apparmor/kernel-patches/2.6.26/AppArmor-checkpatch.diff

 security/apparmor/apparmor.h         |    5 +++
 security/apparmor/apparmorfs.c       |   10 ++-----
 security/apparmor/inline.h           |    2 -
 security/apparmor/list.c             |    2 -
 security/apparmor/lsm.c              |   35 ++++++++++++++-------------
 security/apparmor/main.c             |   21 ++++++++--------
 security/apparmor/match.c            |    8 ++----
 security/apparmor/match.h            |    2 -
 security/apparmor/module_interface.c |   44 +++++++++++++----------------------
 security/apparmor/procattr.c         |    5 +--
 10 files changed, 61 insertions(+), 73 deletions(-)

--- a/security/apparmor/apparmor.h
+++ b/security/apparmor/apparmor.h
@@ -297,6 +297,9 @@ enum aa_lock_class {
 	aa_lock_task_release
 };
 
+/* apparmor/profiles */
+extern struct seq_operations apparmorfs_profiles_op;
+
 /* main.c */
 extern int alloc_default_namespace(void);
 extern void free_default_namespace(void);
@@ -334,7 +337,7 @@ extern int aa_change_profile(const char
 extern struct aa_profile *__aa_replace_profile(struct task_struct *task,
 					       struct aa_profile *profile);
 extern struct aa_task_context *lock_task_and_profiles(struct task_struct *task,
-						      struct aa_profile *profile);
+						struct aa_profile *profile);
 extern void unlock_task_and_profiles(struct task_struct *task,
 				     struct aa_task_context *cxt,
 				     struct aa_profile *profile);
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -13,7 +13,7 @@
 #include <linux/vmalloc.h>
 #include <linux/module.h>
 #include <linux/seq_file.h>
-#include <asm/uaccess.h>
+#include <linux/uaccess.h>
 
 #include "apparmor.h"
 #include "inline.h"
@@ -64,9 +64,6 @@ out:
 	return data;
 }
 
-/* apparmor/profiles */
-extern struct seq_operations apparmorfs_profiles_op;
-
 static int aa_profiles_open(struct inode *inode, struct file *file)
 {
 	return seq_open(file, &apparmorfs_profiles_op);
@@ -235,8 +232,7 @@ int create_apparmorfs(void)
 		return 0;
 
 	if (apparmor_dentry) {
-		AA_ERROR("%s: AppArmor securityfs already exists\n",
-			__FUNCTION__);
+		AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
 		return -EEXIST;
 	}
 
@@ -244,7 +240,7 @@ int create_apparmorfs(void)
 	if (IS_ERR(apparmor_dentry)) {
 		error = PTR_ERR(apparmor_dentry);
 		apparmor_dentry = NULL;
- 		goto error;
+		goto error;
 	}
 	error = aafs_create("profiles", 0440, &apparmorfs_profiles_fops);
 	if (error)
--- a/security/apparmor/inline.h
+++ b/security/apparmor/inline.h
@@ -213,7 +213,7 @@ static inline void lock_both_profiles(st
  * gives us RCU reader safety.
  */
 static inline void unlock_both_profiles(struct aa_profile *profile1,
-				        struct aa_profile *profile2)
+					struct aa_profile *profile2)
 {
 	/* Unlock the two profiles. */
 	if (!profile1 || profile1 == profile2) {
--- a/security/apparmor/list.c
+++ b/security/apparmor/list.c
@@ -15,7 +15,7 @@
 
 /* list of profile namespaces and lock */
 LIST_HEAD(profile_ns_list);
-rwlock_t profile_ns_list_lock = RW_LOCK_UNLOCKED;
+DEFINE_RWLOCK(profile_ns_list_lock);
 
 /**
  * __aa_find_namespace  -  look up a profile namespace on the namespace list
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -24,7 +24,7 @@
 #include "inline.h"
 
 /* Flag indicating whether initialization completed */
-int apparmor_initialized = 0;
+int apparmor_initialized;
 
 /* point to the apparmor module */
 struct module *aa_module = NULL;
@@ -57,22 +57,22 @@ static int param_get_aauint(char *buffer
  * Value is also togglable per profile and referenced when global value is
  * enforce.
  */
-int apparmor_complain = 0;
+int apparmor_complain;
 module_param_named(complain, apparmor_complain, aabool, S_IRUSR | S_IWUSR);
 MODULE_PARM_DESC(apparmor_complain, "Toggle AppArmor complain mode");
 
 /* Debug mode */
-int apparmor_debug = 0;
+int apparmor_debug;
 module_param_named(debug, apparmor_debug, aabool, S_IRUSR | S_IWUSR);
 MODULE_PARM_DESC(apparmor_debug, "Toggle AppArmor debug mode");
 
 /* Audit mode */
-int apparmor_audit = 0;
+int apparmor_audit;
 module_param_named(audit, apparmor_audit, aabool, S_IRUSR | S_IWUSR);
 MODULE_PARM_DESC(apparmor_audit, "Toggle AppArmor audit mode");
 
 /* Syscall logging mode */
-int apparmor_logsyscall = 0;
+int apparmor_logsyscall;
 module_param_named(logsyscall, apparmor_logsyscall, aabool, S_IRUSR | S_IWUSR);
 MODULE_PARM_DESC(apparmor_logsyscall, "Toggle AppArmor logsyscall mode");
 
@@ -131,7 +131,6 @@ static int param_get_aauint(char *buffer
 /* allow run time disabling of apparmor */
 static int param_set_aa_enabled(const char *val, struct kernel_param *kp)
 {
-	char *endp;
 	unsigned long l;
 
 	if (!apparmor_initialized) {
@@ -148,8 +147,7 @@ static int param_set_aa_enabled(const ch
 	if (!val)
 		return -EINVAL;
 
-	l = simple_strtoul(val, &endp, 0);
-	if (endp == val || l != 0)
+	if (strict_strtoul(val, 0, &l) || l != 0)
 		return -EINVAL;
 
 	apparmor_enabled = 0;
@@ -240,7 +238,7 @@ static int apparmor_sysctl(struct ctl_ta
 			mask |= MAY_WRITE;
 
 		error = -ENOMEM;
-		buffer = (char*)__get_free_page(GFP_KERNEL);
+		buffer = (char *)__get_free_page(GFP_KERNEL);
 		if (!buffer)
 			goto out;
 		name = sysctl_pathname(table, buffer, PAGE_SIZE);
@@ -273,7 +271,7 @@ static int apparmor_bprm_secureexec(stru
 
 	if (!ret && (unsigned long)bprm->security & AA_SECURE_EXEC_NEEDED) {
 		AA_DEBUG("%s: secureexec required for %s\n",
-			 __FUNCTION__, bprm->filename);
+			 __func__, bprm->filename);
 		ret = 1;
 	}
 
@@ -543,7 +541,7 @@ static int apparmor_inode_removexattr(st
 static int aa_file_permission(const char *op, struct file *file, int mask)
 {
 	struct aa_profile *profile;
-	struct aa_profile *file_profile = (struct aa_profile*)file->f_security;
+	struct aa_profile *file_profile = file->f_security;
 	int error = 0;
 
 	if (!file_profile)
@@ -580,7 +578,7 @@ static int apparmor_file_permission(stru
 				  aa_mask_permissions(mask));
 }
 
-static inline int apparmor_file_lock (struct file *file, unsigned int cmd)
+static inline int apparmor_file_lock(struct file *file, unsigned int cmd)
 {
 	int mask = AA_MAY_LOCK;
 	if (cmd == F_WRLCK)
@@ -601,7 +599,7 @@ static int apparmor_file_alloc_security(
 
 static void apparmor_file_free_security(struct file *file)
 {
-	struct aa_profile *file_profile = (struct aa_profile*)file->f_security;
+	struct aa_profile *file_profile = file->f_security;
 
 	aa_put_profile(file_profile);
 }
@@ -1020,17 +1018,20 @@ static int __init apparmor_init(void)
 		return 0;
 	}
 
-	if ((error = create_apparmorfs())) {
+	error = create_apparmorfs();
+	if (error) {
 		AA_ERROR("Unable to activate AppArmor filesystem\n");
 		goto createfs_out;
 	}
 
-	if ((error = alloc_default_namespace())){
+	error = alloc_default_namespace();
+	if (error) {
 		AA_ERROR("Unable to allocate default profile namespace\n");
 		goto alloc_out;
 	}
 
- 	if ((error = register_security(&apparmor_ops))) {
+	error = register_security(&apparmor_ops);
+	if (error) {
 		AA_ERROR("Unable to register AppArmor\n");
 		goto register_security_out;
 	}
@@ -1049,7 +1050,7 @@ register_security_out:
 	free_default_namespace();
 
 alloc_out:
- 	destroy_apparmorfs();
+	destroy_apparmorfs();
 
 createfs_out:
 	return error;
--- a/security/apparmor/main.c
+++ b/security/apparmor/main.c
@@ -416,7 +416,7 @@ static int aa_link_denied(struct aa_prof
 	 *
 	 * If the link has 'x', an exact match of all the execute flags
 	 * must match.
- 	 */
+	 */
 	denied_mask |= ~l_mode & link_mask;
 
 	t_mode = aa_match(profile->file_rules, target, NULL);
@@ -445,8 +445,10 @@ static int aa_link_denied(struct aa_prof
 		    (x & AA_USER_EXEC_TYPE) != (t_x & AA_USER_EXEC_TYPE))
 			denied_mask = AA_USER_EXEC | (l_x & AA_USER_EXEC_TYPE);
 		if ((l_mode & AA_OTHER_EXEC) &&
-		    (x & AA_OTHER_EXEC_TYPE) != (t_x & AA_OTHER_EXEC_TYPE))
-			denied_mask = AA_OTHER_EXEC | (l_x & AA_OTHER_EXEC_TYPE);
+		    (x & AA_OTHER_EXEC_TYPE) != (t_x & AA_OTHER_EXEC_TYPE)) {
+			denied_mask =
+				AA_OTHER_EXEC |	(l_x & AA_OTHER_EXEC_TYPE);
+		}
 	}
 
 	return denied_mask;
@@ -866,7 +868,7 @@ int aa_revalidate_sk(struct sock *sk, ch
 	/* this is some debugging code to flush out the network hooks that
 	   that are called in interrupt context */
 	if (in_interrupt()) {
-		printk("AppArmor Debug: Hook being called from interrupt context\n");
+		printk(KERN_WARNING "AppArmor Debug: Hook being called from interrupt context\n");
 		dump_stack();
 		return 0;
 	}
@@ -1019,7 +1021,7 @@ repeat:
 }
 
 static struct aa_profile *
-aa_register_find(struct aa_profile *profile, const char* ns_name,
+aa_register_find(struct aa_profile *profile, const char *ns_name,
 		 const char *name, int mandatory, int complain,
 		 struct aa_audit *sa)
 {
@@ -1053,7 +1055,7 @@ aa_register_find(struct aa_profile *prof
 
 	if (new_profile) {
 		AA_DEBUG("%s: setting profile %s\n",
-			 __FUNCTION__, new_profile->name);
+			 __func__, new_profile->name);
 	} else if (mandatory && profile) {
 		sa->info = "mandatory profile missing";
 		sa->denied_mask = sa->request_mask;	/* shifted MAY_EXEC */
@@ -1072,8 +1074,7 @@ aa_register_find(struct aa_profile *prof
 		 * is unconfined, pix, nix.
 		 */
 		AA_DEBUG("%s: No profile found for exec image '%s'\n",
-			 __FUNCTION__,
-			 name);
+			 __func__, name);
 	}
 	if (ns_ref)
 		aa_put_namespace(ns);
@@ -1158,7 +1159,7 @@ int aa_register(struct linux_binprm *bpr
 	int exec_mode, complain = 0, shift;
 	struct aa_audit sa;
 
-	AA_DEBUG("%s\n", __FUNCTION__);
+	AA_DEBUG("%s\n", __func__);
 
 	profile = aa_get_profile(current);
 
@@ -1266,7 +1267,7 @@ repeat:
 		unsigned long bprm_flags;
 
 		bprm_flags = AA_SECURE_EXEC_NEEDED;
-		bprm->security = (void*)
+		bprm->security = (void *)
 			((unsigned long)bprm->security | bprm_flags);
 	}
 
