summaryrefslogtreecommitdiffstats
path: root/security/capability.c
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2015-03-20 17:15:19 -0700
committerDavid S. Miller <davem@davemloft.net>2015-03-20 21:36:53 -0400
commitd3593b5cef76db45c864de23c599b58198879e8c (patch)
tree42f490bda04e13334233dae5b6039fdd8eae4d2b /security/capability.c
parentf6877fcf229b4e3d396cbd5199e040b4ea1362eb (diff)
downloadlinux-d3593b5cef76db45c864de23c599b58198879e8c.tar.gz
linux-d3593b5cef76db45c864de23c599b58198879e8c.tar.bz2
linux-d3593b5cef76db45c864de23c599b58198879e8c.zip
Revert "selinux: add a skb_owned_by() hook"
This reverts commit ca10b9e9a8ca7342ee07065289cbe74ac128c169. No longer needed after commit eb8895debe1baba41fcb62c78a16f0c63c21662a ("tcp: tcp_make_synack() should use sock_wmalloc") When under SYNFLOOD, we build lot of SYNACK and hit false sharing because of multiple modifications done on sk_listener->sk_wmem_alloc Since tcp_make_synack() uses sock_wmalloc(), there is no need to call skb_set_owner_w() again, as this adds two atomic operations. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/capability.c')
-rw-r--r--security/capability.c6
1 files changed, 0 insertions, 6 deletions
diff --git a/security/capability.c b/security/capability.c
index 070dd46f62f4..58a1600c149b 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -776,11 +776,6 @@ static int cap_tun_dev_open(void *security)
{
return 0;
}
-
-static void cap_skb_owned_by(struct sk_buff *skb, struct sock *sk)
-{
-}
-
#endif /* CONFIG_SECURITY_NETWORK */
#ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -1134,7 +1129,6 @@ void __init security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, tun_dev_open);
set_to_cap_if_null(ops, tun_dev_attach_queue);
set_to_cap_if_null(ops, tun_dev_attach);
- set_to_cap_if_null(ops, skb_owned_by);
#endif /* CONFIG_SECURITY_NETWORK */
#ifdef CONFIG_SECURITY_NETWORK_XFRM
set_to_cap_if_null(ops, xfrm_policy_alloc_security);