> > +static inline void security_xfrm_skb_secid(struct sk_buff
> *skb, u32 *secid)
> > {
> > - return security_ops->xfrm_decode_session(skb, fl);
> > + BUG_ON(security_ops->xfrm_decode_session(skb, secid, 0));
> >
>
> BUG_ON looks wrong here, in that you don't know why the LSM
> returned an
> error, and why should the box panic at this point at all?
This hook must not fail when the ckall parameter is set to zero,
which is what the BUG_ON is asserting. I see I didn't comment
the hook def in security.h to this effect; will correct this. Thanks.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
