UBUNTU: SAUCE: AppArmor: -- sync to AppArmor mainline 2010-07-29

Sync to version of AppArmor in security-next tree as of 2010-07-29

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>

22 files changed, 95 insertions, 84 deletions

diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
index c054cf79f1c..72555b9ca7d 100644
--- a/security/apparmor/Kconfig
+++ b/security/apparmor/Kconfig
@@ -10,7 +10,7 @@ config SECURITY_APPARMOR
 	  This enables the AppArmor security module.
 	  Required userspace tools (if they are not included in your
 	  distribution) and further information may be found at
-	  <http://forge.novell.com/modules/xfmod/project/?apparmor>
+	  http://apparmor.wiki.kernel.org
 
 	  If you are unsure how to answer this question, answer N.
 
@@ -24,8 +24,8 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE
 	  'apparmor', which allows AppArmor to be enabled or disabled
           at boot.  If this option is set to 0 (zero), the AppArmor
 	  kernel parameter will default to 0, disabling AppArmor at
-	  bootup.  If this option is set to 1 (one), the AppArmor
+	  boot.  If this option is set to 1 (one), the AppArmor
 	  kernel parameter will default to 1, enabling AppArmor at
-	  bootup.
+	  boot.
 
 	  If you are unsure how to answer this question, answer 1.
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index d8a27a4c84c..7320331b44a 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -139,9 +139,9 @@ static const struct file_operations aa_fs_profile_remove = {
 
 /** Base file system setup **/
 
-static struct dentry *aa_fs_dentry;
+static struct dentry *aa_fs_dentry __initdata;
 
-static void aafs_remove(const char *name)
+static void __init aafs_remove(const char *name)
 {
 	struct dentry *dentry;
 
@@ -160,8 +160,8 @@ static void aafs_remove(const char *name)
  *
  * Used aafs_remove to remove entries created with this fn.
  */
-static int aafs_create(const char *name, int mask,
-		       const struct file_operations *fops)
+static int __init aafs_create(const char *name, int mask,
+			      const struct file_operations *fops)
 {
 	struct dentry *dentry;
 
@@ -176,7 +176,7 @@ static int aafs_create(const char *name, int mask,
  *
  * releases dentries allocated by aa_create_aafs
  */
-void aa_destroy_aafs(void)
+void __init aa_destroy_aafs(void)
 {
 	if (aa_fs_dentry) {
 		aafs_remove(".remove");
@@ -195,7 +195,7 @@ void aa_destroy_aafs(void)
  *
  * Returns: error on failure
  */
-int aa_create_aafs(void)
+int __init aa_create_aafs(void)
 {
 	int error;
 
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index d0311eb71a6..96502b22b26 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -197,10 +197,10 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp,
 	     AUDIT_MODE(profile) == AUDIT_QUIET))
 		return sa->aad.error;
 
-	if (profile && KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
+	if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
 		type = AUDIT_APPARMOR_KILL;
 
-	if (profile && !unconfined(profile))
+	if (!unconfined(profile))
 		sa->aad.profile = profile;
 
 	aa_audit_msg(type, sa, cb);
diff --git a/security/apparmor/capability.c b/security/apparmor/capability.c
index 80f710fc2ca..9982c48def4 100644
--- a/security/apparmor/capability.c
+++ b/security/apparmor/capability.c
@@ -56,7 +56,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
  * Do auditing of capability and handle, audit/complain/kill modes switching
  * and duplicate message elimination.
  *
- * Returns: 0 or sa->error on succes,  error code on failure
+ * Returns: 0 or sa->error on success,  error code on failure
  */
 static int audit_caps(struct aa_profile *profile, struct task_struct *task,
 		      int cap, int error)
diff --git a/security/apparmor/context.c b/security/apparmor/context.c
index deb4a30e0f3..8a9b5027c81 100644
--- a/security/apparmor/context.c
+++ b/security/apparmor/context.c
@@ -30,7 +30,7 @@
 #include "include/policy.h"
 
