From: Paul Moore <paul.moore@hp.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, chrisw@sous-sol.org,
netdev@vger.kernel.org
Subject: Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.
Date: Thu, 6 Sep 2007 11:25:39 -0400 [thread overview]
Message-ID: <200709061125.39815.paul.moore@hp.com> (raw)
In-Reply-To: <200709062204.DFH97819.JLOHVOOSFMtFQF@I-love.SAKURA.ne.jp>
On Thursday, September 6 2007 9:04:01 am Tetsuo Handa wrote:
> (1) It uses userspace intervention to allow/reject
> connections and/or packets based on the application's domain.
> Since existent hooks can't be used for this purpose,
> I inserted a new hook post_recv_datagram() at skb_recv_datagram()
> and I modified socket_post_accept() to return error so that
> I can drop/disconnect based on the application's domain.
>
> I think skb_recv_datagram() is the only place that can remove
> a message picked up with MSG_PEEK flags from the receive queue.
> To remove a message picked up with MSG_PEEK flags, I noticed that
> I have to do skb_kill_datagram()-like operation so that
> "the head message that must not be delivered to the caller" won't
> prevent picking up of "the non-head message that should be delivered to the
> caller" when the caller repeats only recv(MSG_PEEK) requests.
> Since skb_recv_datagram() can be called from interrupt context,
> I have to use spin_lock_irqsave() instead for spin_lock_bh(), am I
> right?
There are almost certainly better people to answer locking questions, but here
is my take on it ... If you are accessing data both in a bottom half and
elsewhere you need to make sure you disable bottom halfs from running before
you access the data outside the bottom half (spin_lock_bh()). If you are
accessing data both in an interrupt handler and elsewhere you need to make
sure you disable interrupts when accessing data outside the irq handler
(spin_lock_irqsave()).
> By the way, why can't socket_post_accept() fail?
> Someone may wish to do memory allocation at socket_post_accept().
> socket_accept() is too early for memory allocation because
> there is no chance to free allocated memory
> when sock->ops->accept() failed.
> I think socket_post_accept() should be able to fail.
>From my experience the community disapproves of approaches which go through
the entire TCP handshake and then terminate the connection, which is what
allowing security_socket_post_accept() to fail would do.
--
paul moore
linux security @ hp
prev parent reply other threads:[~2007-09-06 15:26 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <46CED214.6050505@gmail.com>
[not found] ` <200709040753.32204.paul.moore@hp.com>
[not found] ` <200709042302.CDE26023.MJOOLQVFFOtHSF@I-love.SAKURA.ne.jp>
[not found] ` <200709051006.28429.paul.moore@hp.com>
2007-09-06 13:04 ` [TOMOYO 15/15] LSM expansion for TOMOYO Linux Tetsuo Handa
2007-09-06 15:25 ` Paul Moore [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200709061125.39815.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=chrisw@sous-sol.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).