Merge tag 'trace-v4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt...
[muen/linux.git] / security / security.c
index 987afe3d464c5f818d937eef264751279d09a7cf..7bc2fde023a797e7a941622a0a6d45c11fdb8b6b 100644 (file)
@@ -67,11 +67,11 @@ static void __init do_security_initcalls(void)
 int __init security_init(void)
 {
        int i;
-       struct list_head *list = (struct list_head *) &security_hook_heads;
+       struct hlist_head *list = (struct hlist_head *) &security_hook_heads;
 
-       for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct list_head);
+       for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct hlist_head);
             i++)
-               INIT_LIST_HEAD(&list[i]);
+               INIT_HLIST_HEAD(&list[i]);
        pr_info("Security Framework initialized\n");
 
        /*
@@ -169,7 +169,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
 
        for (i = 0; i < count; i++) {
                hooks[i].lsm = lsm;
-               list_add_tail_rcu(&hooks[i].list, hooks[i].head);
+               hlist_add_tail_rcu(&hooks[i].list, hooks[i].head);
        }
        if (lsm_append(lsm, &lsm_names) < 0)
                panic("%s - Cannot get early memory.\n", __func__);
@@ -207,7 +207,7 @@ EXPORT_SYMBOL(unregister_lsm_notifier);
        do {                                                    \
                struct security_hook_list *P;                   \
                                                                \
-               list_for_each_entry(P, &security_hook_heads.FUNC, list) \
+               hlist_for_each_entry(P, &security_hook_heads.FUNC, list) \
                        P->hook.FUNC(__VA_ARGS__);              \
        } while (0)
 
@@ -216,7 +216,7 @@ EXPORT_SYMBOL(unregister_lsm_notifier);
        do {                                                    \
                struct security_hook_list *P;                   \
                                                                \
-               list_for_each_entry(P, &security_hook_heads.FUNC, list) { \
+               hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \
                        RC = P->hook.FUNC(__VA_ARGS__);         \
                        if (RC != 0)                            \
                                break;                          \
@@ -323,7 +323,7 @@ int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
         * agree that it should be set it will. If any module
         * thinks it should not be set it won't.
         */
-       list_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) {
+       hlist_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) {
                rc = hp->hook.vm_enough_memory(mm, pages);
                if (rc <= 0) {
                        cap_sys_admin = 0;
@@ -811,7 +811,7 @@ int security_inode_getsecurity(struct inode *inode, const char *name, void **buf
        /*
         * Only one module will provide an attribute with a given name.
         */
-       list_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) {
+       hlist_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) {
                rc = hp->hook.inode_getsecurity(inode, name, buffer, alloc);
                if (rc != -EOPNOTSUPP)
                        return rc;
@@ -829,7 +829,7 @@ int security_inode_setsecurity(struct inode *inode, const char *name, const void
        /*
         * Only one module will provide an attribute with a given name.
         */
-       list_for_each_entry(hp, &security_hook_heads.inode_setsecurity, list) {
+       hlist_for_each_entry(hp, &security_hook_heads.inode_setsecurity, list) {
                rc = hp->hook.inode_setsecurity(inode, name, value, size,
                                                                flags);
                if (rc != -EOPNOTSUPP)
@@ -1011,6 +1011,13 @@ void security_transfer_creds(struct cred *new, const struct cred *old)
        call_void_hook(cred_transfer, new, old);
 }
 
+void security_cred_getsecid(const struct cred *c, u32 *secid)
+{
+       *secid = 0;
+       call_void_hook(cred_getsecid, c, secid);
+}
+EXPORT_SYMBOL(security_cred_getsecid);
+
 int security_kernel_act_as(struct cred *new, u32 secid)
 {
        return call_int_hook(kernel_act_as, 0, new, secid);
@@ -1120,9 +1127,9 @@ int security_task_movememory(struct task_struct *p)
 }
 
 int security_task_kill(struct task_struct *p, struct siginfo *info,
-                       int sig, u32 secid)
+                       int sig, const struct cred *cred)
 {
-       return call_int_hook(task_kill, 0, p, info, sig, secid);
+       return call_int_hook(task_kill, 0, p, info, sig, cred);
 }
 
 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
@@ -1132,7 +1139,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
        int rc = -ENOSYS;
        struct security_hook_list *hp;
 
-       list_for_each_entry(hp, &security_hook_heads.task_prctl, list) {
+       hlist_for_each_entry(hp, &security_hook_heads.task_prctl, list) {
                thisrc = hp->hook.task_prctl(option, arg2, arg3, arg4, arg5);
                if (thisrc != -ENOSYS) {
                        rc = thisrc;
@@ -1169,84 +1176,84 @@ void security_msg_msg_free(struct msg_msg *msg)
        call_void_hook(msg_msg_free_security, msg);
 }
 