 /**
- * aa_alloc_task_context - allocat a new task_cxt
+ * aa_alloc_task_context - allocate a new task_cxt
  * @flags: gfp flags for allocation
  *
  * Returns: allocated buffer or NULL on failure
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index 9efb5d91f22..08bbe6397a7 100644
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -114,7 +114,7 @@ static struct file_perms change_profile_perms(struct aa_profile *profile,
 	} else if (!profile->file.dfa) {
 		return nullperms;
 	} else if ((ns == profile->ns)) {
-		/* try matching against rules with out namespace prependend */
+		/* try matching against rules with out namespace prepended */
 		aa_str_perms(profile->file.dfa, start, name, &cond, &perms);
 		if (COMBINED_PERM_MASK(perms) & request)
 			return perms;
@@ -134,9 +134,9 @@ static struct file_perms change_profile_perms(struct aa_profile *profile,
  * @head - profile list to walk  (NOT NULL)
  *
  * Do a linear search on the profiles in the list.  There is a matching
- * preference where an exact match is prefered over a name which uses
+ * preference where an exact match is preferred over a name which uses
  * expressions to match, and matching expressions with the greatest
- * xmatch_len are prefered.
+ * xmatch_len are preferred.
  *
  * Requires: @head not be shared or have appropriate locks held
  *
@@ -196,7 +196,7 @@ static struct aa_profile *find_attach(struct aa_namespace *ns,
  * This is the xtable equivalent routine of aa_split_fqname.  It finds the
  * split in an xtable fqname which contains an embedded \0 instead of a :
  * if a namespace is specified.  This is done so the xtable is constant and
- * isn't resplit on every lookup.
+ * isn't re-split on every lookup.
  *
  * Either the profile or namespace name may be optional but if the namespace
  * is specified the profile name termination must be present.  This results
@@ -205,7 +205,7 @@ static struct aa_profile *find_attach(struct aa_namespace *ns,
  * :ns_name\0profile_name\0
  * :ns_name\0\0
  *
- * NOTE: the xtable fqname is prevalidated at load time in unpack_trans_table
+ * NOTE: the xtable fqname is pre-validated at load time in unpack_trans_table
  *
  * Returns: profile name if it is specified else NULL
  */
@@ -214,6 +214,10 @@ static const char *separate_fqname(const char *fqname, const char **ns_name)
 	const char *name;
 
 	if (fqname[0] == ':') {
+		/* In this case there is guaranteed to be two \0 terminators
+		 * in the string.  They are verified at load time by
+		 * by unpack_trans_table
+		 */
 		*ns_name = fqname + 1;		/* skip : */
 		name = *ns_name + strlen(*ns_name) + 1;
 		if (!*name)
@@ -246,7 +250,7 @@ static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
 	int index = xindex & AA_X_INDEX_MASK;
 	const char *name;
 
-	/* index is guarenteed to be in range, validated at load time */
+	/* index is guaranteed to be in range, validated at load time */
 	for (name = profile->file.trans.table[index]; !new_profile && name;
 	     name = next_name(xtype, name)) {
 		struct aa_namespace *new_ns;
@@ -292,7 +296,7 @@ static struct aa_profile *x_table_lookup(struct aa_profile *profile, u32 xindex)
 /**
  * x_to_profile - get target profile for a given xindex
  * @profile: current profile  (NOT NULL)
- * @name: to to lookup (NOT NULL)
+ * @name: name to lookup (NOT NULL)
  * @xindex: index into x transition table
  *
  * find profile for a transition index
@@ -673,7 +677,7 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
 		if (!permtest) {
 			error = aa_set_current_hat(hat, token);
 			if (error == -EACCES)
-				/* kill task incase of brute force attacks */
+				/* kill task in case of brute force attacks */
 				perms.kill = AA_MAY_CHANGEHAT;
 			else if (name && !error)
 				/* reset error for learning of new hats */
@@ -782,7 +786,7 @@ int aa_change_profile(const char *ns_name, const char *hname, bool onexec,
 		error = -ENOENT;
 		if (permtest || !COMPLAIN_MODE(profile))
 			goto audit;
-		/* release below */
+		/* released below */
 		target = aa_new_null_profile(profile, 0);
 		if (!target) {
 			info = "failed null profile create";
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 1b3c0a9edee..7312db74121 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -23,7 +23,7 @@ struct file_perms nullperms;
 
 
 /**
- * audit_file_mask - convert mask to owner::other string
+ * audit_file_mask - convert mask to permission string
  * @buffer: buffer to write string to (NOT NULL)
  * @mask: permission mask to convert
  */
diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
index c51e551ec1a..38ccaea0820 100644
--- a/security/apparmor/include/apparmor.h
+++ b/security/apparmor/include/apparmor.h
@@ -19,8 +19,7 @@
 
