security_sk_classify_flow LSM hook has no comment block. Add a comment
block with a brief description of LSM hook and its function parameters.
Signed-off-by: Khadija Kamran <[email protected]>
---
security/security.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/security/security.c b/security/security.c
index d5ff7ff45b77..ffc5519e49cd 100644
--- a/security/security.c
+++ b/security/security.c
@@ -4396,6 +4396,13 @@ void security_sk_clone(const struct sock *sk, struct sock *newsk)
}
EXPORT_SYMBOL(security_sk_clone);
+/**
+ * security_sk_classify_flow() - Set a flow's secid based on socket
+ * @sk: original socket
+ * @flic: target flow
+ *
+ * Set the target flow's secid to socket's secid.
+ */
void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic)
{
call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
--
2.34.1
On Mon, Jul 31, 2023 at 07:36:47PM +0500, Khadija Kamran wrote:
> security_sk_classify_flow LSM hook has no comment block. Add a comment
> block with a brief description of LSM hook and its function parameters.
When referring to functions, in the one line commit message, or here
in the commit log, it is customary to add the parenthesis to be clear
it is a function name.
ie. security_sk_classify_flow()
>
> Signed-off-by: Khadija Kamran <[email protected]>
> ---
> security/security.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/security/security.c b/security/security.c
> index d5ff7ff45b77..ffc5519e49cd 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -4396,6 +4396,13 @@ void security_sk_clone(const struct sock *sk, struct sock *newsk)
> }
> EXPORT_SYMBOL(security_sk_clone);
>
> +/**
> + * security_sk_classify_flow() - Set a flow's secid based on socket
> + * @sk: original socket
^errant space
> + * @flic: target flow
> + *
> + * Set the target flow's secid to socket's secid.
> + */
> void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic)
> {
> call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
> --
> 2.34.1
>
On Jul 31, 2023 Khadija Kamran wrote:
>
> security_sk_classify_flow LSM hook has no comment block. Add a comment
> block with a brief description of LSM hook and its function parameters.
>
> Signed-off-by: Khadija Kamran <[email protected]>
> ---
> security/security.c | 7 +++++++
> 1 file changed, 7 insertions(+)
Thanks Khadija. I did make a small change to your patch (see below)
when merging it into the lsm/next branch.
> diff --git a/security/security.c b/security/security.c
> index d5ff7ff45b77..ffc5519e49cd 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -4396,6 +4396,13 @@ void security_sk_clone(const struct sock *sk, struct sock *newsk)
> }
> EXPORT_SYMBOL(security_sk_clone);
>
> +/**
> + * security_sk_classify_flow() - Set a flow's secid based on socket
> + * @sk: original socket
As has been pointed out previously, there is a double-space between
"sk:" and "original socket".
> + * @flic: target flow
> + *
> + * Set the target flow's secid to socket's secid.
> + */
> void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic)
> {
> call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
> --
> 2.34.1
--
paul-moore.com
On Mon, Jul 31, 2023 at 09:56:04AM -0700, Alison Schofield wrote:
> On Mon, Jul 31, 2023 at 07:36:47PM +0500, Khadija Kamran wrote:
> > security_sk_classify_flow LSM hook has no comment block. Add a comment
> > block with a brief description of LSM hook and its function parameters.
>
> When referring to functions, in the one line commit message, or here
> in the commit log, it is customary to add the parenthesis to be clear
> it is a function name.
>
> ie. security_sk_classify_flow()
>
> >
> > Signed-off-by: Khadija Kamran <[email protected]>
> > ---
> > security/security.c | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/security/security.c b/security/security.c
> > index d5ff7ff45b77..ffc5519e49cd 100644
> > --- a/security/security.c
> > +++ b/security/security.c
> > @@ -4396,6 +4396,13 @@ void security_sk_clone(const struct sock *sk, struct sock *newsk)
> > }
> > EXPORT_SYMBOL(security_sk_clone);
> >
> > +/**
> > + * security_sk_classify_flow() - Set a flow's secid based on socket
> > + * @sk: original socket
> ^errant space
>
Hey Alison,
Noted. Thank you.
> > + * @flic: target flow
> > + *
> > + * Set the target flow's secid to socket's secid.
> > + */
> > void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic)
> > {
> > call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
> > --
> > 2.34.1
> >