summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJames Morris <james.l.morris@oracle.com>2014-11-19 11:32:12 +0100
committerJames Morris <james.l.morris@oracle.com>2014-11-19 11:32:12 +0100
commitb10778a00d40b3d9fdaaf5891e802794781ff71c (patch)
tree6ba4cbac86eecedc3f30650e7f764ecf00c83898 /security
parentintegrity: do zero padding of the key id (diff)
parentLinux 3.17 (diff)
downloadlinux-b10778a00d40b3d9fdaaf5891e802794781ff71c.tar.xz
linux-b10778a00d40b3d9fdaaf5891e802794781ff71c.zip
Merge commit 'v3.17' into next
Diffstat (limited to 'security')
-rw-r--r--security/device_cgroup.c2
-rw-r--r--security/keys/gc.c11
-rw-r--r--security/keys/key.c4
-rw-r--r--security/keys/request_key.c23
-rw-r--r--security/selinux/netif.c4
-rw-r--r--security/selinux/netnode.c3
-rw-r--r--security/selinux/netport.c3
-rw-r--r--security/tomoyo/audit.c8
-rw-r--r--security/tomoyo/common.c4
-rw-r--r--security/tomoyo/realpath.c5
10 files changed, 17 insertions, 50 deletions
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index d9d69e6930ed..188c1d26393b 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -796,7 +796,7 @@ struct cgroup_subsys devices_cgrp_subsys = {
.css_free = devcgroup_css_free,
.css_online = devcgroup_online,
.css_offline = devcgroup_offline,
- .base_cftypes = dev_cgroup_files,
+ .legacy_cftypes = dev_cgroup_files,
};
/**
diff --git a/security/keys/gc.c b/security/keys/gc.c
index d3222b6d7d59..9609a7f0faea 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -92,15 +92,6 @@ static void key_gc_timer_func(unsigned long data)
}
/*
- * wait_on_bit() sleep function for uninterruptible waiting
- */
-static int key_gc_wait_bit(void *flags)
-{
- schedule();
- return 0;
-}
-
-/*
* Reap keys of dead type.
*
* We use three flags to make sure we see three complete cycles of the garbage
@@ -123,7 +114,7 @@ void key_gc_keytype(struct key_type *ktype)
schedule_work(&key_gc_work);
kdebug("sleep");
- wait_on_bit(&key_gc_flags, KEY_GC_REAPING_KEYTYPE, key_gc_wait_bit,
+ wait_on_bit(&key_gc_flags, KEY_GC_REAPING_KEYTYPE,
TASK_UNINTERRUPTIBLE);
key_gc_dead_keytype = NULL;
diff --git a/security/keys/key.c b/security/keys/key.c
index 8c0092ca0443..e17ba6aefdc0 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -27,8 +27,8 @@ DEFINE_SPINLOCK(key_serial_lock);
struct rb_root key_user_tree; /* tree of quota records indexed by UID */
DEFINE_SPINLOCK(key_user_lock);
-unsigned int key_quota_root_maxkeys = 200; /* root's key count quota */
-unsigned int key_quota_root_maxbytes = 20000; /* root's key space quota */
+unsigned int key_quota_root_maxkeys = 1000000; /* root's key count quota */
+unsigned int key_quota_root_maxbytes = 25000000; /* root's key space quota */
unsigned int key_quota_maxkeys = 200; /* general key count quota */
unsigned int key_quota_maxbytes = 20000; /* general key space quota */
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index dc6ed32b7844..bb4337c7ae1b 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -21,24 +21,6 @@
#define key_negative_timeout 60 /* default timeout on a negative key's existence */
-/*
- * wait_on_bit() sleep function for uninterruptible waiting
- */
-static int key_wait_bit(void *flags)
-{
- schedule();
- return 0;
-}
-
-/*
- * wait_on_bit() sleep function for interruptible waiting
- */
-static int key_wait_bit_intr(void *flags)
-{
- schedule();
- return signal_pending(current) ? -ERESTARTSYS : 0;
-}
-
/**
* complete_request_key - Complete the construction of a key.
