Merge bk://lsm.bkbits.net/linus-2.5

into home.transmeta.com:/home/torvalds/v2.5/linux

arch/arm/kernel/ptrace.c

@@ -711,7 +711,8 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		if ((ret = security_ptrace(current->parent, current)))
+		ret = security_ptrace(current->parent, current);
+		if (ret)
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;

arch/i386/kernel/ptrace.c

@@ -160,7 +160,8 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		if ((ret = security_ptrace(current->parent, current)))
+		ret = security_ptrace(current->parent, current);
+		if (ret)
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;

arch/ia64/kernel/ptrace.c

@@ -1101,7 +1101,8 @@ sys_ptrace (long request, pid_t pid, unsigned long addr, unsigned long data,
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		if ((ret = security_ptrace(current->parent, current)))
+		ret = security_ptrace(current->parent, current);
+		if (ret)
 			goto out;
 		current->ptrace |= PT_PTRACED;
 		ret = 0;

arch/ppc/kernel/ptrace.c

@@ -166,7 +166,8 @@ int sys_ptrace(long request, long pid, long addr, long data)
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		if ((ret = security_ptrace(current->parent, current)))
+		ret = security_ptrace(current->parent, current);
+		if (ret)
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;

arch/ppc64/kernel/ptrace.c

@@ -59,7 +59,8 @@ int sys_ptrace(long request, long pid, long addr, long data)
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		if ((ret = security_ptrace(current->parent, current)))
+		ret = security_ptrace(current->parent, current);
+		if (ret)
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;

arch/ppc64/kernel/ptrace32.c

@@ -48,7 +48,8 @@ int sys32_ptrace(long request, long pid, unsigned long addr, unsigned long data)
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		if ((ret = security_ptrace(current->parent, current)))
+		ret = security_ptrace(current->parent, current);
+		if (ret)
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;

arch/ppc64/kernel/sys_ppc32.c

@@ -3521,7 +3521,8 @@ static int do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs *
 	if ((retval = bprm.envc) < 0)
 		goto out_mm;
 
-	if ((retval = security_bprm_alloc(&bprm)))
+	retval = security_bprm_alloc(&bprm);
+	if (retval)
 		goto out;
 
 	retval = prepare_binprm(&bprm);

arch/s390/kernel/ptrace.c

@@ -323,7 +323,8 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 		ret = -EPERM;
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		if ((ret = security_ptrace(current->parent, current)))
+		ret = security_ptrace(current->parent, current);
+		if (ret)
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;

arch/s390x/kernel/ptrace.c

@@ -563,7 +563,8 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 		ret = -EPERM;
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		if ((ret = security_ptrace(current->parent, current)))
+		ret = security_ptrace(current->parent, current);
+		if (ret)
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;

arch/sparc/kernel/ptrace.c

@@ -291,7 +291,8 @@ asmlinkage void do_ptrace(struct pt_regs *regs)
 			pt_error_return(regs, EPERM);
 			goto out;
 		}
-		if ((ret = security_ptrace(current->parent, current))) {
+		ret = security_ptrace(current->parent, current);
+		if (ret) {
 			pt_error_return(regs, -ret);
 			goto out;
 		}

arch/sparc64/kernel/ptrace.c

@@ -140,7 +140,8 @@ asmlinkage void do_ptrace(struct pt_regs *regs)
 			pt_error_return(regs, EPERM);
 			goto out;
 		}
-		if ((ret = security_ptrace(current->parent, current))) {
+		ret = security_ptrace(current->parent, current);
+		if (ret) {
 			pt_error_return(regs, -ret);
 			goto out;
 		}

arch/sparc64/kernel/sys_sparc32.c

@@ -3026,7 +3026,8 @@ do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs * regs)
 	if ((retval = bprm.envc) < 0)
 		goto out_mm;
 
-	if ((retval = security_bprm_alloc(&bprm)))
+	retval = security_bprm_alloc(&bprm);
+	if (retval)
 		goto out;
 
 	retval = prepare_binprm(&bprm);

arch/um/kernel/ptrace.c

@@ -33,7 +33,8 @@ int sys_ptrace(long request, long pid, long addr, long data)
 		if (current->ptrace & PT_PTRACED)
 			goto out;
 
-		if ((ret = security_ptrace(current->parent, current)))
+		ret = security_ptrace(current->parent, current);
+		if (ret)
  			goto out;
 
