1 files changed, 10 insertions, 6 deletions

diff --git a/include/linux/security.h b/include/linux/security.h
index 2c627d361c02..3158dd982d27 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -33,7 +33,7 @@
 #include <linux/sched.h>
 #include <linux/key.h>
 #include <linux/xfrm.h>
-#include <linux/gfp.h>
+#include <linux/slab.h>
 #include <net/flow.h>
 
 /* Maximum number of letters for an LSM name string */
@@ -76,7 +76,7 @@ extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp);
 extern int cap_task_setioprio(struct task_struct *p, int ioprio);
 extern int cap_task_setnice(struct task_struct *p, int nice);
-extern int cap_syslog(int type);
+extern int cap_syslog(int type, bool from_file);
 extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
 
 struct msghdr;
@@ -95,6 +95,8 @@ struct seq_file;
 extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
 extern int cap_netlink_recv(struct sk_buff *skb, int cap);
 
+void reset_security_ops(void);
+
 #ifdef CONFIG_MMU
 extern unsigned long mmap_min_addr;
 extern unsigned long dac_mmap_min_addr;
@@ -985,6 +987,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      Check permissions on incoming network packets.  This hook is distinct
  *      from Netfilter's IP input hooks since it is the first time that the
  *      incoming sk_buff @skb has been associated with a particular socket, @sk.
+ *      Must not sleep inside this hook because some callers hold spinlocks.
  *      @sk contains the sock (not socket) associated with the incoming sk_buff.
  *      @skb contains the incoming network data.
  * @socket_getpeersec_stream:
@@ -1348,6 +1351,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      logging to the console.
  *      See the syslog(2) manual page for an explanation of the @type values.
  *      @type contains the type of action.
+ *      @from_file indicates the context of action (if it came from /proc).
  *      Return 0 if permission is granted.
  * @settime:
  *      Check permission to change the system time.
@@ -1462,7 +1466,7 @@ struct security_operations {
         int (*sysctl) (struct ctl_table *table, int op);
         int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
         int (*quota_on) (struct dentry *dentry);
-        int (*syslog) (int type);
+        int (*syslog) (int type, bool from_file);
         int (*settime) (struct timespec *ts, struct timezone *tz);
         int (*vm_enough_memory) (struct mm_struct *mm, long pages);
 
@@ -1761,7 +1765,7 @@ int security_acct(struct file *file);
 int security_sysctl(struct ctl_table *table, int op);
 int security_quotactl(int cmds, int type, int id, struct super_block *sb);
 int security_quota_on(struct dentry *dentry);
-int security_syslog(int type);
+int security_syslog(int type, bool from_file);
 int security_settime(struct timespec *ts, struct timezone *tz);
 int security_vm_enough_memory(long pages);
 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
@@ -2007,9 +2011,9 @@ static inline int security_quota_on(struct dentry *dentry)
         return 0;
 }
 
-static inline int security_syslog(int type)
+static inline int security_syslog(int type, bool from_file)
 {
-        return cap_syslog(type);
+        return cap_syslog(type, from_file);
 }
 
 static inline int security_settime(struct timespec *ts, struct timezone *tz)