 #include "match.h"
 
-/* Control parameters settable thru module/boot flags or
- * via /sys/kernel/security/apparmor/control */
+/* Control parameters settable through module/boot flags */
 extern enum audit_mode aa_g_audit;
 extern int aa_g_audit_header;
 extern int aa_g_debug;
@@ -47,7 +46,7 @@ extern unsigned int aa_g_path_max;
 	} while (0)
 
 /* Flag indicating whether initialization completed */
-extern int apparmor_initialized;
+extern int apparmor_initialized __initdata;
 
 /* fn's in lib */
 char *aa_split_fqname(char *args, char **ns_name);
@@ -76,12 +75,12 @@ static inline bool aa_strneq(const char *str, const char *sub, int len)
  *
  * aa_dfa_null_transition transitions to the next state after a null
  * character which is not used in standard matching and is only
- * used to seperate pairs.
+ * used to separate pairs.
  */
 static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa,
 						  unsigned int start)
 {
-	/* the null transition only needs a single null byte of the string */
+	/* the null transition only needs the string's null terminator byte */
 	return aa_dfa_match_len(dfa, start, "", 1);
 }
 
diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index cfbae70b7cb..cb1e93a114d 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -15,6 +15,6 @@
 #ifndef __AA_APPARMORFS_H
 #define __AA_APPARMORFS_H
 
-extern void aa_destroy_aafs(void);
+extern void __init aa_destroy_aafs(void);
 
 #endif /* __AA_APPARMORFS_H */
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index bba5ced35bd..be36feabb16 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -37,7 +37,7 @@ struct aa_profile;
 #define AA_EXEC_MMAP                   0x0800
 
 #define AA_MAY_LINK			0x1000
-#define AA_LINK_SUBSET			AA_MAY_LOCK	/* overlayed */
+#define AA_LINK_SUBSET			AA_MAY_LOCK	/* overlaid */
 #define AA_MAY_ONEXEC			0x40000000	/* exec allows onexec */
 #define AA_MAY_CHANGE_PROFILE		0x80000000
 #define AA_MAY_CHANGEHAT		0x80000000	/* ctrl auditing only */
@@ -70,13 +70,13 @@ struct aa_profile;
 /* AA_SECURE_X_NEEDED - is passed in the bprm->unsafe field */
 #define AA_SECURE_X_NEEDED	0x8000
 
-/* need to conditionalize which ones are being set */
+/* need to make conditional which ones are being set */
 struct path_cond {
 	uid_t uid;
 	umode_t mode;
 };
 
-/* struct file_perms - file permission fo
+/* struct file_perms - file permission
  * @allow: mask of permissions that are allowed
  * @audit: mask of permissions to force an audit message for
  * @quiet: mask of permissions to quiet audit messages for
diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h
index 3cd089f7536..734a6d35112 100644
--- a/security/apparmor/include/match.h
+++ b/security/apparmor/include/match.h
@@ -121,7 +121,7 @@ void aa_dfa_free_kref(struct kref *kref);
  * aa_put_dfa - put a dfa refcount
  * @dfa: dfa to put refcount   (MAYBE NULL)
  *
- * Requires: if @dfa != NULL that valid refcount be held
+ * Requires: if @dfa != NULL that a valid refcount be held
  */
 static inline void aa_put_dfa(struct aa_dfa *dfa)
 {
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 7d757b8f59d..aeda5cf5690 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -56,20 +56,18 @@ enum profile_mode {
 
 enum profile_flags {
 	PFLAG_HAT = 1,			/* profile is a hat */
-	PFLAG_UNCONFINED = 2,		/* profile is the unconfined profile */
+	PFLAG_UNCONFINED = 2,		/* profile is an unconfined profile */
 	PFLAG_NULL = 4,			/* profile is null learning profile */
 	PFLAG_IX_ON_NAME_ERROR = 8,	/* fallback to ix on name lookup fail */
 	PFLAG_IMMUTABLE = 0x10,		/* don't allow changes/replacement */
-	PFLAG_USER_DEFINED = 0x20,	/* user based profile */
+	PFLAG_USER_DEFINED = 0x20,	/* user based profile - lower privs */
 	PFLAG_NO_LIST_REF = 0x40,	/* list doesn't keep profile ref */
 	PFLAG_OLD_NULL_TRANS = 0x100,	/* use // as the null transition */
 
