From: Paul Moore <paul.moore@hp.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, takedakn@nttdata.co.jp
Subject: Re: [TOMOYO #5 18/18] LSM expansion for TOMOYO Linux.
Date: Mon, 19 Nov 2007 10:39:41 -0500 [thread overview]
Message-ID: <200711191039.41533.paul.moore@hp.com> (raw)
In-Reply-To: <200711192329.JGB18772.tLHOOSMVFFQOFJ@I-love.SAKURA.ne.jp>
On Monday 19 November 2007 9:29:52 am Tetsuo Handa wrote:
> Paul Moore wrote:
> > If that is the case then the second call to
> > skb_peek() will return a different skb then the one you passed to
> > security_post_recv_datagram().
>
> Yes. The second call to skb_peek() might return a different skb than the
> one I passed to security_post_recv_datagram().
My apologies, I mistakenly read the following if statement in your patch:
+ if (skb == skb_peek(&sk->sk_receive_queue)) {
+ __skb_unlink(skb, &sk->sk_receive_queue);
+ atomic_dec(&skb->users);
+ }
I read the conditional as the following:
+ if (skb = skb_peek(&sk->sk_receive_queue)) {
... which would have caused the problems I was describing. I'm sorry for all
of the confusion/frustration, you patient explanations are correct; I was
wrong in this particular case.
--
paul moore
linux security @ hp
next prev parent reply other threads:[~2007-11-19 15:50 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-16 17:34 [TOMOYO #5 00/18] TOMOYO Linux - MAC based on process invocation history penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 01/18] Add struct vfsmount to struct task_struct penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 02/18] Add wrapper functions for VFS helper functions penguin-kernel
2007-11-16 17:47 ` Trond Myklebust
2007-11-16 18:20 ` [TOMOYO #5 02/18] Add wrapper functions for VFS helperfunctions Tetsuo Handa
2007-11-16 18:33 ` Trond Myklebust
2007-11-17 4:04 ` [TOMOYO #5 02/18] Add wrapper functions for VFShelperfunctions Tetsuo Handa
2007-11-17 4:46 ` Trond Myklebust
2007-11-17 5:23 ` Tetsuo Handa
2007-11-19 12:53 ` [TOMOYO #5 02/18] Add wrapper functions for VFS helper functions Christoph Hellwig
2007-11-19 13:18 ` Tetsuo Handa
2007-11-16 17:34 ` [TOMOYO #5 03/18] Replace VFS with wrapper functions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 04/18] Data structures and prototype defitions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 05/18] Memory and pathname management functions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 06/18] Utility functions and policy manipulation interface penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 07/18] Domain transition functions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 08/18] Auditing interface penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 09/18] File access control functions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 10/18] argv0 check functions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 11/18] Network access control functions penguin-kernel
2007-11-16 17:57 ` YOSHIFUJI Hideaki / 吉藤英明
2007-11-16 18:22 ` Tetsuo Handa
2007-11-16 17:34 ` [TOMOYO #5 12/18] Namespace manipulation " penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 13/18] Signal " penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 14/18] Capability access " penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 15/18] LSM adapter functions penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 16/18] Conditional permission support penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 17/18] Kconfig and Makefile penguin-kernel
2007-11-16 17:34 ` [TOMOYO #5 18/18] LSM expansion for TOMOYO Linux penguin-kernel
2007-11-16 19:23 ` Paul Moore
2007-11-17 3:45 ` Tetsuo Handa
2007-11-17 23:09 ` Paul Moore
2007-11-18 4:00 ` Tetsuo Handa
2007-11-19 13:36 ` Paul Moore
2007-11-19 14:29 ` Tetsuo Handa
2007-11-19 15:39 ` Paul Moore [this message]
2007-11-20 0:04 ` Tetsuo Handa
2007-11-20 0:52 ` James Morris
2007-11-20 4:50 ` [PATCH] Add packet filtering based on process\'s security context Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200711191039.41533.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=takedakn@nttdata.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.