Two minor cleanups / improvements

kernel-patches/for-mainline/rename-aa_fork.diff

@@ -0,0 +1,49 @@
+Index: b/security/apparmor/apparmor.h
+===================================================================
+--- a/security/apparmor/apparmor.h
++++ b/security/apparmor/apparmor.h
+@@ -227,7 +227,7 @@ extern int aa_perm_dir(struct aa_profile
+ extern int aa_link(struct aa_profile *profile,
+ 		   struct dentry *link, struct vfsmount *link_mnt,
+ 		   struct dentry *target, struct vfsmount *target_mnt);
+-extern int aa_fork(struct task_struct *task);
++extern int aa_clone(struct task_struct *task);
+ extern int aa_register(struct linux_binprm *bprm);
+ extern void aa_release(struct task_struct *task);
+ extern int aa_change_hat(const char *id, u32 hat_magic);
+Index: b/security/apparmor/lsm.c
+===================================================================
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -504,7 +504,7 @@ static int apparmor_file_mprotect(struct
+ 
+ static int apparmor_task_alloc_security(struct task_struct *task)
+ {
+-	return aa_fork(task);
++	return aa_clone(task);
+ }
+ 
+ static void apparmor_task_free_security(struct task_struct *task)
+Index: b/security/apparmor/main.c
+===================================================================
+--- a/security/apparmor/main.c
++++ b/security/apparmor/main.c
+@@ -725,14 +725,16 @@ int aa_link(struct aa_profile *profile,
+  *******************************/
+ 
+ /**
+- * aa_fork - initialize the task context for a new task
++ * aa_clone - initialize the task context for a new task
+  * @task: task that is being created
+  */
+-int aa_fork(struct task_struct *child)
++int aa_clone(struct task_struct *child)
+ {
+ 	struct aa_task_context *cxt, *child_cxt;
+ 	struct aa_profile *profile;
+ 
++	if (!aa_task_context(current))
++		return 0;
+ 	child_cxt = aa_alloc_task_context(child);
+ 	if (!child_cxt)
+ 		return -ENOMEM;

kernel-patches/for-mainline/series

@@ -78,3 +78,5 @@ remove-iterators.diff
 rename-aa_switch_to_profile.diff
 rework-locking.diff
 rework-locking-2.diff
+unreachabe-paths.diff
+rename-aa_fork.diff

kernel-patches/for-mainline/typo.diff

@@ -1,13 +0,0 @@
-Index: b/security/apparmor/main.c
-===================================================================
---- a/security/apparmor/main.c
-+++ b/security/apparmor/main.c
-@@ -1087,7 +1087,7 @@ void aa_release(struct task_struct *task
- 
- /**
-  * do_change_hat - actually switch hats
-- * @hat_name: name of hat to swtich to
-+ * @hat_name: name of hat to switch to
-  * @cxt: current aa_task_context
-  *
-  * Switch to a new hat.  Return %0 on success, error otherwise.

kernel-patches/for-mainline/typo2.diff

@@ -1,17 +0,0 @@
----
- security/apparmor/inline.h |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: b/security/apparmor/inline.h
-===================================================================
---- a/security/apparmor/inline.h
-+++ b/security/apparmor/inline.h
-@@ -60,7 +60,7 @@ static inline struct aa_profile *aa_get_
-  * profile.  The cxt_lock must be held to ensure consistency against
-  * other writers.  Some write paths (ex. aa_register) require
-  * cxt->profile not to change over several operations, so the calling
-- * function is responsible for grabing the cxt_lock to meet its
-+ * function is responsible for grabbing the cxt_lock to meet its
-  * consistency constraints before calling aa_switch_to_profile
-  */
- static inline void aa_switch_to_profile(struct aa_task_context *cxt,

kernel-patches/for-mainline/unreachabe-paths.diff

@@ -0,0 +1,22 @@
+There is no need to go throught the whole state machine for unreachable
+dentries; they will never match.
+
+Index: b/security/apparmor/main.c
+===================================================================
+--- a/security/apparmor/main.c
++++ b/security/apparmor/main.c
+@@ -172,6 +172,14 @@ static char *aa_get_pathname(struct dent
+ 
+ 		name = d_namespace_path(dentry, mnt, buf, size, 1);
+ 		if (!IS_ERR(name)) {
++			if (*name != '/') {
++				/*
++				 * This dentry is not connected to the
++				 * namespace root -- reject access.
++				 */
++				kfree(buf);
++				return ERR_PTR(-ENOENT);
++			}
+ 			*buffer = buf;
+ 			return name;
+ 		}