linux-next: manual merge of the lblnet tree with the security-testing tree

Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> · Fri, 27 Mar 2009 16:19:57 +1100

Hi Paul, James,

Today's linux-next merge of the lblnet tree got a conflict in
security/smack/smack_lsm.c between commit
7198e2eeb44b3fe7cc97f997824002da47a9c644 ("smack: convert smack to
standard linux lists") from the security-testing tree and commits
c5b5a2a5e23a0056c76b2084ae2001e55816778a ("netlabel: Cleanup the
Smack/NetLabel code to fix incoming TCP connections") and
174531a7a4f47f47dd706985d3d5e489fec87ab2 ("smack: Add a new '-CIPSO'
option to the network address label configuration") from the lblnet tree.

I fixed it up (see below - I am not entirely sure it is correct) and can
carry the fix as necessary.
-- 
Cheers,
Stephen Rothwell                    sfr@xxxxxxxxxxxxxxxx
http://www.canb.auug.org.au/~sfr/

diff --cc security/smack/smack_lsm.c
index fd20d15,4f1838b..0000000

--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@@ -1295,6 -1302,42 +1300,48 @@@ static void smack_sk_free_security(stru
  }
  
  /**
+ * smack_host_label - check host based restrictions
+ * @sip: the object end
+ *
+ * looks for host based access restrictions
+ *
+ * This version will only be appropriate for really small
+ * sets of single label hosts.
+ *
+ * Returns the label of the far end or NULL if it's not special.
+ */
+ static char *smack_host_label(struct sockaddr_in *sip)
+ {
+ 	struct smk_netlbladdr *snp;
+ 	struct in_addr *siap = &sip->sin_addr;
+ 
+ 	if (siap->s_addr == 0)
+ 		return NULL;
+ 
 -	for (snp = smack_netlbladdrs; snp != NULL; snp = snp->smk_next)
++	rcu_read_lock();
++	list_for_each_entry_rcu(snp, &smk_netlbladdr_list, list) {
+ 		/*
+ 		 * we break after finding the first match because
+ 		 * the list is sorted from longest to shortest mask
+ 		 * so we have found the most specific match
+ 		 */
+ 		if ((&snp->smk_host.sin_addr)->s_addr  ==
+ 			(siap->s_addr & (&snp->smk_mask)->s_addr)) {
+ 			/* we have found the special CIPSO option */
 -			if (snp->smk_label == smack_cipso_option)
++			if (snp->smk_label == smack_cipso_option) {
++				rcu_read_unlock();
+ 				return NULL;
++			}
+ 
++			rcu_read_unlock();
+ 			return snp->smk_label;
+ 		}
++	}
++	rcu_read_unlock();
+ 	return NULL;
+ }
+ 
+ /**
   * smack_set_catset - convert a capset to netlabel mls categories
   * @catset: the Smack categories
   * @sap: where to put the netlabel categories
--
To unsubscribe from this list: send the line "unsubscribe linux-next" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




