aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/device_cgroup.c1
-rw-r--r--security/inode.c4
-rw-r--r--security/integrity/ima/ima_api.c1
-rw-r--r--security/integrity/ima/ima_audit.c1
-rw-r--r--security/integrity/ima/ima_crypto.c1
-rw-r--r--security/integrity/ima/ima_fs.c1
-rw-r--r--security/integrity/ima/ima_iint.c1
-rw-r--r--security/integrity/ima/ima_init.c1
-rw-r--r--security/integrity/ima/ima_main.c1
-rw-r--r--security/integrity/ima/ima_policy.c1
-rw-r--r--security/integrity/ima/ima_queue.c1
-rw-r--r--security/keys/gc.c9
-rw-r--r--security/keys/keyring.c2
-rw-r--r--security/keys/proc.c1
-rw-r--r--security/keys/process_keys.c1
-rw-r--r--security/keys/request_key.c22
-rw-r--r--security/keys/user_defined.c3
-rw-r--r--security/lsm_audit.c1
-rw-r--r--security/selinux/netif.c1
-rw-r--r--security/selinux/netlabel.c1
-rw-r--r--security/selinux/netlink.c1
-rw-r--r--security/selinux/netnode.c1
-rw-r--r--security/selinux/netport.c1
-rw-r--r--security/selinux/xfrm.c1
-rw-r--r--security/smack/smack_access.c1
-rw-r--r--security/smack/smack_lsm.c1
-rw-r--r--security/smack/smackfs.c1
-rw-r--r--security/tomoyo/common.c1
-rw-r--r--security/tomoyo/domain.c1
-rw-r--r--security/tomoyo/file.c1
-rw-r--r--security/tomoyo/gc.c1
-rw-r--r--security/tomoyo/realpath.c1
32 files changed, 52 insertions, 15 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 37c5af6ac49..8d9c48f1377 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -10,6 +10,7 @@
#include <linux/list.h>
#include <linux/uaccess.h>
#include <linux/seq_file.h>
+#include <linux/slab.h>
#include <linux/rcupdate.h>
#include <linux/mutex.h>
diff --git a/security/inode.c b/security/inode.c
index c3a793881d0..1c812e87450 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -161,13 +161,13 @@ static int create_by_name(const char *name, mode_t mode,
mutex_lock(&parent->d_inode->i_mutex);
*dentry = lookup_one_len(name, parent, strlen(name));
- if (!IS_ERR(dentry)) {
+ if (!IS_ERR(*dentry)) {
if ((mode & S_IFMT) == S_IFDIR)
error = mkdir(parent->d_inode, *dentry, mode);
else
error = create(parent->d_inode, *dentry, mode);
} else
- error = PTR_ERR(dentry);
+ error = PTR_ERR(*dentry);
mutex_unlock(&parent->d_inode->i_mutex);
return error;
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 2a5e0bcf388..52015d098fd 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -13,6 +13,7 @@
* and store_template.
*/
#include <linux/module.h>
+#include <linux/slab.h>
#include "ima.h"
static const char *IMA_TEMPLATE_NAME = "ima";
diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c
index fcb1f714cfc..c5c5a72c30b 100644
--- a/security/integrity/ima/ima_audit.c
+++ b/security/integrity/ima/ima_audit.c
@@ -11,6 +11,7 @@
*/
#include <linux/fs.h>
+#include <linux/gfp.h>
#include <linux/audit.h>
#include "ima.h"
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index acd4226f73e..9b3ade7468b 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -18,6 +18,7 @@
#include <linux/crypto.h>
#include <linux/scatterlist.h>
#include <linux/err.h>
+#include <linux/slab.h>
#include "ima.h"
static int init_desc(struct hash_desc *desc)
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 3674a52e1cf..8fe736aabe7 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -16,6 +16,7 @@
* current measurement list and IMA statistics
*/
#include <linux/fcntl.h>
+#include <linux/slab.h>
#include <linux/module.h>
#include <linux/seq_file.h>
#include <linux/rculist.h>
diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c
index 6cc22430cb4..2dc2d659414 100644
--- a/security/integrity/ima/ima_iint.c
+++ b/security/integrity/ima/ima_iint.c
@@ -14,6 +14,7 @@
* - cache integrity information associated with an inode
* using a radix tree.
