Hi Chris,
Andrew Morton wrote:
> Ingo Oeser <[EMAIL PROTECTED]> wrote:
> >
> > -int scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie
> > *scm)
> > -{
> > - struct task_struct *p = current;
> > - scm->creds = (struct ucred) {
> > - .uid = p->uid,
> > - .gid = p->gid,
> > - .pid = p->tgid
> > - };
> > - scm->fp = NULL;
> > - scm->sid = security_sk_sid(sock->sk, NULL, 0);
> > - scm->seq = 0;
> > - if (msg->msg_controllen <= 0)
> > - return 0;
> > - return __scm_send(sock, msg, scm);
> > -}
>
> It's worth noting that scm_send() will call security_sk_sid() even if
> (msg->msg_controllen <= 0).
Chris, do you know if this is needed in this case?
> If that test is likely to be true with any frequency then perhaps we can
> optimise things...
That test seems to be the original intention for the splitup.
The security modules just put their hooks here. Maybe we can
fold these hooks into __scm_send() and have the old
splitup again to get the old code paths back.
It seems that the credential copy in af_unix.c
memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
if (siocb->scm->fp)
unix_attach_fds(siocb->scm, skb);
doesn't depend on the "msg_controllen <= 0" test. If we can introduce this
dependency there, we can put credential setup into __scm_send().
I would suggest we fold these two lines into a function and decide this later.
Chris, would this suffice?
Regards
Ingo Oeser
BTW: [EMAIL PROTECTED] is simply [EMAIL PROTECTED] at work :-)
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
