Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville...

diff --git a/include/linux/security.h b/include/linux/security.h
index fd4d55fb884539fa0954937b0bbf5945e8bd5a6b..d47a4c24b3e453716057b2b433c196657f786bd6 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -796,8 +796,9 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  * @unix_stream_connect:
  *     Check permissions before establishing a Unix domain stream connection
  *     between @sock and @other.
- *     @sock contains the socket structure.
- *     @other contains the peer socket structure.
+ *     @sock contains the sock structure.
+ *     @other contains the peer sock structure.
+ *     @newsk contains the new sock structure.
  *     Return 0 if permission is granted.
  * @unix_may_send:
  *     Check permissions before connecting or sending datagrams from @sock to
@@ -1568,8 +1569,7 @@ struct security_operations {
        int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
 
 #ifdef CONFIG_SECURITY_NETWORK
-       int (*unix_stream_connect) (struct socket *sock,
-                                   struct socket *other, struct sock *newsk);
+       int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk);
        int (*unix_may_send) (struct socket *sock, struct socket *other);
 
        int (*socket_create) (int family, int type, int protocol, int kern);
@@ -2525,8 +2525,7 @@ static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32
 
 #ifdef CONFIG_SECURITY_NETWORK
 
-int security_unix_stream_connect(struct socket *sock, struct socket *other,
-                                struct sock *newsk);
+int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
 int security_unix_may_send(struct socket *sock,  struct socket *other);
 int security_socket_create(int family, int type, int protocol, int kern);
 int security_socket_post_create(struct socket *sock, int family,
@@ -2567,8 +2566,8 @@ void security_tun_dev_post_create(struct sock *sk);
 int security_tun_dev_attach(struct sock *sk);
 
 #else  /* CONFIG_SECURITY_NETWORK */
-static inline int security_unix_stream_connect(struct socket *sock,
-                                              struct socket *other,
+static inline int security_unix_stream_connect(struct sock *sock,
+                                              struct sock *other,
                                               struct sock *newsk)
 {
        return 0;

diff --git a/net/core/sock.c b/net/core/sock.c
index a6b9e8061f34ddb958756279a42a2bb7817c56f2..a658aeb6d554e41c9783763354f59a2d6e17bd4c 100644 (file)
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1908,7 +1908,7 @@ static void sock_def_readable(struct sock *sk, int len)
        rcu_read_lock();
        wq = rcu_dereference(sk->sk_wq);
        if (wq_has_sleeper(wq))
-               wake_up_interruptible_sync_poll(&wq->wait, POLLIN |
+               wake_up_interruptible_sync_poll(&wq->wait, POLLIN | POLLPRI |
                                                POLLRDNORM | POLLRDBAND);
        sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
        rcu_read_unlock();

diff --git a/net/sched/sch_fifo.c b/net/sched/sch_fifo.c
index 4dfecb0cba371c1e07eb6061ab009cb87239cfee..aa4d6337e43cab4f3a094d6b2028be50afdcada5 100644 (file)
--- a/net/sched/sch_fifo.c
+++ b/net/sched/sch_fifo.c
@@ -54,8 +54,6 @@ static int pfifo_tail_enqueue(struct sk_buff *skb, struct Qdisc* sch)
 
        /* queue full, remove one skb to fulfill the limit */
        skb_head = qdisc_dequeue_head(sch);
-       sch->bstats.bytes -= qdisc_pkt_len(skb_head);
-       sch->bstats.packets--;
        sch->qstats.drops++;
        kfree_skb(skb_head);
 

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 417d7a6c36cf4a5256d17f0b2eb03f8b25e61eca..dd419d2862043c95001df58853d2799cc135d5dc 100644 (file)
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1157,7 +1157,7 @@ restart:
                goto restart;
        }
 
-       err = security_unix_stream_connect(sock, other->sk_socket, newsk);
+       err = security_unix_stream_connect(sk, other, newsk);
        if (err) {
                unix_state_unlock(sk);
                goto out_unlock;

diff --git a/security/capability.c b/security/capability.c
index c773635ca3a0e1b6de3e03d46fe38dd928a62a45..2a5df2b7da83be0c3d69d9bcd33dd3bd4d935a15 100644 (file)
--- a/security/capability.c
+++ b/security/capability.c
@@ -548,7 +548,7 @@ static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops,
 }
 
 #ifdef CONFIG_SECURITY_NETWORK
-static int cap_unix_stream_connect(struct socket *sock, struct socket *other,
+static int cap_unix_stream_connect(struct sock *sock, struct sock *other,
                                   struct sock *newsk)
 {
        return 0;

diff --git a/security/security.c b/security/security.c
index 1b798d3df71057720d799f5d3e1382880fde8f78..e5fb07a3052db6d11d014be5854164863af4ba8e 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -977,8 +977,7 @@ EXPORT_SYMBOL(security_inode_getsecctx);
 
 #ifdef CONFIG_SECURITY_NETWORK
 
-int security_unix_stream_connect(struct socket *sock, struct socket *other,
-                                struct sock *newsk)
+int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)
 {
        return security_ops->unix_stream_connect(sock, other, newsk);
 }

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c82538a4b1a470da922b7d3de4f5131cc53b9606..6f637d2678ac213cbed1d1bd5b0d778d10f56562 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3921,18 +3921,18 @@ static int selinux_socket_shutdown(struct socket *sock, int how)
        return sock_has_perm(current, sock->sk, SOCKET__SHUTDOWN);
 }
 
-static int selinux_socket_unix_stream_connect(struct socket *sock,
-                                             struct socket *other,
+static int selinux_socket_unix_stream_connect(struct sock *sock,
+                                             struct sock *other,
                                              struct sock *newsk)
 {
-       struct sk_security_struct *sksec_sock = sock->sk->sk_security;
-       struct sk_security_struct *sksec_other = other->sk->sk_security;
+       struct sk_security_struct *sksec_sock = sock->sk_security;
+       struct sk_security_struct *sksec_other = other->sk_security;
        struct sk_security_struct *sksec_new = newsk->sk_security;
        struct common_audit_data ad;
        int err;
 
        COMMON_AUDIT_DATA_INIT(&ad, NET);
-       ad.u.net.sk = other->sk;
+       ad.u.net.sk = other;
 
        err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
                           sksec_other->sclass,

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 489a85afa477bbd4d833fb167b3c6e71be049d86..ccb71a044a1aed408255dde1f2e79dbc42c852f0 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2408,22 +2408,22 @@ static int smack_setprocattr(struct task_struct *p, char *name,
 
 /**
  * smack_unix_stream_connect - Smack access on UDS
- * @sock: one socket
- * @other: the other socket
+ * @sock: one sock
+ * @other: the other sock
  * @newsk: unused
  *
  * Return 0 if a subject with the smack of sock could access
  * an object with the smack of other, otherwise an error code
  */
-static int smack_unix_stream_connect(struct socket *sock,
-                                    struct socket *other, struct sock *newsk)
+static int smack_unix_stream_connect(struct sock *sock,
+                                    struct sock *other, struct sock *newsk)
 {
-       struct inode *sp = SOCK_INODE(sock);
-       struct inode *op = SOCK_INODE(other);
+       struct inode *sp = SOCK_INODE(sock->sk_socket);
+       struct inode *op = SOCK_INODE(other->sk_socket);
        struct smk_audit_info ad;
 
        smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET);
-       smk_ad_setfield_u_net_sk(&ad, other->sk);
+       smk_ad_setfield_u_net_sk(&ad, other);
        return smk_access(smk_of_inode(sp), smk_of_inode(op),
                                 MAY_READWRITE, &ad);
 }