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -82,7 +82,7 @@ int unpack_dfa(struct aa_dfa *dfa, void
 		if (!table)
 			goto fail;
 
-		switch(table->td_id) {
+		switch (table->td_id) {
 		case YYTD_ID_ACCEPT:
 		case YYTD_ID_ACCEPT2:
 		case YYTD_ID_BASE:
@@ -115,10 +115,8 @@ int unpack_dfa(struct aa_dfa *dfa, void
 
 fail:
 	for (i = 0; i < ARRAY_SIZE(dfa->tables); i++) {
-		if (dfa->tables[i]) {
-			kfree(dfa->tables[i]);
-			dfa->tables[i] = NULL;
-		}
+		kfree(dfa->tables[i]);
+		dfa->tables[i] = NULL;
 	}
 	return error;
 }
--- a/security/apparmor/match.h
+++ b/security/apparmor/match.h
@@ -61,7 +61,7 @@ struct table_header {
 #define CHECK_TABLE(DFA) ((u16 *)((DFA)->tables[YYTD_ID_CHK - 1]->td_data))
 #define EQUIV_TABLE(DFA) ((u8 *)((DFA)->tables[YYTD_ID_EC - 1]->td_data))
 #define ACCEPT_TABLE(DFA) ((u32 *)((DFA)->tables[YYTD_ID_ACCEPT - 1]->td_data))
-#define ACCEPT_TABLE2(DFA) ((u32 *)((DFA)->tables[YYTD_ID_ACCEPT2 -1]->td_data))
+#define ACCEPT_TABLE2(DFA) ((u32 *)((DFA)->tables[YYTD_ID_ACCEPT2 - 1]->td_data))
 
 struct aa_dfa {
 	struct table_header *tables[YYTD_ID_NXT];
--- a/security/apparmor/module_interface.c
+++ b/security/apparmor/module_interface.c
@@ -219,7 +219,7 @@ static size_t aa_is_blob(struct aa_ext *
 		size = le32_to_cpu(get_unaligned((u32 *)e->pos));
 		e->pos += sizeof(u32);
 		if (aa_inbounds(e, (size_t) size)) {
-			* blob = e->pos;
+			*blob = e->pos;
 			e->pos += size;
 			return size;
 		}
@@ -237,8 +237,8 @@ static int aa_is_dynstring(struct aa_ext
 	*string = NULL;
 	if (aa_is_nameX(e, AA_STRING, name) &&
 	    (size = aa_is_u16_chunk(e, &src_str))) {
-		char *str;
-		if (!(str = kmalloc(size, GFP_KERNEL)))
+		char *str = kmalloc(size, GFP_KERNEL);
+		if (!str)
 			goto fail;
 		memcpy(str, src_str, size);
 		*string = str;
@@ -495,9 +495,8 @@ static int aa_verify_header(struct aa_ex
 	}
 
 	/* read the namespace if present */
-	if (!aa_is_dynstring(e, &e->ns_name, "namespace")) {
+	if (!aa_is_dynstring(e, &e->ns_name, "namespace"))
 		e->ns_name = NULL;
-	}
 
 	return 0;
 }
@@ -592,11 +591,8 @@ static inline void task_replace(struct t
 {
 	struct aa_task_context *cxt = aa_task_context(task);
 
-	AA_DEBUG("%s: replacing profile for task %d "
-		 "profile=%s (%p)\n",
-		 __FUNCTION__,
-		 cxt->task->pid,
-		 cxt->profile->name, cxt->profile);
+	AA_DEBUG("%s: replacing profile for task %d profile=%s (%p)\n",
+		 __func__, cxt->task->pid, cxt->profile->name, cxt->profile);
 
 	aa_change_task_context(task, new_cxt, new_profile, cxt->cookie,
 			       cxt->previous_profile);
@@ -797,9 +793,7 @@ noent:
  */
 void free_aa_namespace_kref(struct kref *kref)
 {
-	struct aa_namespace *ns=container_of(kref, struct aa_namespace, count);
-
-	free_aa_namespace(ns);
+	free_aa_namespace(container_of(kref, struct aa_namespace, count));
 }
 