 		/* set the ptrace bit in the process flags. */

arch/x86_64/kernel/ptrace.c

@@ -178,7 +178,8 @@ asmlinkage long sys_ptrace(long request, long pid, long addr, long data)
 		/* are we already being traced? */
 		if (current->ptrace & PT_PTRACED)
 			goto out;
-		if ((ret = security_ptrace(current->parent, current)))
+		ret = security_ptrace(current->parent, current);
+		if (ret)
 			goto out;
 		/* set the ptrace bit in the process flags. */
 		current->ptrace |= PT_PTRACED;

fs/attr.c

@@ -157,7 +157,8 @@ int notify_change(struct dentry * dentry, struct iattr * attr)
 		return 0;
 
 	if (inode->i_op && inode->i_op->setattr) {
-		if (!(error = security_inode_setattr(dentry, attr)))
+		error = security_inode_setattr(dentry, attr);
+		if (!error)
 			error = inode->i_op->setattr(dentry, attr);
 	} else {
 		error = inode_change_ok(inode, attr);

fs/dquot.c

@@ -1307,7 +1307,8 @@ int vfs_quota_on(struct super_block *sb, int type, int format_id, char *path)
 	error = -EIO;
 	if (!f->f_op || !f->f_op->read || !f->f_op->write)
 		goto out_f;
-	if ((error = security_quota_on(f)))
+	error = security_quota_on(f);
+	if (error)
 		goto out_f;
 	inode = f->f_dentry->d_inode;
 	error = -EACCES;

fs/exec.c

@@ -841,7 +841,8 @@ int prepare_binprm(struct linux_binprm *bprm)
 	}
 
 	/* fill in binprm security blob */
-	if ((retval = security_bprm_set(bprm)))
+	retval = security_bprm_set(bprm);
+	if (retval)
 		return retval;
 
 	memset(bprm->buf,0,BINPRM_BUF_SIZE);
@@ -958,7 +959,8 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
 	    }
 	}
 #endif
-	if ((retval = security_bprm_check(bprm)))
+	retval = security_bprm_check(bprm);
+	if (retval)
 		return retval;
 
 	/* kernel module loader fixup */
@@ -1054,7 +1056,8 @@ int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs
 	if ((retval = bprm.envc) < 0)
 		goto out_mm;
 
-	if ((retval = security_bprm_alloc(&bprm)))
+	retval = security_bprm_alloc(&bprm);
+	if (retval)
 		goto out;
 
 	retval = prepare_binprm(&bprm);

fs/fcntl.c

@@ -274,7 +274,8 @@ int f_setown(struct file *filp, unsigned long arg, int force)
 {
 	int err;
 	
-	if ((err = security_file_set_fowner(filp)))
+	err = security_file_set_fowner(filp);
+	if (err)
 		return err;
 
 	f_modown(filp, arg, current->uid, current->euid, force);
@@ -367,7 +368,8 @@ asmlinkage long sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg)
 	if (!filp)
 		goto out;
 
-	if ((err = security_file_fcntl(filp, cmd, arg))) {
+	err = security_file_fcntl(filp, cmd, arg);
+	if (err) {
 		fput(filp);
 		return err;
 	}
@@ -390,7 +392,8 @@ asmlinkage long sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg
 	if (!filp)
 		goto out;
 
-	if ((err = security_file_fcntl(filp, cmd, arg))) {
+	err = security_file_fcntl(filp, cmd, arg);
+	if (err) {
 		fput(filp);
 		return err;
 	}

fs/hugetlbfs/inode.c

@@ -209,7 +209,7 @@ static void hugetlbfs_delete_inode(struct inode *inode)
 	if (inode->i_data.nrpages)
 		truncate_hugepages(&inode->i_data, 0);
 
-	security_ops->inode_delete(inode);
+	security_inode_delete(inode);
 
 	clear_inode(inode);
 	destroy_inode(inode);
@@ -333,7 +333,7 @@ static int hugetlbfs_setattr(struct dentry *dentry, struct iattr *attr)
 	if (error)
 		goto out;
 
-	error = security_ops->inode_setattr(dentry, attr);
+	error = security_inode_setattr(dentry, attr);
 	if (error)
 		goto out;
 

fs/ioctl.c

@@ -59,7 +59,8 @@ asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
 		goto out;
 	error = 0;
 