-	/* These flags must coorespond with PATH_flags */
+	/* These flags must correspond with PATH_flags */
 	PFLAG_MEDIATE_DELETED = 0x10000, /* mediate instead delegate deleted */
 };
 
-#define AA_NEW_SID 0
-
 struct aa_profile;
 
 /* struct aa_policy - common part of both namespaces and profiles
@@ -110,8 +108,8 @@ struct aa_ns_acct {
  *
  * An aa_namespace defines the set profiles that are searched to determine
  * which profile to attach to a task.  Profiles can not be shared between
- * aa_namespaces and profile names within a namespace are guarenteed to be
- * unique.  When profiles in seperate namespaces have the same name they
+ * aa_namespaces and profile names within a namespace are guaranteed to be
+ * unique.  When profiles in separate namespaces have the same name they
  * are NOT considered to be equivalent.
  *
  * Namespaces are hierarchical and only namespaces and profiles below the
@@ -119,7 +117,8 @@ struct aa_ns_acct {
  *
  * Namespace names must be unique and can not contain the characters :/\0
  *
- * FIXME TODO: add vserver support so a vserer (can it all be done in userspace)
+ * FIXME TODO: add vserver support of namespaces (can it all be done in
+ *             userspace?)
  */
 struct aa_namespace {
 	struct aa_policy base;
@@ -131,10 +130,10 @@ struct aa_namespace {
 };
 
 /* struct aa_profile - basic confinement data
- * @base - base componets of the profile (name, refcount, lists, lock ...)
+ * @base - base components of the profile (name, refcount, lists, lock ...)
  * @parent: parent of profile
  * @ns: namespace the profile is in
- * @replacedby: is set profile that replaced this profile
+ * @replacedby: is set to the profile that replaced this profile
  * @rename: optional profile name that this profile renamed
  * @xmatch: optional extended matching for unconfined executables names
  * @xmatch_len: xmatch prefix len, used to determine xmatch priority
@@ -156,7 +155,7 @@ struct aa_namespace {
  * The @replacedby field is write protected by the profile lock.  Reads
  * are assumed to be atomic, and are done without locking.
  *
- * Profiles have a hierachy where hats and children profiles keep
+ * Profiles have a hierarchy where hats and children profiles keep
  * a reference to their parent.
  *
  * Profile names can not begin with a : and can not contain the \0
@@ -211,7 +210,7 @@ static inline struct aa_policy *aa_get_common(struct aa_policy *c)
  * aa_get_namespace - increment references count on @ns
  * @ns: namespace to increment reference count of (MAYBE NULL)
  *
- * Returns: pointer to @ns if @ns is NULL returns NULL
+ * Returns: pointer to @ns, if @ns is NULL returns NULL
  * Requires: @ns must be held with valid refcount when called
  */
 static inline struct aa_namespace *aa_get_namespace(struct aa_namespace *ns)
@@ -224,9 +223,9 @@ static inline struct aa_namespace *aa_get_namespace(struct aa_namespace *ns)
 
 /**
  * aa_put_namespace - decrement refcount on @ns
- * @ns: namespace to put reference to
+ * @ns: namespace to put reference of
  *
- * Decrement reference count to @ns and if no longer in use free it
+ * Decrement reference count of @ns and if no longer in use free it
  */
 static inline void aa_put_namespace(struct aa_namespace *ns)
 {
@@ -262,9 +261,8 @@ ssize_t aa_remove_profiles(char *name, size_t size);
  */
 static inline struct aa_profile *aa_newest_version(struct aa_profile *profile)
 {
-	if (unlikely(profile && profile->replacedby))
-		for (; profile->replacedby; profile = profile->replacedby)
-			;
+	while (profile->replacedby)
+		profile = profile->replacedby;
 
