LSM: Update comment on security_sock_rcv_skb

Message ID	201001060023.o060Ns76078068@www262.sakura.ne.jp
State	Not Applicable, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Message-Id: <201001060023.o060Ns76078068@www262.sakura.ne.jp> Subject: [PATCH] LSM: Update comment on security_sock_rcv_skb From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> To: linux-security-module@vger.kernel.org, jmorris@namei.org Cc: serue@us.ibm.com, sam@synack.fr, kaber@trash.net, zbr@ioremap.net, nhorman@tuxdriver.com, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, hadi@cyberus.ca MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Date: Wed, 06 Jan 2010 09:23:54 +0900 References: <1262437456-24476-1-git-send-email-sam@synack.fr> <1262537872.10218.27.camel@bigi> <m2r5q5nhbc.fsf@ssh.synack.fr> <201001050820.o058Kuwx087793@www262.sakura.ne.jp> <20100105140917.GA6624@us.ibm.com> In-Reply-To: <20100105140917.GA6624@us.ibm.com> Content-Type: text/plain; charset="ISO-2022-JP" bases: 05012010 #3099178, status: clean Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

201001060023.o060Ns76078068@www262.sakura.ne.jp

State

Not Applicable, archived

Delegated to:

David Miller

Headers

Message-Id: <201001060023.o060Ns76078068@www262.sakura.ne.jp>
Subject: [PATCH] LSM: Update comment on security_sock_rcv_skb
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To: linux-security-module@vger.kernel.org, jmorris@namei.org
Cc: serue@us.ibm.com, sam@synack.fr, kaber@trash.net, zbr@ioremap.net,
	nhorman@tuxdriver.com, netdev@vger.kernel.org,
	netfilter-devel@vger.kernel.org, hadi@cyberus.ca
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Date: Wed, 06 Jan 2010 09:23:54 +0900
References: <1262437456-24476-1-git-send-email-sam@synack.fr>
	<1262537872.10218.27.camel@bigi> <m2r5q5nhbc.fsf@ssh.synack.fr>
	<201001050820.o058Kuwx087793@www262.sakura.ne.jp>
	<20100105140917.GA6624@us.ibm.com>
In-Reply-To: <20100105140917.GA6624@us.ibm.com>
Content-Type: text/plain; charset="ISO-2022-JP"
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Tetsuo Handa Jan. 6, 2010, 12:23 a.m. UTC

[PATCH] LSM: Update comment on security_sock_rcv_skb

It is not permitted to do sleeping operation inside security_sock_rcv_skb().

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
--
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Serge E. Hallyn Jan. 6, 2010, 3:27 a.m. UTC | #1

Quoting Tetsuo Handa (penguin-kernel@I-love.SAKURA.ne.jp):
> [PATCH] LSM: Update comment on security_sock_rcv_skb
> 
> It is not permitted to do sleeping operation inside security_sock_rcv_skb().
> 
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

Acked-by: Serge Hallyn <serue@us.ibm.com>

Thank you for sending this.

-serge

> --
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 466cbad..3696ca3 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -978,6 +978,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
>   *	Check permissions on incoming network packets.  This hook is distinct
>   *	from Netfilter's IP input hooks since it is the first time that the
>   *	incoming sk_buff @skb has been associated with a particular socket, @sk.
> + *	Must not sleep inside this hook because some callers hold spinlocks.
>   *	@sk contains the sock (not socket) associated with the incoming sk_buff.
>   *	@skb contains the incoming network data.
>   * @socket_getpeersec_stream:
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

James Morris Jan. 10, 2010, 9:53 p.m. UTC | #2

On Wed, 6 Jan 2010, Tetsuo Handa wrote:

> [PATCH] LSM: Update comment on security_sock_rcv_skb
> 
> It is not permitted to do sleeping operation inside security_sock_rcv_skb().
> 
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>


Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next

diff --git a/include/linux/security.h b/include/linux/security.h
index 466cbad..3696ca3 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -978,6 +978,7 @@  static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *	Check permissions on incoming network packets.  This hook is distinct
  *	from Netfilter's IP input hooks since it is the first time that the
  *	incoming sk_buff @skb has been associated with a particular socket, @sk.
+ *	Must not sleep inside this hook because some callers hold spinlocks.
  *	@sk contains the sock (not socket) associated with the incoming sk_buff.
  *	@skb contains the incoming network data.
  * @socket_getpeersec_stream:

LSM: Update comment on security_sock_rcv_skb

Commit Message

Comments

Patch