-	if ((error = security_file_ioctl(filp, cmd, arg))) {
+	error = security_file_ioctl(filp, cmd, arg);
+	if (error) {
                 fput(filp);
                 goto out;
         }

fs/locks.c

@@ -1185,7 +1185,8 @@ int fcntl_setlease(unsigned int fd, struct file *filp, long arg)
 		return -EACCES;
 	if (!S_ISREG(inode->i_mode))
 		return -EINVAL;
-	if ((error = security_file_lock(filp, arg)))
+	error = security_file_lock(filp, arg);
+	if (error)
 		return error;
 
 	lock_kernel();
@@ -1298,7 +1299,8 @@ asmlinkage long sys_flock(unsigned int fd, unsigned int cmd)
 	if (error)
 		goto out_putf;
 
-	if ((error = security_file_lock(filp, cmd)))
+	error = security_file_lock(filp, cmd);
+	if (error)
 		goto out_free;
 
 	for (;;) {
@@ -1449,7 +1451,8 @@ int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock *l)
 		goto out;
 	}
 
-	if ((error = security_file_lock(filp, file_lock->fl_type)))
+	error = security_file_lock(filp, file_lock->fl_type);
+	if (error)
 		goto out;
 
 	if (filp->f_op && filp->f_op->lock != NULL) {
@@ -1588,7 +1591,8 @@ int fcntl_setlk64(struct file *filp, unsigned int cmd, struct flock64 *l)
 		goto out;
 	}
 
-	if ((error = security_file_lock(filp, file_lock->fl_type)))
+	error = security_file_lock(filp, file_lock->fl_type);
+	if (error)
 		goto out;
 
 	if (filp->f_op && filp->f_op->lock != NULL) {

fs/namei.c

@@ -413,7 +413,8 @@ static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
 		current->state = TASK_RUNNING;
 		schedule();
 	}
-	if ((err = security_inode_follow_link(dentry, nd)))
+	err = security_inode_follow_link(dentry, nd);
+	if (err)
 		goto loop;
 	current->link_count++;
 	current->total_link_count++;
@@ -1124,7 +1125,8 @@ int vfs_create(struct inode *dir, struct dentry *dentry, int mode)
 		return -EACCES;	/* shouldn't it be ENOSYS? */
 	mode &= S_IALLUGO;
 	mode |= S_IFREG;
-	if ((error = security_inode_create(dir, dentry, mode)))
+	error = security_inode_create(dir, dentry, mode);
+	if (error)
 		return error;
 	DQUOT_INIT(dir);
 	error = dir->i_op->create(dir, dentry, mode);
@@ -1343,7 +1345,8 @@ int open_namei(const char * pathname, int flag, int mode, struct nameidata *nd)
 	 * stored in nd->last.name and we will have to putname() it when we
 	 * are done. Procfs-like symlinks just set LAST_BIND.
 	 */
-	if ((error = security_inode_follow_link(dentry, nd)))
+	error = security_inode_follow_link(dentry, nd);
+	if (error)
 		goto exit_dput;
 	UPDATE_ATIME(dentry->d_inode);
 	error = dentry->d_inode->i_op->follow_link(dentry, nd);
@@ -1408,7 +1411,8 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
 	if (!dir->i_op || !dir->i_op->mknod)
 		return -EPERM;
 
-	if ((error = security_inode_mknod(dir, dentry, mode, dev)))
+	error = security_inode_mknod(dir, dentry, mode, dev);
+	if (error)
 		return error;
 
 	DQUOT_INIT(dir);
@@ -1476,7 +1480,8 @@ int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
 		return -EPERM;
 
 	mode &= (S_IRWXUGO|S_ISVTX);
-	if ((error = security_inode_mkdir(dir, dentry, mode)))
+	error = security_inode_mkdir(dir, dentry, mode);
+	if (error)
 		return error;
 