 /**
@@ -812,7 +806,7 @@ struct aa_namespace *alloc_aa_namespace(
 	struct aa_namespace *ns;
 
 	ns = kzalloc(sizeof(*ns), GFP_KERNEL);
-	AA_DEBUG("%s(%p)\n", __FUNCTION__, ns);
+	AA_DEBUG("%s(%p)\n", __func__, ns);
 	if (ns) {
 		ns->name = name;
 		INIT_LIST_HEAD(&ns->list);
@@ -854,7 +848,7 @@ struct aa_namespace *alloc_aa_namespace(
  */
 void free_aa_namespace(struct aa_namespace *ns)
 {
-	AA_DEBUG("%s(%p)\n", __FUNCTION__, ns);
+	AA_DEBUG("%s(%p)\n", __func__, ns);
 
 	if (!ns)
 		return;
@@ -863,15 +857,12 @@ void free_aa_namespace(struct aa_namespa
 	if (!list_empty(&ns->profiles)) {
 		AA_ERROR("%s: internal error, "
 			 "namespace '%s' still contains profiles\n",
-			 __FUNCTION__,
-			 ns->name);
+			 __func__, ns->name);
 		BUG();
 	}
 	if (!list_empty(&ns->list)) {
-		AA_ERROR("%s: internal error, "
-			 "namespace '%s' still on list\n",
-			 __FUNCTION__,
-			 ns->name);
+		AA_ERROR("%s: internal error, namespace '%s' still on list\n",
+			 __func__, ns->name);
 		BUG();
 	}
 	/* null_complain_profile doesn't contribute to ns ref counting */
@@ -887,7 +878,7 @@ void free_aa_namespace(struct aa_namespa
  */
 void free_aa_profile_kref(struct kref *kref)
 {
-	struct aa_profile *p=container_of(kref, struct aa_profile, count);
+	struct aa_profile *p = container_of(kref, struct aa_profile, count);
 
 	free_aa_profile(p);
 }
@@ -901,7 +892,7 @@ struct aa_profile *alloc_aa_profile(void
 	struct aa_profile *profile;
 
 	profile = kzalloc(sizeof(*profile), GFP_KERNEL);
-	AA_DEBUG("%s(%p)\n", __FUNCTION__, profile);
+	AA_DEBUG("%s(%p)\n", __func__, profile);
 	if (profile) {
 		INIT_LIST_HEAD(&profile->list);
 		kref_init(&profile->count);
@@ -923,7 +914,7 @@ struct aa_profile *alloc_aa_profile(void
  */
 void free_aa_profile(struct aa_profile *profile)
 {
-	AA_DEBUG("%s(%p)\n", __FUNCTION__, profile);
+	AA_DEBUG("%s(%p)\n", __func__, profile);
 
 	if (!profile)
 		return;
@@ -932,8 +923,7 @@ void free_aa_profile(struct aa_profile *
 	if (!list_empty(&profile->list)) {
 		AA_ERROR("%s: internal error, "
 			 "profile '%s' still on global list\n",
-			 __FUNCTION__,
-			 profile->name);
+			 __func__, profile->name);
 		BUG();
 	}
 	aa_put_namespace(profile->ns);
@@ -941,7 +931,7 @@ void free_aa_profile(struct aa_profile *
 	aa_match_free(profile->file_rules);
 
 	if (profile->name) {
-		AA_DEBUG("%s: %s\n", __FUNCTION__, profile->name);
+		AA_DEBUG("%s: %s\n", __func__, profile->name);
 		kfree(profile->name);
 	}
 
--- a/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -88,7 +88,7 @@ int aa_setprocattr_changehat(char *args)
 	}
 
 	AA_DEBUG("%s: Magic 0x%llx Hat '%s'\n",
-		 __FUNCTION__, cookie, hat ? hat : NULL);
+		 __func__, cookie, hat ? hat : NULL);
 
 	return aa_change_hat(hat, cookie);
 }
@@ -121,8 +121,7 @@ int aa_setprocattr_setprofile(struct tas
 	sa.gfp_mask = GFP_KERNEL;
 	sa.task = task->pid;
 
-	AA_DEBUG("%s: current %d\n",
-		 __FUNCTION__, current->pid);
+	AA_DEBUG("%s: current %d\n", __func__, current->pid);
 
 	name = args;
 	if (args[0] != '/') {