6 files changed, 46 insertions, 66 deletions

diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c
index e639298bc9c8..5f14c8462e30 100644
--- a/net/netlabel/netlabel_cipso_v4.c
+++ b/net/netlabel/netlabel_cipso_v4.c
@@ -33,6 +33,7 @@
 #include <linux/string.h>
 #include <linux/skbuff.h>
 #include <linux/audit.h>
+#include <linux/slab.h>
 #include <net/sock.h>
 #include <net/netlink.h>
 #include <net/genetlink.h>
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
index 7a10bbe02c13..d37b7f80fa37 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -35,6 +35,7 @@
 #include <linux/spinlock.h>
 #include <linux/string.h>
 #include <linux/audit.h>
+#include <linux/slab.h>
 #include <net/netlabel.h>
 #include <net/cipso_ipv4.h>
 #include <asm/bug.h>
@@ -50,9 +51,12 @@ struct netlbl_domhsh_tbl {
 };
 
 /* Domain hash table */
-/* XXX - updates should be so rare that having one spinlock for the entire
- * hash table should be okay */
+/* updates should be so rare that having one spinlock for the entire hash table
+ * should be okay */
 static DEFINE_SPINLOCK(netlbl_domhsh_lock);
+#define netlbl_domhsh_rcu_deref(p) \
+        rcu_dereference_check(p, rcu_read_lock_held() || \
+                                 lockdep_is_held(&netlbl_domhsh_lock))
 static struct netlbl_domhsh_tbl *netlbl_domhsh = NULL;
 static struct netlbl_dom_map *netlbl_domhsh_def = NULL;
 
@@ -106,7 +110,8 @@ static void netlbl_domhsh_free_entry(struct rcu_head *entry)
  * Description:
  * This is the hashing function for the domain hash table, it returns the
  * correct bucket number for the domain.  The caller is responsibile for
- * calling the rcu_read_[un]lock() functions.
+ * ensuring that the hash table is protected with either a RCU read lock or the
+ * hash table lock.
  *
  */
 static u32 netlbl_domhsh_hash(const char *key)
@@ -120,7 +125,7 @@ static u32 netlbl_domhsh_hash(const char *key)
 
         for (iter = 0, val = 0, len = strlen(key); iter < len; iter++)
                 val = (val << 4 | (val >> (8 * sizeof(u32) - 4))) ^ key[iter];
-        return val & (rcu_dereference(netlbl_domhsh)->size - 1);
+        return val & (netlbl_domhsh_rcu_deref(netlbl_domhsh)->size - 1);
 }
 
 /**
@@ -130,7 +135,8 @@ static u32 netlbl_domhsh_hash(const char *key)
  * Description:
  * Searches the domain hash table and returns a pointer to the hash table
  * entry if found, otherwise NULL is returned.  The caller is responsibile for
- * the rcu hash table locks (i.e. the caller much call rcu_read_[un]lock()).
+ * ensuring that the hash table is protected with either a RCU read lock or the
+ * hash table lock.
  *
  */
 static struct netlbl_dom_map *netlbl_domhsh_search(const char *domain)
@@ -141,7 +147,7 @@ static struct netlbl_dom_map *netlbl_domhsh_search(const char *domain)
 
         if (domain != NULL) {
                 bkt = netlbl_domhsh_hash(domain);
-                bkt_list = &rcu_dereference(netlbl_domhsh)->tbl[bkt];
+                bkt_list = &netlbl_domhsh_rcu_deref(netlbl_domhsh)->tbl[bkt];
                 list_for_each_entry_rcu(iter, bkt_list, list)
                         if (iter->valid && strcmp(iter->domain, domain) == 0)
                                 return iter;
@@ -159,8 +165,8 @@ static struct netlbl_dom_map *netlbl_domhsh_search(const char *domain)
  * Searches the domain hash table and returns a pointer to the hash table
  * entry if an exact match is found, if an exact match is not present in the
  * hash table then the default entry is returned if valid otherwise NULL is
- * returned.  The caller is responsibile for the rcu hash table locks
- * (i.e. the caller much call rcu_read_[un]lock()).
+ * returned.  The caller is responsibile ensuring that the hash table is
+ * protected with either a RCU read lock or the hash table lock.
  *
  */
 static struct netlbl_dom_map *netlbl_domhsh_search_def(const char *domain)
@@ -169,7 +175,7 @@ static struct netlbl_dom_map *netlbl_domhsh_search_def(const char *domain)
 
         entry = netlbl_domhsh_search(domain);
         if (entry == NULL) {
-                entry = rcu_dereference(netlbl_domhsh_def);
+                entry = netlbl_domhsh_rcu_deref(netlbl_domhsh_def);
                 if (entry != NULL && !entry->valid)
                         entry = NULL;
         }
@@ -306,8 +312,11 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
         struct netlbl_af6list *tmp6;
 #endif /* IPv6 */
 
