lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 23 Oct 2021 12:25:09 +0800
From:   Xin Long <lucien.xin@...il.com>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     network dev <netdev@...r.kernel.org>, selinux@...r.kernel.org,
        LSM List <linux-security-module@...r.kernel.org>,
        "linux-sctp @ vger . kernel . org" <linux-sctp@...r.kernel.org>,
        davem <davem@...emloft.net>,
        Marcelo Ricardo Leitner <marcelo.leitner@...il.com>,
        James Morris <jmorris@...ei.org>,
        Paul Moore <paul@...l-moore.com>,
        Richard Haines <richard_c_haines@...nternet.com>,
        Ondrej Mosnacek <omosnace@...hat.com>
Subject: Re: [PATCH net 1/4] security: pass asoc to sctp_assoc_request and sctp_sk_clone

On Fri, Oct 22, 2021 at 11:36 PM Jakub Kicinski <kuba@...nel.org> wrote:
>
> On Fri, 22 Oct 2021 02:36:09 -0400 Xin Long wrote:
> > This patch is to move secid and peer_secid from endpoint to association,
> > and pass asoc to sctp_assoc_request and sctp_sk_clone instead of ep. As
> > ep is the local endpoint and asoc represents a connection, and in SCTP
> > one sk/ep could have multiple asoc/connection, saving secid/peer_secid
> > for new asoc will overwrite the old asoc's.
> >
> > Note that since asoc can be passed as NULL, security_sctp_assoc_request()
> > is moved to the place right after the new_asoc is created in
> > sctp_sf_do_5_1B_init() and sctp_sf_do_unexpected_init().
> >
> > Fixes: 72e89f50084c ("security: Add support for SCTP security hooks")
> > Reported-by: Prashanth Prahlad <pprahlad@...hat.com>
> > Signed-off-by: Xin Long <lucien.xin@...il.com>
>
> missed one?
>
> security/selinux/netlabel.c:274: warning: Function parameter or member
> 'asoc' not described in 'selinux_netlbl_sctp_assoc_request'
> security/selinux/netlabel.c:274: warning: Excess function parameter 'ep' description in 'selinux_netlbl_sctp_assoc_request'
Yup, the function description also needs fixing:

@@ -260,11 +260,11 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb,

 /**
  * selinux_netlbl_sctp_assoc_request - Label an incoming sctp association.
- * @ep: incoming association endpoint.
+ * @asoc: incoming association.
  * @skb: the packet.
  *
  * Description:
- * A new incoming connection is represented by @ep, ......
+ * A new incoming connection is represented by @asoc, ......
  * Returns zero on success, negative values on failure.
  *
  */

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