https://github.com/torvalds/linux
Revision ca10b9e9a8ca7342ee07065289cbe74ac128c169 authored by Eric Dumazet on 08 April 2013, 17:58:11 UTC, committed by David S. Miller on 09 April 2013, 17:23:11 UTC
Commit 90ba9b1986b5ac (tcp: tcp_make_synack() can use alloc_skb()) broke certain SELinux/NetLabel configurations by no longer correctly assigning the sock to the outgoing SYNACK packet. Cost of atomic operations on the LISTEN socket is quite big, and we would like it to happen only if really needed. This patch introduces a new security_ops->skb_owned_by() method, that is a void operation unless selinux is active. Reported-by: Miroslav Vadkerti <mvadkert@redhat.com> Diagnosed-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: linux-security-module@vger.kernel.org Acked-by: James Morris <james.l.morris@oracle.com> Tested-by: Paul Moore <pmoore@redhat.com> Acked-by: Paul Moore <pmoore@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent c802d75
Tip revision: ca10b9e9a8ca7342ee07065289cbe74ac128c169 authored by Eric Dumazet on 08 April 2013, 17:58:11 UTC
selinux: add a skb_owned_by() hook
selinux: add a skb_owned_by() hook
Tip revision: ca10b9e
| File | Mode | Size |
|---|---|---|
| lzo | ||
| mpi | ||
| raid6 | ||
| reed_solomon | ||
| xz | ||
| zlib_deflate | ||
| zlib_inflate | ||
| .gitignore | -rw-r--r-- | 70 bytes |
| Kconfig | -rw-r--r-- | 9.0 KB |
| Kconfig.debug | -rw-r--r-- | 49.8 KB |
| Kconfig.kgdb | -rw-r--r-- | 3.1 KB |
| Kconfig.kmemcheck | -rw-r--r-- | 2.9 KB |
| Makefile | -rw-r--r-- | 5.3 KB |
| argv_split.c | -rw-r--r-- | 1.8 KB |
| asn1_decoder.c | -rw-r--r-- | 12.5 KB |
| atomic64.c | -rw-r--r-- | 4.2 KB |
| atomic64_test.c | -rw-r--r-- | 3.4 KB |
| audit.c | -rw-r--r-- | 1.2 KB |
| average.c | -rw-r--r-- | 1.9 KB |
| bcd.c | -rw-r--r-- | 261 bytes |
| bch.c | -rw-r--r-- | 35.6 KB |
| bitmap.c | -rw-r--r-- | 34.7 KB |
| bitrev.c | -rw-r--r-- | 2.1 KB |
| bsearch.c | -rw-r--r-- | 1.6 KB |
| btree.c | -rw-r--r-- | 19.2 KB |
| bug.c | -rw-r--r-- | 4.8 KB |
| build_OID_registry | -rwxr-xr-x | 4.8 KB |
| bust_spinlocks.c | -rw-r--r-- | 660 bytes |
| check_signature.c | -rw-r--r-- | 599 bytes |
| checksum.c | -rw-r--r-- | 4.9 KB |
| clz_tab.c | -rw-r--r-- | 855 bytes |
| cmdline.c | -rw-r--r-- | 3.6 KB |
| cordic.c | -rw-r--r-- | 2.5 KB |
| cpu-notifier-error-inject.c | -rw-r--r-- | 1.2 KB |
| cpu_rmap.c | -rw-r--r-- | 7.9 KB |
| cpumask.c | -rw-r--r-- | 4.4 KB |
| crc-ccitt.c | -rw-r--r-- | 3.0 KB |
| crc-itu-t.c | -rw-r--r-- | 2.8 KB |
| crc-t10dif.c | -rw-r--r-- | 2.9 KB |
| crc16.c | -rw-r--r-- | 2.8 KB |
| crc32.c | -rw-r--r-- | 41.9 KB |
