4 files changed, 22 insertions, 17 deletions

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 85d1d4764612..526c4feb3b50 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -238,11 +238,6 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 
                 skb->sp->xvec[skb->sp->len++] = x;
 
-                if (xfrm_tunnel_check(skb, x, family)) {
-                        XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
-                        goto drop;
-                }
-
                 spin_lock(&x->lock);
                 if (unlikely(x->km.state == XFRM_STATE_ACQ)) {
                         XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR);
@@ -271,6 +266,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 
                 spin_unlock(&x->lock);
 
+                if (xfrm_tunnel_check(skb, x, family)) {
+                        XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
+                        goto drop;
+                }
+
                 seq_hi = htonl(xfrm_replay_seqhi(x, seq));
 
                 XFRM_SKB_CB(skb)->seq.input.low = seq;
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 7c532856b398..fbcedbe33190 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -19,7 +19,7 @@
 #include <net/dst.h>
 #include <net/xfrm.h>
 
-static int xfrm_output2(struct sk_buff *skb);
+static int xfrm_output2(struct sock *sk, struct sk_buff *skb);
 
 static int xfrm_skb_check_space(struct sk_buff *skb)
 {
@@ -130,7 +130,7 @@ int xfrm_output_resume(struct sk_buff *skb, int err)
                         return dst_output(skb);
 
                 err = nf_hook(skb_dst(skb)->ops->family,
-                              NF_INET_POST_ROUTING, skb,
+                              NF_INET_POST_ROUTING, skb->sk, skb,
                               NULL, skb_dst(skb)->dev, xfrm_output2);
                 if (unlikely(err != 1))
                         goto out;
@@ -144,12 +144,12 @@ out:
 }
 EXPORT_SYMBOL_GPL(xfrm_output_resume);
 
-static int xfrm_output2(struct sk_buff *skb)
+static int xfrm_output2(struct sock *sk, struct sk_buff *skb)
 {
         return xfrm_output_resume(skb, 1);
 }
 
-static int xfrm_output_gso(struct sk_buff *skb)
+static int xfrm_output_gso(struct sock *sk, struct sk_buff *skb)
 {
         struct sk_buff *segs;
 
@@ -165,7 +165,7 @@ static int xfrm_output_gso(struct sk_buff *skb)
                 int err;
 
                 segs->next = NULL;
-                err = xfrm_output2(segs);
+                err = xfrm_output2(sk, segs);
 
                 if (unlikely(err)) {
                         kfree_skb_list(nskb);
@@ -178,13 +178,13 @@ static int xfrm_output_gso(struct sk_buff *skb)
         return 0;
 }
 
-int xfrm_output(struct sk_buff *skb)
+int xfrm_output(struct sock *sk, struct sk_buff *skb)
 {
         struct net *net = dev_net(skb_dst(skb)->dev);
         int err;
 
         if (skb_is_gso(skb))
-                return xfrm_output_gso(skb);
+                return xfrm_output_gso(sk, skb);
 
         if (skb->ip_summed == CHECKSUM_PARTIAL) {
                 err = skb_checksum_help(skb);
@@ -195,7 +195,7 @@ int xfrm_output(struct sk_buff *skb)
                 }
         }
 
-        return xfrm_output2(skb);
+        return xfrm_output2(sk, skb);
 }
 EXPORT_SYMBOL_GPL(xfrm_output);
 
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index de971b6d38c5..f5e39e35d73a 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1043,12 +1043,12 @@ static struct xfrm_state *__find_acq_core(struct net *net,
                         break;
 
                 case AF_INET6:
-                        *(struct in6_addr *)x->sel.daddr.a6 = *(struct in6_addr *)daddr;
-                        *(struct in6_addr *)x->sel.saddr.a6 = *(struct in6_addr *)saddr;
+                        x->sel.daddr.in6 = daddr->in6;
+                        x->sel.saddr.in6 = saddr->in6;
                         x->sel.prefixlen_d = 128;
                         x->sel.prefixlen_s = 128;
-                        *(struct in6_addr *)x->props.saddr.a6 = *(struct in6_addr *)saddr;
-                        *(struct in6_addr *)x->id.daddr.a6 = *(struct in6_addr *)daddr;
+                        x->props.saddr.in6 = saddr->in6;
+                        x->id.daddr.in6 = daddr->in6;
                         break;
                 }
 
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 7de2ed9ec46d..2091664295ba 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2423,6 +2423,11 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
         const struct xfrm_link *link;
         int type, err;
 
+#ifdef CONFIG_COMPAT
+        if (is_compat_task())
+                return -ENOTSUPP;
+#endif
+
         type = nlh->nlmsg_type;
         if (type > XFRM_MSG_MAX)
                 return -EINVAL;