I started looking into a couple FIXMEs in kernel/capability.c and I
ended up with a fairly largish patch (although not quite so many changes
to object code).

First, it is unsafe to touch task->cap_* while not holding
task_capability_lock.  The most notable occurrence of this is sys_access
which saves the current cap_* values, changes them, does its business,
then restores them.  In between all this they can change and then be
restored to old values.  Unfortunately we cannot just grab the lock here
since the function can sleep - I marked this with a FIXME for now.

Second, I formalized the locking rules with task_capability_lock.  I
declared the lock in include/linux/capability.h so other code can grab
it.

Finally, there is a whole boatload of code cleanup:

        - remove conditional locking/unlocking - that is just gross
        - don't pointlessly grab the read_lock twice
        - add/remove/edit comments
        - change some types (int -> pid_t, etc)
        - static inline two small functions that are called only
          once each
        - remove two FIXMEs
        - general code cleanup for readability and performance

TODO:

        - fix sys_access and other cap_* accesses
        - do something about the annoying oddball 5-space indentation
          in kernel/capability.c !!

Patch is against 2.5.20, please apply.

        Robert Love