 	DQUOT_INIT(dir);
@@ -1568,7 +1573,8 @@ int vfs_rmdir(struct inode *dir, struct dentry *dentry)
 	if (d_mountpoint(dentry))
 		error = -EBUSY;
 	else {
-		if (!(error = security_inode_rmdir(dir, dentry))) {
+		error = security_inode_rmdir(dir, dentry);
+		if (!error) {
 			error = dir->i_op->rmdir(dir, dentry);
 			if (!error)
 				dentry->d_inode->i_flags |= S_DEAD;
@@ -1641,7 +1647,8 @@ int vfs_unlink(struct inode *dir, struct dentry *dentry)
 	if (d_mountpoint(dentry))
 		error = -EBUSY;
 	else {
-		if (!(error = security_inode_unlink(dir, dentry)))
+		error = security_inode_unlink(dir, dentry);
+		if (error)
 			error = dir->i_op->unlink(dir, dentry);
 	}
 	up(&dentry->d_inode->i_sem);
@@ -1704,7 +1711,8 @@ int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
 	if (!dir->i_op || !dir->i_op->symlink)
 		return -EPERM;
 
-	if ((error = security_inode_symlink(dir, dentry, oldname)))
+	error = security_inode_symlink(dir, dentry, oldname);
+	if (error)
 		return error;
 
 	DQUOT_INIT(dir);
@@ -1774,7 +1782,8 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
 	if (S_ISDIR(old_dentry->d_inode->i_mode))
 		return -EPERM;
 
-	if ((error = security_inode_link(old_dentry, dir, new_dentry)))
+	error = security_inode_link(old_dentry, dir, new_dentry);
+	if (error)
 		return error;
 
 	down(&old_dentry->d_inode->i_sem);
@@ -1882,7 +1891,8 @@ int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
 			return error;
 	}
 
-	if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
+	error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
+	if (error)
 		return error;
 
 	target = new_dentry->d_inode;
@@ -1916,7 +1926,8 @@ int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
 	struct inode *target;
 	int error;
 
-	if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
+	error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
+	if (error)
 		return error;
 
 	dget(new_dentry);

fs/namespace.c

@@ -289,7 +289,8 @@ static int do_umount(struct vfsmount *mnt, int flags)
 	struct super_block * sb = mnt->mnt_sb;
 	int retval = 0;
 
-	if ((retval = security_sb_umount(mnt, flags)))
+	retval = security_sb_umount(mnt, flags);
+	if (retval)
 		return retval;
 
 	/*
@@ -470,7 +471,8 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd)
 	if (IS_DEADDIR(nd->dentry->d_inode))
 		goto out_unlock;
 
-	if ((err = security_sb_check_sb(mnt, nd)))
+	err = security_sb_check_sb(mnt, nd);
+	if (err)
 		goto out_unlock;
 
 	spin_lock(&dcache_lock);
@@ -740,7 +742,8 @@ long do_mount(char * dev_name, char * dir_name, char *type_page,
 	if (retval)
 		return retval;
 
-	if ((retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page)))
+	retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page);
+	if (retval)
 		goto dput_out;
 
 	if (flags & MS_REMOUNT)
@@ -985,7 +988,8 @@ asmlinkage long sys_pivot_root(const char *new_root, const char *put_old)
 	if (error)
 		goto out1;
 
-	if ((error = security_sb_pivotroot(&old_nd, &new_nd))) {
+	error = security_sb_pivotroot(&old_nd, &new_nd);
+	if (error) {
 		path_release(&old_nd);
 		goto out1;
 	}

fs/open.c

@@ -31,7 +31,8 @@ int vfs_statfs(struct super_block *sb, struct statfs *buf)
 		retval = -ENOSYS;
 		if (sb->s_op && sb->s_op->statfs) {
 			memset(buf, 0, sizeof(struct statfs));
-			if ((retval = security_sb_statfs(sb)))
+			retval = security_sb_statfs(sb);
+			if (retval)
 				return retval;
 			retval = sb->s_op->statfs(sb, buf);
 		}

fs/read_write.c

@@ -193,7 +193,8 @@ ssize_t vfs_read(struct file *file, char *buf, size_t count, loff_t *pos)
 
 	ret = locks_verify_area(FLOCK_VERIFY_READ, inode, file, *pos, count);
 	if (!ret) {
-		if (!(ret = security_file_permission (file, MAY_READ))) {
+		ret = security_file_permission (file, MAY_READ);
+		if (!ret) {
 			if (file->f_op->read)
 				ret = file->f_op->read(file, buf, count, pos);
 			else
@@ -232,7 +233,8 @@ ssize_t vfs_write(struct file *file, const char *buf, size_t count, loff_t *pos)
 
 	ret = locks_verify_area(FLOCK_VERIFY_WRITE, inode, file, *pos, count);
 	if (!ret) {
-		if (!(ret = security_file_permission (file, MAY_WRITE))) {
+		ret = security_file_permission (file, MAY_WRITE);
+		if (!ret) {
 			if (file->f_op->write)
 				ret = file->f_op->write(file, buf, count, pos);
 			else

fs/readdir.c

@@ -22,7 +22,8 @@ int vfs_readdir(struct file *file, filldir_t filler, void *buf)
 	if (!file->f_op || !file->f_op->readdir)
 		goto out;
 