| crc32defs.h | -rw-r--r-- | 2.0 KB |
| crc7.c | -rw-r--r-- | 2.3 KB |
| crc8.c | -rw-r--r-- | 2.4 KB |
| ctype.c | -rw-r--r-- | 1.4 KB |
| debug_locks.c | -rw-r--r-- | 1.1 KB |
| debugobjects.c | -rw-r--r-- | 26.1 KB |
| dec_and_lock.c | -rw-r--r-- | 784 bytes |
| decompress.c | -rw-r--r-- | 1.4 KB |
| decompress_bunzip2.c | -rw-r--r-- | 23.4 KB |
| decompress_inflate.c | -rw-r--r-- | 3.7 KB |
| decompress_unlzma.c | -rw-r--r-- | 15.8 KB |
| decompress_unlzo.c | -rw-r--r-- | 6.8 KB |
| decompress_unxz.c | -rw-r--r-- | 10.6 KB |
| devres.c | -rw-r--r-- | 10.2 KB |
| digsig.c | -rw-r--r-- | 5.5 KB |
| div64.c | -rw-r--r-- | 3.1 KB |
| dma-debug.c | -rw-r--r-- | 34.9 KB |
| dump_stack.c | -rw-r--r-- | 290 bytes |
| dynamic_debug.c | -rw-r--r-- | 26.0 KB |
| dynamic_queue_limits.c | -rw-r--r-- | 4.3 KB |
| earlycpio.c | -rw-r--r-- | 3.8 KB |
| extable.c | -rw-r--r-- | 2.4 KB |
| fault-inject.c | -rw-r--r-- | 6.0 KB |
| fdt.c | -rw-r--r-- | 69 bytes |
| fdt_ro.c | -rw-r--r-- | 72 bytes |
| fdt_rw.c | -rw-r--r-- | 72 bytes |
| fdt_strerror.c | -rw-r--r-- | 78 bytes |
| fdt_sw.c | -rw-r--r-- | 72 bytes |
| fdt_wip.c | -rw-r--r-- | 73 bytes |
| find_last_bit.c | -rw-r--r-- | 1.1 KB |
| find_next_bit.c | -rw-r--r-- | 6.4 KB |
| flex_array.c | -rw-r--r-- | 10.9 KB |
| flex_proportions.c | -rw-r--r-- | 6.8 KB |
| gcd.c | -rw-r--r-- | 313 bytes |
| gen_crc32table.c | -rw-r--r-- | 3.2 KB |
| genalloc.c | -rw-r--r-- | 13.3 KB |
| halfmd4.c | -rw-r--r-- | 2.0 KB |
| hexdump.c | -rw-r--r-- | 7.1 KB |
| hweight.c | -rw-r--r-- | 1.9 KB |
| idr.c | -rw-r--r-- | 27.9 KB |
| inflate.c | -rw-r--r-- | 38.6 KB |
| int_sqrt.c | -rw-r--r-- | 533 bytes |
| interval_tree.c | -rw-r--r-- | 297 bytes |
| interval_tree_test_main.c | -rw-r--r-- | 2.3 KB |
| iomap.c | -rw-r--r-- | 6.5 KB |
| iomap_copy.c | -rw-r--r-- | 2.1 KB |
| iommu-helper.c | -rw-r--r-- | 1.0 KB |
| ioremap.c | -rw-r--r-- | 2.1 KB |
| irq_regs.c | -rw-r--r-- | 604 bytes |
| is_single_threaded.c | -rw-r--r-- | 1.3 KB |
| jedec_ddr_data.c | -rw-r--r-- | 3.0 KB |
| kasprintf.c | -rw-r--r-- | 717 bytes |
| kfifo.c | -rw-r--r-- | 12.7 KB |
| klist.c | -rw-r--r-- | 9.3 KB |
| kobject.c | -rw-r--r-- | 23.2 KB |
| kobject_uevent.c | -rw-r--r-- | 10.4 KB |
| kstrtox.c | -rw-r--r-- | 9.4 KB |
| kstrtox.h | -rw-r--r-- | 254 bytes |
| lcm.c | -rw-r--r-- | 288 bytes |
| libcrc32c.c | -rw-r--r-- | 2.1 KB |
| list_debug.c | -rw-r--r-- | 2.6 KB |
| list_sort.c | -rw-r--r-- | 7.0 KB |
| llist.c | -rw-r--r-- | 2.7 KB |
| locking-selftest-hardirq.h | -rw-r--r-- | 207 bytes |
| locking-selftest-mutex.h | -rw-r--r-- | 120 bytes |
| locking-selftest-rlock-hardirq.h | -rw-r--r-- | 74 bytes |
