[PATCH net 1/4] security: pass asoc to sctp_assoc_request and sctp_sk_clone

Jakub Kicinski kuba at kernel.org
Fri Oct 22 15:35:58 UTC 2021


On Fri, 22 Oct 2021 02:36:09 -0400 Xin Long wrote:
> This patch is to move secid and peer_secid from endpoint to association,
> and pass asoc to sctp_assoc_request and sctp_sk_clone instead of ep. As
> ep is the local endpoint and asoc represents a connection, and in SCTP
> one sk/ep could have multiple asoc/connection, saving secid/peer_secid
> for new asoc will overwrite the old asoc's.
> 
> Note that since asoc can be passed as NULL, security_sctp_assoc_request()
> is moved to the place right after the new_asoc is created in
> sctp_sf_do_5_1B_init() and sctp_sf_do_unexpected_init().
> 
> Fixes: 72e89f50084c ("security: Add support for SCTP security hooks")
> Reported-by: Prashanth Prahlad <pprahlad at redhat.com>
> Signed-off-by: Xin Long <lucien.xin at gmail.com>

missed one?

security/selinux/netlabel.c:274: warning: Function parameter or member
'asoc' not described in 'selinux_netlbl_sctp_assoc_request'
security/selinux/netlabel.c:274: warning: Excess function parameter 'ep' description in 'selinux_netlbl_sctp_assoc_request'



More information about the Linux-security-module-archive mailing list