From: Andrew Morton <akpm@linux-foundation.org>

Cc: Andrew G. Morgan <morgan@kernel.org>
Cc: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 security/commoncap.c |   32 +++++++++++++++-----------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff -puN security/commoncap.c~security-protect-legacy-apps-from-insufficient-privilege-cleanup security/commoncap.c
--- a/security/commoncap.c~security-protect-legacy-apps-from-insufficient-privilege-cleanup
+++ a/security/commoncap.c
@@ -228,30 +228,28 @@ static inline int cap_from_disk(struct v
 	ret = 0;
 
 	CAP_FOR_EACH_U32(i) {
+		__u32 value_cpu;
+
 		if (i >= tocopy) {
 			/*
 			 * Legacy capability sets have no upper bits
 			 */
 			bprm->cap_post_exec_permitted.cap[i] = 0;
-		} else {
-			__u32 value_cpu;
+			continue;
+		}
+		/*
+		 * pP' = (X & fP) | (pI & fI)
+		 */
+		value_cpu = le32_to_cpu(caps->data[i].permitted);
+		bprm->cap_post_exec_permitted.cap[i] =
+			(current->cap_bset.cap[i] & value_cpu) |
+			(current->cap_inheritable.cap[i] &
+				le32_to_cpu(caps->data[i].inheritable));
+		if (value_cpu & ~bprm->cap_post_exec_permitted.cap[i]) {
 			/*
-			 * pP' = (X & fP) | (pI & fI)
+			 * insufficient to execute correctly
 			 */
-			value_cpu = le32_to_cpu(caps->data[i].permitted);
-			bprm->cap_post_exec_permitted.cap[i] = (
-					current->cap_bset.cap[i] & value_cpu
-				) | (
-					current->cap_inheritable.cap[i] &
-					le32_to_cpu(caps->data[i].inheritable)
-				);
-			if (value_cpu &
-			    ~bprm->cap_post_exec_permitted.cap[i]) {
-				/*
-				 * insufficient to execute correctly
-				 */
-				ret = -EPERM;
-			}
+			ret = -EPERM;
 		}
 	}
 
_