[PATCH] allocation priority parameter for skb_alloc_security()

From: James Morris (jmorrisat_private)
Date: Wed Oct 09 2002 - 19:11:48 PDT

  • Next message: Greg KH: "Re: [PATCH] allocation priority parameter for skb_alloc_security()"

    This patch adds an allocation priority parameter to the 
    skb_alloc_security() hook, to allow modules to make better use of 
    kmalloc() if they need to allocate a security blob for an skb.
    
    This is in keeping with the socket_sock_alloc_security() hook, and has 
    been previously discussed on this list (nobody got around to implementing 
    it).
    
    I'd like to get this into the tree ASAP, as we'll need to submit the 
    networking hooks very soon.
    
    Comments?
    
    
    - James
    -- 
    James Morris
    <jmorrisat_private>
    
    diff -urN -X dontdiff lsm-2.5-orig/include/linux/security.h lsm-2.5-skballoc/include/linux/security.h
    --- lsm-2.5-orig/include/linux/security.h	Thu Oct 10 11:04:21 2002
    +++ lsm-2.5-skballoc/include/linux/security.h	Thu Oct 10 11:35:37 2002
    @@ -707,6 +707,7 @@
      *	being allocated.  An LSM module may allocate and assign a new security
      *	blob for the &sk_buff via this hook.
      *	@skb contains the buffer being allocated.
    + *	@priority contains the kernel allocation priority value.
      *	Return 0 if successful, or -ENOMEM on out of memory condition.
      * @skb_clone:
      *	This hook is called when an &sk_buff is being cloned, and may be used,
    @@ -1315,7 +1316,7 @@
     	void (*tcp_create_openreq_child) (struct sock * sk, struct sock * newsk,
     					  struct sk_buff * skb);
     
    -	int (*skb_alloc_security) (struct sk_buff * skb);
    +	int (*skb_alloc_security) (struct sk_buff * skbm int priority);
     	int (*skb_clone) (struct sk_buff * newskb,
     			  const struct sk_buff * oldskb);
     	void (*skb_copy) (struct sk_buff * newskb,
    diff -urN -X dontdiff lsm-2.5-orig/net/core/skbuff.c lsm-2.5-skballoc/net/core/skbuff.c
    --- lsm-2.5-orig/net/core/skbuff.c	Thu Oct 10 11:04:25 2002
    +++ lsm-2.5-skballoc/net/core/skbuff.c	Thu Oct 10 11:37:46 2002
    @@ -195,7 +195,7 @@
     	if (!data)
     		goto nodata;
     
    -	if (security_ops->skb_alloc_security(skb)) {
    +	if (security_ops->skb_alloc_security(skb, gfp_mask)) {
      		kfree(data);
     		goto nodata;
     	}
    diff -urN -X dontdiff lsm-2.5-orig/security/capability.c lsm-2.5-skballoc/security/capability.c
    --- lsm-2.5-orig/security/capability.c	Thu Oct 10 11:04:31 2002
    +++ lsm-2.5-skballoc/security/capability.c	Thu Oct 10 11:41:41 2002
    @@ -998,7 +998,7 @@
     	return 0;
     }
     
    -static int cap_skb_alloc_security (struct sk_buff *skb)
    +static int cap_skb_alloc_security (struct sk_buff *skb, int priority)
     {
     	return 0;
     }
    diff -urN -X dontdiff lsm-2.5-orig/security/dte/dte.c lsm-2.5-skballoc/security/dte/dte.c
    --- lsm-2.5-orig/security/dte/dte.c	Thu Oct 10 11:04:31 2002
    +++ lsm-2.5-skballoc/security/dte/dte.c	Thu Oct 10 11:38:55 2002
    @@ -835,7 +835,7 @@
     	return 0;
     }
     
    -static int dte_skb_alloc_security (struct sk_buff *skb)
    +static int dte_skb_alloc_security (struct sk_buff *skb, int priority)
     {
     	return 0;
     }
    diff -urN -X dontdiff lsm-2.5-orig/security/dummy.c lsm-2.5-skballoc/security/dummy.c
    --- lsm-2.5-orig/security/dummy.c	Thu Oct 10 11:04:31 2002
    +++ lsm-2.5-skballoc/security/dummy.c	Thu Oct 10 11:42:03 2002
    @@ -816,7 +816,7 @@
     	return 0;
     }
     
    -static int dummy_skb_alloc_security (struct sk_buff *skb)
    +static int dummy_skb_alloc_security (struct sk_buff *skb, int priority)
     {
     	return 0;
     }
    diff -urN -X dontdiff lsm-2.5-orig/security/lids/lids_lsm.c lsm-2.5-skballoc/security/lids/lids_lsm.c
    --- lsm-2.5-orig/security/lids/lids_lsm.c	Thu Oct 10 11:04:32 2002
    +++ lsm-2.5-skballoc/security/lids/lids_lsm.c	Thu Oct 10 11:39:13 2002
    @@ -994,7 +994,7 @@
     	return 0;
     }
     
    -static int lids_skb_alloc_security (struct sk_buff *skb)
    +static int lids_skb_alloc_security (struct sk_buff *skb, int priority)
     {
     	return 0;
     }
    diff -urN -X dontdiff lsm-2.5-orig/security/owlsm.c lsm-2.5-skballoc/security/owlsm.c
    --- lsm-2.5-orig/security/owlsm.c	Thu Oct 10 11:04:31 2002
    +++ lsm-2.5-skballoc/security/owlsm.c	Thu Oct 10 11:42:22 2002
    @@ -816,7 +816,7 @@
     	return 0;
     }
     
    -static int owlsm_skb_alloc_security (struct sk_buff *skb)
    +static int owlsm_skb_alloc_security (struct sk_buff *skb, int priority)
     {
     	return 0;
     }
    diff -urN -X dontdiff lsm-2.5-orig/security/selinux/hooks.c lsm-2.5-skballoc/security/selinux/hooks.c
    --- lsm-2.5-orig/security/selinux/hooks.c	Thu Oct 10 11:04:33 2002
    +++ lsm-2.5-skballoc/security/selinux/hooks.c	Thu Oct 10 11:41:18 2002
    @@ -338,12 +338,12 @@
     
     static spinlock_t skb_alloc_lock = SPIN_LOCK_UNLOCKED;
     
    -static int skb_alloc_security(struct sk_buff *skb)
    +static int skb_alloc_security(struct sk_buff *skb, int priority)
     {
     	struct skb_security_struct *ssec, *new_ssec;
     	unsigned long flags;
     
    -	new_ssec = kmalloc(sizeof(struct skb_security_struct), SAFE_ALLOC);
    +	new_ssec = kmalloc(sizeof(struct skb_security_struct), priority);
     	if (!new_ssec)
     		return -ENOMEM;
     
    @@ -916,7 +916,7 @@
     	if (ssec && ssec->magic == SELINUX_MAGIC)
     		return 1;
     	
    -	rc = skb_alloc_security(skb);
    +	rc = skb_alloc_security(skb, SAFE_ALLOC);
     	if (rc)
     		return rc;
     	
    @@ -4470,9 +4470,9 @@
     	return task_has_system(current, SYSTEM__IPC_INFO);
     }
     
    -static int selinux_skb_alloc_security(struct sk_buff *skb)
    +static int selinux_skb_alloc_security(struct sk_buff *skb, int priority)
     {
    -	return skb_alloc_security(skb);
    +	return skb_alloc_security(skb, priority);
     }
     
     static int selinux_skb_clone(struct sk_buff *newskb, 
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 19:12:54 PDT