6 files changed, 21 insertions, 24 deletions

diff --git a/security/inode.c b/security/inode.c
index 9b16e14f3a..d7ecf89fbc 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -50,7 +50,7 @@ static int default_open(struct inode *inode, struct file *file)
         return 0;
 }
 
-static struct file_operations default_file_ops = {
+static const struct file_operations default_file_ops = {
         .read =         default_read_file,
         .write =        default_write_file,
         .open =         default_open,
@@ -215,7 +215,7 @@ static int create_by_name(const char *name, mode_t mode,
  */
 struct dentry *securityfs_create_file(const char *name, mode_t mode,
                                    struct dentry *parent, void *data,
-                                   struct file_operations *fops)
+                                   const struct file_operations *fops)
 {
         struct dentry *dentry = NULL;
         int error;
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 686a9ee0c5..3e0d0a6e22 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -33,7 +33,7 @@ static struct seq_operations proc_keys_ops = {
         .show   = proc_keys_show,
 };
 
-static struct file_operations proc_keys_fops = {
+static const struct file_operations proc_keys_fops = {
         .open           = proc_keys_open,
         .read           = seq_read,
         .llseek         = seq_lseek,
@@ -54,7 +54,7 @@ static struct seq_operations proc_key_users_ops = {
         .show   = proc_key_users_show,
 };
 
-static struct file_operations proc_key_users_fops = {
+static const struct file_operations proc_key_users_fops = {
         .open           = proc_key_users_open,
         .read           = seq_read,
         .llseek         = seq_lseek,
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index e7c0b5e206..da8caf10ef 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -332,11 +332,10 @@ static struct avc_node *avc_alloc_node(void)
 {
         struct avc_node *node;
 
-        node = kmem_cache_alloc(avc_node_cachep, GFP_ATOMIC);
+        node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC);
         if (!node)
                 goto out;
 
-        memset(node, 0, sizeof(*node));
         INIT_RCU_HEAD(&node->rhead);
         INIT_LIST_HEAD(&node->list);
         atomic_set(&node->ae.used, 1);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 65fb5e8ea9..35eb8de892 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -181,11 +181,10 @@ static int inode_alloc_security(struct inode *inode)
         struct task_security_struct *tsec = current->security;
         struct inode_security_struct *isec;
 
-        isec = kmem_cache_alloc(sel_inode_cache, GFP_KERNEL);
+        isec = kmem_cache_zalloc(sel_inode_cache, GFP_KERNEL);
         if (!isec)
                 return -ENOMEM;
 
-        memset(isec, 0, sizeof(*isec));
         mutex_init(&isec->lock);
         INIT_LIST_HEAD(&isec->list);
         isec->inode = inode;
@@ -2655,7 +2654,7 @@ static int selinux_file_send_sigiotask(struct task_struct *tsk,
         struct file_security_struct *fsec;
 
         /* struct fown_struct is never outside the context of a struct file */
-        file = (struct file *)((long)fown - offsetof(struct file,f_owner));
+        file = container_of(fown, struct file, f_owner);
 
         tsec = tsk->security;
         fsec = file->f_security;
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index c8bf6e172f..93b3177c75 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -161,7 +161,7 @@ out:
 #define sel_write_enforce NULL
 #endif
 
-static struct file_operations sel_enforce_ops = {
+static const struct file_operations sel_enforce_ops = {
         .read           = sel_read_enforce,
         .write          = sel_write_enforce,
 };
@@ -211,7 +211,7 @@ out:
 #define sel_write_disable NULL
 #endif
 
-static struct file_operations sel_disable_ops = {
+static const struct file_operations sel_disable_ops = {
         .write          = sel_write_disable,
 };
 
@@ -225,7 +225,7 @@ static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
 }
 
-static struct file_operations sel_policyvers_ops = {
+static const struct file_operations sel_policyvers_ops = {
         .read           = sel_read_policyvers,
 };
 
@@ -242,7 +242,7 @@ static ssize_t sel_read_mls(struct file *filp, char __user *buf,
         return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
 }
 
-static struct file_operations sel_mls_ops = {
+static const struct file_operations sel_mls_ops = {
         .read           = sel_read_mls,
 };
 
@@ -294,7 +294,7 @@ out:
         return length;
 }
 
-static struct file_operations sel_load_ops = {
+static const struct file_operations sel_load_ops = {
         .write          = sel_write_load,
 };
 
@@ -374,7 +374,7 @@ out:
         free_page((unsigned long) page);
         return length;
 }
-static struct file_operations sel_checkreqprot_ops = {
+static const struct file_operations sel_checkreqprot_ops = {
         .read           = sel_read_checkreqprot,
         .write          = sel_write_checkreqprot,
 };
@@ -423,7 +423,7 @@ out:
         free_page((unsigned long) page);
         return length;
 }
-static struct file_operations sel_compat_net_ops = {
+static const struct file_operations sel_compat_net_ops = {
         .read           = sel_read_compat_net,
         .write          = sel_write_compat_net,
 };
@@ -467,7 +467,7 @@ static ssize_t selinux_transaction_write(struct file *file, const char __user *b
         return rv;
 }
 
-static struct file_operations transaction_ops = {
+static const struct file_operations transaction_ops = {
         .write          = selinux_transaction_write,
         .read           = simple_transaction_read,
         .release        = simple_transaction_release,
@@ -875,7 +875,7 @@ out:
         return length;
 }
 
-static struct file_operations sel_bool_ops = {
+static const struct file_operations sel_bool_ops = {
         .read           = sel_read_bool,
         .write          = sel_write_bool,
 };
@@ -932,7 +932,7 @@ out:
         return length;
 }
 
-static struct file_operations sel_commit_bools_ops = {
+static const struct file_operations sel_commit_bools_ops = {
         .write          = sel_commit_bools_write,
 };
 
@@ -1131,12 +1131,12 @@ out:
         return ret;
 }
 
-static struct file_operations sel_avc_cache_threshold_ops = {
+static const struct file_operations sel_avc_cache_threshold_ops = {
         .read           = sel_read_avc_cache_threshold,
         .write          = sel_write_avc_cache_threshold,
 };
 
-static struct file_operations sel_avc_hash_stats_ops = {
+static const struct file_operations sel_avc_hash_stats_ops = {
         .read           = sel_read_avc_hash_stats,
 };
 
@@ -1198,7 +1198,7 @@ static int sel_open_avc_cache_stats(struct inode *inode, struct file *file)
         return seq_open(file, &sel_avc_cache_stats_seq_ops);
 }
 
-static struct file_operations sel_avc_cache_stats_ops = {
+static const struct file_operations sel_avc_cache_stats_ops = {
         .open           = sel_open_avc_cache_stats,
         .read           = seq_read,
         .llseek         = seq_lseek,
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index ebb993c5c2..9142073319 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -36,10 +36,9 @@ avtab_insert_node(struct avtab *h, int hvalue,
                   struct avtab_key *key, struct avtab_datum *datum)
 {
         struct avtab_node * newnode;
-        newnode = kmem_cache_alloc(avtab_node_cachep, GFP_KERNEL);
+        newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL);
         if (newnode == NULL)
                 return NULL;
-        memset(newnode, 0, sizeof(struct avtab_node));
         newnode->key = *key;
         newnode->datum = *datum;
         if (prev) {