diff options
author | Paul Moore <paul.moore@hp.com> | 2008-04-12 22:07:52 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-04-12 22:07:52 -0400 |
commit | 03e1ad7b5d871d4189b1da3125c2f12d1b5f7d0b (patch) | |
tree | 1e7f291ac6bd0c1f3a95e8252c32fcce7ff47ea7 /security/dummy.c | |
parent | 00447872a643787411c2c0cb1df6169dda8b0c47 (diff) |
LSM: Make the Labeled IPsec hooks more stack friendly
The xfrm_get_policy() and xfrm_add_pol_expire() put some rather large structs
on the stack to work around the LSM API. This patch attempts to fix that
problem by changing the LSM API to require only the relevant "security"
pointers instead of the entire SPD entry; we do this for all of the
security_xfrm_policy*() functions to keep things consistent.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/dummy.c')
-rw-r--r-- | security/dummy.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/security/dummy.c b/security/dummy.c index 78d8f92310a4..480366f9c41d 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
@@ -876,22 +876,23 @@ static inline void dummy_req_classify_flow(const struct request_sock *req, | |||
876 | #endif /* CONFIG_SECURITY_NETWORK */ | 876 | #endif /* CONFIG_SECURITY_NETWORK */ |
877 | 877 | ||
878 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 878 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
879 | static int dummy_xfrm_policy_alloc_security(struct xfrm_policy *xp, | 879 | static int dummy_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp, |
880 | struct xfrm_user_sec_ctx *sec_ctx) | 880 | struct xfrm_user_sec_ctx *sec_ctx) |
881 | { | 881 | { |
882 | return 0; | 882 | return 0; |
883 | } | 883 | } |
884 | 884 | ||
885 | static inline int dummy_xfrm_policy_clone_security(struct xfrm_policy *old, struct xfrm_policy *new) | 885 | static inline int dummy_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx, |
886 | struct xfrm_sec_ctx **new_ctxp) | ||
886 | { | 887 | { |
887 | return 0; | 888 | return 0; |
888 | } | 889 | } |
889 | 890 | ||
890 | static void dummy_xfrm_policy_free_security(struct xfrm_policy *xp) | 891 | static void dummy_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx) |
891 | { | 892 | { |
892 | } | 893 | } |
893 | 894 | ||
894 | static int dummy_xfrm_policy_delete_security(struct xfrm_policy *xp) | 895 | static int dummy_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx) |
895 | { | 896 | { |
896 | return 0; | 897 | return 0; |
897 | } | 898 | } |
@@ -911,7 +912,8 @@ static int dummy_xfrm_state_delete_security(struct xfrm_state *x) | |||
911 | return 0; | 912 | return 0; |
912 | } | 913 | } |
913 | 914 | ||
914 | static int dummy_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) | 915 | static int dummy_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, |
916 | u32 sk_sid, u8 dir) | ||
915 | { | 917 | { |
916 | return 0; | 918 | return 0; |
917 | } | 919 | } |