+        /* XXX - we can remove this RCU read lock as the spinlock protects the
+         *       entire function, but before we do we need to fixup the
+         *       netlbl_af[4,6]list RCU functions to do "the right thing" with
+         *       respect to rcu_dereference() when only a spinlock is held. */
         rcu_read_lock();
-
         spin_lock(&netlbl_domhsh_lock);
         if (entry->domain != NULL)
                 entry_old = netlbl_domhsh_search(entry->domain);
@@ -315,7 +324,6 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
                 entry_old = netlbl_domhsh_search_def(entry->domain);
         if (entry_old == NULL) {
                 entry->valid = 1;
-                INIT_RCU_HEAD(&entry->rcu);
 
                 if (entry->domain != NULL) {
                         u32 bkt = netlbl_domhsh_hash(entry->domain);
@@ -682,7 +690,7 @@ struct netlbl_domaddr6_map *netlbl_domhsh_getentry_af6(const char *domain,
  * buckets and @skip_chain entries.  For each entry in the table call
  * @callback, if @callback returns a negative value stop 'walking' through the
  * table and return.  Updates the values in @skip_bkt and @skip_chain on
- * return.  Returns zero on succcess, negative values on failure.
+ * return.  Returns zero on success, negative values on failure.
  *
  */
 int netlbl_domhsh_walk(u32 *skip_bkt,
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 6ce00205f342..1b83e0009d8d 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -30,6 +30,7 @@
 
 #include <linux/init.h>
 #include <linux/types.h>
+#include <linux/slab.h>
 #include <linux/audit.h>
 #include <linux/in.h>
 #include <linux/in6.h>
diff --git a/net/netlabel/netlabel_mgmt.c b/net/netlabel/netlabel_mgmt.c
index 8203623e65ad..998e85e895d0 100644
--- a/net/netlabel/netlabel_mgmt.c
+++ b/net/netlabel/netlabel_mgmt.c
@@ -34,6 +34,7 @@
 #include <linux/skbuff.h>
 #include <linux/in.h>
 #include <linux/in6.h>
+#include <linux/slab.h>
 #include <net/sock.h>
 #include <net/netlink.h>
 #include <net/genetlink.h>
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index fb357f010189..a3d64aabe2f7 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -43,6 +43,7 @@
 #include <linux/notifier.h>
 #include <linux/netdevice.h>
 #include <linux/security.h>
+#include <linux/slab.h>
 #include <net/sock.h>
 #include <net/netlink.h>
 #include <net/genetlink.h>
@@ -114,6 +115,9 @@ struct netlbl_unlhsh_walk_arg {
 /* updates should be so rare that having one spinlock for the entire
  * hash table should be okay */
 static DEFINE_SPINLOCK(netlbl_unlhsh_lock);
+#define netlbl_unlhsh_rcu_deref(p) \
+        rcu_dereference_check(p, rcu_read_lock_held() || \
+                                 lockdep_is_held(&netlbl_unlhsh_lock))
 static struct netlbl_unlhsh_tbl *netlbl_unlhsh = NULL;
 static struct netlbl_unlhsh_iface *netlbl_unlhsh_def = NULL;
 
@@ -235,15 +239,13 @@ static void netlbl_unlhsh_free_iface(struct rcu_head *entry)
  * Description:
  * This is the hashing function for the unlabeled hash table, it returns the
  * bucket number for the given device/interface.  The caller is responsible for
- * calling the rcu_read_[un]lock() functions.
+ * ensuring that the hash table is protected with either a RCU read lock or
+ * the hash table lock.
  *
  */
 static u32 netlbl_unlhsh_hash(int ifindex)
 {
-        /* this is taken _almost_ directly from
-         * security/selinux/netif.c:sel_netif_hasfn() as they do pretty much
-         * the same thing */
-        return ifindex & (rcu_dereference(netlbl_unlhsh)->size - 1);
+        return ifindex & (netlbl_unlhsh_rcu_deref(netlbl_unlhsh)->size - 1);
 }
 
