Re: [PATCHv2 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Steffen Klassert <steffen.klassert@secunet•com>
To: Paul Moore <paul@paul-moore•com>
Cc: Nikolay Aleksandrov <nikolay@redhat•com>,
	<netdev@vger•kernel.org>, Dave Jones <davej@redhat•com>,
	Fan Du <fan.du@windriver•com>,
	"David S. Miller" <davem@davemloft•net>,
	LSM list <linux-security-module@vger•kernel.org>,
	SELinux list <selinux@tycho•nsa.gov>
Subject: Re: [PATCHv2 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers
Date: Mon, 10 Mar 2014 13:52:03 +0100	[thread overview]
Message-ID: <20140310125203.GZ32371@secunet.com> (raw)
In-Reply-To: <2297449.8Lk5u4VomY@sifl>

On Fri, Mar 07, 2014 at 05:27:17PM -0500, Paul Moore wrote:
> On Friday, March 07, 2014 12:44:19 PM Nikolay Aleksandrov wrote:
> > security_xfrm_policy_alloc can be called in atomic context so the
> > allocation should be done with GFP_ATOMIC. Add an argument to let the
> > callers choose the appropriate way. In order to do so a gfp argument
> > needs to be added to the method xfrm_policy_alloc_security in struct
> > security_operations and to the internal function
> > selinux_xfrm_alloc_user. After that switch to GFP_ATOMIC in the atomic
> > callers and leave GFP_KERNEL as before for the rest.
> > The path that needed the gfp argument addition is:
> > security_xfrm_policy_alloc -> security_ops.xfrm_policy_alloc_security ->
> > all users of xfrm_policy_alloc_security (e.g. selinux_xfrm_policy_alloc) ->
> > selinux_xfrm_alloc_user (here the allocation used to be GFP_KERNEL only)
> > 
> > Now adding a gfp argument to selinux_xfrm_alloc_user requires us to also
> > add it to security_context_to_sid which is used inside and prior to this
> > patch did only GFP_KERNEL allocation. So add gfp argument to
> > security_context_to_sid and adjust all of its callers as well.
> > 
> > CC: Paul Moore <paul@paul-moore•com>
> > CC: Dave Jones <davej@redhat•com>
> > CC: Steffen Klassert <steffen.klassert@secunet•com>
> > CC: Fan Du <fan.du@windriver•com>
> > CC: David S. Miller <davem@davemloft•net>
> > CC: LSM list <linux-security-module@vger•kernel.org>
> > CC: SELinux list <selinux@tycho•nsa.gov>
> > 
> > Signed-off-by: Nikolay Aleksandrov <nikolay@redhat•com>
> 
> This looks good to me, thanks for finding this and following through with a 
> patch.
> 
> Acked-by: Paul Moore <paul@paul-moore•com>
> 

Both patches applied to the ipsec tree.

Thanks everyone!

     prev parent reply	other threads:[~2014-03-10 12:52 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-27 15:19 kmalloc with locks held in xfrm Dave Jones
2014-02-27 16:17 ` Possible fix Nikolay Aleksandrov
2014-02-27 16:24   ` Nikolay Aleksandrov
2014-02-27 17:05     ` Nikolay Aleksandrov
2014-02-28  7:23   ` Steffen Klassert
2014-02-28 10:10     ` Nikolay Aleksandrov
2014-02-28 22:10       ` Paul Moore
2014-03-02 16:26         ` Nikolay Aleksandrov
2014-03-05 12:20         ` Steffen Klassert
2014-03-07  3:04           ` Paul Moore
2014-03-07 11:23             ` Steffen Klassert
2014-03-07 15:50               ` Paul Moore
2014-03-04 12:26 ` [PATCH 0/2] af_key: fixes for sleeping while atomic Nikolay Aleksandrov
2014-03-04 12:26   ` [PATCH 1/2] net: af_key: fix sleeping under rcu Nikolay Aleksandrov
2014-03-04 12:46     ` David Laight
2014-03-04 21:40       ` David Miller
2014-03-04 12:26   ` [PATCH 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers Nikolay Aleksandrov
2014-03-07  3:22     ` Paul Moore
2014-03-07 10:52       ` Nikolay Aleksandrov
2014-03-05 12:07   ` [PATCH 0/2] af_key: fixes for sleeping while atomic Steffen Klassert
2014-03-05 22:21   ` Paul Moore
2014-03-07 11:44 ` [PATCHv2 " Nikolay Aleksandrov
2014-03-07 11:44   ` [PATCHv2 1/2] net: af_key: fix sleeping under rcu Nikolay Aleksandrov
2014-03-07 11:44   ` [PATCHv2 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers Nikolay Aleksandrov
2014-03-07 22:27     ` Paul Moore
2014-03-10 12:52       ` Steffen Klassert [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140310125203.GZ32371@secunet.com \
    --to=steffen.klassert@secunet$(echo .)com \
    --cc=davej@redhat$(echo .)com \
    --cc=davem@davemloft$(echo .)net \
    --cc=fan.du@windriver$(echo .)com \
    --cc=linux-security-module@vger$(echo .)kernel.org \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=nikolay@redhat$(echo .)com \
    --cc=paul@paul-moore$(echo .)com \
    --cc=selinux@tycho$(echo .)nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox