From 5e211e502d83aad94b94eb2c6dbe088fd02d7b26 Mon Sep 17 00:00:00 2001 From: Stefan Assmann Date: Thu, 24 Feb 2011 20:03:31 +0000 Subject: [PATCH] --- yaml --- r: 237551 b: refs/heads/master c: 9b082d734a938b951ed4b9b5a850ae3513d4a7e3 h: refs/heads/master i: 237549: dd88dbc17898cb597b39ab775097acf1bf7c19b0 237547: 6ce46606a6990f11fe22a703870545e9e68a03a5 237543: cdd0b8c6b03ca8ad84471cc31e645b84c922fcbc 237535: 85ce1ff179da84eace3069a92d58d57836bd25b8 v: v3 --- [refs] | 2 +- trunk/drivers/net/Kconfig | 21 ++++++++-- trunk/drivers/net/igb/igb_main.c | 7 +++- trunk/drivers/scsi/cxgbi/cxgb3i/Kconfig | 4 +- trunk/drivers/scsi/cxgbi/cxgb4i/Kconfig | 4 +- trunk/include/linux/netlink.h | 3 ++ trunk/include/net/sch_generic.h | 1 - trunk/kernel/audit.c | 6 +-- trunk/kernel/auditfilter.c | 10 ++--- trunk/net/ipv4/devinet.c | 4 +- trunk/net/ipv4/udp.c | 1 - trunk/net/netlabel/netlabel_user.h | 6 +-- trunk/net/netlink/af_netlink.c | 3 ++ trunk/net/sched/sch_fifo.c | 34 ++++++++++----- trunk/net/sched/sch_generic.c | 18 ++++---- trunk/net/xfrm/xfrm_user.c | 56 +++++++++++-------------- trunk/security/selinux/hooks.c | 6 +-- 17 files changed, 100 insertions(+), 86 deletions(-) diff --git a/[refs] b/[refs] index a1e4d745e5ca..87da6b94289b 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: e066008b38ca9ace1b6de8dbbac8ed460640791d +refs/heads/master: 9b082d734a938b951ed4b9b5a850ae3513d4a7e3 diff --git a/trunk/drivers/net/Kconfig b/trunk/drivers/net/Kconfig index 6e09d5fea221..f4b39274308a 100644 --- a/trunk/drivers/net/Kconfig +++ b/trunk/drivers/net/Kconfig @@ -2595,9 +2595,14 @@ config CHELSIO_T1_1G Enables support for Chelsio's gigabit Ethernet PCI cards. If you are using only 10G cards say 'N' here. +config CHELSIO_T3_DEPENDS + tristate + depends on PCI && INET + default y + config CHELSIO_T3 tristate "Chelsio Communications T3 10Gb Ethernet support" - depends on PCI && INET + depends on CHELSIO_T3_DEPENDS select FW_LOADER select MDIO help @@ -2615,9 +2620,14 @@ config CHELSIO_T3 To compile this driver as a module, choose M here: the module will be called cxgb3. +config CHELSIO_T4_DEPENDS + tristate + depends on PCI && INET + default y + config CHELSIO_T4 tristate "Chelsio Communications T4 Ethernet support" - depends on PCI + depends on CHELSIO_T4_DEPENDS select FW_LOADER select MDIO help @@ -2635,9 +2645,14 @@ config CHELSIO_T4 To compile this driver as a module choose M here; the module will be called cxgb4. +config CHELSIO_T4VF_DEPENDS + tristate + depends on PCI && INET + default y + config CHELSIO_T4VF tristate "Chelsio Communications T4 Virtual Function Ethernet support" - depends on PCI + depends on CHELSIO_T4VF_DEPENDS help This driver supports Chelsio T4-based gigabit and 10Gb Ethernet adapters with PCI-E SR-IOV Virtual Functions. diff --git a/trunk/drivers/net/igb/igb_main.c b/trunk/drivers/net/igb/igb_main.c index 579dbba5f9e4..eef380af0537 100644 --- a/trunk/drivers/net/igb/igb_main.c +++ b/trunk/drivers/net/igb/igb_main.c @@ -2291,7 +2291,12 @@ static int __devinit igb_sw_init(struct igb_adapter *adapter) switch (hw->mac.type) { case e1000_82576: case e1000_i350: - adapter->vfs_allocated_count = (max_vfs > 7) ? 7 : max_vfs; + if (max_vfs > 7) { + dev_warn(&pdev->dev, + "Maximum of 7 VFs per PF, using max\n"); + adapter->vfs_allocated_count = 7; + } else + adapter->vfs_allocated_count = max_vfs; break; default: break; diff --git a/trunk/drivers/scsi/cxgbi/cxgb3i/Kconfig b/trunk/drivers/scsi/cxgbi/cxgb3i/Kconfig index 11dff23f7838..5cf4e9831f1b 100644 --- a/trunk/drivers/scsi/cxgbi/cxgb3i/Kconfig +++ b/trunk/drivers/scsi/cxgbi/cxgb3i/Kconfig @@ -1,8 +1,6 @@ config SCSI_CXGB3_ISCSI tristate "Chelsio T3 iSCSI support" - depends on PCI && INET - select NETDEVICES - select NETDEV_10000 + depends on CHELSIO_T3_DEPENDS select CHELSIO_T3 select SCSI_ISCSI_ATTRS ---help--- diff --git a/trunk/drivers/scsi/cxgbi/cxgb4i/Kconfig b/trunk/drivers/scsi/cxgbi/cxgb4i/Kconfig index d5302c27f377..bb94b39b17b3 100644 --- a/trunk/drivers/scsi/cxgbi/cxgb4i/Kconfig +++ b/trunk/drivers/scsi/cxgbi/cxgb4i/Kconfig @@ -1,8 +1,6 @@ config SCSI_CXGB4_ISCSI tristate "Chelsio T4 iSCSI support" - depends on PCI && INET - select NETDEVICES - select NETDEV_10000 + depends on CHELSIO_T4_DEPENDS select CHELSIO_T4 select SCSI_ISCSI_ATTRS ---help--- diff --git a/trunk/include/linux/netlink.h b/trunk/include/linux/netlink.h index 66823b862022..e2b9e63afa68 100644 --- a/trunk/include/linux/netlink.h +++ b/trunk/include/linux/netlink.h @@ -161,6 +161,9 @@ struct netlink_skb_parms { __u32 pid; __u32 dst_group; kernel_cap_t eff_cap; + __u32 loginuid; /* Login (audit) uid */ + __u32 sessionid; /* Session id (audit) */ + __u32 sid; /* SELinux security id */ }; #define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb)) diff --git a/trunk/include/net/sch_generic.h b/trunk/include/net/sch_generic.h index 1934634f8896..16626a04cb03 100644 --- a/trunk/include/net/sch_generic.h +++ b/trunk/include/net/sch_generic.h @@ -83,7 +83,6 @@ struct Qdisc { struct gnet_stats_queue qstats; struct rcu_head rcu_head; spinlock_t busylock; - u32 limit; }; static inline bool qdisc_is_running(const struct Qdisc *qdisc) diff --git a/trunk/kernel/audit.c b/trunk/kernel/audit.c index 939500317066..162e88e33bc9 100644 --- a/trunk/kernel/audit.c +++ b/trunk/kernel/audit.c @@ -673,9 +673,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) pid = NETLINK_CREDS(skb)->pid; uid = NETLINK_CREDS(skb)->uid; - loginuid = audit_get_loginuid(current); - sessionid = audit_get_sessionid(current); - security_task_getsecid(current, &sid); + loginuid = NETLINK_CB(skb).loginuid; + sessionid = NETLINK_CB(skb).sessionid; + sid = NETLINK_CB(skb).sid; seq = nlh->nlmsg_seq; data = NLMSG_DATA(nlh); diff --git a/trunk/kernel/auditfilter.c b/trunk/kernel/auditfilter.c index f8277c80d678..add2819af71b 100644 --- a/trunk/kernel/auditfilter.c +++ b/trunk/kernel/auditfilter.c @@ -1238,7 +1238,6 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb, for (i = 0; i < rule->field_count; i++) { struct audit_field *f = &rule->fields[i]; int result = 0; - u32 sid; switch (f->type) { case AUDIT_PID: @@ -1251,22 +1250,19 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb, result = audit_comparator(cb->creds.gid, f->op, f->val); break; case AUDIT_LOGINUID: - result = audit_comparator(audit_get_loginuid(current), - f->op, f->val); + result = audit_comparator(cb->loginuid, f->op, f->val); break; case