7 files changed, 9 insertions, 157 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h
index db99ed434f3a..39cba97c5eb9 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -25,7 +25,6 @@
 #define kdebug(FMT, a...)       do {} while(0)
 #endif
-extern struct key_type key_type_dead;
 extern struct key_type key_type_user;
 /*****************************************************************************/
diff --git a/security/keys/key.c b/security/keys/key.c
index 01bcfecb7eae..99781b798312 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -36,7 +36,7 @@ static DECLARE_WORK(key_cleanup_task, key_cleanup, NULL);
 DECLARE_RWSEM(key_construction_sem);
 /* any key who's type gets unegistered will be re-typed to this */
-struct key_type key_type_dead = {
+static struct key_type key_type_dead = {
        .name           = "dead",
 };
@@ -240,9 +240,9 @@ static inline void key_alloc_serial(struct key *key)
 /*
 * allocate a key of the specified type
 * - update the user's quota to reflect the existence of the key
- * - called from a key-type operation with key_types_sem read-locked by either
+ * - called from a key-type operation with key_types_sem read-locked by
- *   key_create_or_update() or by key_duplicate(); this prevents unregistration
+ *   key_create_or_update()
- *   of the key type
+ *   - this prevents unregistration of the key type
 * - upon return the key is as yet uninstantiated; the caller needs to either
 *   instantiate the key or discard it before returning
 */
@@ -889,56 +889,6 @@ EXPORT_SYMBOL(key_update);
 /*****************************************************************************/
 /*
- * duplicate a key, potentially with a revised description
- * - must be supported by the keytype (keyrings for instance can be duplicated)
- */
-struct key *key_duplicate(struct key *source, const char *desc)
-{
-        struct key *key;
-        int ret;
-        key_check(source);
-        if (!desc)
-                desc = source->description;
-        down_read(&key_types_sem);
-        ret = -EINVAL;
-        if (!source->type->duplicate)
-                goto error;
-        /* allocate and instantiate a key */
-        key = key_alloc(source->type, desc, current->fsuid, current->fsgid,
-                        source->perm, 0);
-        if (IS_ERR(key))
-                goto error_k;
-        down_read(&source->sem);
-        ret = key->type->duplicate(key, source);
-        up_read(&source->sem);
-        if (ret < 0)
-                goto error2;
-        atomic_inc(&key->user->nikeys);
-        set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
- error_k:
-        up_read(&key_types_sem);
- out:
-        return key;
- error2:
-        key_put(key);
- error:
-        up_read(&key_types_sem);
-        key = ERR_PTR(ret);
-        goto out;
-} /* end key_duplicate() */
-/*****************************************************************************/
-/*
 * revoke a key
 */
 void key_revoke(struct key *key)
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 4e9fa8be44b8..5d22c0388b32 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -48,7 +48,6 @@ static inline unsigned keyring_hash(const char *desc)
 */
 static int keyring_instantiate(struct key *keyring,
                               const void *data, size_t datalen);
-static int keyring_duplicate(struct key *keyring, const struct key *source);
 static int keyring_match(const struct key *keyring, const void *criterion);
 static void keyring_destroy(struct key *keyring);
 static void keyring_describe(const struct key *keyring, struct seq_file *m);
@@ -59,7 +58,6 @@ struct key_type key_type_keyring = {
        .name           = "keyring",
        .def_datalen    = sizeof(struct keyring_list),
        .instantiate    = keyring_instantiate,
-        .duplicate      = keyring_duplicate,
        .match          = keyring_match,
        .destroy        = keyring_destroy,
        .describe       = keyring_describe,
@@ -70,7 +68,7 @@ struct key_type key_type_keyring = {
 * semaphore to serialise link/link calls to prevent two link calls in parallel
 * introducing a cycle
 */
-DECLARE_RWSEM(keyring_serialise_link_sem);
+static DECLARE_RWSEM(keyring_serialise_link_sem);
 /*****************************************************************************/
 /*
@@ -120,68 +118,6 @@ static int keyring_instantiate(struct key *keyring,
 /*****************************************************************************/
