From: Florian Westphal <fw@strlen.de>
Date: Thu, 26 Feb 2026 10:12:21 +0000 (+0100)
Subject: netfilter: nfnetlink_queue: remove locking in nfqnl_get_sk_secctx
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=34a6a003d4e493133c4dc81c055324646bb7ebef;p=thirdparty%2Fkernel%2Flinux.git

netfilter: nfnetlink_queue: remove locking in nfqnl_get_sk_secctx

We don't need the cb lock here.
Also, if skb was NULL we'd have crashed already.

Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 27300d3663dad..5379d8ff39c0e 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -592,15 +592,8 @@ static int nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsm_context *ctx)
 {
 	int seclen = 0;
 #if IS_ENABLED(CONFIG_NETWORK_SECMARK)
-
-	if (!skb || !sk_fullsock(skb->sk))
-		return 0;
-
-	read_lock_bh(&skb->sk->sk_callback_lock);
-
 	if (skb->secmark)
 		seclen = security_secid_to_secctx(skb->secmark, ctx);
-	read_unlock_bh(&skb->sk->sk_callback_lock);
 #endif
 	return seclen;
 }