Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.

On Thursday, September 6 2007 9:04:01 am Tetsuo Handa wrote:
> (1) It uses userspace intervention to allow/reject
>     connections and/or packets based on the application's domain.
>     Since existent hooks can't be used for this purpose,
>     I inserted a new hook post_recv_datagram() at skb_recv_datagram()
>     and I modified socket_post_accept() to return error so that
>     I can drop/disconnect based on the application's domain.
>
>     I think skb_recv_datagram() is the only place that can remove
>     a message picked up with MSG_PEEK flags from the receive queue.
>     To remove a message picked up with MSG_PEEK flags, I noticed that
>     I have to do skb_kill_datagram()-like operation so that
>     "the head message that must not be delivered to the caller" won't
> prevent picking up of "the non-head message that should be delivered to the
> caller" when the caller repeats only recv(MSG_PEEK) requests.
>     Since skb_recv_datagram() can be called from interrupt context,
>     I have to use spin_lock_irqsave() instead for spin_lock_bh(), am I
> right?

There are almost certainly better people to answer locking questions, but here 
is my take on it ... If you are accessing data both in a bottom half and 
elsewhere you need to make sure you disable bottom halfs from running before 
you access the data outside the bottom half (spin_lock_bh()).  If you are 
accessing data both in an interrupt handler and elsewhere you need to make 
sure you disable interrupts when accessing data outside the irq handler 
(spin_lock_irqsave()).

>     By the way, why can't socket_post_accept() fail?
>     Someone may wish to do memory allocation at socket_post_accept().
>     socket_accept() is too early for memory allocation because
>     there is no chance to free allocated memory
>     when sock->ops->accept() failed.
>     I think socket_post_accept() should be able to fail.

>From my experience the community disapproves of approaches which go through 
the entire TCP handshake and then terminate the connection, which is what 
allowing security_socket_post_accept() to fail would do.

-- 
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • [TOMOYO 00/15] TOMOYO Linux - MAC based on process invocation histroy
    • From: Kentaro Takeda <[email protected]>
  • Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.
    • From: Paul Moore <[email protected]>
  • Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.
    • From: Tetsuo Handa <[email protected]>

• Prev by Date: Re: hda_intel : Patch + Regression in 2.6.18 -> 2.6.22
• Next by Date: Re: [PATCH 0/3] build system: section garbage collection for vmlinux
• Previous by thread: Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux.
• Next by thread: Regressions w.r.t. suspend behaviour in recent kernel versions
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]