 /*
- * duplicate the list of subscribed keys from a source keyring into this one
- */
-static int keyring_duplicate(struct key *keyring, const struct key *source)
-{
-        struct keyring_list *sklist, *klist;
-        unsigned max;
-        size_t size;
-        int loop, ret;
-        const unsigned limit =
-                (PAGE_SIZE - sizeof(*klist)) / sizeof(struct key *);
-        ret = 0;
-        /* find out how many keys are currently linked */
-        rcu_read_lock();
-        sklist = rcu_dereference(source->payload.subscriptions);
-        max = 0;
-        if (sklist)
-                max = sklist->nkeys;
-        rcu_read_unlock();
-        /* allocate a new payload and stuff load with key links */
-        if (max > 0) {
-                BUG_ON(max > limit);
-                max = (max + 3) & ~3;
-                if (max > limit)
-                        max = limit;
-                ret = -ENOMEM;
-                size = sizeof(*klist) + sizeof(struct key *) * max;
-                klist = kmalloc(size, GFP_KERNEL);
-                if (!klist)
-                        goto error;
-                /* set links */
-                rcu_read_lock();
-                sklist = rcu_dereference(source->payload.subscriptions);
-                klist->maxkeys = max;
-                klist->nkeys = sklist->nkeys;
-                memcpy(klist->keys,
-                       sklist->keys,
-                       sklist->nkeys * sizeof(struct key *));
-                for (loop = klist->nkeys - 1; loop >= 0; loop--)
-                        atomic_inc(&klist->keys[loop]->usage);
-                rcu_read_unlock();
-                rcu_assign_pointer(keyring->payload.subscriptions, klist);
-                ret = 0;
-        }
- error:
-        return ret;
-} /* end keyring_duplicate() */
-/*****************************************************************************/
-/*
 * match keyrings on their name
 */
 static int keyring_match(const struct key *keyring, const void *description)
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index cbda3b2780a1..8e71895b97a7 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -26,7 +26,6 @@
 struct key_type key_type_user = {
        .name           = "user",
        .instantiate    = user_instantiate,
-        .duplicate      = user_duplicate,
        .update         = user_update,
        .match          = user_match,
        .destroy        = user_destroy,
@@ -68,42 +67,10 @@ error:
        return ret;
 } /* end user_instantiate() */
 EXPORT_SYMBOL_GPL(user_instantiate);
 /*****************************************************************************/
 /*
- * duplicate a user defined key
- * - both keys' semaphores are locked against further modification
- * - the new key cannot yet be accessed
- */
-int user_duplicate(struct key *key, const struct key *source)
-{
-        struct user_key_payload *upayload, *spayload;
-        int ret;
-        /* just copy the payload */
-        ret = -ENOMEM;
-        upayload = kmalloc(sizeof(*upayload) + source->datalen, GFP_KERNEL);
-        if (upayload) {
-                spayload = rcu_dereference(source->payload.data);
-                BUG_ON(source->datalen != spayload->datalen);
-                upayload->datalen = key->datalen = spayload->datalen;
-                memcpy(upayload->data, spayload->data, key->datalen);
-                key->payload.data = upayload;
-                ret = 0;
-        }
-        return ret;
-} /* end user_duplicate() */
-EXPORT_SYMBOL_GPL(user_duplicate);
-/*****************************************************************************/
-/*
 * dispose of the old data from an updated user defined key
 */
 static void user_update_rcu_disposal(struct rcu_head *rcu)
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 0e1352a555c8..e59da6398d44 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -376,7 +376,7 @@ static ssize_t selinux_transaction_write(struct file *file, const char __user *b
        char *data;
        ssize_t rv;
-        if (ino >= sizeof(write_op)/sizeof(write_op[0]) || !write_op[ino])
+        if (ino >= ARRAY_SIZE(write_op) || !write_op[ino])
                return -EINVAL;
        data = simple_transaction_get(file, buf, size);
@@ -1161,7 +1161,7 @@ static int sel_make_avc_files(struct dentry *dir)
 #endif
        };
-        for (i = 0; i < sizeof (files) / sizeof (files[0]); i++) {
