20 files changed, 116 insertions, 91 deletions
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
index 72555b9ca7d6..9b9013b2e321 100644
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -1,6 +1,6 @@
 config SECURITY_APPARMOR
        bool "AppArmor support"
-        depends on SECURITY
+        depends on SECURITY && NET
        select AUDIT
        select SECURITY_PATH
        select SECURITYFS
diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h
index 3c88be946494..02baec732bb5 100644
--- a/security/apparmor/include/resource.h
+++ b/security/apparmor/include/resource.h
@@ -33,8 +33,8 @@ struct aa_rlimit {
 };
 int aa_map_resource(int resource);
-int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource,
+int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *,
-                      struct rlimit *new_rlim);
+                      unsigned int resource, struct rlimit *new_rlim);
 void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new);
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 6e85cdb4303f..506d2baf6147 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -40,6 +40,7 @@ char *aa_split_fqname(char *fqname, char **ns_name)
        *ns_name = NULL;
        if (name[0] == ':') {
                char *split = strchr(&name[1], ':');
+                *ns_name = skip_spaces(&name[1]);
                if (split) {
                        /* overwrite ':' with \0 */
                        *split = 0;
@@ -47,7 +48,6 @@ char *aa_split_fqname(char *fqname, char **ns_name)
                } else
                        /* a ns name without a following profile is allowed */
                        name = NULL;
-                *ns_name = &name[1];
        }
        if (name && *name == 0)
                name = NULL;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8db33a8b50c4..cf1de4462ccd 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -607,14 +607,14 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
        return error;
 }
-static int apparmor_task_setrlimit(unsigned int resource,
+static int apparmor_task_setrlimit(struct task_struct *task,
-                                   struct rlimit *new_rlim)
+                unsigned int resource, struct rlimit *new_rlim)
 {
        struct aa_profile *profile = aa_current_profile();
        int error = 0;
        if (!unconfined(profile))
-                error = aa_task_setrlimit(profile, resource, new_rlim);
+                error = aa_task_setrlimit(profile, task, resource, new_rlim);
        return error;
 }
@@ -667,17 +667,29 @@ static struct security_operations apparmor_ops = {
 * AppArmor sysfs module parameters
 */
-static int param_set_aabool(const char *val, struct kernel_param *kp);
+static int param_set_aabool(const char *val, const struct kernel_param *kp);
-static int param_get_aabool(char *buffer, struct kernel_param *kp);
+static int param_get_aabool(char *buffer, const struct kernel_param *kp);
 #define param_check_aabool(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aabool = {
+        .set = param_set_aabool,
+        .get = param_get_aabool
+};
-static int param_set_aauint(const char *val, struct kernel_param *kp);
+static int param_set_aauint(const char *val, const struct kernel_param *kp);
-static int param_get_aauint(char *buffer, struct kernel_param *kp);
+static int param_get_aauint(char *buffer, const struct kernel_param *kp);
 #define param_check_aauint(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aauint = {
+        .set = param_set_aauint,
+        .get = param_get_aauint
+};
-static int param_set_aalockpolicy(const char *val, struct kernel_param *kp);
+static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp);
-static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp);
+static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp);
 #define param_check_aalockpolicy(name, p) __param_check(name, p, int)
+static struct kernel_param_ops param_ops_aalockpolicy = {
+        .set = param_set_aalockpolicy,
+        .get = param_get_aalockpolicy
+};
 static int param_set_audit(const char *val, struct kernel_param *kp);
 static int param_get_audit(char *buffer, struct kernel_param *kp);
@@ -751,7 +763,7 @@ static int __init apparmor_enabled_setup(char *str)
 __setup("apparmor=", apparmor_enabled_setup);
 /* set global flag turning off the ability to load policy */
-static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
