6 files changed, 23 insertions, 7 deletions
diff --git a/security/commoncap.c b/security/commoncap.c
index 399bfdb9e2da..3976613db829 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -279,10 +279,10 @@ static int get_file_caps(struct linux_binprm *bprm)
        struct vfs_cap_data vcaps;
        struct inode *inode;
-        if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) {
+        bprm_clear_caps(bprm);
-                bprm_clear_caps(bprm);
+        if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)
                return 0;
-        }
        dentry = dget(bprm->file->f_dentry);
        inode = dentry->d_inode;
diff --git a/security/keys/internal.h b/security/keys/internal.h
index b39f5c2e2c4b..239098f0fd76 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -107,6 +107,7 @@ extern key_ref_t search_process_keyrings(struct key_type *type,
 extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check);
+extern int install_user_keyrings(struct task_struct *tsk);
 extern int install_thread_keyring(struct task_struct *tsk);
 extern int install_process_keyring(struct task_struct *tsk);
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 5be6d018759a..45b240af6dbe 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -40,7 +40,7 @@ struct key_user root_key_user = {
 /*
 * install user and user session keyrings for a particular UID
 */
-static int install_user_keyrings(struct task_struct *tsk)
+int install_user_keyrings(struct task_struct *tsk)
 {
        struct user_struct *user = tsk->user;
        struct key *uid_keyring, *session_keyring;
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index ba32ca6469bd..abea08f87fe2 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -74,6 +74,10 @@ static int call_sbin_request_key(struct key_construction *cons,
        kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
+        ret = install_user_keyrings(tsk);
+        if (ret < 0)
+                goto error_alloc;
        /* allocate a new session keyring */
        sprintf(desc, "_req.%u", key->serial);
diff --git a/security/security.c b/security/security.c
index 255b08559b2b..c0acfa7177e5 100644
--- a/security/security.c
+++ b/security/security.c
@@ -198,14 +198,23 @@ int security_settime(struct timespec *ts, struct timezone *tz)
 int security_vm_enough_memory(long pages)
 {
+        WARN_ON(current->mm == NULL);
        return security_ops->vm_enough_memory(current->mm, pages);
 }
 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
 {
+        WARN_ON(mm == NULL);
        return security_ops->vm_enough_memory(mm, pages);
 }
+int security_vm_enough_memory_kern(long pages)
+{
+        /* If current->mm is a kernel thread then we will pass NULL,
+           for this specific case that is fine */
+        return security_ops->vm_enough_memory(current->mm, pages);
+}
 int security_bprm_alloc(struct linux_binprm *bprm)
 {
        return security_ops->bprm_alloc_security(bprm);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3e3fde7c1d2b..f85597a4d733 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2126,14 +2126,16 @@ static inline void flush_unauthorized_files(struct files_struct *files)
        tty = get_current_tty();
        if (tty) {
                file_list_lock();
-                file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);
+                if (!list_empty(&tty->tty_files)) {
-                if (file) {
+                        struct inode *inode;
                        /* Revalidate access to controlling tty.
                           Use inode_has_perm on the tty inode directly rather
                           than using file_has_perm, as this particular open
                           file may belong to another process and we are only
                           interested in the inode-based check here. */
-                        struct inode *inode = file->f_path.dentry->d_inode;
+                        file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
+                        inode = file->f_path.dentry->d_inode;
                        if (inode_has_perm(current, inode,
                                           FILE__READ | FILE__WRITE, NULL)) {
                                drop_tty = 1;

diff --git a/security/commoncap.c b/security/commoncap.c index 399bfdb9e2da..3976613db829 100644 --- a/security/commoncap.c +++ b/security/commoncap.c
@@ -279,10 +279,10 @@ static int get_file_caps(struct linux_binprm *bprm)
279	struct vfs_cap_data vcaps;	279	struct vfs_cap_data vcaps;
280	struct inode *inode;	280	struct inode *inode;
281		281
282	if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) {	282	bprm_clear_caps(bprm);
283	bprm_clear_caps(bprm);	283
		284	if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID)
284	return 0;	285	return 0;
285	}
286		286
287	dentry = dget(bprm->file->f_dentry);	287	dentry = dget(bprm->file->f_dentry);
288	inode = dentry->d_inode;	288	inode = dentry->d_inode;