 	return profile;
 }
diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h
index 88025222cd7..544aa6b766a 100644
--- a/security/apparmor/include/procattr.h
+++ b/security/apparmor/include/procattr.h
@@ -1,7 +1,7 @@
 /*
  * AppArmor security module
  *
- * This file contains AppArmor /proc/<pid>/attr/ interface function defintions.
+ * This file contains AppArmor /proc/<pid>/attr/ interface function definitions.
  *
  * Copyright (C) 1998-2008 Novell/SUSE
  * Copyright 2009-2010 Canonical Ltd.
diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h
index 1e009cef698..3c88be94649 100644
--- a/security/apparmor/include/resource.h
+++ b/security/apparmor/include/resource.h
@@ -1,7 +1,7 @@
 /*
  * AppArmor security module
  *
- * This file contains AppArmor resource limits function defintions.
+ * This file contains AppArmor resource limits function definitions.
  *
  * Copyright (C) 1998-2008 Novell/SUSE
  * Copyright 2009-2010 Canonical Ltd.
@@ -20,7 +20,7 @@
 
 struct aa_profile;
 
-/* struct aa_rlimit - rlimits settings for the profile
+/* struct aa_rlimit - rlimit settings for the profile
  * @mask: which hard limits to set
  * @limits: rlimit values that override task limits
  *
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 51837b5a10a..6e85cdb4303 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -30,7 +30,7 @@
  * description).  If a portion of the name is missing it returns NULL for
  * that portion.
  *
- * NOTE: may modifiy the @fqname string.  The pointers returned point
+ * NOTE: may modify the @fqname string.  The pointers returned point
  *       into the @fqname string.
  */
 char *aa_split_fqname(char *fqname, char **ns_name)
@@ -65,13 +65,13 @@ void aa_info_message(const char *str)
 		struct common_audit_data sa;
 		COMMON_AUDIT_DATA_INIT(&sa, NONE);
 		sa.aad.info = str;
-		printk(KERN_INFO "AppArmor: %s\n", str);
 		aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
 	}
+	printk(KERN_INFO "AppArmor: %s\n", str);
 }
 
 /**
- * kvmalloc - do allocation prefering kmalloc but falling back to vmalloc
+ * kvmalloc - do allocation preferring kmalloc but falling back to vmalloc
  * @size: size of allocation
  *
  * Return: allocated buffer or NULL if failed
@@ -90,6 +90,9 @@ void *kvmalloc(size_t size)
 	if (size <= (16*PAGE_SIZE))
 		buffer = kmalloc(size, GFP_NOIO | __GFP_NOWARN);
 	if (!buffer) {
+		/* see kvfree for why size must be at least work_struct size
+		 * when allocated via vmalloc
+		 */
 		if (size < sizeof(struct work_struct))
 			size = sizeof(struct work_struct);
 		buffer = vmalloc(size);
@@ -101,7 +104,7 @@ void *kvmalloc(size_t size)
  * do_vfree - workqueue routine for freeing vmalloced memory
  * @work: data to be freed
  *
- * The work_struct is overlayed to the data being freed, as at the point
+ * The work_struct is overlaid to the data being freed, as at the point
  * the work is scheduled the data is no longer valid, be its freeing
  * needs to be delayed until safe.
  */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index b4828d74a1d..7daf0d52803 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -36,7 +36,7 @@
 #include "include/procattr.h"
 
 /* Flag indicating whether initialization completed */
-int apparmor_initialized;
+int apparmor_initialized __initdata;
 
 /*
  * LSM hook functions
diff --git a/security/apparmor/match.c b/security/apparmor/match.c
index 8e7523ab392..5cb4dc1f699 100644
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -193,8 +193,8 @@ void aa_dfa_free_kref(struct kref *kref)
  * @size: size of data to unpack
  * @flags: flags controlling what type of accept tables are acceptable
  *
- * Unpack a dfa that has been serialized.  Dfa format and information in
- * Documentation/AppArmor/dfa.txt
+ * Unpack a dfa that has been serialized.  To find information on the dfa
+ * format look in Documentation/apparmor.txt
  * Assumes the dfa @blob stream has been aligned on a 8 byte boundry
  *
  * Returns: an unpacked dfa ready for matching or ERR_PTR on failure
diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index a19ba058993..96bab9469d4 100644
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -46,7 +46,7 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen)
  * @buf:  buffer to store path to  (NOT NULL)
  * @buflen: length of @buf
  * @name: Returns - pointer for start of path name with in @buf (NOT NULL)
- * @flags: flags controling path lookup
+ * @flags: flags controlling path lookup
  *
  * Handle path name lookup.
  *
@@ -110,7 +110,7 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
 		 *
 		 * Remove the appended deleted text and return as string for
 		 * normal mediation, or auditing.  The (deleted) string is
-		 * guarenteed to be added in this case, so just strip it.
+		 * guaranteed to be added in this case, so just strip it.
 		 */
 		buf[buflen - 11] = 0;	/* - (len(" (deleted)") +\0) */
 
