From patchwork Sat Mar 21 00:15:19 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 452843 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3C50C140142 for ; Sat, 21 Mar 2015 11:15:29 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="verification failed; unprotected key" header.d=google.com header.i=@google.com header.b=fWDyzkWM; dkim-adsp=none (unprotected policy); dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751909AbbCUAPZ (ORCPT ); Fri, 20 Mar 2015 20:15:25 -0400 Received: from mail-ie0-f202.google.com ([209.85.223.202]:33574 "EHLO mail-ie0-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751874AbbCUAPX (ORCPT ); Fri, 20 Mar 2015 20:15:23 -0400 Received: by iecrl12 with SMTP id rl12so200538iec.0 for ; Fri, 20 Mar 2015 17:15:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=0eQf3nFrNKq4rk+/DrIhy6GfNf9J6owI8DPJQ6Si38E=; b=fWDyzkWMjB5Gtc0TrwTrLobWSPHsfn6Rk33CTtLz2G9KWwyLIftflYen8F7HGTLk7F CGXW7Ms1afIeBebO8A2axBsXOwSEsvznnXXk55y9ljCLbdi9KOgjUZRaIbMznZDApY0w akAPu6wrfWanuhqm/8i+7PLj79Ri89aezT3cDxrOIJZPuLIudmtU7KjW2i7FH6Uqc2gu 0x/t19vHH98qD3y3jq/yQ2OqmrTBoW8U+/rFgzG27tNz/QDNRSxEFLmqh9rPCKWoE4Cc Jc6E12OrFyYfdW8ERmbD0/rbflv38M2shkpTwEa6sUBFOe+1LMfo8e967rWBUuxeqfrQ rOcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=0eQf3nFrNKq4rk+/DrIhy6GfNf9J6owI8DPJQ6Si38E=; b=SPa1FBpwHO59tMzQ0mdms4ncmvXoKKIJlbjkyt8SkZaviZP4KoT46SfPaMb9RaIzLb rFTz0fyQB37xC+PiIsbJT2CKcR4eI3z6QaJqkXWfGdeQ+EqU+pqEurOL/a1Uuaj9n1b+ C7LRzA9GSHBVovwS1nLgfraY6TX4cmHtq14rSpA8DeXYySYPZ71GH9m3pbkAye5AwUUD BNoYtjO8s0a/W5qsAVVEXMvTvIJyYEHWYGBMDQZeH0Gut4gZ+fEP3pze51oWKtzp8PC3 PILLPQh3NenoFDpAo8hF8wuBKr2RFrRMXclCdsDT3atkH9e9As/VUEjw9D5PC6Nz8GgL 6QFQ== X-Gm-Message-State: ALoCoQkAdzpCjKKy3+p7DDqBqGMKJZ9WfP7nffs9RTZiF0SmvQmv8H/CijVWK64RVjlbBuXBZDAK X-Received: by 10.182.29.102 with SMTP id j6mr85400836obh.46.1426896922552; Fri, 20 Mar 2015 17:15:22 -0700 (PDT) Received: from corpmail-nozzle1-1.hot.corp.google.com ([100.108.1.104]) by gmr-mx.google.com with ESMTPS id u27si419354yhu.4.2015.03.20.17.15.22 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Mar 2015 17:15:22 -0700 (PDT) Received: from manihi.mtv.corp.google.com ([172.17.131.143]) by corpmail-nozzle1-1.hot.corp.google.com with ESMTP id 3soxBlGj.1; Fri, 20 Mar 2015 17:15:22 -0700 Received: by manihi.mtv.corp.google.com (Postfix, from userid 160623) id 875E9A096F; Fri, 20 Mar 2015 17:15:21 -0700 (PDT) From: Eric Dumazet To: "David S. Miller" Cc: netdev , Eric Dumazet , Eric Dumazet Subject: [PATCH net-next] Revert "selinux: add a skb_owned_by() hook" Date: Fri, 20 Mar 2015 17:15:19 -0700 Message-Id: <1426896919-23036-1-git-send-email-edumazet@google.com> X-Mailer: git-send-email 2.2.0.rc0.207.ga3a616c Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This reverts commit ca10b9e9a8ca7342ee07065289cbe74ac128c169. No longer needed after commit eb8895debe1baba41fcb62c78a16f0c63c21662a ("tcp: tcp_make_synack() should use sock_wmalloc") When under SYNFLOOD, we build lot of SYNACK and hit false sharing because of multiple modifications done on sk_listener->sk_wmem_alloc Since tcp_make_synack() uses sock_wmalloc(), there is no need to call skb_set_owner_w() again, as this adds two atomic operations. Signed-off-by: Eric Dumazet --- include/linux/security.h | 8 -------- net/ipv4/tcp_output.c | 1 - security/capability.c | 6 ------ security/security.c | 5 ----- security/selinux/hooks.c | 7 ------- 5 files changed, 27 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index