Quoting Tetsuo Handa (penguin-kernel@xxxxxxxxxxxxxxxxxxx): > [PATCH] LSM: Update comment on security_sock_rcv_skb > > It is not permitted to do sleeping operation inside security_sock_rcv_skb(). > > Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> Acked-by: Serge Hallyn <serue@xxxxxxxxxx> Thank you for sending this. -serge > -- > diff --git a/include/linux/security.h b/include/linux/security.h > index 466cbad..3696ca3 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -978,6 +978,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) > * Check permissions on incoming network packets. This hook is distinct > * from Netfilter's IP input hooks since it is the first time that the > * incoming sk_buff @skb has been associated with a particular socket, @sk. > + * Must not sleep inside this hook because some callers hold spinlocks. > * @sk contains the sock (not socket) associated with the incoming sk_buff. > * @skb contains the incoming network data. > * @socket_getpeersec_stream: > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