*/
+#include <linux/slab.h>
#include <linux/module.h>
#include <linux/spinlock.h>
#include <linux/radix-tree.h>
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index b93eddc589e..17f1f060306 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -16,6 +16,7 @@
*/
#include <linux/module.h>
#include <linux/scatterlist.h>
+#include <linux/slab.h>
#include <linux/err.h>
#include "ima.h"
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 983037fb9a9..f93641382e9 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -21,6 +21,7 @@
#include <linux/binfmts.h>
#include <linux/mount.h>
#include <linux/mman.h>
+#include <linux/slab.h>
#include "ima.h"
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 778a735621f..aef8c0a923a 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -15,6 +15,7 @@
#include <linux/security.h>
#include <linux/magic.h>
#include <linux/parser.h>
+#include <linux/slab.h>
#include "ima.h"
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index 148a3d85e77..8e28f04a5e2 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -20,6 +20,7 @@
*/
#include <linux/module.h>
#include <linux/rculist.h>
+#include <linux/slab.h>
#include "ima.h"
LIST_HEAD(ima_measurements); /* list of all measurements */
diff --git a/security/keys/gc.c b/security/keys/gc.c
index 19902319d09..a46e825cbf0 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -77,10 +77,10 @@ static bool key_gc_keyring(struct key *keyring, time_t limit)
goto dont_gc;
/* scan the keyring looking for dead keys */
- klist = rcu_dereference_check(keyring->payload.subscriptions,
- lockdep_is_held(&key_serial_lock));
+ rcu_read_lock();
+ klist = rcu_dereference(keyring->payload.subscriptions);
if (!klist)
- goto dont_gc;
+ goto unlock_dont_gc;
for (loop = klist->nkeys - 1; loop >= 0; loop--) {
key = klist->keys[loop];
@@ -89,11 +89,14 @@ static bool key_gc_keyring(struct key *keyring, time_t limit)
goto do_gc;
}
+unlock_dont_gc:
+ rcu_read_unlock();
dont_gc:
kleave(" = false");
return false;
do_gc:
+ rcu_read_unlock();
key_gc_cursor = keyring->serial;
key_get(keyring);
spin_unlock(&key_serial_lock);
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index ce7c44b857d..2fb2bc9712a 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -199,7 +199,7 @@ static long keyring_read(const struct key *keyring,
int loop, ret;
ret = 0;
- klist = rcu_dereference(keyring->payload.subscriptions);
+ klist = keyring->payload.subscriptions;
if (klist) {
/* calculate how much data we could return */
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 81bf98d67c6..068b66ea2f1 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -12,7 +12,6 @@
#include <linux/module.h>
#include <linux/init.h>
#include <linux/sched.h>
-#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 5c23afb31ec..06c2ccf26ed 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -12,7 +12,6 @@
#include <linux/module.h>
#include <linux/init.h>
#include <linux/sched.h>
-#include <linux/slab.h>
#include <linux/keyctl.h>
#include <linux/fs.h>
#include <linux/err.h>
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 03fe63ed55b..d737cea5347 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -68,7 +68,8 @@ static int call_sbin_request_key(struct key_construction *cons,
{
const struct cred *cred = current_cred();
key_serial_t prkey, sskey;
- struct key *key = cons->key, *authkey = cons->authkey, *keyring;
+ struct key *key = cons->key, *authkey = cons->authkey, *keyring,
+ *session;
char *argv[9], *envp[3], uid_str[12], gid_str[12];
char key_str[12], keyring_str[3][12];
char desc[20];
@@ -112,10 +113,12 @@ static int call_sbin_request_key(struct key_construction *cons,
if (cred->tgcred->process_keyring)
prkey = cred->tgcred->process_keyring->serial;
- if (cred->tgcred->session_keyring)
- sskey = rcu_dereference(cred->tgcred->session_keyring)->serial;
- else
- sskey = cred->user->session_keyring->serial;
+ rcu_read_lock();
+ session = rcu_dereference(cred->tgcred->session_keyring);
+ if (!session)
+ session = cred->user->session_keyring;
+ sskey = session->serial;
+ rcu_read_unlock();
sprintf(keyring_str[2], "%d", sskey);
@@ -336,8 +339,10 @@ static int construct_alloc_key(struct key_type *type,
key_already_present:
mutex_unlock(&key_construction_mutex);
- if (dest_keyring)
+ if (dest_keyring) {
+ __key_link(dest_keyring, key_ref_to_ptr(key_ref));
up_write(&dest_keyring->sem);
+ }
mutex_unlock(&user->cons_lock);
key_put(key);
*_key = key = key_ref_to_ptr(key_ref);
@@ -428,6 +433,11 @@ struct key *request_key_and_link(struct key_type *type,
if (!IS_ERR(key_ref)) {
key = key_ref_to_ptr(key_ref);
+ if (dest_keyring) {
+ construct_get_dest_keyring(&dest_keyring);
+ key_link(dest_keyring, key);
+ key_put(dest_keyring);
+ }
} else if (PTR_ERR(key_ref) != -EAGAIN) {
key = ERR_CAST(key_ref);
} else {
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c
