summaryrefslogtreecommitdiff
path: root/include/linux
diff options
context:
space:
mode:
authorDenis Efremov <efremov@ispras.ru>2019-02-26 23:49:06 +0300
committerJames Morris <james.morris@microsoft.com>2019-03-27 02:43:23 +0300
commit2f991d7ae86a81eba7e564a0f054d9e5dbfbfe34 (patch)
tree7815fc26b5345b6bfd5b766ad501d19a95673560 /include/linux
parenta890e6378201626d1723f4f2b92a017e141c1144 (diff)
downloadlinux-2f991d7ae86a81eba7e564a0f054d9e5dbfbfe34.tar.xz
LSM: fix documentation for the socket_getpeersec_dgram hook
The socket_getpeersec_dgram hook was changed in the commit "[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch" (dc49c1f94e34). The arguments @secdata and @seclen were changed to @sock and @secid. This patch updates the documentation accordingly. Signed-off-by: Denis Efremov <efremov@ispras.ru> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <james.morris@microsoft.com>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/lsm_hooks.h10
1 files changed, 5 insertions, 5 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 866aa62e900c..69b1209038ec 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -873,13 +873,13 @@
* @socket_getpeersec_dgram:
* This hook allows the security module to provide peer socket security
* state for udp sockets on a per-packet basis to userspace via
- * getsockopt SO_GETPEERSEC. The application must first have indicated
- * the IP_PASSSEC option via getsockopt. It can then retrieve the
+ * getsockopt SO_GETPEERSEC. The application must first have indicated
+ * the IP_PASSSEC option via getsockopt. It can then retrieve the
* security state returned by this hook for a packet via the SCM_SECURITY
* ancillary message type.
- * @skb is the skbuff for the packet being queried
- * @secdata is a pointer to a buffer in which to copy the security data
- * @seclen is the maximum length for @secdata
+ * @sock contains the peer socket. May be NULL.
+ * @skb is the sk_buff for the packet being queried. May be NULL.
+ * @secid pointer to store the secid of the packet.
* Return 0 on success, error on failure.
* @sk_alloc_security:
* Allocate and attach a security structure to the sk->sk_security field,