 /**
@@ -253,7 +255,8 @@ static u32 netlbl_unlhsh_hash(int ifindex)
  * Description:
  * Searches the unlabeled connection hash table and returns a pointer to the
  * interface entry which matches @ifindex, otherwise NULL is returned.  The
- * caller is responsible for calling the rcu_read_[un]lock() functions.
+ * caller is responsible for ensuring that the hash table is protected with
+ * either a RCU read lock or the hash table lock.
  *
  */
 static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex)
@@ -263,7 +266,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex)
         struct netlbl_unlhsh_iface *iter;
 
         bkt = netlbl_unlhsh_hash(ifindex);
-        bkt_list = &rcu_dereference(netlbl_unlhsh)->tbl[bkt];
+        bkt_list = &netlbl_unlhsh_rcu_deref(netlbl_unlhsh)->tbl[bkt];
         list_for_each_entry_rcu(iter, bkt_list, list)
                 if (iter->valid && iter->ifindex == ifindex)
                         return iter;
@@ -272,33 +275,6 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface(int ifindex)
 }
 
 /**
- * netlbl_unlhsh_search_iface_def - Search for a matching interface entry
- * @ifindex: the network interface
- *
- * Description:
- * Searches the unlabeled connection hash table and returns a pointer to the
- * interface entry which matches @ifindex.  If an exact match can not be found
- * and there is a valid default entry, the default entry is returned, otherwise
- * NULL is returned.  The caller is responsible for calling the
- * rcu_read_[un]lock() functions.
- *
- */
-static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface_def(int ifindex)
-{
-        struct netlbl_unlhsh_iface *entry;
-
-        entry = netlbl_unlhsh_search_iface(ifindex);
-        if (entry != NULL)
-                return entry;
-
-        entry = rcu_dereference(netlbl_unlhsh_def);
-        if (entry != NULL && entry->valid)
-                return entry;
-
-        return NULL;
-}
-
-/**
  * netlbl_unlhsh_add_addr4 - Add a new IPv4 address entry to the hash table
  * @iface: the associated interface entry
  * @addr: IPv4 address in network byte order
@@ -308,8 +284,7 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_search_iface_def(int ifindex)
  * Description:
  * Add a new address entry into the unlabeled connection hash table using the
  * interface entry specified by @iface.  On success zero is returned, otherwise
- * a negative value is returned.  The caller is responsible for calling the
- * rcu_read_[un]lock() functions.
+ * a negative value is returned.
  *
  */
 static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface,
@@ -327,7 +302,6 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface,
         entry->list.addr = addr->s_addr & mask->s_addr;
         entry->list.mask = mask->s_addr;
         entry->list.valid = 1;
-        INIT_RCU_HEAD(&entry->rcu);
         entry->secid = secid;
 
         spin_lock(&netlbl_unlhsh_lock);
@@ -350,8 +324,7 @@ static int netlbl_unlhsh_add_addr4(struct netlbl_unlhsh_iface *iface,
  * Description:
  * Add a new address entry into the unlabeled connection hash table using the
  * interface entry specified by @iface.  On success zero is returned, otherwise
- * a negative value is returned.  The caller is responsible for calling the
- * rcu_read_[un]lock() functions.
+ * a negative value is returned.
  *
  */
 static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface,
@@ -373,7 +346,6 @@ static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface,
         entry->list.addr.s6_addr32[3] &= mask->s6_addr32[3];
         ipv6_addr_copy(&entry->list.mask, mask);
         entry->list.valid = 1;
-        INIT_RCU_HEAD(&entry->rcu);
         entry->secid = secid;
 
