From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tetsuo Handa Subject: [PATCH] LSM: Update comment on security_sock_rcv_skb Date: Wed, 06 Jan 2010 09:23:54 +0900 Message-ID: <201001060023.o060Ns76078068@www262.sakura.ne.jp> References: <1262437456-24476-1-git-send-email-sam@synack.fr> <1262537872.10218.27.camel@bigi> <201001050820.o058Kuwx087793@www262.sakura.ne.jp> <20100105140917.GA6624@us.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-2022-JP" Content-Transfer-Encoding: 7bit Cc: serue@us.ibm.com, sam@synack.fr, kaber@trash.net, zbr@ioremap.net, nhorman@tuxdriver.com, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, hadi@cyberus.ca To: linux-security-module@vger.kernel.org, jmorris@namei.org Return-path: In-Reply-To: <20100105140917.GA6624@us.ibm.com> Sender: linux-security-module-owner@vger.kernel.org List-Id: netdev.vger.kernel.org [PATCH] LSM: Update comment on security_sock_rcv_skb It is not permitted to do sleeping operation inside security_sock_rcv_skb(). Signed-off-by: Tetsuo Handa -- diff --git a/include/linux/security.h b/include/linux/security.h index 466cbad..3696ca3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -978,6 +978,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * Check permissions on incoming network packets. This hook is distinct * from Netfilter's IP input hooks since it is the first time that the * incoming sk_buff @skb has been associated with a particular socket, @sk. + * Must not sleep inside this hook because some callers hold spinlocks. * @sk contains the sock (not socket) associated with the incoming sk_buff. * @skb contains the incoming network data. * @socket_getpeersec_stream: