Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (32 commits)
  [NET]: Fix more per-cpu typos
  [SECURITY]: Fix build with CONFIG_SECURITY disabled.
  [I/OAT]: Remove CPU hotplug lock from net_dma_rebalance
  [DECNET]: Fix for routing bug
  [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch
  [NET]: skb_queue_lock_key() is no longer used.
  [NET]: Remove lockdep_set_class() call from skb_queue_head_init().
  [IPV6]: SNMPv2 "ipv6IfStatsOutFragCreates" counter error
  [IPV6]: SNMPv2 "ipv6IfStatsInHdrErrors" counter error
  [NET]: Kill the WARN_ON() calls for checksum fixups.
  [NETFILTER]: xt_hashlimit/xt_string: missing string validation
  [NETFILTER]: SIP helper: expect RTP streams in both directions
  [E1000]: Convert to netdev_alloc_skb
  [TG3]: Convert to netdev_alloc_skb
  [NET]: Add netdev_alloc_skb().
  [TCP]: Process linger2 timeout consistently.
  [SECURITY] secmark: nul-terminate secdata
  [NET] infiniband: Cleanup ib_addr module to use the netevents
  [NET]: Core net changes to generate netevents
  [NET]: Network Event Notifier Mechanism.
  ...

1 files changed, 24 insertions, 14 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a91c961ba3..5d1b8c7331 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3524,25 +3524,21 @@ out:
         return err;
 }
 
-static int selinux_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, u32 *seclen)
+static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
 {
+        u32 peer_secid = SECSID_NULL;
         int err = 0;
-        u32 peer_sid;
 
-        if (skb->sk->sk_family == PF_UNIX)
-                selinux_get_inode_sid(SOCK_INODE(skb->sk->sk_socket),
-                                      &peer_sid);
-        else
-                peer_sid = selinux_socket_getpeer_dgram(skb);
-
-        if (peer_sid == SECSID_NULL)
-                return -EINVAL;
+        if (sock && (sock->sk->sk_family == PF_UNIX))
+                selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
+        else if (skb)
+                peer_secid = selinux_socket_getpeer_dgram(skb);
 
-        err = security_sid_to_context(peer_sid, secdata, seclen);
-        if (err)
-                return err;
+        if (peer_secid == SECSID_NULL)
+                err = -EINVAL;
+        *secid = peer_secid;
 
-        return 0;
+        return err;
 }
 
 static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
@@ -4407,6 +4403,17 @@ static int selinux_setprocattr(struct task_struct *p,
         return size;
 }
 
+static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
+{
+        return security_sid_to_context(secid, secdata, seclen);
+}
+
+static void selinux_release_secctx(char *secdata, u32 seclen)
+{
+        if (secdata)
+                kfree(secdata);
+}
+
 #ifdef CONFIG_KEYS
 
 static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
@@ -4587,6 +4594,9 @@ static struct security_operations selinux_ops = {
         .getprocattr =                  selinux_getprocattr,
         .setprocattr =                  selinux_setprocattr,
 
+        .secid_to_secctx =              selinux_secid_to_secctx,
+        .release_secctx =               selinux_release_secctx,
+
         .unix_stream_connect =          selinux_socket_unix_stream_connect,
         .unix_may_send =                selinux_socket_unix_may_send,