         spin_lock(&netlbl_unlhsh_lock);
@@ -393,8 +365,7 @@ static int netlbl_unlhsh_add_addr6(struct netlbl_unlhsh_iface *iface,
  * Description:
  * Add a new, empty, interface entry into the unlabeled connection hash table.
  * On success a pointer to the new interface entry is returned, on failure NULL
- * is returned.  The caller is responsible for calling the rcu_read_[un]lock()
- * functions.
+ * is returned.
  *
  */
 static struct netlbl_unlhsh_iface *netlbl_unlhsh_add_iface(int ifindex)
@@ -410,7 +381,6 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_add_iface(int ifindex)
         INIT_LIST_HEAD(&iface->addr4_list);
         INIT_LIST_HEAD(&iface->addr6_list);
         iface->valid = 1;
-        INIT_RCU_HEAD(&iface->rcu);
 
         spin_lock(&netlbl_unlhsh_lock);
         if (ifindex > 0) {
@@ -418,10 +388,10 @@ static struct netlbl_unlhsh_iface *netlbl_unlhsh_add_iface(int ifindex)
                 if (netlbl_unlhsh_search_iface(ifindex) != NULL)
                         goto add_iface_failure;
                 list_add_tail_rcu(&iface->list,
-                                  &rcu_dereference(netlbl_unlhsh)->tbl[bkt]);
+                             &netlbl_unlhsh_rcu_deref(netlbl_unlhsh)->tbl[bkt]);
         } else {
                 INIT_LIST_HEAD(&iface->list);
-                if (rcu_dereference(netlbl_unlhsh_def) != NULL)
+                if (netlbl_unlhsh_rcu_deref(netlbl_unlhsh_def) != NULL)
                         goto add_iface_failure;
                 rcu_assign_pointer(netlbl_unlhsh_def, iface);
         }
@@ -472,13 +442,12 @@ int netlbl_unlhsh_add(struct net *net,
 
         rcu_read_lock();
         if (dev_name != NULL) {
-                dev = dev_get_by_name(net, dev_name);
+                dev = dev_get_by_name_rcu(net, dev_name);
                 if (dev == NULL) {
                         ret_val = -ENODEV;
                         goto unlhsh_add_return;
                 }
                 ifindex = dev->ifindex;
-                dev_put(dev);
                 iface = netlbl_unlhsh_search_iface(ifindex);
         } else {
                 ifindex = 0;
@@ -552,8 +521,7 @@ unlhsh_add_return:
  *
  * Description:
  * Remove an IP address entry from the unlabeled connection hash table.
- * Returns zero on success, negative values on failure.  The caller is
- * responsible for calling the rcu_read_[un]lock() functions.
+ * Returns zero on success, negative values on failure.
  *
  */
 static int netlbl_unlhsh_remove_addr4(struct net *net,
@@ -615,8 +583,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net,
  *
  * Description:
  * Remove an IP address entry from the unlabeled connection hash table.
- * Returns zero on success, negative values on failure.  The caller is
- * responsible for calling the rcu_read_[un]lock() functions.
+ * Returns zero on success, negative values on failure.
  *
  */
 static int netlbl_unlhsh_remove_addr6(struct net *net,
@@ -737,13 +704,12 @@ int netlbl_unlhsh_remove(struct net *net,
 
         rcu_read_lock();
         if (dev_name != NULL) {
-                dev = dev_get_by_name(net, dev_name);
+                dev = dev_get_by_name_rcu(net, dev_name);
                 if (dev == NULL) {
                         ret_val = -ENODEV;
                         goto unlhsh_remove_return;
                 }
                 iface = netlbl_unlhsh_search_iface(dev->ifindex);
-                dev_put(dev);
         } else
                 iface = rcu_dereference(netlbl_unlhsh_def);
         if (iface == NULL) {
@@ -1552,8 +1518,10 @@ int netlbl_unlabel_getattr(const struct sk_buff *skb,
         struct netlbl_unlhsh_iface *iface;
 
         rcu_read_lock();
-        iface = netlbl_unlhsh_search_iface_def(skb->iif);
+        iface = netlbl_unlhsh_search_iface(skb->skb_iif);
         if (iface == NULL)
+                iface = rcu_dereference(netlbl_unlhsh_def);
+        if (iface == NULL || !iface->valid)
                 goto unlabel_getattr_nolabel;
         switch (family) {
         case PF_INET: {
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 68706b4e3bf8..a3fd75ac3fa5 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -35,6 +35,7 @@
 #include <linux/audit.h>
 #include <linux/tty.h>
 #include <linux/security.h>
+#include <linux/gfp.h>
 #include <net/sock.h>
 #include <net/netlink.h>
 #include <net/genetlink.h>