@@ -190,7 +190,7 @@ static int get_name_to_buffer(struct path *path, int flags, char *buffer,
 /**
  * aa_get_name - compute the pathname of a file
  * @path: path the file  (NOT NULL)
- * @flags: flags controling path name generation
+ * @flags: flags controlling path name generation
  * @buffer: buffer that aa_get_name() allocated  (NOT NULL)
  * @name: Returns - the generated path name if !error (NOT NULL)
  *
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 7fecdf2d2df..3cdc1ad0787 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -13,7 +13,7 @@
  *
  *
  * AppArmor policy is based around profiles, which contain the rules a
- * task is confined by.  Every task in the sytem has a profile attached
+ * task is confined by.  Every task in the system has a profile attached
  * to it determined either by matching "unconfined" tasks against the
  * visible set of profiles or by following a profiles attachment rules.
  *
@@ -31,21 +31,21 @@
  * Reserved profile names
  *	unconfined - special automatically generated unconfined profile
  *	inherit - special name to indicate profile inheritance
- *	null-XXXX-YYYY - special automically generated learning profiles
+ *	null-XXXX-YYYY - special automatically generated learning profiles
  *
  * Namespace names may not start with / or @ and may not contain \0 or :
- * Reserved namespace namespace
+ * Reserved namespace names
  *	user-XXXX - user defined profiles
  *
- * a // in a profile or namespace name indicates a hierarcical name with the
+ * a // in a profile or namespace name indicates a hierarchical name with the
  * name before the // being the parent and the name after the child.
  *
- * Profile and namespace hierachies serve two different but similar purposes.
+ * Profile and namespace hierarchies serve two different but similar purposes.
  * The namespace contains the set of visible profiles that are considered
  * for attachment.  The hierarchy of namespaces allows for virtualizing
  * the namespace so that for example a chroot can have its own set of profiles
  * which may define some local user namespaces.
- * The profile hierachy severs two distinct purposes,
+ * The profile hierarchy severs two distinct purposes,
  * -  it allows for sub profiles or hats, which allows an application to run
  *    subprograms under its own profile with different restriction than it
  *    self, and not have it use the system profile.
@@ -60,8 +60,8 @@
  *   eg. /bin/bash///bin/ls as a name would indicate /bin/ls was started
  *       from /bin/bash
  *
- *   A profile or namespace name that can contain one or more // seperators
- *   is refered to as an hname (hierarchical).
+ *   A profile or namespace name that can contain one or more // separators
+ *   is referred to as an hname (hierarchical).
  *   eg.  /bin/bash//bin/ls
  *
  *   An fqname is a name that may contain both namespace and profile hnames.
@@ -191,7 +191,7 @@ static struct aa_policy *__policy_find(struct list_head *head, const char *name)
 }
 
 /**
- * __policy_strn_find - find a policy thats name matches @len chars of @str
+ * __policy_strn_find - find a policy that's name matches @len chars of @str
  * @head: list to search  (NOT NULL)
  * @str: string to search for  (NOT NULL)
  * @len: length of match required
@@ -257,7 +257,7 @@ const char *aa_ns_name(struct aa_namespace *curr, struct aa_namespace *view)
 		/* at this point if a ns is visible it is in a view ns
 		 * thus the curr ns.hname is a prefix of its name.
 		 * Only output the virtualized portion of the name
-		 * Add + 2 to skip over // seperating curr hname prefix
+		 * Add + 2 to skip over // separating curr hname prefix
 		 * from the visible tail of the views hname
 		 */
 		return view->base.hname + strlen(curr->base.hname) + 2;
@@ -477,7 +477,7 @@ static void __list_remove_profile(struct aa_profile *profile)
  * @old: profile to be replaced  (NOT NULL)
  * @new: profile to replace @old with  (NOT NULL)
  *
- * Will duplicaticate and refcount elements that @new inherits from @old
+ * Will duplicate and refcount elements that @new inherits from @old
  * and will inherit @old children.
  *
  * refcount @new for list, put @old list refcount
@@ -503,7 +503,7 @@ static void __replace_profile(struct aa_profile *old, struct aa_profile *new)
 	list_for_each_entry_safe(child, tmp, &old->base.profiles, base.list) {
 		aa_put_profile(child->parent);
 		child->parent = aa_get_profile(new);
-		/* list refcount transfered to @new*/
+		/* list refcount transferred to @new*/
 		list_move(&child->base.list, &new->base.profiles);
 	}
 