| locking-selftest-rlock-softirq.h | -rw-r--r-- | 74 bytes |
| locking-selftest-rlock.h | -rw-r--r-- | 158 bytes |
| locking-selftest-rsem.h | -rw-r--r-- | 163 bytes |
| locking-selftest-softirq.h | -rw-r--r-- | 207 bytes |
| locking-selftest-spin-hardirq.h | -rw-r--r-- | 73 bytes |
| locking-selftest-spin-softirq.h | -rw-r--r-- | 73 bytes |
| locking-selftest-spin.h | -rw-r--r-- | 118 bytes |
| locking-selftest-wlock-hardirq.h | -rw-r--r-- | 74 bytes |
| locking-selftest-wlock-softirq.h | -rw-r--r-- | 74 bytes |
| locking-selftest-wlock.h | -rw-r--r-- | 158 bytes |
| locking-selftest-wsem.h | -rw-r--r-- | 163 bytes |
| locking-selftest.c | -rw-r--r-- | 28.7 KB |
| lru_cache.c | -rw-r--r-- | 18.0 KB |
| md5.c | -rw-r--r-- | 3.7 KB |
| memory-notifier-error-inject.c | -rw-r--r-- | 1.1 KB |
| memweight.c | -rw-r--r-- | 999 bytes |
| nlattr.c | -rw-r--r-- | 12.4 KB |
| notifier-error-inject.c | -rw-r--r-- | 2.7 KB |
| notifier-error-inject.h | -rw-r--r-- | 614 bytes |
| of-reconfig-notifier-error-inject.c | -rw-r--r-- | 1.3 KB |
| oid_registry.c | -rw-r--r-- | 3.7 KB |
| parser.c | -rw-r--r-- | 6.2 KB |
| pci_iomap.c | -rw-r--r-- | 1.4 KB |
| percpu-rwsem.c | -rw-r--r-- | 5.0 KB |
| percpu_counter.c | -rw-r--r-- | 5.1 KB |
| plist.c | -rw-r--r-- | 4.7 KB |
| pm-notifier-error-inject.c | -rw-r--r-- | 1.1 KB |
| prio_heap.c | -rw-r--r-- | 1.4 KB |
| proportions.c | -rw-r--r-- | 9.3 KB |
| radix-tree.c | -rw-r--r-- | 38.7 KB |
| random32.c | -rw-r--r-- | 5.2 KB |
| ratelimit.c | -rw-r--r-- | 1.5 KB |
| rational.c | -rw-r--r-- | 1.5 KB |
| rbtree.c | -rw-r--r-- | 14.0 KB |
| rbtree_test.c | -rw-r--r-- | 5.0 KB |
| reciprocal_div.c | -rw-r--r-- | 218 bytes |
| rwsem-spinlock.c | -rw-r--r-- | 6.7 KB |
| rwsem.c | -rw-r--r-- | 8.5 KB |
| scatterlist.c | -rw-r--r-- | 15.6 KB |
| sha1.c | -rw-r--r-- | 6.1 KB |
| show_mem.c | -rw-r--r-- | 1.3 KB |
| smp_processor_id.c | -rw-r--r-- | 1.1 KB |
| sort.c | -rw-r--r-- | 2.5 KB |
| spinlock_debug.c | -rw-r--r-- | 7.1 KB |
| stmp_device.c | -rw-r--r-- | 2.1 KB |
| string.c | -rw-r--r-- | 16.2 KB |
| string_helpers.c | -rw-r--r-- | 1.7 KB |
| strncpy_from_user.c | -rw-r--r-- | 2.9 KB |
| strnlen_user.c | -rw-r--r-- | 3.6 KB |
| swiotlb.c | -rw-r--r-- | 26.5 KB |
| syscall.c | -rw-r--r-- | 2.4 KB |
| test-kstrtox.c | -rw-r--r-- | 17.4 KB |
| textsearch.c | -rw-r--r-- | 9.6 KB |
| timerqueue.c | -rw-r--r-- | 3.1 KB |
| ts_bm.c | -rw-r--r-- | 5.3 KB |
| ts_fsm.c | -rw-r--r-- | 10.6 KB |
| ts_kmp.c | -rw-r--r-- | 4.3 KB |
| uuid.c | -rw-r--r-- | 1.4 KB |
| vsprintf.c | -rw-r--r-- | 53.0 KB |
Computing file changes ...
