diff options
author | Eric Dumazet <edumazet@google.com> | 2015-03-20 20:15:19 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-03-20 21:36:53 -0400 |
commit | d3593b5cef76db45c864de23c599b58198879e8c (patch) | |
tree | 42f490bda04e13334233dae5b6039fdd8eae4d2b | |
parent | f6877fcf229b4e3d396cbd5199e040b4ea1362eb (diff) |
Revert "selinux: add a skb_owned_by() hook"
This reverts commit ca10b9e9a8ca7342ee07065289cbe74ac128c169.
No longer needed after commit eb8895debe1baba41fcb62c78a16f0c63c21662a
("tcp: tcp_make_synack() should use sock_wmalloc")
When under SYNFLOOD, we build lot of SYNACK and hit false sharing
because of multiple modifications done on sk_listener->sk_wmem_alloc
Since tcp_make_synack() uses sock_wmalloc(), there is no need
to call skb_set_owner_w() again, as this adds two atomic operations.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/linux/security.h | 8 | ||||
-rw-r--r-- | net/ipv4/tcp_output.c | 1 | ||||
-rw-r--r-- | security/capability.c | 6 | ||||
-rw-r--r-- | security/security.c | 5 | ||||
-rw-r--r-- | security/selinux/hooks.c | 7 |
5 files changed, 0 insertions, 27 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index a1b7dbd127ff..25a079a7c3b3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -1716,7 +1716,6 @@ struct security_operations { | |||
1716 | int (*tun_dev_attach_queue) (void *security); | 1716 | int (*tun_dev_attach_queue) (void *security); |
1717 | int (*tun_dev_attach) (struct sock *sk, void *security); | 1717 | int (*tun_dev_attach) (struct sock *sk, void *security); |
1718 | int (*tun_dev_open) (void *security); | 1718 | int (*tun_dev_open) (void *security); |
1719 | void (*skb_owned_by) (struct sk_buff *skb, struct sock *sk); | ||
1720 | #endif /* CONFIG_SECURITY_NETWORK */ | 1719 | #endif /* CONFIG_SECURITY_NETWORK */ |
1721 | 1720 | ||
1722 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 1721 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
@@ -2735,8 +2734,6 @@ int security_tun_dev_attach_queue(void *security); | |||
2735 | int security_tun_dev_attach(struct sock *sk, void *security); | 2734 | int security_tun_dev_attach(struct sock *sk, void *security); |
2736 | int security_tun_dev_open(void *security); | 2735 | int security_tun_dev_open(void *security); |
2737 | 2736 | ||
2738 | void security_skb_owned_by(struct sk_buff *skb, struct sock *sk); | ||
2739 | |||
2740 | #else /* CONFIG_SECURITY_NETWORK */ | 2737 | #else /* CONFIG_SECURITY_NETWORK */ |
2741 | static inline int security_unix_stream_connect(struct sock *sock, | 2738 | static inline int security_unix_stream_connect(struct sock *sock, |
2742 | struct sock *other, | 2739 | struct sock *other, |
@@ -2928,11 +2925,6 @@ static inline int security_tun_dev_open(void *security) | |||
2928 | { | 2925 | { |
2929 | return 0; | 2926 | return 0; |
2930 | } | 2927 | } |
2931 | |||
2932 | static inline void security_skb_owned_by(struct sk_buff *skb, struct sock *sk) | ||
2933 | { | ||
2934 | } | ||
2935 | |||
2936 | #endif /* CONFIG_SECURITY_NETWORK */ | 2928 | #endif /* CONFIG_SECURITY_NETWORK */ |
2937 | 2929 | ||
2938 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 2930 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index c2f0f6065cb1..18474088c3d0 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
@@ -2926,7 +2926,6 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, | |||
2926 | skb_reserve(skb, MAX_TCP_HEADER); | 2926 | skb_reserve(skb, MAX_TCP_HEADER); |
2927 | 2927 | ||
2928 | skb_dst_set(skb, dst); | 2928 | skb_dst_set(skb, dst); |
2929 | security_skb_owned_by(skb, sk); | ||
2930 | 2929 | ||
2931 | mss = dst_metric_advmss(dst); | 2930 | mss = dst_metric_advmss(dst); |
2932 | if (tp->rx_opt.user_mss && tp->rx_opt.user_mss < mss) | 2931 | if (tp->rx_opt.user_mss && tp->rx_opt.user_mss < mss) |
diff --git a/security/capability.c b/security/capability.c index 070dd46f62f4..58a1600c149b 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -776,11 +776,6 @@ static int cap_tun_dev_open(void *security) | |||
