a problem in hooks of sock ?!

From: Yuan Chunyang (cyyuan79@private)
Date: Sun Jul 25 2004 - 20:30:31 PDT


*Problem: 
    The security domain value of new sock will be lost after sk_alloc. It will result in panic .

*Details:
    In security_sk_alloc hook, security value buffer is allocated to new sock by kmalloc.
    But for TCP socket, this buffer is lost when I want to free it in security_sk_free hook.
    It often panic my computer .
  
*Kernel version:
    2.6.4

*Reason: 
   The syscalls are invoked as follows: sys_accept -> inet_accept -> tcp->accept -> tcp_create_openreq_child.
   In tcp_create_openreq_child [net/ipv4/tcp_minisocks.c#L685], there is a statement :
      memcpy(newsk, sk, sizeof(struct tcp_sock));  (*)
   Then the value of newsk->sk_security is equal to  sk->security. The security buffer of newsk is lost.

*Resolve:
   Addpatch for  tcp_create_openreq_child in  net/ipv4/tcp_minisocks.c.
   The statement(*) is written by:
 
  void *sksec;
  sksec = newsk->sk_security;
  memcpy(newsk, sk, sizeof(struct tcp_sock));
  newsk->sk_security = sksec;

*Any problems?

     _ __          
 |\/      \/ ______     Yuan Chunyang    (Ph.D candidate)             
 \|    . . || |\\\\\    Open System & Chinese Information Processing Center  
  (   ( oo))| | ------  Institute of Software , Chinese Academy of Sciences
   /  \    \| |   ||||  P.O.Box 8718     Beijing 100080           P.R.China
  (___\^^^^^|_|___||||  Email:   chunyang03at_private  



This archive was generated by hypermail 2.1.3 : Sun Jul 25 2004 - 20:43:52 PDT