diff --git a/security/keys/internal.h b/security/keys/internal.h index b39f5c2e2c4b..239098f0fd76 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h
@@ -107,6 +107,7 @@ extern key_ref_t search_process_keyrings(struct key_type *type,
107		107
108	extern struct key find_keyring_by_name(const char name, bool skip_perm_check);	108	extern struct key find_keyring_by_name(const char name, bool skip_perm_check);
109		109
		110	extern int install_user_keyrings(struct task_struct *tsk);
110	extern int install_thread_keyring(struct task_struct *tsk);	111	extern int install_thread_keyring(struct task_struct *tsk);
111	extern int install_process_keyring(struct task_struct *tsk);	112	extern int install_process_keyring(struct task_struct *tsk);
112		113


diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 5be6d018759a..45b240af6dbe 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c
@@ -40,7 +40,7 @@ struct key_user root_key_user = {
40	/*	40	/*
41	* install user and user session keyrings for a particular UID	41	* install user and user session keyrings for a particular UID
42	*/	42	*/
43	static int install_user_keyrings(struct task_struct *tsk)	43	int install_user_keyrings(struct task_struct *tsk)
44	{	44	{
45	struct user_struct *user = tsk->user;	45	struct user_struct *user = tsk->user;
46	struct key uid_keyring, session_keyring;	46	struct key uid_keyring, session_keyring;


diff --git a/security/keys/request_key.c b/security/keys/request_key.c index ba32ca6469bd..abea08f87fe2 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c
@@ -74,6 +74,10 @@ static int call_sbin_request_key(struct key_construction *cons,
74		74
75	kenter("{%d},{%d},%s", key->serial, authkey->serial, op);	75	kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
76		76
		77	ret = install_user_keyrings(tsk);
		78	if (ret < 0)
		79	goto error_alloc;
		80
77	/* allocate a new session keyring */	81	/* allocate a new session keyring */
78	sprintf(desc, "_req.%u", key->serial);	82	sprintf(desc, "_req.%u", key->serial);
79		83


diff --git a/security/security.c b/security/security.c index 255b08559b2b..c0acfa7177e5 100644 --- a/security/security.c +++ b/security/security.c
@@ -198,14 +198,23 @@ int security_settime(struct timespec ts, struct timezone tz)
198		198
199	int security_vm_enough_memory(long pages)	199	int security_vm_enough_memory(long pages)
200	{	200	{
		201	WARN_ON(current->mm == NULL);
201	return security_ops->vm_enough_memory(current->mm, pages);	202	return security_ops->vm_enough_memory(current->mm, pages);
202	}	203	}
203		204
204	int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)	205	int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
205	{	206	{
		207	WARN_ON(mm == NULL);
206	return security_ops->vm_enough_memory(mm, pages);	208	return security_ops->vm_enough_memory(mm, pages);
207	}	209	}
208		210
		211	int security_vm_enough_memory_kern(long pages)
		212	{
		213	/* If current->mm is a kernel thread then we will pass NULL,
		214	for this specific case that is fine */
		215	return security_ops->vm_enough_memory(current->mm, pages);
		216	}
		217
209	int security_bprm_alloc(struct linux_binprm *bprm)	218	int security_bprm_alloc(struct linux_binprm *bprm)
210	{	219	{
211	return security_ops->bprm_alloc_security(bprm);	220	return security_ops->bprm_alloc_security(bprm);


diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3e3fde7c1d2b..f85597a4d733 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -2126,14 +2126,16 @@ static inline void flush_unauthorized_files(struct files_struct *files)
2126	tty = get_current_tty();	2126	tty = get_current_tty();
2127	if (tty) {	2127	if (tty) {
2128	file_list_lock();	2128	file_list_lock();
2129	file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list);	2129	if (!list_empty(&tty->tty_files)) {
2130	if (file) {	2130	struct inode *inode;
		2131
2131	/* Revalidate access to controlling tty.	2132	/* Revalidate access to controlling tty.
2132	Use inode_has_perm on the tty inode directly rather	2133	Use inode_has_perm on the tty inode directly rather
2133	than using file_has_perm, as this particular open	2134	than using file_has_perm, as this particular open
2134	file may belong to another process and we are only	2135	file may belong to another process and we are only
2135	interested in the inode-based check here. */	2136	interested in the inode-based check here. */
2136	struct inode *inode = file->f_path.dentry->d_inode;	2137	file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
		2138	inode = file->f_path.dentry->d_inode;
2137	if (inode_has_perm(current, inode,	2139	if (inode_has_perm(current, inode,
2138	FILE__READ \| FILE__WRITE, NULL)) {	2140	FILE__READ \| FILE__WRITE, NULL)) {
2139	drop_tty = 1;	2141	drop_tty = 1;