+        for (i = 0; i < ARRAY_SIZE(files); i++) {
                struct inode *inode;
                struct dentry *dentry;
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index dde094feb20d..d049c7acbc8b 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -359,7 +359,7 @@ int avtab_read_item(void *fp, u32 vers, struct avtab *a,
                        return -1;
                }
-                for (i = 0; i < sizeof(spec_order)/sizeof(u16); i++) {
+                for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
                        if (val & spec_order[i]) {
                                key.specified = spec_order[i] | enabled;
                                datum.data = le32_to_cpu(buf32[items++]);
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 0ac311dc8371..0111990ba837 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -103,7 +103,7 @@ static struct policydb_compat_info *policydb_lookup_compat(int version)
        int i;
        struct policydb_compat_info *info = NULL;
-        for (i = 0; i < sizeof(policydb_compat)/sizeof(*info); i++) {
+        for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
                if (policydb_compat[i].version == version) {
                        info = &policydb_compat[i];
                        break;

diff --git a/security/keys/internal.h b/security/keys/internal.h index db99ed434f3a..39cba97c5eb9 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h
@@ -25,7 +25,6 @@
25	#define kdebug(FMT, a...) do {} while(0)	25	#define kdebug(FMT, a...) do {} while(0)
26	#endif	26	#endif
27		27
28	extern struct key_type key_type_dead;
29	extern struct key_type key_type_user;	28	extern struct key_type key_type_user;
30		29
31	/*****************************************************************************/	30	/*****************************************************************************/


diff --git a/security/keys/key.c b/security/keys/key.c index 01bcfecb7eae..99781b798312 100644 --- a/security/keys/key.c +++ b/security/keys/key.c
@@ -36,7 +36,7 @@ static DECLARE_WORK(key_cleanup_task, key_cleanup, NULL);
36	DECLARE_RWSEM(key_construction_sem);	36	DECLARE_RWSEM(key_construction_sem);
37		37
38	/* any key who's type gets unegistered will be re-typed to this */	38	/* any key who's type gets unegistered will be re-typed to this */
39	struct key_type key_type_dead = {	39	static struct key_type key_type_dead = {
40	.name = "dead",	40	.name = "dead",
41	};	41	};
42		42
@@ -240,9 +240,9 @@ static inline void key_alloc_serial(struct key *key)
240	/*	240	/*
241	* allocate a key of the specified type	241	* allocate a key of the specified type
242	* - update the user's quota to reflect the existence of the key	242	* - update the user's quota to reflect the existence of the key
243	* - called from a key-type operation with key_types_sem read-locked by either	243	* - called from a key-type operation with key_types_sem read-locked by
244	* key_create_or_update() or by key_duplicate(); this prevents unregistration	244	* key_create_or_update()
245	* of the key type	245	* - this prevents unregistration of the key type
246	* - upon return the key is as yet uninstantiated; the caller needs to either	246	* - upon return the key is as yet uninstantiated; the caller needs to either
247	* instantiate the key or discard it before returning	247	* instantiate the key or discard it before returning
248	*/	248	*/
@@ -889,56 +889,6 @@ EXPORT_SYMBOL(key_update);
889		889
890	/*****************************************************************************/	890	/*****************************************************************************/
891	/*	891	/*
892	* duplicate a key, potentially with a revised description
893	* - must be supported by the keytype (keyrings for instance can be duplicated)
894	*/
895	struct key key_duplicate(struct key source, const char *desc)
896	{
897	struct key *key;
898	int ret;
899
900	key_check(source);
901
902	if (!desc)
903	desc = source->description;
904
905	down_read(&key_types_sem);
906
907	ret = -EINVAL;
908	if (!source->type->duplicate)
909	goto error;
910
911	/* allocate and instantiate a key */
912	key = key_alloc(source->type, desc, current->fsuid, current->fsgid,
913	source->perm, 0);
914	if (IS_ERR(key))
915	goto error_k;
916
917	down_read(&source->sem);
918	ret = key->type->duplicate(key, source);
919	up_read(&source->sem);
920	if (ret < 0)
921	goto error2;
922
