Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> writes: > Regarding [RFC v2 09/10] snet: introduce snet_ticket > +enum snet_verdict snet_ticket_check(struct snet_info *info) > +{ > + struct snet_ticket *st = NULL; > + unsigned int h = 0, verdict = SNET_VERDICT_NONE; > + struct list_head *l = NULL; > + struct snet_task_security *tsec = NULL; > + > + if (snet_ticket_mode == SNET_TICKET_OFF) > + goto out; > + > + tsec = (struct snet_task_security*) current_security(); > + > + h = jhash_2words(info->syscall, info->protocol, 0) % HSIZE; > + l = &tsec->hash[h]; > + > + read_lock_bh(&tsec->lock); > > Credentials are allocated for copy-on-write basis. > Sharing "tsec" among multiple "struct task_struct" is what you intended? No, there is no shared "tsec". snet_ticket_check() is called from the process context. So "tsec" is a pointer to the "void *security" pointer from its own "struct task_struct". every task_struct have a "tsec" allocated to its "void *security" pointer. I will take a second look on how to access the credentials COW. > Regards. Tetsuo, thank you again for reviewing. sam -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html