+static int param_set_aalockpolicy(const char *val, const struct kernel_param *kp)
 {
        if (!capable(CAP_MAC_ADMIN))
                return -EPERM;
@@ -760,35 +772,35 @@ static int param_set_aalockpolicy(const char *val, struct kernel_param *kp)
        return param_set_bool(val, kp);
 }
-static int param_get_aalockpolicy(char *buffer, struct kernel_param *kp)
+static int param_get_aalockpolicy(char *buffer, const struct kernel_param *kp)
 {
        if (!capable(CAP_MAC_ADMIN))
                return -EPERM;
        return param_get_bool(buffer, kp);
 }
-static int param_set_aabool(const char *val, struct kernel_param *kp)
+static int param_set_aabool(const char *val, const struct kernel_param *kp)
 {
        if (!capable(CAP_MAC_ADMIN))
                return -EPERM;
        return param_set_bool(val, kp);
 }
-static int param_get_aabool(char *buffer, struct kernel_param *kp)
+static int param_get_aabool(char *buffer, const struct kernel_param *kp)
 {
        if (!capable(CAP_MAC_ADMIN))
                return -EPERM;
        return param_get_bool(buffer, kp);
 }
-static int param_set_aauint(const char *val, struct kernel_param *kp)
+static int param_set_aauint(const char *val, const struct kernel_param *kp)
 {
        if (!capable(CAP_MAC_ADMIN))
                return -EPERM;
        return param_set_uint(val, kp);
 }
-static int param_get_aauint(char *buffer, struct kernel_param *kp)
+static int param_get_aauint(char *buffer, const struct kernel_param *kp)
 {
        if (!capable(CAP_MAC_ADMIN))
                return -EPERM;
diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index 96bab9469d48..82396050f186 100644
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -59,39 +59,22 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
 {
        struct path root, tmp;
        char *res;
-        int deleted, connected;
+        int connected, error = 0;
-        int error = 0;
-        /* Get the root we want to resolve too */
+        /* Get the root we want to resolve too, released below */
        if (flags & PATH_CHROOT_REL) {
                /* resolve paths relative to chroot */
-                read_lock(&current->fs->lock);
+                get_fs_root(current->fs, &root);
-                root = current->fs->root;
-                /* released below */
-                path_get(&root);
-                read_unlock(&current->fs->lock);
        } else {
                /* resolve paths relative to namespace */
                root.mnt = current->nsproxy->mnt_ns->root;
                root.dentry = root.mnt->mnt_root;
-                /* released below */
                path_get(&root);
        }
        spin_lock(&dcache_lock);
-        /* There is a race window between path lookup here and the
+        tmp = root;
-         * need to strip the " (deleted) string that __d_path applies
+        res = __d_path(path, &tmp, buf, buflen);
-         * Detect the race and relookup the path
-         *
-         * The stripping of (deleted) is a hack that could be removed
-         * with an updated __d_path
-         */
-        do {
-                tmp = root;
-                deleted = d_unlinked(path->dentry);
-                res = __d_path(path, &tmp, buf, buflen);
-        } while (deleted != d_unlinked(path->dentry));
        spin_unlock(&dcache_lock);
        *name = res;
@@ -103,21 +86,17 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
                *name = buf;
                goto out;
        }
-        if (deleted) {
-                /* On some filesystems, newly allocated dentries appear to the
-                 * security_path hooks as a deleted dentry except without an
-                 * inode allocated.
-                 *
-                 * Remove the appended deleted text and return as string for
-                 * normal mediation, or auditing.  The (deleted) string is
-                 * guaranteed to be added in this case, so just strip it.
-                 */
-                buf[buflen - 11] = 0;   /* - (len(" (deleted)") +\0) */
-                if (path->dentry->d_inode && !(flags & PATH_MEDIATE_DELETED)) {
+        /* Handle two cases:
+         * 1. A deleted dentry && profile is not allowing mediation of deleted
+         * 2. On some filesystems, newly allocated dentries appear to the
+         *    security_path hooks as a deleted dentry except without an inode
+         *    allocated.
+         */
+        if (d_unlinked(path->dentry) && path->dentry->d_inode &&
+            !(flags & PATH_MEDIATE_DELETED)) {
                        error = -ENOENT;
                        goto out;
-                }
        }
        /* Determine if the path is connected to the expected root */
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 3cdc1ad0787e..52cc865f1464 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -1151,12 +1151,14 @@ ssize_t aa_remove_profiles(char *fqname, size_t size)
                /* released below */
                ns = aa_get_namespace(root);
-        write_lock(&ns->lock);
        if (!name) {
                /* remove namespace - can only happen if fqname[0] == ':' */
+                write_lock(&ns->parent->lock);
                __remove_namespace(ns);
+                write_unlock(&ns->parent->lock);
        } else {
                /* remove profile */
+                write_lock(&ns->lock);
                profile = aa_get_profile(__lookup_profile(&ns->base, name));
                if (!profile) {
                        error = -ENOENT;
@@ -1165,8 +1167,8 @@ ssize_t aa_remove_profiles(char *fqname, size_t size)
                }
                name = profile->base.hname;
                __remove_profile(profile);
+                write_unlock(&ns->lock);
        }
-        write_unlock(&ns->lock);
        /* don't fail removal if audit fails */
        (void) audit_policy(OP_PROF_RM, GFP_KERNEL, name, info, error);
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
index 4a368f1fd36d..a4136c10b1c6 100644
--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -72,6 +72,7 @@ int aa_map_resource(int resource)
 /**
 * aa_task_setrlimit - test permission to set an rlimit
 * @profile - profile confining the task  (NOT NULL)
+ * @task - task the resource is being set on
 * @resource - the resource being set
 * @new_rlim - the new resource limit  (NOT NULL)
 *
@@ -79,18 +80,21 @@ int aa_map_resource(int resource)
 *
 * Returns: 0 or error code if setting resource failed
 */
-int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource,
+int aa_task_setrlimit(struct aa_profile *profile, struct task_struct *task,
-                      struct rlimit *new_rlim)
+                      unsigned int resource, struct rlimit *new_rlim)
 {
        int error = 0;
-        if (profile->rlimits.mask & (1 << resource) &&
+        /* TODO: extend resource control to handle other (non current)
-            new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max)
+         * processes.  AppArmor rules currently have the implicit assumption
+         * that the task is setting the resource of the current process
-                error = audit_resource(profile, resource, new_rlim->rlim_max,
+         */
-                        -EACCES);
+        if ((task != current->group_leader) ||
+            (profile->rlimits.mask & (1 << resource) &&
+             new_rlim->rlim_max > profile->rlimits.limits[resource].rlim_max))
+                error = -EACCES;
-        return error;
+        return audit_resource(profile, resource, new_rlim->rlim_max, error);
 }
 /**
diff --git a/security/capability.c b/security/capability.c
index a0bbf30fb6dc..95a6599a37bb 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -411,7 +411,8 @@ static int cap_task_getioprio(struct task_struct *p)
        return 0;
 }
-static int cap_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
+static int cap_task_setrlimit(struct task_struct *p, unsigned int resource,
+                struct rlimit *new_rlim)
 {
        return 0;
 }
diff --git a/security/commoncap.c b/security/commoncap.c
index 4e015996dd4d..9d172e6e330c 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -40,7 +40,7 @@
 *
 * Warn if that happens, once per boot.
 */
-static void warn_setuid_and_fcaps_mixed(char *fname)
+static void warn_setuid_and_fcaps_mixed(const char *fname)
 {
        static int warned;
        if (!warned) {
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 16d100d3fc38..3fbcd1dda0ef 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -35,6 +35,7 @@ enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 };
 #define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS)
 /* set during initialization */
+extern int iint_initialized;
 extern int ima_initialized;
 extern int ima_used_chip;
 extern char *ima_hash;
diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c
index 7625b85c2274..afba4aef812f 100644
--- a/security/integrity/ima/ima_iint.c
+++ b/security/integrity/ima/ima_iint.c
@@ -22,9 +22,10 @@
 RADIX_TREE(ima_iint_store, GFP_ATOMIC);
 DEFINE_SPINLOCK(ima_iint_lock);
 static struct kmem_cache *iint_cache __read_mostly;
+int iint_initialized = 0;
 /* ima_iint_find_get - return the iint associated with an inode
 *
 * ima_iint_find_get gets a reference to the iint. Caller must
@@ -141,6 +142,7 @@ static int __init ima_iintcache_init(void)
        iint_cache =
            kmem_cache_create("iint_cache", sizeof(struct ima_iint_cache), 0,
                              SLAB_PANIC, init_once);
+        iint_initialized = 1;
        return 0;
 }
 security_initcall(ima_iintcache_init);
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index f93641382e9f..e662b89d4079 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -148,12 +148,14 @@ void ima_counts_get(struct file *file)
        struct ima_iint_cache *iint;
        int rc;
-        if (!ima_initialized || !S_ISREG(inode->i_mode))
+        if (!iint_initialized || !S_ISREG(inode->i_mode))
                return;
        iint = ima_iint_find_get(inode);
        if (!iint)
                return;
        mutex_lock(&iint->mutex);
+        if (!ima_initialized)
+                goto out;
        rc = ima_must_measure(iint, inode, MAY_READ, FILE_CHECK);
        if (rc < 0)
                goto out;
@@ -213,7 +215,7 @@ void ima_file_free(struct file *file)
        struct inode *inode = file->f_dentry->d_inode;
        struct ima_iint_cache *iint;
-        if (!ima_initialized || !S_ISREG(inode->i_mode))
+        if (!iint_initialized || !S_ISREG(inode->i_mode))
                return;
        iint = ima_iint_find_get(inode);
        if (!iint)
@@ -230,7 +232,7 @@ static int process_measurement(struct file *file, const unsigned char *filename,
 {
        struct inode *inode = file->f_dentry->d_inode;
        struct ima_iint_cache *iint;
-        int rc;
+        int rc = 0;
        if (!ima_initialized || !S_ISREG(inode->i_mode))
                return 0;
diff --git a/security/keys/internal.h b/security/keys/internal.h
index addb67b169f4..56a133d8f37d 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -15,11 +15,6 @@
 #include <linux/sched.h>
 #include <linux/key-type.h>
-static inline __attribute__((format(printf, 1, 2)))
-void no_printk(const char *fmt, ...)
