*Problem:
The security domain value of new sock will be lost after sk_alloc. It will result in panic .
*Details:
In security_sk_alloc hook, security value buffer is allocated to new sock by kmalloc.
But for TCP socket, this buffer is lost when I want to free it in security_sk_free hook.
It often panic my computer .
*Kernel version:
2.6.4
*Reason:
The syscalls are invoked as follows: sys_accept -> inet_accept -> tcp->accept -> tcp_create_openreq_child.
In tcp_create_openreq_child [net/ipv4/tcp_minisocks.c#L685], there is a statement :
memcpy(newsk, sk, sizeof(struct tcp_sock)); (*)
Then the value of newsk->sk_security is equal to sk->security. The security buffer of newsk is lost.
*Resolve:
Addpatch for tcp_create_openreq_child in net/ipv4/tcp_minisocks.c.
The statement(*) is written by:
void *sksec;
sksec = newsk->sk_security;
memcpy(newsk, sk, sizeof(struct tcp_sock));
newsk->sk_security = sksec;
*Any problems?
_ __
|\/ \/ ______ Yuan Chunyang (Ph.D candidate)
\| . . || |\\\\\ Open System & Chinese Information Processing Center
( ( oo))| | ------ Institute of Software , Chinese Academy of Sciences
/ \ \| | |||| P.O.Box 8718 Beijing 100080 P.R.China
(___\^^^^^|_|___|||| Email: chunyang03@ios.cn
This archive was generated by hypermail 2.1.3 : Sun Jul 25 2004 - 20:43:52 PDT