]> bbs.cooldavid.org Git - net-next-2.6.git/commit - include/net/scm.h
git://bbs.cooldavid.org / net-next-2.6.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2b7e24b) | patch
[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch
authorCatherine Zhang <cxzhang@watson.ibm.com>
Wed, 2 Aug 2006 21:12:06 +0000 (14:12 -0700)
committerDavid S. Miller <davem@davemloft.net>
Wed, 2 Aug 2006 21:12:06 +0000 (14:12 -0700)
commitdc49c1f94e3469d94b952e8f5160dd4ccd791d79
treee47b1974c262a03dbabf0a148325d9089817e78etree | snapshot (tar.bz2 tar.gz zip)
parent2b7e24b66d31d677d76b49918e711eb360c978b6commit | diff
[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch

From: Catherine Zhang <cxzhang@watson.ibm.com>

This patch implements a cleaner fix for the memory leak problem of the
original unix datagram getpeersec patch.  Instead of creating a
security context each time a unix datagram is sent, we only create the
security context when the receiver requests it.

This new design requires modification of the current
unix_getsecpeer_dgram LSM hook and addition of two new hooks, namely,
secid_to_secctx and release_secctx.  The former retrieves the security
context and the latter releases it.  A hook is required for releasing
the security context because it is up to the security module to decide
how that's done.  In the case of Selinux, it's a simple kfree
operation.

Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/security.h diff | blob | blame | history
include/net/af_unix.h diff | blob | blame | history
include/net/scm.h diff | blob | blame | history
net/ipv4/ip_sockglue.c diff | blob | blame | history
net/unix/af_unix.c diff | blob | blame | history
security/dummy.c diff | blob | blame | history
security/selinux/hooks.c diff | blob | blame | history
Clone of davem's net-next-2.6 tree