* @cons: The key construction record.
@@ -603,10 +585,9 @@ int wait_for_key_construction(struct key *key, bool intr)
int ret;
ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
- intr ? key_wait_bit_intr : key_wait_bit,
intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
- if (ret < 0)
- return ret;
+ if (ret)
+ return -ERESTARTSYS;
if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
smp_rmb();
return key->type_data.reject_error;
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index 485524c477a4..e607b4473ef6 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -275,7 +275,7 @@ static struct notifier_block sel_netif_netdev_notifier = {
static __init int sel_netif_init(void)
{
- int i, err;
+ int i;
if (!selinux_enabled)
return 0;
@@ -285,7 +285,7 @@ static __init int sel_netif_init(void)
register_netdevice_notifier(&sel_netif_netdev_notifier);
- return err;
+ return 0;
}
__initcall(sel_netif_init);
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index ddf315260839..da923f89d2a9 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -303,7 +303,6 @@ void sel_netnode_flush(void)
static __init int sel_netnode_init(void)
{
int iter;
- int ret;
if (!selinux_enabled)
return 0;
@@ -313,7 +312,7 @@ static __init int sel_netnode_init(void)
sel_netnode_hash[iter].size = 0;
}
- return ret;
+ return 0;
}
__initcall(sel_netnode_init);
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index 73ac6784d091..3311cc393cb4 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -237,7 +237,6 @@ void sel_netport_flush(void)
static __init int sel_netport_init(void)
{
int iter;
- int ret;
if (!selinux_enabled)
return 0;
@@ -247,7 +246,7 @@ static __init int sel_netport_init(void)
sel_netport_hash[iter].size = 0;
}
- return ret;
+ return 0;
}
__initcall(sel_netport_init);
diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c
index c1b00375c9ad..3ffa4f5509d8 100644
--- a/security/tomoyo/audit.c
+++ b/security/tomoyo/audit.c
@@ -155,11 +155,9 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r)
u8 i;
if (!buffer)
return NULL;
- {
- struct timeval tv;
- do_gettimeofday(&tv);
- tomoyo_convert_time(tv.tv_sec, &stamp);
- }
+
+ tomoyo_convert_time(get_seconds(), &stamp);
+
pos = snprintf(buffer, tomoyo_buffer_len - 1,
"#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s "
"granted=%s (global-pid=%u) task={ pid=%u ppid=%u "
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 283862aebdc8..e0fb75052550 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -2267,13 +2267,11 @@ static unsigned int tomoyo_stat_modified[TOMOYO_MAX_POLICY_STAT];
*/
void tomoyo_update_stat(const u8 index)
{
- struct timeval tv;
- do_gettimeofday(&tv);
/*
* I don't use atomic operations because race condition is not fatal.
*/
tomoyo_stat_updated[index]++;
- tomoyo_stat_modified[index] = tv.tv_sec;
+ tomoyo_stat_modified[index] = get_seconds();
}
/**
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index a3386d119425..bed745c8b1a3 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -173,7 +173,7 @@ static char *tomoyo_get_local_path(struct dentry *dentry, char * const buffer,
* Use filesystem name if filesystem does not support rename()
* operation.
*/
- if (!inode->i_op->rename)
+ if (!inode->i_op->rename && !inode->i_op->rename2)
goto prepend_filesystem_name;
}
/* Prepend device name. */
@@ -282,7 +282,8 @@ char *tomoyo_realpath_from_path(struct path *path)
* Get local name for filesystems without rename() operation
* or dentry without vfsmount.
*/
- if (!path->mnt || !inode->i_op->rename)
+ if (!path->mnt ||
+ (!inode->i_op->rename && !inode->i_op->rename2))
pos = tomoyo_get_local_path(path->dentry, buf,
buf_len - 1);
/* Get absolute name for the rest. */