brcmfamc: add the feature-disable property

[platform/kernel/linux-rpi.git] / security / security.c

diff --git a/security/security.c b/security/security.c
index 67264cb..7b9f9d3 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -59,10 +59,12 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
        [LOCKDOWN_DEBUGFS] = "debugfs access",
        [LOCKDOWN_XMON_WR] = "xmon write access",
        [LOCKDOWN_BPF_WRITE_USER] = "use of bpf to write user RAM",
+       [LOCKDOWN_DBG_WRITE_KERNEL] = "use of kgdb/kdb to write kernel RAM",
        [LOCKDOWN_INTEGRITY_MAX] = "integrity",
        [LOCKDOWN_KCORE] = "/proc/kcore access",
        [LOCKDOWN_KPROBES] = "use of kprobes",
        [LOCKDOWN_BPF_READ_KERNEL] = "use of bpf to read kernel RAM",
+       [LOCKDOWN_DBG_READ_KERNEL] = "use of kgdb/kdb to read kernel RAM",
        [LOCKDOWN_PERF] = "unsafe use of perf",
        [LOCKDOWN_TRACEFS] = "use of tracefs",
        [LOCKDOWN_XMON_RW] = "xmon read and write access",
@@ -884,9 +886,22 @@ int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc)
        return call_int_hook(fs_context_dup, 0, fc, src_fc);
 }
 
-int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param)
+int security_fs_context_parse_param(struct fs_context *fc,
+                                   struct fs_parameter *param)
 {
-       return call_int_hook(fs_context_parse_param, -ENOPARAM, fc, param);
+       struct security_hook_list *hp;
+       int trc;
+       int rc = -ENOPARAM;
+
+       hlist_for_each_entry(hp, &security_hook_heads.fs_context_parse_param,
+                            list) {
+               trc = hp->hook.fs_context_parse_param(fc, param);
+               if (trc == 0)
+                       rc = 0;
+               else if (trc != -ENOPARAM)
+                       return trc;
+       }
+       return rc;
 }
 
 int security_sb_alloc(struct super_block *sb)