From 8827d90e29e664aa959817467a3da72041ca2269 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <edumazet@google.com>
Date: Sun, 8 Nov 2015 10:54:08 -0800
Subject: smack: use skb_to_full_sk() helper

This module wants to access sk->sk_security, which is not
available for request sockets.

Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 security/smack/smack_netfilter.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'security/smack/smack_netfilter.c')

diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c
index 6d1706c9777e..aa6bf1b22ec5 100644
--- a/security/smack/smack_netfilter.c
+++ b/security/smack/smack_netfilter.c
@@ -17,6 +17,7 @@
 #include <linux/netfilter_ipv4.h>
 #include <linux/netfilter_ipv6.h>
 #include <linux/netdevice.h>
+#include <net/inet_sock.h>
 #include "smack.h"
 
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
@@ -25,11 +26,12 @@ static unsigned int smack_ipv6_output(void *priv,
 					struct sk_buff *skb,
 					const struct nf_hook_state *state)
 {
+	struct sock *sk = skb_to_full_sk(skb);
 	struct socket_smack *ssp;
 	struct smack_known *skp;
 
-	if (skb && skb->sk && skb->sk->sk_security) {
-		ssp = skb->sk->sk_security;
+	if (sk && sk->sk_security) {
+		ssp = sk->sk_security;
 		skp = ssp->smk_out;
 		skb->secmark = skp->smk_secid;
 	}
@@ -42,11 +44,12 @@ static unsigned int smack_ipv4_output(void *priv,
 					struct sk_buff *skb,
 					const struct nf_hook_state *state)
 {
+	struct sock *sk = skb_to_full_sk(skb);
 	struct socket_smack *ssp;
 	struct smack_known *skp;
 
-	if (skb && skb->sk && skb->sk->sk_security) {
-		ssp = skb->sk->sk_security;
+	if (sk && sk->sk_security) {
+		ssp = sk->sk_security;
 		skp = ssp->smk_out;
 		skb->secmark = skp->smk_secid;
 	}
-- 
cgit v1.2.3