-	if ((res = security_file_permission(file, MAY_READ)))
+	res = security_file_permission(file, MAY_READ);
+	if (res)
 		goto out;
 
 	down(&inode->i_sem);

fs/stat.c

@@ -38,7 +38,8 @@ int vfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
 	struct inode *inode = dentry->d_inode;
 	int retval;
 
-	if ((retval = security_inode_getattr(mnt, dentry)))
+	retval = security_inode_getattr(mnt, dentry);
+	if (retval)
 		return retval;
 
 	if (inode->i_op->getattr)
@@ -241,7 +242,8 @@ asmlinkage long sys_readlink(const char * path, char * buf, int bufsiz)
 
 		error = -EINVAL;
 		if (inode->i_op && inode->i_op->readlink) {
-			if (!(error = security_inode_readlink(nd.dentry))) {
+			error = security_inode_readlink(nd.dentry);
+			if (!error) {
 				UPDATE_ATIME(inode);
 				error = inode->i_op->readlink(nd.dentry, buf, bufsiz);
 			}

fs/xattr.c

@@ -86,7 +86,8 @@ setxattr(struct dentry *d, char *name, void *value, size_t size, int flags)
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {
-		if ((error = security_inode_setxattr(d, kname, kvalue, size, flags)))
+		error = security_inode_setxattr(d, kname, kvalue, size, flags);
+		if (error)
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags);
@@ -162,7 +163,8 @@ getxattr(struct dentry *d, char *name, void *value, size_t size)
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->getxattr) {
-		if ((error = security_inode_getxattr(d, kname)))
+		error = security_inode_getxattr(d, kname);
+		if (error)
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);
@@ -234,7 +236,8 @@ listxattr(struct dentry *d, char *list, size_t size)
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
-		if ((error = security_inode_listxattr(d)))
+		error = security_inode_listxattr(d);
+		if (error)
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->listxattr(d, klist, size);
@@ -308,7 +311,8 @@ removexattr(struct dentry *d, char *name)
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->removexattr) {
-		if ((error = security_inode_removexattr(d, kname)))
+		error = security_inode_removexattr(d, kname);
+		if (error)
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->removexattr(d, kname);

ipc/msg.c

@@ -101,7 +101,8 @@ static int newque (key_t key, int msgflg)
 	msq->q_perm.key = key;
 
 	msq->q_perm.security = NULL;
-	if ((retval = security_msg_queue_alloc(msq))) {
+	retval = security_msg_queue_alloc(msq);
+	if (retval) {
 		ipc_rcu_free(msq, sizeof(*msq));
 		return retval;
 	}

ipc/sem.c

@@ -136,7 +136,8 @@ static int newary (key_t key, int nsems, int semflg)
 	sma->sem_perm.key = key;
 
 	sma->sem_perm.security = NULL;
-	if ((retval = security_sem_alloc(sma))) {
+	retval = security_sem_alloc(sma);
+	if (retval) {
 		ipc_rcu_free(sma, size);
 		return retval;
 	}

ipc/shm.c

@@ -188,7 +188,8 @@ static int newseg (key_t key, int shmflg, size_t size)
 	shp->shm_flags = (shmflg & S_IRWXUGO);
 
 	shp->shm_perm.security = NULL;
-	if ((error = security_shm_alloc(shp))) {
+	error = security_shm_alloc(shp);
+	if (error) {
 		ipc_rcu_free(shp, sizeof(*shp));
 		return error;
 	}

kernel/acct.c

@@ -223,7 +223,8 @@ asmlinkage long sys_acct(const char *name)
 		}
 	}
 
-	if ((error = security_acct(file)))
+	error = security_acct(file);
+	if (error)
 		return error;
 
 	spin_lock(&acct_globals.lock);

kernel/fork.c

@@ -717,7 +717,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 	if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD))
 		return ERR_PTR(-EINVAL);
 
