From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Wed, 6 Jan 2010 00:23:54 +0000 (+0900)
Subject: LSM: Update comment on security_sock_rcv_skb
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=0ed731859e24cd6e3ec058cf2b49b2a0df80e86b;p=linux-beck.git

LSM: Update comment on security_sock_rcv_skb

It is not permitted to do sleeping operation inside security_sock_rcv_skb().

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Serge Hallyn <serue@us.ibm.com>

--
Signed-off-by: James Morris <jmorris@namei.org>
---

diff --git a/include/linux/security.h b/include/linux/security.h
index 466cbadbd1ef..3696ca345745 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -978,6 +978,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *	Check permissions on incoming network packets.  This hook is distinct
  *	from Netfilter's IP input hooks since it is the first time that the
  *	incoming sk_buff @skb has been associated with a particular socket, @sk.
+ *	Must not sleep inside this hook because some callers hold spinlocks.
  *	@sk contains the sock (not socket) associated with the incoming sk_buff.
  *	@skb contains the incoming network data.
  * @socket_getpeersec_stream: