• Catherine Zhang's avatar
    [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch · dc49c1f9
    Catherine Zhang authored
    From: Catherine Zhang <cxzhang@watson.ibm.com>
    
    This patch implements a cleaner fix for the memory leak problem of the
    original unix datagram getpeersec patch.  Instead of creating a
    security context each time a unix datagram is sent, we only create the
    security context when the receiver requests it.
    
    This new design requires modification of the current
    unix_getsecpeer_dgram LSM hook and addition of two new hooks, namely,
    secid_to_secctx and release_secctx.  The former retrieves the security
    context and the latter releases it.  A hook is required for releasing
    the security context because it is up to the security module to decide
    how that's done.  In the case of Selinux, it's a simple kfree
    operation.
    Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    dc49c1f9
af_unix.c 47.6 KB