-	if ((retval = security_task_create(clone_flags)))
+	retval = security_task_create(clone_flags);
+	if (retval)
 		goto fork_out;
 
 	retval = -ENOMEM;

kernel/ptrace.c

@@ -101,7 +101,8 @@ int ptrace_attach(struct task_struct *task)
 	/* the same process cannot be attached many times */
 	if (task->ptrace & PT_PTRACED)
 		goto bad;
-	if ((retval = security_ptrace(current, task)))
+	retval = security_ptrace(current, task);
+	if (retval)
 		goto bad;
 
 	/* Go */

kernel/sched.c

@@ -1348,7 +1348,8 @@ asmlinkage long sys_nice(int increment)
 	if (nice > 19)
 		nice = 19;
 
-	if ((retval = security_task_setnice(current, nice)))
+	retval = security_task_setnice(current, nice);
+	if (retval)
 		return retval;
 
 	set_user_nice(current, nice);
@@ -1469,7 +1470,8 @@ static int setscheduler(pid_t pid, int policy, struct sched_param *param)
 	    !capable(CAP_SYS_NICE))
 		goto out_unlock;
 
-	if ((retval = security_task_setscheduler(p, policy, &lp)))
+	retval = security_task_setscheduler(p, policy, &lp);
+	if (retval)
 		goto out_unlock;
 
 	array = p->array;
@@ -1532,7 +1534,8 @@ asmlinkage long sys_sched_getscheduler(pid_t pid)
 	read_lock(&tasklist_lock);
 	p = find_process_by_pid(pid);
 	if (p) {
-		if (!(retval = security_task_getscheduler(p)))
+		retval = security_task_getscheduler(p);
+		if (!retval)
 			retval = p->policy;
 	}
 	read_unlock(&tasklist_lock);
@@ -1561,7 +1564,8 @@ asmlinkage long sys_sched_getparam(pid_t pid, struct sched_param *param)
 	if (!p)
 		goto out_unlock;
 
-	if ((retval = security_task_getscheduler(p)))
+	retval = security_task_getscheduler(p);
+	if (retval)
 		goto out_unlock;
 
 	lp.sched_priority = p->rt_priority;
@@ -1820,7 +1824,8 @@ asmlinkage long sys_sched_rr_get_interval(pid_t pid, struct timespec *interval)
 	if (!p)
 		goto out_unlock;
 
-	if ((retval = security_task_getscheduler(p)))
+	retval = security_task_getscheduler(p);
+	if (retval)
 		goto out_unlock;
 
 	jiffies_to_timespec(p->policy & SCHED_FIFO ?

kernel/signal.c

@@ -739,7 +739,8 @@ specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t, int
 	ret = -EPERM;
 	if (bad_signal(sig, info, t))
 		goto out;
-	if ((ret = security_task_kill(t, info, sig)))
+	ret = security_task_kill(t, info, sig);
+	if (ret)
 		goto out;
 
 	/* The null signal is a permissions and process existence probe.

kernel/sys.c

@@ -485,7 +485,8 @@ asmlinkage long sys_setregid(gid_t rgid, gid_t egid)
 	int new_egid = old_egid;
 	int retval;
 
-	if ((retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE)))
+	retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
+	if (retval)
 		return retval;
 
 	if (rgid != (gid_t) -1) {
@@ -530,7 +531,8 @@ asmlinkage long sys_setgid(gid_t gid)
 	int old_egid = current->egid;
 	int retval;
 
-	if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID)))
+	retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
+	if (retval)
 		return retval;
 
 	if (capable(CAP_SETGID))
@@ -603,7 +605,8 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
 	int old_ruid, old_euid, old_suid, new_ruid, new_euid;
 	int retval;
 
-	if ((retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE)))
+	retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
+	if (retval)
 		return retval;
 
 	new_ruid = old_ruid = current->uid;
@@ -663,7 +666,8 @@ asmlinkage long sys_setuid(uid_t uid)
 	int old_ruid, old_suid, new_ruid, new_suid;
 	int retval;
 
-	if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID)))
+	retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
+	if (retval)
 		return retval;
 
 	old_ruid = new_ruid = current->uid;
@@ -700,7 +704,8 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
 	int old_suid = current->suid;
 	int retval;
 