776 | { | 776 | { |
777 | return 0; | 777 | return 0; |
778 | } | 778 | } |
779 | |||
780 | static void cap_skb_owned_by(struct sk_buff *skb, struct sock *sk) | ||
781 | { | ||
782 | } | ||
783 | |||
784 | #endif /* CONFIG_SECURITY_NETWORK */ | 779 | #endif /* CONFIG_SECURITY_NETWORK */ |
785 | 780 | ||
786 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 781 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
@@ -1134,7 +1129,6 @@ void __init security_fixup_ops(struct security_operations *ops) | |||
1134 | set_to_cap_if_null(ops, tun_dev_open); | 1129 | set_to_cap_if_null(ops, tun_dev_open); |
1135 | set_to_cap_if_null(ops, tun_dev_attach_queue); | 1130 | set_to_cap_if_null(ops, tun_dev_attach_queue); |
1136 | set_to_cap_if_null(ops, tun_dev_attach); | 1131 | set_to_cap_if_null(ops, tun_dev_attach); |
1137 | set_to_cap_if_null(ops, skb_owned_by); | ||
1138 | #endif /* CONFIG_SECURITY_NETWORK */ | 1132 | #endif /* CONFIG_SECURITY_NETWORK */ |
1139 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 1133 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
1140 | set_to_cap_if_null(ops, xfrm_policy_alloc_security); | 1134 | set_to_cap_if_null(ops, xfrm_policy_alloc_security); |
diff --git a/security/security.c b/security/security.c index e81d5bbe7363..1f475aa53288 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -1359,11 +1359,6 @@ int security_tun_dev_open(void *security) | |||
1359 | } | 1359 | } |
1360 | EXPORT_SYMBOL(security_tun_dev_open); | 1360 | EXPORT_SYMBOL(security_tun_dev_open); |
1361 | 1361 | ||
1362 | void security_skb_owned_by(struct sk_buff *skb, struct sock *sk) | ||
1363 | { | ||
1364 | security_ops->skb_owned_by(skb, sk); | ||
1365 | } | ||
1366 | |||
1367 | #endif /* CONFIG_SECURITY_NETWORK */ | 1362 | #endif /* CONFIG_SECURITY_NETWORK */ |
1368 | 1363 | ||
1369 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 1364 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4d1a54190388..edc66de39f2e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -51,7 +51,6 @@ | |||
51 | #include <linux/tty.h> | 51 | #include <linux/tty.h> |
52 | #include <net/icmp.h> | 52 | #include <net/icmp.h> |
53 | #include <net/ip.h> /* for local_port_range[] */ | 53 | #include <net/ip.h> /* for local_port_range[] */ |
54 | #include <net/sock.h> | ||
55 | #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */ | 54 | #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */ |
56 | #include <net/inet_connection_sock.h> | 55 | #include <net/inet_connection_sock.h> |
57 | #include <net/net_namespace.h> | 56 | #include <net/net_namespace.h> |
@@ -4652,11 +4651,6 @@ static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) | |||
4652 | selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid); | 4651 | selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid); |
4653 | } | 4652 | } |
4654 | 4653 | ||
4655 | static void selinux_skb_owned_by(struct sk_buff *skb, struct sock *sk) | ||
4656 | { | ||
4657 | skb_set_owner_w(skb, sk); | ||
4658 | } | ||
4659 | |||
4660 | static int selinux_secmark_relabel_packet(u32 sid) | 4654 | static int selinux_secmark_relabel_packet(u32 sid) |
4661 | { | 4655 | { |
4662 | const struct task_security_struct *__tsec; | 4656 | const struct task_security_struct *__tsec; |
@@ -6041,7 +6035,6 @@ static struct security_operations selinux_ops = { | |||
6041 | .tun_dev_attach_queue = selinux_tun_dev_attach_queue, | 6035 | .tun_dev_attach_queue = selinux_tun_dev_attach_queue, |
6042 | .tun_dev_attach = selinux_tun_dev_attach, | 6036 | .tun_dev_attach = selinux_tun_dev_attach, |
6043 | .tun_dev_open = selinux_tun_dev_open, | 6037 | .tun_dev_open = selinux_tun_dev_open, |
6044 | .skb_owned_by = selinux_skb_owned_by, | ||
6045 | 6038 | ||
6046 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 6039 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
6047 | .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, | 6040 | .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, |