index 7c687d56822..e9aa0792965 100644
--- a/security/keys/user_defined.c
+++ b/security/keys/user_defined.c
@@ -199,7 +199,8 @@ long user_read(const struct key *key, char __user *buffer, size_t buflen)
struct user_key_payload *upayload;
long ret;
- upayload = rcu_dereference(key->payload.data);
+ upayload = rcu_dereference_protected(
+ key->payload.data, rwsem_is_locked(&((struct key *)key)->sem));
ret = upayload->datalen;
/* we can return the data as is */
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 8c3650672e2..908aa712816 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -14,6 +14,7 @@
#include <linux/types.h>
#include <linux/stddef.h>
#include <linux/kernel.h>
+#include <linux/gfp.h>
#include <linux/fs.h>
#include <linux/init.h>
#include <net/sock.h>
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index b4e14bc0bf3..d6095d63d83 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -16,6 +16,7 @@
*/
#include <linux/init.h>
#include <linux/types.h>
+#include <linux/slab.h>
#include <linux/stddef.h>
#include <linux/kernel.h>
#include <linux/list.h>
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 3d09a2afc33..1c2fc46544b 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -29,6 +29,7 @@
#include <linux/spinlock.h>
#include <linux/rcupdate.h>
+#include <linux/gfp.h>
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <net/sock.h>
diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c
index 7d7be296d87..36ac257cec9 100644
--- a/security/selinux/netlink.c
+++ b/security/selinux/netlink.c
@@ -11,6 +11,7 @@
*/
#include <linux/init.h>
#include <linux/types.h>
+#include <linux/slab.h>
#include <linux/stddef.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 7100072bb1b..dc92792271f 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -31,6 +31,7 @@
#include <linux/types.h>
#include <linux/rcupdate.h>
#include <linux/list.h>
+#include <linux/slab.h>
#include <linux/spinlock.h>
#include <linux/in.h>
#include <linux/in6.h>
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index fe7fba67f19..cfe2d72d3fb 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -30,6 +30,7 @@
#include <linux/types.h>
#include <linux/rcupdate.h>
#include <linux/list.h>
+#include <linux/slab.h>
#include <linux/spinlock.h>
#include <linux/in.h>
#include <linux/in6.h>
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index f3cb9ed731a..fff78d3b51a 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -38,6 +38,7 @@
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
+#include <linux/slab.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/skbuff.h>
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 0f9ac814690..f4fac64c4da 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -11,6 +11,7 @@
*/
#include <linux/types.h>
+#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/sched.h>
#include "smack.h"
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 2a20738e7ea..0f2fc480fc6 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -24,6 +24,7 @@
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/udp.h>
+#include <linux/slab.h>
#include <linux/mutex.h>
#include <linux/pipe_fs_i.h>
#include <net/netlabel.h>
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index aeead758509..a2b72d77f92 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -20,6 +20,7 @@
#include <linux/vmalloc.h>
#include <linux/security.h>
#include <linux/mutex.h>
+#include <linux/slab.h>
#include <net/net_namespace.h>
#include <net/netlabel.h>
#include <net/cipso_ipv4.h>
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index b9f64ca5f15..3c86bbc33ae 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -10,6 +10,7 @@
*/
#include <linux/uaccess.h>
+#include <linux/slab.h>
#include <linux/security.h>
#include <linux/hardirq.h>
#include "common.h"
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index ed514188324..e1edec4a9b9 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -11,6 +11,7 @@
#include "common.h"
#include <linux/binfmts.h>
+#include <linux/slab.h>
/* Variables definitions.*/
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index cf67e55a0d1..0687ada28e8 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -10,6 +10,7 @@
*/
#include "common.h"
+#include <linux/slab.h>
/* Keyword array for single path operations. */
static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index 9645525ccdd..d9ad35bc7fa 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -9,6 +9,7 @@
#include "common.h"
#include <linux/kthread.h>
+#include <linux/slab.h>
enum tomoyo_gc_id {
TOMOYO_ID_DOMAIN_INITIALIZER,
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 8fe3ee20a18..6a51e0af241 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -15,6 +15,7 @@
#include <linux/fs_struct.h>
#include <linux/hash.h>
#include <linux/magic.h>
+#include <linux/slab.h>
#include "common.h"
/**