Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6.26: (1090 commits) [NET]: Fix and allocate less memory for ->priv'less netdevices [IPV6]: Fix dangling references on error in fib6_add(). [NETLABEL]: Fix NULL deref in netlbl_unlabel_staticlist_gen() if ifindex not found [PKT_SCHED]: Fix datalen check in tcf_simp_init(). [INET]: Uninline the __inet_inherit_port call. [INET]: Drop the inet_inherit_port() call. SCTP: Initialize partial_bytes_acked to 0, when all of the data is acked. [netdrvr] forcedeth: internal simplifications; changelog removal phylib: factor out get_phy_id from within get_phy_device PHY: add BCM5464 support to broadcom PHY driver cxgb3: Fix __must_check warning with dev_dbg. tc35815: Statistics cleanup natsemi: fix MMIO for PPC 44x platforms [TIPC]: Cleanup of TIPC reference table code [TIPC]: Optimized initialization of TIPC reference table [TIPC]: Remove inlining of reference table locking routines e1000: convert uint16_t style integers to u16 ixgb: convert uint16_t style integers to u16 sb1000.c: make const arrays static sb1000.c: stop inlining largish static functions ...
This commit is contained in:
+8
-6
@@ -876,22 +876,23 @@ static inline void dummy_req_classify_flow(const struct request_sock *req,
|
||||
#endif /* CONFIG_SECURITY_NETWORK */
|
||||
|
||||
#ifdef CONFIG_SECURITY_NETWORK_XFRM
|
||||
static int dummy_xfrm_policy_alloc_security(struct xfrm_policy *xp,
|
||||
struct xfrm_user_sec_ctx *sec_ctx)
|
||||
static int dummy_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp,
|
||||
struct xfrm_user_sec_ctx *sec_ctx)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int dummy_xfrm_policy_clone_security(struct xfrm_policy *old, struct xfrm_policy *new)
|
||||
static inline int dummy_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx,
|
||||
struct xfrm_sec_ctx **new_ctxp)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void dummy_xfrm_policy_free_security(struct xfrm_policy *xp)
|
||||
static void dummy_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx)
|
||||
{
|
||||
}
|
||||
|
||||
static int dummy_xfrm_policy_delete_security(struct xfrm_policy *xp)
|
||||
static int dummy_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
@@ -911,7 +912,8 @@ static int dummy_xfrm_state_delete_security(struct xfrm_state *x)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int dummy_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir)
|
||||
static int dummy_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx,
|
||||
u32 sk_sid, u8 dir)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
+11
-10
@@ -1014,26 +1014,27 @@ void security_inet_conn_established(struct sock *sk,
|
||||
|
||||
#ifdef CONFIG_SECURITY_NETWORK_XFRM
|
||||
|
||||
int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
|
||||
int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx)
|
||||
{
|
||||
return security_ops->xfrm_policy_alloc_security(xp, sec_ctx);
|
||||
return security_ops->xfrm_policy_alloc_security(ctxp, sec_ctx);
|
||||
}
|
||||
EXPORT_SYMBOL(security_xfrm_policy_alloc);
|
||||
|
||||
int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
|
||||
int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
|
||||
struct xfrm_sec_ctx **new_ctxp)
|
||||
{
|
||||
return security_ops->xfrm_policy_clone_security(old, new);
|
||||
return security_ops->xfrm_policy_clone_security(old_ctx, new_ctxp);
|
||||
}
|
||||
|
||||
void security_xfrm_policy_free(struct xfrm_policy *xp)
|
||||
void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
|
||||
{
|
||||
security_ops->xfrm_policy_free_security(xp);
|
||||
security_ops->xfrm_policy_free_security(ctx);
|
||||
}
|
||||
EXPORT_SYMBOL(security_xfrm_policy_free);
|
||||
|
||||
int security_xfrm_policy_delete(struct xfrm_policy *xp)
|
||||
int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
|
||||
{
|
||||
return security_ops->xfrm_policy_delete_security(xp);
|
||||
return security_ops->xfrm_policy_delete_security(ctx);
|
||||
}
|
||||
|
||||
int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
|
||||
@@ -1065,9 +1066,9 @@ void security_xfrm_state_free(struct xfrm_state *x)
|
||||
security_ops->xfrm_state_free_security(x);
|
||||
}
|
||||
|
||||
int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
|
||||
int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
|
||||
{
|
||||
return security_ops->xfrm_policy_lookup(xp, fl_secid, dir);
|
||||
return security_ops->xfrm_policy_lookup(ctx, fl_secid, dir);
|
||||
}
|
||||
|
||||
int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
|
||||
|
||||
@@ -7,16 +7,17 @@
|
||||
#ifndef _SELINUX_XFRM_H_
|
||||
#define _SELINUX_XFRM_H_
|
||||
|
||||
int selinux_xfrm_policy_alloc(struct xfrm_policy *xp,
|
||||
struct xfrm_user_sec_ctx *sec_ctx);
|
||||
int selinux_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new);
|
||||
void selinux_xfrm_policy_free(struct xfrm_policy *xp);
|
||||
int selinux_xfrm_policy_delete(struct xfrm_policy *xp);
|
||||
int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
|
||||
struct xfrm_user_sec_ctx *sec_ctx);
|
||||
int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
|
||||
struct xfrm_sec_ctx **new_ctxp);
|
||||
void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
|
||||
int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
|
||||
int selinux_xfrm_state_alloc(struct xfrm_state *x,
|
||||
struct xfrm_user_sec_ctx *sec_ctx, u32 secid);
|
||||
void selinux_xfrm_state_free(struct xfrm_state *x);
|
||||
int selinux_xfrm_state_delete(struct xfrm_state *x);
|
||||
int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
|
||||
int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
|
||||
int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
|
||||
struct xfrm_policy *xp, struct flowi *fl);
|
||||
|
||||
|
||||
@@ -281,7 +281,7 @@ static int sel_netif_netdev_notifier_handler(struct notifier_block *this,
|
||||
{
|
||||
struct net_device *dev = ptr;
|
||||
|
||||
if (dev->nd_net != &init_net)
|
||||
if (dev_net(dev) != &init_net)
|
||||
return NOTIFY_DONE;
|
||||
|
||||
if (event == NETDEV_DOWN)
|
||||
|
||||
@@ -2674,7 +2674,7 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
|
||||
goto netlbl_sid_to_secattr_failure;
|
||||
secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],
|
||||
GFP_ATOMIC);
|
||||
secattr->flags |= NETLBL_SECATTR_DOMAIN;
|
||||
secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY;
|
||||
mls_export_netlbl_lvl(ctx, secattr);
|
||||
rc = mls_export_netlbl_cat(ctx, secattr);
|
||||
if (rc != 0)
|
||||
|
||||
+16
-23
@@ -77,20 +77,18 @@ static inline int selinux_authorizable_xfrm(struct xfrm_state *x)
|
||||
* LSM hook implementation that authorizes that a flow can use
|
||||
* a xfrm policy rule.
|
||||
*/
|
||||
int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
|
||||
int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
|
||||
{
|
||||
int rc;
|
||||
u32 sel_sid;
|
||||
struct xfrm_sec_ctx *ctx;
|
||||
|
||||
/* Context sid is either set to label or ANY_ASSOC */
|
||||
if ((ctx = xp->security)) {
|
||||
if (ctx) {
|
||||
if (!selinux_authorizable_ctx(ctx))
|
||||
return -EINVAL;
|
||||
|
||||
sel_sid = ctx->ctx_sid;
|
||||
}
|
||||
else
|
||||
} else
|
||||
/*
|
||||
* All flows should be treated as polmatch'ing an
|
||||
* otherwise applicable "non-labeled" policy. This
|
||||
@@ -103,7 +101,7 @@ int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
|
||||
NULL);
|
||||
|
||||
if (rc == -EACCES)
|
||||
rc = -ESRCH;
|
||||
return -ESRCH;
|
||||
|
||||
return rc;
|
||||
}
|
||||
@@ -287,15 +285,14 @@ out2:
|
||||
* LSM hook implementation that allocs and transfers uctx spec to
|
||||
* xfrm_policy.
