On Thu, 13 Jul 2006, Venkat Yekkirala wrote:
> > > +static inline void security_xfrm_skb_secid(struct sk_buff
> > *skb, u32 *secid)
> > > {
> > > - return security_ops->xfrm_decode_session(skb, fl);
> > > + BUG_ON(security_ops->xfrm_decode_session(skb, secid, 0));
> > >
> >
> > BUG_ON looks wrong here, in that you don't know why the LSM
> > returned an
> > error, and why should the box panic at this point at all?
>
> This hook must not fail when the ckall parameter is set to zero,
> which is what the BUG_ON is asserting. I see I didn't comment
> the hook def in security.h to this effect; will correct this. Thanks.
I'd suggest assigning the return value to a variable and asserting that,
in case defines BUG_ON to nothing and the function won't be called. Not
sure what kernel policy is on this (ISTR people used to worry about it),
but it's better not to take uncecessary chances.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