AUDIT_SUBJ_USER: case AUDIT_SUBJ_ROLE: case AUDIT_SUBJ_TYPE: case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: - if (f->lsm_rule) { - security_task_getsecid(current, &sid); - result = security_audit_rule_match(sid, + if (f->lsm_rule) + result = security_audit_rule_match(cb->sid, f->type, f->op, f->lsm_rule, NULL); - } break; } diff --git a/trunk/net/ipv4/devinet.c b/trunk/net/ipv4/devinet.c index ff53860d1e56..90389281d97a 100644 --- a/trunk/net/ipv4/devinet.c +++ b/trunk/net/ipv4/devinet.c @@ -111,7 +111,7 @@ static inline unsigned int inet_addr_hash(struct net *net, __be32 addr) static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa) { - unsigned int hash = inet_addr_hash(net, ifa->ifa_local); + unsigned int hash = inet_addr_hash(net, ifa->ifa_address); spin_lock(&inet_addr_hash_lock); hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]); @@ -146,7 +146,7 @@ struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref) if (!net_eq(dev_net(dev), net)) continue; - if (ifa->ifa_local == addr) { + if (ifa->ifa_address == addr) { result = dev; break; } diff --git a/trunk/net/ipv4/udp.c b/trunk/net/ipv4/udp.c index c9a73e5b26a3..95e0c2c194a1 100644 --- a/trunk/net/ipv4/udp.c +++ b/trunk/net/ipv4/udp.c @@ -925,7 +925,6 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, rt = ip_route_output_flow(net, &fl, sk); if (IS_ERR(rt)) { err = PTR_ERR(rt); - rt = NULL; if (err == -ENETUNREACH) IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES); goto out; diff --git a/trunk/net/netlabel/netlabel_user.h b/trunk/net/netlabel/netlabel_user.h index f4fc4c9ad567..6caef8b20611 100644 --- a/trunk/net/netlabel/netlabel_user.h +++ b/trunk/net/netlabel/netlabel_user.h @@ -49,9 +49,9 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb, struct netlbl_audit *audit_info) { - security_task_getsecid(current, &audit_info->secid); - audit_info->loginuid = audit_get_loginuid(current); - audit_info->sessionid = audit_get_sessionid(current); + audit_info->secid = NETLINK_CB(skb).sid; + audit_info->loginuid = NETLINK_CB(skb).loginuid; + audit_info->sessionid = NETLINK_CB(skb).sessionid; } /* NetLabel NETLINK I/O functions */ diff --git a/trunk/net/netlink/af_netlink.c b/trunk/net/netlink/af_netlink.c index 97ecd923d7ee..478181d53c55 100644 --- a/trunk/net/netlink/af_netlink.c +++ b/trunk/net/netlink/af_netlink.c @@ -1362,6 +1362,9 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, NETLINK_CB(skb).pid = nlk->pid; NETLINK_CB(skb).dst_group = dst_group; + NETLINK_CB(skb).loginuid = audit_get_loginuid(current); + NETLINK_CB(skb).sessionid = audit_get_sessionid(current); + security_task_getsecid(current, &(NETLINK_CB(skb).sid)); memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); /* What can I do? Netlink is asynchronous, so that diff --git a/trunk/net/sched/sch_fifo.c b/trunk/net/sched/sch_fifo.c index 66effe2da8e0..be33f9ddf9dd 100644 --- a/trunk/net/sched/sch_fifo.c +++ b/trunk/net/sched/sch_fifo.c @@ -19,9 +19,15 @@ /* 1 band FIFO pseudo-"scheduler" */ +struct fifo_sched_data { + u32 limit; +}; + static int bfifo_enqueue(struct sk_buff *skb, struct Qdisc *sch) { - if (likely(sch->qstats.backlog + qdisc_pkt_len(skb) <= sch->limit)) + struct fifo_sched_data *q = qdisc_priv(sch); + + if (likely(sch->qstats.backlog + qdisc_pkt_len(skb) <= q->limit)) return qdisc_enqueue_tail(skb, sch); return qdisc_reshape_fail(skb, sch); @@ -29,7 +35,9 @@ static int bfifo_enqueue(struct sk_buff *skb, struct Qdisc *sch) static int pfifo_enqueue(struct sk_buff *skb, struct Qdisc *sch) { - if (likely(skb_queue_len(&sch->q) < sch->limit)) + struct fifo_sched_data *q = qdisc_priv(sch); + + if (likely(skb_queue_len(&sch->q) < q->limit)) return qdisc_enqueue_tail(skb, sch); return qdisc_reshape_fail(skb, sch); @@ -37,7 +45,9 @@ static int pfifo_enqueue(struct sk_buff *skb, struct Qdisc *sch) static int pfifo_tail_enqueue(struct sk_buff *skb, struct Qdisc *sch) { - if (likely(skb_queue_len(&sch->q) < sch->limit)) + struct fifo_sched_data *q = qdisc_priv(sch); + + if (likely(skb_queue_len(&sch->q) < q->limit)) return qdisc_enqueue_tail(skb, sch); /* queue full, remove one skb to fulfill the limit */ @@ -50,6 +60,7 @@ static int pfifo_tail_enqueue(struct sk_buff *skb, struct Qdisc *sch) static int fifo_init(struct Qdisc *sch, struct nlattr *opt) { + struct fifo_sched_data *q = qdisc_priv(sch); bool bypass; bool is_bfifo = sch->ops == &bfifo_qdisc_ops; @@ -59,20 +70,20 @@ static int fifo_init(struct Qdisc *sch, struct nlattr *opt) if (is_bfifo) limit *= psched_mtu(qdisc_dev(sch)); - sch->limit = limit; + q->limit = limit; } else { struct tc_fifo_qopt *ctl = nla_data(opt); if (nla_len(opt) < sizeof(*ctl)) return -EINVAL; - sch->limit = ctl->limit; + q->limit = ctl->limit; } if (is_bfifo) - bypass = sch->limit >= psched_mtu(qdisc_dev(sch)); + bypass = q->limit >= psched_mtu(qdisc_dev(sch)); else - bypass = sch->limit >= 1; + bypass = q->limit >= 1; if (bypass) sch->flags |= TCQ_F_CAN_BYPASS; @@ -83,7 +94,8 @@ static int fifo_init(struct Qdisc *sch, struct nlattr *opt) static int fifo_dump(struct Qdisc *sch, struct sk_buff *skb) { - struct tc_fifo_qopt opt = { .limit = sch->limit }; + struct fifo_sched_data *q = qdisc_priv(sch); + struct tc_fifo_qopt opt = { .limit = q->limit }; NLA_PUT(skb, TCA_OPTIONS, sizeof(opt), &opt); return skb->len; @@ -94,7 +106,7 @@ static int fifo_dump(struct Qdisc *sch, struct sk_buff *skb) struct Qdisc_ops pfifo_qdisc_ops __read_mostly = { .id = "pfifo", - .priv_size = 0, + .priv_size = sizeof(struct fifo_sched_data), .enqueue = pfifo_enqueue, .dequeue = qdisc_dequeue_head, .peek = qdisc_peek_head, @@ -109,7 +121,7 @@ EXPORT_SYMBOL(pfifo_qdisc_ops); struct Qdisc_ops bfifo_qdisc_ops __read_mostly = { .id = "bfifo", - .priv_size = 0, + .priv_size = sizeof(struct fifo_sched_data), .enqueue = bfifo_enqueue, .dequeue = qdisc_dequeue_head, .peek = qdisc_peek_head, @@ -124,7 +136,7 @@ EXPORT_SYMBOL(bfifo_qdisc_ops); struct Qdisc_ops pfifo_head_drop_qdisc_ops __read_mostly = { .id = "pfifo_head_drop", - .priv_size = 0, + .priv_size = sizeof(struct fifo_sched_data), .enqueue = pfifo_tail_enqueue, .dequeue = qdisc_dequeue_head, .peek = qdisc_peek_head, diff --git a/trunk/net/sched/sch_generic.c b/trunk/net/sched/sch_generic.c index a854cab03f1e..0da09d508737 100644 --- a/trunk/net/sched/sch_generic.c +++ b/trunk/net/sched/sch_generic.c @@ -550,25 +550,21 @@ struct Qdisc *qdisc_alloc(struct netdev_queue *dev_queue, { void *p; struct Qdisc *sch; - unsigned int size = QDISC_ALIGN(sizeof(*sch)) + ops->priv_size; + unsigned int size; int err = -ENOBUFS; + /* ensure that the Qdisc and the private data are 64-byte aligned */ + size = QDISC_ALIGN(sizeof(*sch)); + size += ops->priv_size + (QDISC_ALIGNTO - 1); + p = kzalloc_node(size, GFP_KERNEL, netdev_queue_numa_node_read(dev_queue)); if (!p) goto errout; sch = (struct Qdisc *) QDISC_ALIGN((unsigned long) p); - /* if we got non aligned memory, ask more and do alignment ourself */ - if (sch != p) { - kfree(p); - p = kzalloc_node(size + QDISC_ALIGNTO - 1, GFP_KERNEL, - netdev_queue_numa_node_read(dev_queue)); - if (!p) - goto errout; - sch = (struct Qdisc *) QDISC_ALIGN((unsigned long) p); - sch->padded = (char *) sch - (char *) p; - } + sch->padded = (char *) sch - (char *) p; + INIT_LIST_HEAD(&sch->list); skb_queue_head_init(&sch->q); spin_lock_init(&sch->busylock); diff --git a/trunk/net/xfrm/xfrm_user.c b/trunk/net/xfrm/xfrm_user.c index 468ab60d3dc0..673698d380d7 100644 --- a/trunk/net/xfrm/xfrm_user.c +++ b/trunk/net/xfrm/xfrm_user.c @@ -497,9 +497,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, struct xfrm_state *x; int err; struct km_event c; - uid_t loginuid = audit_get_loginuid(current); - u32 sessionid = audit_get_sessionid(current); - u32 sid; + uid_t loginuid = NETLINK_CB(skb).loginuid; + u32 sessionid = NETLINK_CB(skb).sessionid; + u32 sid = NETLINK_CB(skb).sid; err = verify_newsa_info(p, attrs); if (err) @@ -515,7 +515,6 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, else err = xfrm_state_update(x); - security_task_getsecid(current, &sid); xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid); if (err < 0) { @@ -576,9 +575,9 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, int err = -ESRCH; struct km_event c; struct xfrm_usersa_id *p = nlmsg_data(nlh); - uid_t loginuid = audit_get_loginuid(current); - u32 sessionid = audit_get_sessionid(current); - u32 sid; + uid_t loginuid = NETLINK_CB(skb).loginuid; + u32 sessionid = NETLINK_CB(skb).sessionid; + u32 sid = NETLINK_CB(skb).sid; x = xfrm_user_state_lookup(net, p, attrs, &err); if (x == NULL) @@ -603,7 +602,6 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, km_state_notify(x, &c); out: - security_task_getsecid(current, &sid); xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid); xfrm_state_put(x); return err; @@ -1267,9 +1265,9 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, struct km_event c; int err; int excl; - uid_t loginuid = audit_get_loginuid(current); - u32 sessionid = audit_get_sessionid(current); - u32 sid; + uid_t loginuid = NETLINK_CB(skb).loginuid; + u32 sessionid = NETLINK_CB(skb).sessionid; + u32 sid = NETLINK_CB(skb).sid; err = verify_newpolicy_info(p); if (err) @@ -1288,7 +1286,6 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, * a type XFRM_MSG_UPDPOLICY - JHS */ excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; err = xfrm_policy_insert(p->dir, xp, excl); - security_task_getsecid(current, &sid); xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid); if (err) { @@ -1525,11 +1522,10 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, NETLINK_CB(skb).pid); } } else { - uid_t loginuid = audit_get_loginuid(current); - u32 sessionid = audit_get_sessionid(current); - u32 sid; + uid_t loginuid = NETLINK_CB(skb).loginuid; + u32 sessionid = NETLINK_CB(skb).sessionid; + u32 sid = NETLINK_CB(skb).sid; - security_task_getsecid(current, &sid); xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid, sid); @@ -1557,9 +1553,9 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, struct xfrm_audit audit_info; int err; - audit_info.loginuid = audit_get_loginuid(current); - audit_info.sessionid = audit_get_sessionid(current); - security_task_getsecid(current, &audit_info.secid); + audit_info.loginuid = NETLINK_CB(skb).loginuid; + audit_info.sessionid = NETLINK_CB(skb).sessionid; + audit_info.secid = NETLINK_CB(skb).sid; err = xfrm_state_flush(net, p->proto, &audit_info); if (err) { if (err == -ESRCH) /* empty table */ @@ -1724,9 +1720,9 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, if (err) return err; - audit_info.loginuid = audit_get_loginuid(current); - audit_info.sessionid = audit_get_sessionid(current); - security_task_getsecid(current, &audit_info.secid); + audit_info.loginuid = NETLINK_CB(skb).loginuid; + audit_info.sessionid = NETLINK_CB(skb).sessionid; + audit_info.secid = NETLINK_CB(skb).sid; err = xfrm_policy_flush(net, type, &audit_info); if (err) { if (err == -ESRCH) /* empty table */ @@ -1793,11 +1789,9 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, err = 0; if (up->hard) { - uid_t loginuid = audit_get_loginuid(current); - u32 sessionid = audit_get_sessionid(current); - u32 sid; - - security_task_getsecid(current, &sid); + uid_t loginuid = NETLINK_CB(skb).loginuid; + uid_t sessionid = NETLINK_CB(skb).sessionid; + u32 sid = NETLINK_CB(skb).sid; xfrm_policy_delete(xp, p->dir); xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid); @@ -1836,11 +1830,9 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, km_state_expired(x, ue->hard, current->pid); if (ue->hard) { - uid_t loginuid = audit_get_loginuid(current); - u32 sessionid = audit_get_sessionid(current); - u32 sid; - - security_task_getsecid(current, &sid); + uid_t loginuid = NETLINK_CB(skb).loginuid; + uid_t sessionid = NETLINK_CB(skb).sessionid; + u32 sid = NETLINK_CB(skb).sid; __xfrm_state_delete(x); xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid); } diff --git a/trunk/security/selinux/hooks.c b/trunk/security/selinux/hooks.c index cef42f5d69a2..c8d699270687 100644 --- a/trunk/security/selinux/hooks.c +++ b/trunk/security/selinux/hooks.c @@ -4669,7 +4669,6 @@ static int selinux_netlink_recv(struct sk_buff *skb, int capability) { int err; struct common_audit_data ad; - u32 sid; err = cap_netlink_recv(skb, capability); if (err) @@ -4678,9 +4677,8 @@ static int selinux_netlink_recv(struct sk_buff *skb, int capability) COMMON_AUDIT_DATA_INIT(&ad, CAP); ad.u.cap = capability; - security_task_getsecid(current, &sid); - return avc_has_perm(sid, sid, SECCLASS_CAPABILITY, - CAP_TO_MASK(capability), &ad); + return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid, + SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad); } static int ipc_alloc_security(struct task_struct *task,