a1b7dbd127ff..25a079a7c3b3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1716,7 +1716,6 @@ struct security_operations { int (*tun_dev_attach_queue) (void *security); int (*tun_dev_attach) (struct sock *sk, void *security); int (*tun_dev_open) (void *security); - void (*skb_owned_by) (struct sk_buff *skb, struct sock *sk); #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_NETWORK_XFRM @@ -2735,8 +2734,6 @@ int security_tun_dev_attach_queue(void *security); int security_tun_dev_attach(struct sock *sk, void *security); int security_tun_dev_open(void *security); -void security_skb_owned_by(struct sk_buff *skb, struct sock *sk); - #else /* CONFIG_SECURITY_NETWORK */ static inline int security_unix_stream_connect(struct sock *sock, struct sock *other, @@ -2928,11 +2925,6 @@ static inline int security_tun_dev_open(void *security) { return 0; } - -static inline void security_skb_owned_by(struct sk_buff *skb, struct sock *sk) -{ -} - #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_NETWORK_XFRM diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index c2f0f6065cb1..18474088c3d0 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -2926,7 +2926,6 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, skb_reserve(skb, MAX_TCP_HEADER); skb_dst_set(skb, dst); - security_skb_owned_by(skb, sk); mss = dst_metric_advmss(dst); if (tp->rx_opt.user_mss && tp->rx_opt.user_mss < mss) diff --git a/security/capability.c b/security/capability.c index 070dd46f62f4..58a1600c149b 100644 --- a/security/capability.c +++ b/security/capability.c @@ -776,11 +776,6 @@ static int cap_tun_dev_open(void *security) { return 0; } - -static void cap_skb_owned_by(struct sk_buff *skb, struct sock *sk) -{ -} - #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_NETWORK_XFRM @@ -1134,7 +1129,6 @@ void __init security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, tun_dev_open); set_to_cap_if_null(ops, tun_dev_attach_queue); set_to_cap_if_null(ops, tun_dev_attach); - set_to_cap_if_null(ops, skb_owned_by); #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_NETWORK_XFRM set_to_cap_if_null(ops, xfrm_policy_alloc_security); diff --git a/security/security.c b/security/security.c index e81d5bbe7363..1f475aa53288 100644 --- a/security/security.c +++ b/security/security.c @@ -1359,11 +1359,6 @@ int security_tun_dev_open(void *security) } EXPORT_SYMBOL(security_tun_dev_open); -void security_skb_owned_by(struct sk_buff *skb, struct sock *sk) -{ - security_ops->skb_owned_by(skb, sk); -} - #endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_NETWORK_XFRM diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4d1a54190388..edc66de39f2e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -51,7 +51,6 @@ #include #include #include /* for local_port_range[] */ -#include #include /* struct or_callable used in sock_rcv_skb */ #include #include @@ -4652,11 +4651,6 @@ static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) selinux_skb_peerlbl_sid(skb, family, &sksec->peer_sid); } -static void selinux_skb_owned_by(struct sk_buff *skb, struct sock *sk) -{ - skb_set_owner_w(skb, sk); -} - static int selinux_secmark_relabel_packet(u32 sid) { const struct task_security_struct *__tsec; @@ -6041,7 +6035,6 @@ static struct security_operations selinux_ops = { .tun_dev_attach_queue = selinux_tun_dev_attach_queue, .tun_dev_attach = selinux_tun_dev_attach, .tun_dev_open = selinux_tun_dev_open, - .skb_owned_by = selinux_skb_owned_by, #ifdef CONFIG_SECURITY_NETWORK_XFRM .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc,