On Thu, Feb 01, 2018 at 08:20:13AM -0800, Mark Salyzyn wrote: > On 02/01/2018 08:00 AM, Paul Moore wrote: > > On Thu, Feb 1, 2018 at 10:37 AM, Mark Salyzyn <salyzyn@xxxxxxxxxxx> wrote: > > > In the absence of commit a4298e4522d6 ("net: add SOCK_RCU_FREE socket > > > flag") and all the associated infrastructure changes to take advantage > > > of a RCU grace period before freeing, there is a heightened > > > possibility that a security check is performed while an ill-timed > > > setsockopt call races in from user space. It then is prudent to null > > > check sk_security, and if the case, reject the permissions. > > > > > > . . . > > > ---[ end trace 7b5aaf788fef6174 ]--- > > > > > > Signed-off-by: Mark Salyzyn <salyzyn@xxxxxxxxxxx> > > > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxxxxxxx> > > No, in the previous thread I gave my ack, not my sign-off; please be > > more careful in the future. It may seem silly, especially in this > > particular case, but it is an important distinction when things like > > the DCO are concerned. > > > > Anyway, here is my ack again. > > > > Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> > > > Ok, both Greg KH and yours should be considered Acked-By. Been overstepping > this boundary for _years_. AFAIK Signed-off-by is still pending from Stephen > Smalley <sds@xxxxxxxxxxxxx> before this can roll in. An ack is all I need here, or I can just rely on Paul's :) I'll edit up Paul's when I apply this. thanks, greg k-h