* Chris Wright (chrisat_private) wrote: > > Finally, changed the skb_ops->alloc/clone docs to reflect that they > may be called from an interrupt. > @@ -576,7 +580,12 @@ > * > * This hook is called when an &sk_buff is being cloned, and may > * be used, for example, to increment a reference count on the > - * associated security blob. > + * associated security blob. The security blob in the @newskb > + * will not have been allocated. > + * > + * This may be called from an interrupt. If for any reason > + * the LSM module needs to allocate memory for the @newskb, > + * it should probably use GFP_ATOMIC when in_interrupt(). hmm, considering the return type for skb_ops->clone is void, i think it is safe to say we are explicitly not allowing memory allocation during clone. (which makes sense to me). should we say _anything_ here? should we consider supporting a new blob allocation in clone (and return an int)? -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 13 2001 - 14:34:35 PDT