923	atomic_inc(&key->user->nikeys);
924	set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
925
926	error_k:
927	up_read(&key_types_sem);
928	out:
929	return key;
930
931	error2:
932	key_put(key);
933	error:
934	up_read(&key_types_sem);
935	key = ERR_PTR(ret);
936	goto out;
937
938	} /* end key_duplicate() */
939
940	/*****************************************************************************/
941	/*
942	* revoke a key	892	* revoke a key
943	*/	893	*/
944	void key_revoke(struct key *key)	894	void key_revoke(struct key *key)


diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 4e9fa8be44b8..5d22c0388b32 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c
@@ -48,7 +48,6 @@ static inline unsigned keyring_hash(const char *desc)
48	*/	48	*/
49	static int keyring_instantiate(struct key *keyring,	49	static int keyring_instantiate(struct key *keyring,
50	const void *data, size_t datalen);	50	const void *data, size_t datalen);
51	static int keyring_duplicate(struct key keyring, const struct key source);
52	static int keyring_match(const struct key keyring, const void criterion);	51	static int keyring_match(const struct key keyring, const void criterion);
53	static void keyring_destroy(struct key *keyring);	52	static void keyring_destroy(struct key *keyring);
54	static void keyring_describe(const struct key keyring, struct seq_file m);	53	static void keyring_describe(const struct key keyring, struct seq_file m);
@@ -59,7 +58,6 @@ struct key_type key_type_keyring = {
59	.name = "keyring",	58	.name = "keyring",
60	.def_datalen = sizeof(struct keyring_list),	59	.def_datalen = sizeof(struct keyring_list),
61	.instantiate = keyring_instantiate,	60	.instantiate = keyring_instantiate,
62	.duplicate = keyring_duplicate,
63	.match = keyring_match,	61	.match = keyring_match,
64	.destroy = keyring_destroy,	62	.destroy = keyring_destroy,
65	.describe = keyring_describe,	63	.describe = keyring_describe,
@@ -70,7 +68,7 @@ struct key_type key_type_keyring = {
70	* semaphore to serialise link/link calls to prevent two link calls in parallel	68	* semaphore to serialise link/link calls to prevent two link calls in parallel
71	* introducing a cycle	69	* introducing a cycle
72	*/	70	*/
73	DECLARE_RWSEM(keyring_serialise_link_sem);	71	static DECLARE_RWSEM(keyring_serialise_link_sem);
74		72
75	/*****************************************************************************/	73	/*****************************************************************************/
76	/*	74	/*
@@ -120,68 +118,6 @@ static int keyring_instantiate(struct key *keyring,
120		118
121	/*****************************************************************************/	119	/*****************************************************************************/
122	/*	120	/*
123	* duplicate the list of subscribed keys from a source keyring into this one
124	*/
125	static int keyring_duplicate(struct key keyring, const struct key source)
126	{
127	struct keyring_list sklist, klist;
128	unsigned max;
129	size_t size;
130	int loop, ret;
131
132	const unsigned limit =
133	(PAGE_SIZE - sizeof(klist)) / sizeof(struct key );
134
135	ret = 0;
136
137	/* find out how many keys are currently linked */
138	rcu_read_lock();
139	sklist = rcu_dereference(source->payload.subscriptions);
140	max = 0;
141	if (sklist)
142	max = sklist->nkeys;
143	rcu_read_unlock();
144
145	/* allocate a new payload and stuff load with key links */
146	if (max > 0) {
147	BUG_ON(max > limit);
148
149	max = (max + 3) & ~3;
150	if (max > limit)
151	max = limit;
152
153	ret = -ENOMEM;
154	size = sizeof(klist) + sizeof(struct key ) * max;
155	klist = kmalloc(size, GFP_KERNEL);
156	if (!klist)
157	goto error;
158
159	/* set links */
160	rcu_read_lock();
161	sklist = rcu_dereference(source->payload.subscriptions);
162
163	klist->maxkeys = max;
164	klist->nkeys = sklist->nkeys;
165	memcpy(klist->keys,
166	sklist->keys,
167	sklist->nkeys * sizeof(struct key *));
168
169	for (loop = klist->nkeys - 1; loop >= 0; loop--)
170	atomic_inc(&klist->keys[loop]->usage);
171
172	rcu_read_unlock();
173
174	rcu_assign_pointer(keyring->payload.subscriptions, klist);
175	ret = 0;
176	}
177
178	error:
179	return ret;
180
181	} /* end keyring_duplicate() */
182
183	/*****************************************************************************/
184	/*
185	* match keyrings on their name	121	* match keyrings on their name
186	*/	122	*/
