From: Venkat Yekkirala <[EMAIL PROTECTED]>
Date: Thu, 13 Jul 2006 10:54:14 -0400
> > > +static inline void security_xfrm_skb_secid(struct sk_buff
> > *skb, u32 *secid)
> > > {
> > > - return security_ops->xfrm_decode_session(skb, fl);
> > > + BUG_ON(security_ops->xfrm_decode_session(skb, secid, 0));
> > >
> >
> > BUG_ON looks wrong here, in that you don't know why the LSM
> > returned an
> > error, and why should the box panic at this point at all?
>
> This hook must not fail when the ckall parameter is set to zero,
> which is what the BUG_ON is asserting. I see I didn't comment
> the hook def in security.h to this effect; will correct this. Thanks.
The real problem is that when debugging is disabled, BUG_ON() is
defined to do nothing, it will not even evaluate the expression once.
So it is not valid to put things with expected side effects in there.
This is the same thing that happens to assert() in userspace if
you define "NDEBUG".
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
