KVM: arm64: vgic-v3: Log which GICv3 system registers are trapped

[mirror_ubuntu-zesty-kernel.git] / security / commoncap.c

diff --git a/security/commoncap.c b/security/commoncap.c
index 14540bd7856182260486d549ccab5fd179363060..7786d7be766f2655f5aba2ddb326dd90288eece7 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -310,13 +310,8 @@ int cap_inode_need_killpriv(struct dentry *dentry)
        struct inode *inode = d_backing_inode(dentry);
        int error;
 
-       if (!inode->i_op->getxattr)
-              return 0;
-
-       error = inode->i_op->getxattr(dentry, inode, XATTR_NAME_CAPS, NULL, 0);
-       if (error <= 0)
-               return 0;
-       return 1;
+       error = __vfs_getxattr(dentry, inode, XATTR_NAME_CAPS, NULL, 0);
+       return error > 0;
 }
 
 /**
@@ -329,12 +324,12 @@ int cap_inode_need_killpriv(struct dentry *dentry)
  */
 int cap_inode_killpriv(struct dentry *dentry)
 {
-       struct inode *inode = d_backing_inode(dentry);
-
-       if (!inode->i_op->removexattr)
-              return 0;
+       int error;
 
-       return inode->i_op->removexattr(dentry, XATTR_NAME_CAPS);
+       error = __vfs_removexattr(dentry, XATTR_NAME_CAPS);
+       if (error == -EOPNOTSUPP)
+               error = 0;
+       return error;
 }
 
 /*
@@ -394,11 +389,11 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
 
        memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data));
 
-       if (!inode || !inode->i_op->getxattr)
+       if (!inode)
                return -ENODATA;
 
-       size = inode->i_op->getxattr((struct dentry *)dentry, inode,
-                                    XATTR_NAME_CAPS, &caps, XATTR_CAPS_SZ);
+       size = __vfs_getxattr((struct dentry *)dentry, inode,
+                             XATTR_NAME_CAPS, &caps, XATTR_CAPS_SZ);
        if (size == -ENODATA || size == -EOPNOTSUPP)
                /* no data, that's ok */
                return -ENODATA;
@@ -453,7 +448,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
        if (!file_caps_enabled)
                return 0;
 
-       if (!mnt_may_suid(bprm->file->f_path.mnt))
+       if (path_nosuid(&bprm->file->f_path))
                return 0;
 
        /*
@@ -664,15 +659,17 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
 int cap_inode_setxattr(struct dentry *dentry, const char *name,
                       const void *value, size_t size, int flags)
 {
+       struct user_namespace *user_ns = dentry->d_sb->s_user_ns;
+
        if (!strcmp(name, XATTR_NAME_CAPS)) {
-               if (!capable(CAP_SETFCAP))
+               if (!ns_capable(user_ns, CAP_SETFCAP))
                        return -EPERM;
                return 0;
        }
 
        if (!strncmp(name, XATTR_SECURITY_PREFIX,
                     sizeof(XATTR_SECURITY_PREFIX) - 1) &&
-           !capable(CAP_SYS_ADMIN))
+           !ns_capable(user_ns, CAP_SYS_ADMIN))
                return -EPERM;
        return 0;
 }
@@ -690,15 +687,17 @@ int cap_inode_setxattr(struct dentry *dentry, const char *name,
  */
 int cap_inode_removexattr(struct dentry *dentry, const char *name)
 {
+       struct user_namespace *user_ns = dentry->d_sb->s_user_ns;
+
        if (!strcmp(name, XATTR_NAME_CAPS)) {
-               if (!capable(CAP_SETFCAP))
+               if (!ns_capable(user_ns, CAP_SETFCAP))
                        return -EPERM;
                return 0;
        }
 
        if (!strncmp(name, XATTR_SECURITY_PREFIX,
                     sizeof(XATTR_SECURITY_PREFIX) - 1) &&
-           !capable(CAP_SYS_ADMIN))
+           !ns_capable(user_ns, CAP_SYS_ADMIN))
                return -EPERM;
        return 0;
 }
@@ -1066,12 +1065,14 @@ int cap_mmap_addr(unsigned long addr)
        }
        return ret;
 }
+EXPORT_SYMBOL_GPL(cap_mmap_addr);
 
 int cap_mmap_file(struct file *file, unsigned long reqprot,
                  unsigned long prot, unsigned long flags)
 {
        return 0;
 }
+EXPORT_SYMBOL_GPL(cap_mmap_file);
 
 #ifdef CONFIG_SECURITY