-{
-}
 #ifdef __KDEBUG
 #define kenter(FMT, ...) \
        printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index b2b0998d6abd..60924f6a52db 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1272,6 +1272,7 @@ long keyctl_session_to_parent(void)
        keyring_r = NULL;
        me = current;
+        rcu_read_lock();
        write_lock_irq(&tasklist_lock);
        parent = me->real_parent;
@@ -1304,7 +1305,8 @@ long keyctl_session_to_parent(void)
                goto not_permitted;
        /* the keyrings must have the same UID */
-        if (pcred->tgcred->session_keyring->uid != mycred->euid ||
+        if ((pcred->tgcred->session_keyring &&
+             pcred->tgcred->session_keyring->uid != mycred->euid) ||
            mycred->tgcred->session_keyring->uid != mycred->euid)
                goto not_permitted;
@@ -1319,6 +1321,7 @@ long keyctl_session_to_parent(void)
        set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME);
        write_unlock_irq(&tasklist_lock);
+        rcu_read_unlock();
        if (oldcred)
                put_cred(oldcred);
        return 0;
@@ -1327,6 +1330,7 @@ already_same:
        ret = 0;
 not_permitted:
        write_unlock_irq(&tasklist_lock);
+        rcu_read_unlock();
        put_cred(cred);
        return ret;
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 0d26f689bd77..0088dd8bf68a 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -537,6 +537,8 @@ int wait_for_key_construction(struct key *key, bool intr)
                          intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
        if (ret < 0)
                return ret;
+        if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
+                return -ENOKEY;
        return key_validate(key);
 }
 EXPORT_SYMBOL(wait_for_key_construction);
diff --git a/security/security.c b/security/security.c
index e8c87b8601b4..c53949f17d9e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -619,7 +619,13 @@ void security_inode_getsecid(const struct inode *inode, u32 *secid)
 int security_file_permission(struct file *file, int mask)
 {
-        return security_ops->file_permission(file, mask);
+        int ret;
+        ret = security_ops->file_permission(file, mask);
+        if (ret)
+                return ret;
+        return fsnotify_perm(file, mask);
 }
 int security_file_alloc(struct file *file)
@@ -683,7 +689,13 @@ int security_file_receive(struct file *file)
 int security_dentry_open(struct file *file, const struct cred *cred)
 {
-        return security_ops->dentry_open(file, cred);
+        int ret;
+        ret = security_ops->dentry_open(file, cred);
+        if (ret)
+                return ret;
+        return fsnotify_perm(file, MAY_OPEN);
 }
 int security_task_create(unsigned long clone_flags)
@@ -768,9 +780,10 @@ int security_task_getioprio(struct task_struct *p)
        return security_ops->task_getioprio(p);
 }
-int security_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
+int security_task_setrlimit(struct task_struct *p, unsigned int resource,
+                struct rlimit *new_rlim)
 {
-        return security_ops->task_setrlimit(resource, new_rlim);
+        return security_ops->task_setrlimit(p, resource, new_rlim);
 }
 int security_task_setscheduler(struct task_struct *p,
diff --git a/security/selinux/Makefile b/security/selinux/Makefile
index f013982df417..58d80f3bd6f6 100644
--- a/security/selinux/Makefile
+++ b/security/selinux/Makefile
@@ -25,6 +25,6 @@ $(obj)/avc.o: $(obj)/flask.h
 quiet_cmd_flask = GEN     $(obj)/flask.h $(obj)/av_permissions.h
      cmd_flask = scripts/selinux/genheaders/genheaders $(obj)/flask.h $(obj)/av_permissions.h
-targets += flask.h
+targets += flask.h av_permissions.h
 $(obj)/flask.h: $(src)/include/classmap.h FORCE
        $(call if_changed,flask)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 9b40f4c0ac70..4796ddd4e721 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2170,8 +2170,9 @@ static inline void flush_unauthorized_files(const struct cred *cred,
        tty = get_current_tty();
        if (tty) {
-                file_list_lock();
+                spin_lock(&tty_files_lock);
                if (!list_empty(&tty->tty_files)) {
+                        struct tty_file_private *file_priv;
                        struct inode *inode;
                        /* Revalidate access to controlling tty.