187	static int keyring_match(const struct key keyring, const void description)	123	static int keyring_match(const struct key keyring, const void description)


diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index cbda3b2780a1..8e71895b97a7 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c
@@ -26,7 +26,6 @@
26	struct key_type key_type_user = {	26	struct key_type key_type_user = {
27	.name = "user",	27	.name = "user",
28	.instantiate = user_instantiate,	28	.instantiate = user_instantiate,
29	.duplicate = user_duplicate,
30	.update = user_update,	29	.update = user_update,
31	.match = user_match,	30	.match = user_match,
32	.destroy = user_destroy,	31	.destroy = user_destroy,
@@ -68,42 +67,10 @@ error:
68	return ret;	67	return ret;
69		68
70	} /* end user_instantiate() */	69	} /* end user_instantiate() */
71
72	EXPORT_SYMBOL_GPL(user_instantiate);	70	EXPORT_SYMBOL_GPL(user_instantiate);
73		71
74	/*****************************************************************************/	72	/*****************************************************************************/
75	/*	73	/*
76	* duplicate a user defined key
77	* - both keys' semaphores are locked against further modification
78	* - the new key cannot yet be accessed
79	*/
80	int user_duplicate(struct key key, const struct key source)
81	{
82	struct user_key_payload upayload, spayload;
83	int ret;
84
85	/* just copy the payload */
86	ret = -ENOMEM;
87	upayload = kmalloc(sizeof(*upayload) + source->datalen, GFP_KERNEL);
88	if (upayload) {
89	spayload = rcu_dereference(source->payload.data);
90	BUG_ON(source->datalen != spayload->datalen);
91
92	upayload->datalen = key->datalen = spayload->datalen;
93	memcpy(upayload->data, spayload->data, key->datalen);
94
95	key->payload.data = upayload;
96	ret = 0;
97	}
98
99	return ret;
100
101	} /* end user_duplicate() */
102
103	EXPORT_SYMBOL_GPL(user_duplicate);
104
105	/*****************************************************************************/
106	/*
107	* dispose of the old data from an updated user defined key	74	* dispose of the old data from an updated user defined key
108	*/	75	*/
109	static void user_update_rcu_disposal(struct rcu_head *rcu)	76	static void user_update_rcu_disposal(struct rcu_head *rcu)


diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 0e1352a555c8..e59da6398d44 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c
@@ -376,7 +376,7 @@ static ssize_t selinux_transaction_write(struct file file, const char __user b
376	char *data;	376	char *data;
377	ssize_t rv;	377	ssize_t rv;
378		378
379	if (ino >= sizeof(write_op)/sizeof(write_op[0]) \|\| !write_op[ino])	379	if (ino >= ARRAY_SIZE(write_op) \|\| !write_op[ino])
380	return -EINVAL;	380	return -EINVAL;
381		381
382	data = simple_transaction_get(file, buf, size);	382	data = simple_transaction_get(file, buf, size);
@@ -1161,7 +1161,7 @@ static int sel_make_avc_files(struct dentry *dir)
1161	#endif	1161	#endif
1162	};	1162	};
1163		1163
1164	for (i = 0; i < sizeof (files) / sizeof (files[0]); i++) {	1164	for (i = 0; i < ARRAY_SIZE(files); i++) {
1165	struct inode *inode;	1165	struct inode *inode;
1166	struct dentry *dentry;	1166	struct dentry *dentry;
1167		1167


diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index dde094feb20d..d049c7acbc8b 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c
@@ -359,7 +359,7 @@ int avtab_read_item(void fp, u32 vers, struct avtab a,
359	return -1;	359	return -1;
360	}	360	}
361		361
362	for (i = 0; i < sizeof(spec_order)/sizeof(u16); i++) {	362	for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
363	if (val & spec_order[i]) {	363	if (val & spec_order[i]) {
364	key.specified = spec_order[i] \| enabled;	364	key.specified = spec_order[i] \| enabled;
365	datum.data = le32_to_cpu(buf32[items++]);	365	datum.data = le32_to_cpu(buf32[items++]);


diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 0ac311dc8371..0111990ba837 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c
@@ -103,7 +103,7 @@ static struct policydb_compat_info *policydb_lookup_compat(int version)
103	int i;	103	int i;
104	struct policydb_compat_info *info = NULL;	104	struct policydb_compat_info *info = NULL;
105		105
106	for (i = 0; i < sizeof(policydb_compat)/sizeof(*info); i++) {	106	for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) {
107	if (policydb_compat[i].version == version) {	107	if (policydb_compat[i].version == version) {
108	info = &policydb_compat[i];	108	info = &policydb_compat[i];
109	break;	109	break;