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 5b5dacb9623..eb3700e9fd3 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -13,7 +13,7 @@
  * License.
  *
  * AppArmor uses a serialized binary format for loading policy.
- * The policy format is documented in Documentation/???
+ * To find policy format documentation look in Documentation/apparmor.txt
  * All policy is validated before it is used.
  */
 
@@ -35,7 +35,7 @@
  * which has a name (AA_NAME typecode followed by name string) followed by
  * the entries typecode and data.  Named types allow for optional
  * elements and extensions to be added and tested for without breaking
- * backwards compatability.
+ * backwards compatibility.
  */
 
 enum aa_code {
@@ -154,10 +154,11 @@ static bool unpack_X(struct aa_ext *e, enum aa_code code)
  * name @name.  If @name is specified then there must be a matching
  * name element in the stream.  If @name is NULL any name element will be
  * skipped and only the typecode will be tested.
- * returns 1 on success (both type code and name tests match) and the read
+ *
+ * Returns 1 on success (both type code and name tests match) and the read
  * head is advanced past the headers
  *
- * Returns: 0 if either match failes, the read head does not move
+ * Returns: 0 if either match fails, the read head does not move
  */
 static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name)
 {
@@ -381,6 +382,9 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
 		for (i = 0; i < size; i++) {
 			char *str;
 			int c, j, size = unpack_strdup(e, &str, NULL);
+			/* unpack_strdup verifies that the last character is
+			 * null termination byte.
+			 */
 			if (!size)
 				goto fail;
 			profile->file.trans.table[i] = str;
@@ -394,7 +398,10 @@ static bool unpack_trans_table(struct aa_ext *e, struct aa_profile *profile)
 					c++;
 			}
 			if (*str == ':') {
-				/* beginning with : requires an embedded \0 */
+				/* beginning with : requires an embedded \0,
+				 * verify that exactly 1 internal \0 exists
+				 * trailing \0 already verified by unpack_strdup
+				 */
 				if (c != 1)
 					goto fail;
 				/* first character after : must be valid */
diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c
index 8a2d22cbd4c..04a2cf8d1b6 100644
--- a/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -57,13 +57,13 @@ int aa_getprocattr(struct aa_profile *profile, char **string)
 		mode_len = strlen(mode_str) + 3;	/* + 3 for _() */
 
 	name_len = strlen(profile->base.hname);
-	len = mode_len + ns_len + name_len + 1;	    /*+ 1 for \n */
+	len = mode_len + ns_len + name_len + 1;	    /* + 1 for \n */
 	s = str = kmalloc(len + 1, GFP_KERNEL);	    /* + 1 \0 */
 	if (!str)
 		return -ENOMEM;
 
 	if (ns_len) {
-		/* skip over prefix current_ns->base.hname and seperating // */
+		/* skip over prefix current_ns->base.hname and separating // */
 		sprintf(s, ":%s://", ns_name);
 		s += ns_len;
 	}
@@ -127,7 +127,7 @@ int aa_setprocattr_changehat(char *args, size_t size, int test)
 	}
 
 	if (hat) {
-		/* set up hat name vector, args guarenteed null terminated
+		/* set up hat name vector, args guaranteed null terminated
 		 * at args[size] by setprocattr.
 		 *
 		 * If there are multiple hat names in the buffer each is
diff --git a/security/apparmor/resource.c b/security/apparmor/resource.c
index ad69bf3782b..4a368f1fd36 100644
--- a/security/apparmor/resource.c
+++ b/security/apparmor/resource.c
@@ -61,7 +61,7 @@ static int audit_resource(struct aa_profile *profile, unsigned int resource,
  *
  * Returns: resource # for the current architecture.
  *
- * rlimit resource can vary based on architecture map the compiled policy
+ * rlimit resource can vary based on architecture, map the compiled policy
  * resource # to the internal representation for the architecture.
  */
 int aa_map_resource(int resource)