|
||||
*/
|
||||
int selinux_xfrm_policy_alloc(struct xfrm_policy *xp,
|
||||
struct xfrm_user_sec_ctx *uctx)
|
||||
int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
|
||||
struct xfrm_user_sec_ctx *uctx)
|
||||
{
|
||||
int err;
|
||||
|
||||
BUG_ON(!xp);
|
||||
BUG_ON(!uctx);
|
||||
|
||||
err = selinux_xfrm_sec_ctx_alloc(&xp->security, uctx, 0);
|
||||
err = selinux_xfrm_sec_ctx_alloc(ctxp, uctx, 0);
|
||||
if (err == 0)
|
||||
atomic_inc(&selinux_xfrm_refcount);
|
||||
|
||||
@@ -307,32 +304,29 @@ int selinux_xfrm_policy_alloc(struct xfrm_policy *xp,
|
||||
* LSM hook implementation that copies security data structure from old to
|
||||
* new for policy cloning.
|
||||
*/
|
||||
int selinux_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
|
||||
int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
|
||||
struct xfrm_sec_ctx **new_ctxp)
|
||||
{
|
||||
struct xfrm_sec_ctx *old_ctx, *new_ctx;
|
||||
|
||||
old_ctx = old->security;
|
||||
struct xfrm_sec_ctx *new_ctx;
|
||||
|
||||
if (old_ctx) {
|
||||
new_ctx = new->security = kmalloc(sizeof(*new_ctx) +
|
||||
old_ctx->ctx_len,
|
||||
GFP_KERNEL);
|
||||
|
||||
new_ctx = kmalloc(sizeof(*old_ctx) + old_ctx->ctx_len,
|
||||
GFP_KERNEL);
|
||||
if (!new_ctx)
|
||||
return -ENOMEM;
|
||||
|
||||
memcpy(new_ctx, old_ctx, sizeof(*new_ctx));
|
||||
memcpy(new_ctx->ctx_str, old_ctx->ctx_str, new_ctx->ctx_len);
|
||||
*new_ctxp = new_ctx;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* LSM hook implementation that frees xfrm_policy security information.
|
||||
* LSM hook implementation that frees xfrm_sec_ctx security information.
|
||||
*/
|
||||
void selinux_xfrm_policy_free(struct xfrm_policy *xp)
|
||||
void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
|
||||
{
|
||||
struct xfrm_sec_ctx *ctx = xp->security;
|
||||
if (ctx)
|
||||
kfree(ctx);
|
||||
}
|
||||
@@ -340,10 +334,9 @@ void selinux_xfrm_policy_free(struct xfrm_policy *xp)
|
||||
/*
|
||||
* LSM hook implementation that authorizes deletion of labeled policies.
|
||||
*/
|
||||
int selinux_xfrm_policy_delete(struct xfrm_policy *xp)
|
||||
int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
|
||||
{
|
||||
struct task_security_struct *tsec = current->security;
|
||||
struct xfrm_sec_ctx *ctx = xp->security;
|
||||
int rc = 0;
|
||||
|
||||
if (ctx) {
|
||||
|
||||
@@ -1275,7 +1275,7 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
|
||||
|
||||
switch (smack_net_nltype) {
|
||||
case NETLBL_NLTYPE_CIPSOV4:
|
||||
nlsp->domain = kstrdup(smack, GFP_ATOMIC);
|
||||
nlsp->domain = smack;
|
||||
nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
|
||||
|
||||
rc = smack_to_cipso(smack, &cipso);
|
||||
|
||||
Reference in New Issue
Block a user