netfilter: nfnetlink_queue: remove locking in nfqnl_get_sk_secctx

We don't need the cb lock here. Also, if skb was NULL we'd have crashed already. Signed-off-by: Florian Westphal <fw@strlen.de>
2026-05-16 06:41:39 -04:00 · 2026-02-26 11:12:21 +01:00
parent 013e2f91d0
commit 34a6a003d4
1 changed files with 0 additions and 7 deletions
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -592,15 +592,8 @@ static int nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsm_context *ctx)
 {
 	int seclen = 0;
 #if IS_ENABLED(CONFIG_NETWORK_SECMARK)
-
-	if (!skb || !sk_fullsock(skb->sk))
-		return 0;
-
-	read_lock_bh(&skb->sk->sk_callback_lock);
-
 	if (skb->secmark)
 		seclen = security_secid_to_secctx(skb->secmark, ctx);
-	read_unlock_bh(&skb->sk->sk_callback_lock);
 #endif
 	return seclen;
 }