-int security_msg_queue_alloc(struct msg_queue *msq)
+int security_msg_queue_alloc(struct kern_ipc_perm *msq)
 {
        return call_int_hook(msg_queue_alloc_security, 0, msq);
 }
 
-void security_msg_queue_free(struct msg_queue *msq)
+void security_msg_queue_free(struct kern_ipc_perm *msq)
 {
        call_void_hook(msg_queue_free_security, msq);
 }
 
-int security_msg_queue_associate(struct msg_queue *msq, int msqflg)
+int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
 {
        return call_int_hook(msg_queue_associate, 0, msq, msqflg);
 }
 
-int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
+int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
 {
        return call_int_hook(msg_queue_msgctl, 0, msq, cmd);
 }
 
-int security_msg_queue_msgsnd(struct msg_queue *msq,
+int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
                               struct msg_msg *msg, int msqflg)
 {
        return call_int_hook(msg_queue_msgsnd, 0, msq, msg, msqflg);
 }
 
-int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
+int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
                               struct task_struct *target, long type, int mode)
 {
        return call_int_hook(msg_queue_msgrcv, 0, msq, msg, target, type, mode);
 }
 
-int security_shm_alloc(struct shmid_kernel *shp)
+int security_shm_alloc(struct kern_ipc_perm *shp)
 {
        return call_int_hook(shm_alloc_security, 0, shp);
 }
 
-void security_shm_free(struct shmid_kernel *shp)
+void security_shm_free(struct kern_ipc_perm *shp)
 {
        call_void_hook(shm_free_security, shp);
 }
 
-int security_shm_associate(struct shmid_kernel *shp, int shmflg)
+int security_shm_associate(struct kern_ipc_perm *shp, int shmflg)
 {
        return call_int_hook(shm_associate, 0, shp, shmflg);
 }
 
-int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
+int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
 {
        return call_int_hook(shm_shmctl, 0, shp, cmd);
 }
 
-int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg)
+int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg)
 {
        return call_int_hook(shm_shmat, 0, shp, shmaddr, shmflg);
 }
 
-int security_sem_alloc(struct sem_array *sma)
+int security_sem_alloc(struct kern_ipc_perm *sma)
 {
        return call_int_hook(sem_alloc_security, 0, sma);
 }
 
-void security_sem_free(struct sem_array *sma)
+void security_sem_free(struct kern_ipc_perm *sma)
 {
        call_void_hook(sem_free_security, sma);
 }
 
-int security_sem_associate(struct sem_array *sma, int semflg)
+int security_sem_associate(struct kern_ipc_perm *sma, int semflg)
 {
        return call_int_hook(sem_associate, 0, sma, semflg);
 }
 
-int security_sem_semctl(struct sem_array *sma, int cmd)
+int security_sem_semctl(struct kern_ipc_perm *sma, int cmd)
 {
        return call_int_hook(sem_semctl, 0, sma, cmd);
 }
 
-int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
+int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
                        unsigned nsops, int alter)
 {
        return call_int_hook(sem_semop, 0, sma, sops, nsops, alter);
@@ -1479,6 +1486,7 @@ void security_inet_conn_established(struct sock *sk,
 {
        call_void_hook(inet_conn_established, sk, skb);
 }
+EXPORT_SYMBOL(security_inet_conn_established);
 
 int security_secmark_relabel_packet(u32 secid)
 {
@@ -1534,6 +1542,27 @@ int security_tun_dev_open(void *security)
 }
 EXPORT_SYMBOL(security_tun_dev_open);
 
+int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb)
+{
+       return call_int_hook(sctp_assoc_request, 0, ep, skb);
+}
+EXPORT_SYMBOL(security_sctp_assoc_request);
+
+int security_sctp_bind_connect(struct sock *sk, int optname,
+                              struct sockaddr *address, int addrlen)
+{
+       return call_int_hook(sctp_bind_connect, 0, sk, optname,
+                            address, addrlen);
+}
+EXPORT_SYMBOL(security_sctp_bind_connect);
+
+void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk,
+                           struct sock *newsk)
+{
+       call_void_hook(sctp_sk_clone, ep, sk, newsk);
+}
+EXPORT_SYMBOL(security_sctp_sk_clone);
+
 #endif /* CONFIG_SECURITY_NETWORK */
 
 #ifdef CONFIG_SECURITY_INFINIBAND
@@ -1635,7 +1664,7 @@ int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
         * For speed optimization, we explicitly break the loop rather than
         * using the macro
         */
-       list_for_each_entry(hp, &security_hook_heads.xfrm_state_pol_flow_match,
+       hlist_for_each_entry(hp, &security_hook_heads.xfrm_state_pol_flow_match,
                                list) {
                rc = hp->hook.xfrm_state_pol_flow_match(x, xp, fl);
                break;