domain2);
-#endif
-                        domain2->is_deleted = 255;
-                }
-                /* Delete and mark active domain as undeletable. */
-                domain->is_deleted = 1;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                printk(KERN_DEBUG "Marked %p as undeletable\n", domain);
-#endif
+                domain->is_deleted = true;
                 break;
         }
         up_write(&tomoyo_domain_list_lock);
@@ -614,58 +586,6 @@ int tomoyo_delete_domain(char *domainname)
 }
 
 /**
- * tomoyo_undelete_domain - Undelete a domain.
- *
- * @domainname: The name of domain.
- *
- * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
- */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname)
-{
-        struct tomoyo_domain_info *domain;
-        struct tomoyo_domain_info *candidate_domain = NULL;
-        struct tomoyo_path_info name;
-
-        name.name = domainname;
-        tomoyo_fill_path_info(&name);
-        /***** EXCLUSIVE SECTION START *****/
-        down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-        printk(KERN_DEBUG "tomoyo_undelete_domain %s\n", domainname);
-        list_for_each_entry(domain, &tomoyo_domain_list, list) {
-                if (tomoyo_pathcmp(domain->domainname, &name))
-                        continue;
-                printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
-        }
-#endif
-        list_for_each_entry(domain, &tomoyo_domain_list, list) {
-                if (tomoyo_pathcmp(&name, domain->domainname))
-                        continue;
-                if (!domain->is_deleted) {
-                        /* This domain is active. I can't undelete. */
-                        candidate_domain = NULL;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                        printk(KERN_DEBUG "%p is active. I can't undelete.\n",
-                               domain);
-#endif
-                        break;
-                }
-                /* Is this domain undeletable? */
-                if (domain->is_deleted == 1)
-                        candidate_domain = domain;
-        }
-        if (candidate_domain) {
-                candidate_domain->is_deleted = 0;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain);
-#endif
-        }
-        up_write(&tomoyo_domain_list_lock);
-        /***** EXCLUSIVE SECTION END *****/
-        return candidate_domain;
-}
-
-/**
  * tomoyo_find_or_assign_new_domain - Create a domain.
  *
  * @domainname: The name of domain.
@@ -711,10 +631,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                 /***** CRITICAL SECTION END *****/
                 if (flag)
                         continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                printk(KERN_DEBUG "Reusing %p %s\n", domain,
-                       domain->domainname->name);
-#endif
                 list_for_each_entry(ptr, &domain->acl_info_list, list) {
                         ptr->type |= TOMOYO_ACL_DELETED;
                 }
@@ -722,7 +638,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                 domain->profile = profile;
                 domain->quota_warned = false;
                 mb(); /* Avoid out-of-order execution. */
-                domain->is_deleted = 0;
+                domain->is_deleted = false;
                 goto out;
         }
         /* No memory reusable. Create using new memory. */
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 65f50c1c5ee9..2316da8ec5bc 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -5,7 +5,7 @@
  *
  * Copyright (C) 2005-2009  NTT DATA CORPORATION
  *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
  *
  */
 
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index d47f16b844b2..40927a84cb6e 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -5,13 +5,14 @@
  *
  * Copyright (C) 2005-2009  NTT DATA CORPORATION
  *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
  *
  */
 
 #include <linux/types.h>
 #include <linux/mount.h>
 #include <linux/mnt_namespace.h>
+#include <linux/fs_struct.h>
 #include "common.h"
 #include "realpath.h"
 
@@ -164,11 +165,11 @@ char *tomoyo_realpath_from_path(struct path *path)
  */
 char *tomoyo_realpath(const char *pathname)
 {
-        struct nameidata nd;
+        struct path path;
 
-        if (pathname && path_lookup(pathname, LOOKUP_FOLLOW, &nd) == 0) {
-                char *buf = tomoyo_realpath_from_path(&nd.path);
-                path_put(&nd.path);
+        if (pathname && kern_path(pathname, LOOKUP_FOLLOW, &path) == 0) {
+                char *buf = tomoyo_realpath_from_path(&path);
+                path_put(&path);
                 return buf;
         }
         return NULL;
@@ -183,11 +184,11 @@ char *tomoyo_realpath(const char *pathname)
  */
 char *tomoyo_realpath_nofollow(const char *pathname)
 {
-        struct nameidata nd;
+        struct path path;
 
-        if (pathname && path_lookup(pathname, 0, &nd) == 0) {
-                char *buf = tomoyo_realpath_from_path(&nd.path);
-                path_put(&nd.path);
+        if (pathname && kern_path(pathname, 0, &path) == 0) {
+                char *buf = tomoyo_realpath_from_path(&path);
+                path_put(&path);
                 return buf;
         }
         return NULL;
diff --git a/security/tomoyo/realpath.h b/security/tomoyo/realpath.h
index 7ec9fc9cbc07..78217a37960b 100644
--- a/security/tomoyo/realpath.h
+++ b/security/tomoyo/realpath.h
@@ -5,7 +5,7 @@
  *
  * Copyright (C) 2005-2009  NTT DATA CORPORATION
  *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
  *
  */
 
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 3eeeae12c4dc..e42be5c4f055 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -5,7 +5,7 @@
  *
  * Copyright (C) 2005-2009  NTT DATA CORPORATION
  *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
  *
  */
 
@@ -27,6 +27,12 @@ static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
 
 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
 {
+        int rc;
+
+        rc = cap_bprm_set_creds(bprm);
+        if (rc)
+                return rc;
+
         /*
          * Do only if this function is called for the first time of an execve
          * operation.
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h
index a0c8f6e0bea4..41c6ebafb9c5 100644
--- a/security/tomoyo/tomoyo.h
+++ b/security/tomoyo/tomoyo.h
@@ -5,7 +5,7 @@
  *
  * Copyright (C) 2005-2009  NTT DATA CORPORATION
  *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
  *
  */