@@ -2179,14 +2180,16 @@ static inline void flush_unauthorized_files(const struct cred *cred,
                           than using file_has_perm, as this particular open
                           file may belong to another process and we are only
                           interested in the inode-based check here. */
-                        file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list);
+                        file_priv = list_first_entry(&tty->tty_files,
+                                                struct tty_file_private, list);
+                        file = file_priv->file;
                        inode = file->f_path.dentry->d_inode;
                        if (inode_has_perm(cred, inode,
                                           FILE__READ | FILE__WRITE, NULL)) {
                                drop_tty = 1;
                        }
                }
-                file_list_unlock();
+                spin_unlock(&tty_files_lock);
                tty_kref_put(tty);
        }
        /* Reset controlling tty. */
@@ -2284,12 +2287,15 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm)
        rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
                          PROCESS__RLIMITINH, NULL);
        if (rc) {
+                /* protect against do_prlimit() */
+                task_lock(current);
                for (i = 0; i < RLIM_NLIMITS; i++) {
                        rlim = current->signal->rlim + i;
                        initrlim = init_task.signal->rlim + i;
                        rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
                }
-                update_rlimit_cpu(current->signal->rlim[RLIMIT_CPU].rlim_cur);
+                task_unlock(current);
+                update_rlimit_cpu(current, rlimit(RLIMIT_CPU));
        }
 }
@@ -3333,16 +3339,17 @@ static int selinux_task_getioprio(struct task_struct *p)
        return current_has_perm(p, PROCESS__GETSCHED);
 }
-static int selinux_task_setrlimit(unsigned int resource, struct rlimit *new_rlim)
+static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
+                struct rlimit *new_rlim)
 {
-        struct rlimit *old_rlim = current->signal->rlim + resource;
+        struct rlimit *old_rlim = p->signal->rlim + resource;
        /* Control the ability to change the hard limit (whether
           lowering or raising it), so that the hard limit can
           later be used as a safe reset point for the soft limit
           upon context transitions.  See selinux_bprm_committing_creds. */
        if (old_rlim->rlim_max != new_rlim->rlim_max)
-                return current_has_perm(current, PROCESS__SETRLIMIT);
+                return current_has_perm(p, PROCESS__SETRLIMIT);
        return 0;
 }
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index ef43995119a4..c668b447c725 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1416,15 +1416,19 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r)
        const pid_t gpid = task_pid_nr(current);
        static const int tomoyo_buffer_len = 4096;
        char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS);
+        pid_t ppid;
        if (!buffer)
                return NULL;
        do_gettimeofday(&tv);
+        rcu_read_lock();
+        ppid = task_tgid_vnr(current->real_parent);
+        rcu_read_unlock();
        snprintf(buffer, tomoyo_buffer_len - 1,
                 "#timestamp=%lu profile=%u mode=%s (global-pid=%u)"
                 " task={ pid=%u ppid=%u uid=%u gid=%u euid=%u"
                 " egid=%u suid=%u sgid=%u fsuid=%u fsgid=%u }",
                 tv.tv_sec, r->profile, tomoyo_mode[r->mode], gpid,
-                 (pid_t) sys_getpid(), (pid_t) sys_getppid(),
+                 task_tgid_vnr(current), ppid,
                 current_uid(), current_gid(), current_euid(),
                 current_egid(), current_suid(), current_sgid(),
                 current_fsuid(), current_fsgid());
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 04454cb7b24a..7c66bd898782 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -689,9 +689,6 @@ struct tomoyo_profile {
 /********** Function prototypes. **********/
-extern asmlinkage long sys_getpid(void);
-extern asmlinkage long sys_getppid(void);
 /* Check whether the given string starts with the given keyword. */
 bool tomoyo_str_starts(char **src, const char *find);
 /* Get tomoyo_realpath() of current process. */