diff options
| author | Eric Dumazet <[email protected]> | 2013-04-08 17:58:11 +0000 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2013-04-09 17:23:11 +0000 |
| commit | ca10b9e9a8ca7342ee07065289cbe74ac128c169 (patch) | |
| tree | 33842f41a127f9da904ddd5d61839590e986e420 /net/ipv4/tcp_output.c | |
| parent | netrom: fix invalid use of sizeof in nr_recvmsg() (diff) | |
| download | kernel-ca10b9e9a8ca7342ee07065289cbe74ac128c169.tar.gz kernel-ca10b9e9a8ca7342ee07065289cbe74ac128c169.zip | |
selinux: add a skb_owned_by() hook
Commit 90ba9b1986b5ac (tcp: tcp_make_synack() can use alloc_skb())
broke certain SELinux/NetLabel configurations by no longer correctly
assigning the sock to the outgoing SYNACK packet.
Cost of atomic operations on the LISTEN socket is quite big,
and we would like it to happen only if really needed.
This patch introduces a new security_ops->skb_owned_by() method,
that is a void operation unless selinux is active.
Reported-by: Miroslav Vadkerti <[email protected]>
Diagnosed-by: Paul Moore <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
Cc: "David S. Miller" <[email protected]>
Cc: [email protected]
Acked-by: James Morris <[email protected]>
Tested-by: Paul Moore <[email protected]>
Acked-by: Paul Moore <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'net/ipv4/tcp_output.c')
| -rw-r--r-- | net/ipv4/tcp_output.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 5d0b4387cba6..b44cf81d8178 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -2709,6 +2709,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, skb_reserve(skb, MAX_TCP_HEADER); skb_dst_set(skb, dst); + security_skb_owned_by(skb, sk); mss = dst_metric_advmss(dst); if (tp->rx_opt.user_mss && tp->rx_opt.user_mss < mss) |