[PATCH net 1/4] security: pass asoc to sctp_assoc_request and sctp_sk_clone
Xin Long
lucien.xin at gmail.com
Sat Oct 23 04:25:09 UTC 2021
On Fri, Oct 22, 2021 at 11:36 PM Jakub Kicinski <kuba at kernel.org> wrote:
>
> On Fri, 22 Oct 2021 02:36:09 -0400 Xin Long wrote:
> > This patch is to move secid and peer_secid from endpoint to association,
> > and pass asoc to sctp_assoc_request and sctp_sk_clone instead of ep. As
> > ep is the local endpoint and asoc represents a connection, and in SCTP
> > one sk/ep could have multiple asoc/connection, saving secid/peer_secid
> > for new asoc will overwrite the old asoc's.
> >
> > Note that since asoc can be passed as NULL, security_sctp_assoc_request()
> > is moved to the place right after the new_asoc is created in
> > sctp_sf_do_5_1B_init() and sctp_sf_do_unexpected_init().
> >
> > Fixes: 72e89f50084c ("security: Add support for SCTP security hooks")
> > Reported-by: Prashanth Prahlad <pprahlad at redhat.com>
> > Signed-off-by: Xin Long <lucien.xin at gmail.com>
>
> missed one?
>
> security/selinux/netlabel.c:274: warning: Function parameter or member
> 'asoc' not described in 'selinux_netlbl_sctp_assoc_request'
> security/selinux/netlabel.c:274: warning: Excess function parameter 'ep' description in 'selinux_netlbl_sctp_assoc_request'
Yup, the function description also needs fixing:
@@ -260,11 +260,11 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,
/**
* selinux_netlbl_sctp_assoc_request - Label an incoming sctp association.
- * @ep: incoming association endpoint.
+ * @asoc: incoming association.
* @skb: the packet.
*
* Description:
- * A new incoming connection is represented by @ep, ......
+ * A new incoming connection is represented by @asoc, ......
* Returns zero on success, negative values on failure.
*
*/
Thanks.
More information about the Linux-security-module-archive
mailing list