On Wed, May 30, 2012 at 1:24 PM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > On Wed, May 30, 2012 at 03:42:47PM -0400, Eric Paris wrote: >> security_file_mmap() would pretty much only be used in do_mmap_pgoff() >> (or validate_mmap_request) > > Callers, actually - the whole point is to lift it out of under ->mmap_sem. > The tricky part is reqprot vs. prot mess. See how I solved reqprot vs prot in my suggested original patch. You have it somewhere in your inbox, I know, because you called me out on the fact that my original email forgot to attach it ;) It actually cleaned things up, and made the calling conventions simpler. Just always pass in "reqprot", and have the security layer do the trivial "calculate final prot". Anyway, my original patch worked, but it (incorrectly) optimized away the call to the security layer if file was NULL. But that's just a matter of removing that check. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html