LSM: Make the Labeled IPsec hooks more stack friendly
authorPaul Moore <paul.moore@hp.com>
Sun, 13 Apr 2008 02:07:52 +0000 (19:07 -0700)
committerDavid S. Miller <davem@davemloft.net>
Sun, 13 Apr 2008 02:07:52 +0000 (19:07 -0700)
commit03e1ad7b5d871d4189b1da3125c2f12d1b5f7d0b
tree1e7f291ac6bd0c1f3a95e8252c32fcce7ff47ea7
parent00447872a643787411c2c0cb1df6169dda8b0c47
LSM: Make the Labeled IPsec hooks more stack friendly

The xfrm_get_policy() and xfrm_add_pol_expire() put some rather large structs
on the stack to work around the LSM API.  This patch attempts to fix that
problem by changing the LSM API to require only the relevant "security"
pointers instead of the entire SPD entry; we do this for all of the
security_xfrm_policy*() functions to keep things consistent.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/security.h
net/key/af_key.c
net/xfrm/xfrm_policy.c
net/xfrm/xfrm_user.c
security/dummy.c
security/security.c
security/selinux/include/xfrm.h
security/selinux/xfrm.c