[PATCH 10/13] NetLabel: use cipso_v4_doi_search() for local CIPSOv4 functions

[PATCH 10/13] NetLabel: use cipso_v4_doi_search() for local CIPSOv4 functions

[paul.moore]

[-- Attachment #1: netlabel-cipso_staticfuncs --]
[-- Type: text/plain, Size: 1428 bytes --]

From: Paul Moore <paul.moore@hp.com>

The cipso_v4_doi_search() function behaves the same as cipso_v4_doi_getdef()
but is a local, static function so use it whenever possibile in the CIPSOv4
code base.

Signed-of-by: Paul Moore <paul.moore@hp.com>
---
 net/ipv4/cipso_ipv4.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

Index: net-2.6.20_netlabel-base-work/net/ipv4/cipso_ipv4.c
===================================================================
--- net-2.6.20_netlabel-base-work.orig/net/ipv4/cipso_ipv4.c
+++ net-2.6.20_netlabel-base-work/net/ipv4/cipso_ipv4.c
@@ -1136,7 +1136,7 @@ int cipso_v4_validate(unsigned char **op
 	}
 
 	rcu_read_lock();
-	doi_def = cipso_v4_doi_getdef(ntohl(*((__be32 *)&opt[2])));
+	doi_def = cipso_v4_doi_search(ntohl(*((u32 *)&opt[2])));
 	if (doi_def == NULL) {
 		err_offset = 2;
 		goto validate_return_locked;
@@ -1381,7 +1381,7 @@ int cipso_v4_sock_getattr(struct sock *s
 
 	doi = ntohl(*(__be32 *)&cipso_ptr[2]);
 	rcu_read_lock();
-	doi_def = cipso_v4_doi_getdef(doi);
+	doi_def = cipso_v4_doi_search(doi);
 	if (doi_def == NULL) {
 		rcu_read_unlock();
 		return -ENOMSG;
@@ -1449,7 +1449,7 @@ int cipso_v4_skbuff_getattr(const struct
 
 	doi = ntohl(*(__be32 *)&cipso_ptr[2]);
 	rcu_read_lock();
-	doi_def = cipso_v4_doi_getdef(doi);
+	doi_def = cipso_v4_doi_search(doi);
 	if (doi_def == NULL)
 		goto skbuff_getattr_return;
 

--
paul moore
linux security @ hp

Re: [PATCH 10/13] NetLabel: use cipso_v4_doi_search() for local CIPSOv4 functions

[Eric Paris]

On Fri, 2006-11-17 at 17:38 -0500, paul.moore@hp.com wrote:

> Index: net-2.6.20_netlabel-base-work/net/ipv4/cipso_ipv4.c
> ===================================================================
> --- net-2.6.20_netlabel-base-work.orig/net/ipv4/cipso_ipv4.c
> +++ net-2.6.20_netlabel-base-work/net/ipv4/cipso_ipv4.c
> @@ -1136,7 +1136,7 @@ int cipso_v4_validate(unsigned char **op
>  	}
>  
>  	rcu_read_lock();
> -	doi_def = cipso_v4_doi_getdef(ntohl(*((__be32 *)&opt[2])));
> +	doi_def = cipso_v4_doi_search(ntohl(*((u32 *)&opt[2])));
>  	if (doi_def == NULL) {
>  		err_offset = 2;
>  		goto validate_return_locked;


This appears to reverse the previous endian work by Al Viro, was this
intended?

http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.20.git;a=commitdiff;h=8d7d47b647d7bc05443f1a8a5012e6b41be1c827

-Eric

Re: [PATCH 10/13] NetLabel: use cipso_v4_doi_search() for local CIPSOv4 functions

[Al Viro]

On Thu, Nov 23, 2006 at 08:24:34PM -0500, Eric Paris wrote:
> On Fri, 2006-11-17 at 17:38 -0500, paul.moore@hp.com wrote:
> 
> > Index: net-2.6.20_netlabel-base-work/net/ipv4/cipso_ipv4.c
> > ===================================================================
> > --- net-2.6.20_netlabel-base-work.orig/net/ipv4/cipso_ipv4.c
> > +++ net-2.6.20_netlabel-base-work/net/ipv4/cipso_ipv4.c
> > @@ -1136,7 +1136,7 @@ int cipso_v4_validate(unsigned char **op
> >  	}
> >  
> >  	rcu_read_lock();
> > -	doi_def = cipso_v4_doi_getdef(ntohl(*((__be32 *)&opt[2])));
> > +	doi_def = cipso_v4_doi_search(ntohl(*((u32 *)&opt[2])));
> >  	if (doi_def == NULL) {
> >  		err_offset = 2;
> >  		goto validate_return_locked;
> 
> 
> This appears to reverse the previous endian work by Al Viro, was this
> intended?

Mismerge, most likely.  Fixed in net-2.6.20 since then (
commit 835ec2525544c744333bf0da00049f323eb75c58
Author: Al Viro <viro@zeniv.linux.org.uk>
Date:   Mon Nov 20 18:08:37 2006 -0800

    [CIPSO]: Missing annotation in cipso_ipv4 update.
) 

Note that there are two changes in that line - u32 -> __be32 and
..._getdef -> ..._search.  They do not really conflict, but any merge
tool would throw a conflict at that point and apparently it got
resolved the dumb way...

Re: [PATCH 10/13] NetLabel: use cipso_v4_doi_search() for local CIPSOv4 functions

[Paul Moore]

-----Original Message-----
From: Al Viro <viro@ftp.linux.org.uk>
Date: Friday, Nov 24, 2006 2:07 am
Subject: Re: [PATCH 10/13] NetLabel: use cipso_v4_doi_search() for local CIPSOv4 functions

On Thu, Nov 23, 2006 at 08:24:34PM -0500, Eric Paris wrote:
> On Fri, 2006-11-17 at 17:38 -0500, paul.moore@hp.com wrote:
> 
> > Index: net-2.6.20_netlabel-base-work/net/ipv4/cipso_ipv4.c
> > ===================================================================
> > --- net-2.6.20_netlabel-base-work.orig/net/ipv4/cipso_ipv4.c
> > +++ net-2.6.20_netlabel-base-work/net/ipv4/cipso_ipv4.c
> > @@ -1136,7 +1136,7 @@ int cipso_v4_validate(unsigned char **op
> >  	}
> >  
> >  	rcu_read_lock();
> > -	doi_def = cipso_v4_doi_getdef(ntohl(*((__be32 *)&opt[2])));
> > +	doi_def = cipso_v4_doi_search(ntohl(*((u32 *)&opt[2])));
> >  	if (doi_def == NULL) {
> >  		err_offset = 2;
> >  		goto validate_return_locked;
> 
> 
> This appears to reverse the previous endian work by Al Viro, was this
> intended?
>
>Mismerge, most likely.  Fixed in net-2.6.20 since then (
>commit 835ec2525544c744333bf0da00049f323eb75c58
>Author: Al Viro <viro@zeniv.linux.org.uk>
>Date:   Mon Nov 20 18:08:37 2006 -0800
>
>    [CIPSO]: Missing annotation in cipso_ipv4 update.
>) 
>
>Note that there are two changes in that line - u32 -> __be32 and
>..._getdef -> ..._search.  They do not really conflict, but any merge tool would throw a conflict at that point and apparently it got
>resolved the dumb way...
>

Yep, Al is right, I just made a dumb mistake when merging my code with the latest net-2.6.20 tree.  I thought I caught everything but it looks like I missed one.  Sorry.

. paul moore
. linux security @ hp