From 6382dc334064bb0b41a95df0e3c438de35f2ffb7 Mon Sep 17 00:00:00 2001
From: "Justin P. Mattock" <justinmattock@gmail.com>
Date: Thu, 14 Jan 2010 23:03:18 -0800
Subject: fix comment typos in avc.c

Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---
 security/selinux/avc.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'security')

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index f2dde268165a..3328b1f45047 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -337,7 +337,7 @@ static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass)
  * Look up an AVC entry that is valid for the
  * (@ssid, @tsid), interpreting the permissions
  * based on @tclass.  If a valid AVC entry exists,
- * then this function return the avc_node.
+ * then this function returns the avc_node.
  * Otherwise, this function returns NULL.
  */
 static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass)
@@ -526,7 +526,7 @@ void avc_audit(u32 ssid, u32 tsid,
  * @perms: permissions
  *
  * Register a callback function for events in the set @events
- * related to the SID pair (@ssid, @tsid) and
+ * related to the SID pair (@ssid, @tsid) 
  * and the permissions @perms, interpreting
  * @perms based on @tclass.  Returns %0 on success or
  * -%ENOMEM if insufficient memory exists to add the callback.
@@ -571,7 +571,7 @@ static inline int avc_sidcmp(u32 x, u32 y)
  *
  * if a valid AVC entry doesn't exist,this function returns -ENOENT.
  * if kmalloc() called internal returns NULL, this function returns -ENOMEM.
- * otherwise, this function update the AVC entry. The original AVC-entry object
+ * otherwise, this function updates the AVC entry. The original AVC-entry object
  * will release later by RCU.
  */
 static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass,
-- 
cgit v1.2.3-59-g8ed1b


From de27a5bf9caef3f1fca1f315aa58eee54fbf929a Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Sat, 30 Jan 2010 15:27:27 -0500
Subject: fix mnt_mountpoint abuse in smack

(mnt,mnt_mountpoint) pair is conceptually wrong; if you want
to use it for generating pathname and for nothing else *and*
if you know that vfsmount tree is unchanging, you can get
away with that, but the right solution for that is (mnt,mnt_root).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/smack/smack_lsm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'security')

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 529c9ca65878..8dffcb7c9d81 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -387,7 +387,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags)
 	struct smk_audit_info ad;
 
 	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS);
-	smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_mountpoint);
+	smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root);
 	smk_ad_setfield_u_fs_path_mnt(&ad, mnt);
 
 	sbp = mnt->mnt_sb->s_security;
-- 
cgit v1.2.3-59-g8ed1b


From 37afdc7960ab493f827b5df9dc1b71b63b44331c Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 5 Feb 2010 01:41:33 -0500
Subject: get rid of insanity with namespace roots in tomoyo

passing *any* namespace root to __d_path() as root is equivalent
to just passing it {NULL, NULL}; no need to bother with finding
the root of our namespace in there.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/tomoyo/realpath.c | 23 ++++-------------------
 1 file changed, 4 insertions(+), 19 deletions(-)

(limited to 'security')

diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 18369d497eb8..6a4f8495f281 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -89,27 +89,12 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname,
 		sp = dentry->d_op->d_dname(dentry, newname + offset,
 					   newname_len - offset);
 	} else {
-		/* Taken from d_namespace_path(). */
-		struct path root;
-		struct path ns_root = { };
-		struct path tmp;
-
-		read_lock(&current->fs->lock);
-		root = current->fs->root;
-		path_get(&root);
-		read_unlock(&current->fs->lock);
-		spin_lock(&vfsmount_lock);
-		if (root.mnt && root.mnt->mnt_ns)
-			ns_root.mnt = mntget(root.mnt->mnt_ns->root);
-		if (ns_root.mnt)
-			ns_root.dentry = dget(ns_root.mnt->mnt_root);
-		spin_unlock(&vfsmount_lock);
+		struct path ns_root = {.mnt = NULL, .dentry = NULL};
+
 		spin_lock(&dcache_lock);
-		tmp = ns_root;
-		sp = __d_path(path, &tmp, newname, newname_len);
+		/* go to whatever namespace root we are under */
+		sp = __d_path(path, &ns_root, newname, newname_len);
 		spin_unlock(&dcache_lock);
-		path_put(&root);
-		path_put(&ns_root);
 		/* Prepend "/proc" prefix if using internal proc vfs mount. */
 		if (!IS_ERR(sp) && (path->mnt->mnt_parent == path->mnt) &&
 		    (strcmp(path->mnt->mnt_sb->s_type->name, "proc") == 0)) {
-- 
cgit v1.2.3-59-g8ed1b


From 440b3c6c160f7d0a985f24ad1f4c24e00ee2d936 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 5 Feb 2010 09:37:21 -0500
Subject: get rid of ->mnt_parent in tomoyo/realpath

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/tomoyo/realpath.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'security')

diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 6a4f8495f281..455bc391b76d 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -96,7 +96,7 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname,
 		sp = __d_path(path, &ns_root, newname, newname_len);
 		spin_unlock(&dcache_lock);
 		/* Prepend "/proc" prefix if using internal proc vfs mount. */
-		if (!IS_ERR(sp) && (path->mnt->mnt_parent == path->mnt) &&
+		if (!IS_ERR(sp) && (path->mnt->mnt_flags & MNT_INTERNAL) &&
 		    (strcmp(path->mnt->mnt_sb->s_type->name, "proc") == 0)) {
 			sp -= 5;
 			if (sp >= newname)
-- 
cgit v1.2.3-59-g8ed1b


From 181427a7e01beab76c789414334375839f026128 Mon Sep 17 00:00:00 2001
From: Dan Carpenter <error27@gmail.com>
Date: Sat, 13 Mar 2010 14:14:22 +0300
Subject: tomoyo: fix potential use after free

The original code returns a freed pointer.  This function is expected to
return NULL on errors.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/tomoyo/common.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'security')

diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index ff51f1026b57..ef89947a774b 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -886,6 +886,7 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
 	ptr = kmalloc(sizeof(*ptr), GFP_KERNEL);
 	if (!tomoyo_memory_ok(ptr)) {
 		kfree(ptr);
+		ptr = NULL;
 		goto ok;
 	}
 	for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++)
-- 
cgit v1.2.3-59-g8ed1b