-	if ((retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES)))
+	retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES);
+	if (retval)
 		return retval;
 
 	if (!capable(CAP_SETUID)) {
@@ -751,7 +756,8 @@ asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
 {
 	int retval;
 
-	if ((retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES)))
+	retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES);
+	if (retval)
 		return retval;
 
 	if (!capable(CAP_SETGID)) {
@@ -804,7 +810,8 @@ asmlinkage long sys_setfsuid(uid_t uid)
 	int old_fsuid;
 	int retval;
 
-	if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
+	retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
+	if (retval)
 		return retval;
 
 	old_fsuid = current->fsuid;
@@ -820,7 +827,8 @@ asmlinkage long sys_setfsuid(uid_t uid)
 		current->fsuid = uid;
 	}
 
-	if ((retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
+	retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
+	if (retval)
 		return retval;
 
 	return old_fsuid;
@@ -834,7 +842,8 @@ asmlinkage long sys_setfsgid(gid_t gid)
 	int old_fsgid;
 	int retval;
 
-	if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)))
+	retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS);
+	if (retval)
 		return retval;
 
 	old_fsgid = current->fsgid;
@@ -959,7 +968,8 @@ asmlinkage long sys_getpgid(pid_t pid)
 
 		retval = -ESRCH;
 		if (p) {
-			if (!(retval = security_task_getpgid(p)))
+			retval = security_task_getpgid(p);
+			if (!retval)
 				retval = p->pgrp;
 		}
 		read_unlock(&tasklist_lock);
@@ -986,7 +996,8 @@ asmlinkage long sys_getsid(pid_t pid)
 
 		retval = -ESRCH;
 		if(p) {
-			if (!(retval = security_task_getsid(p)))
+			retval = security_task_getsid(p);
+			if (!retval)
 				retval = p->session;
 		}
 		read_unlock(&tasklist_lock);
@@ -1067,7 +1078,8 @@ asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist)
 		return -EINVAL;
 	if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t)))
 		return -EFAULT;
-	if ((retval = security_task_setgroups(gidsetsize, groups)))
+	retval = security_task_setgroups(gidsetsize, groups);
+	if (retval)
 		return retval;
 	memcpy(current->groups, groups, gidsetsize * sizeof(gid_t));
 	current->ngroups = gidsetsize;
@@ -1230,7 +1242,8 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit *rlim)
 			return -EPERM;
 	}
 
-	if ((retval = security_task_setrlimit(resource, &new_rlim)))
+	retval = security_task_setrlimit(resource, &new_rlim);
+	if (retval)
 		return retval;
 
 	*old_rlim = new_rlim;
@@ -1304,7 +1317,8 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
 	int error = 0;
 	int sig;
 
-	if ((error = security_task_prctl(option, arg2, arg3, arg4, arg5)))
+	error = security_task_prctl(option, arg2, arg3, arg4, arg5);
+	if (error)
 		return error;
 
 	switch (option) {

kernel/uid16.c

@@ -140,7 +140,8 @@ asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t *grouplist)
 		return -EFAULT;
 	for (i = 0 ; i < gidsetsize ; i++)
 		new_groups[i] = (gid_t)groups[i];
-	if ((i = security_task_setgroups(gidsetsize, new_groups)))
+	i = security_task_setgroups(gidsetsize, new_groups);
+	if (i)
 		return i;
 	memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t));
 	current->ngroups = gidsetsize;

mm/mmap.c

@@ -504,7 +504,8 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr,
 		}
 	}
 
-	if ((error = security_file_mmap(file, prot, flags)))
+	error = security_file_mmap(file, prot, flags);
+	if (error)
 		return error;
 		
 	/* Clear old maps */

mm/mprotect.c

@@ -263,7 +263,8 @@ sys_mprotect(unsigned long start, size_t len, unsigned long prot)
 			goto out;
 		}
 
-		if ((error = security_file_mprotect(vma, prot)))
+		error = security_file_mprotect(vma, prot);
+		if (error)
 			goto out;
 
 		if (vma->vm_end > end) {

net/core/scm.c

@@ -217,7 +217,8 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
 	for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
 	{
 		int new_fd;
-		if ((err = security_file_receive(fp[i])))
+		err = security_file_receive(fp[i]);
+		if (err)
 			break;
 		err = get_unused_fd();
 		if (err < 0)