aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2011-02-25 21:07:06 -0500
committerDavid S. Miller <davem@davemloft.net>2011-02-25 21:07:06 -0500
commit4c93fbb0626080d196fb461c859b24a1feec3270 (patch)
tree4bc988738d95e3d34d41fb3dbd1982ed94bfbd75
parent52bc97470e22e67f11b054e51a31eee100ef6867 (diff)
pfkey: Use const where possible.
This actually pointed out a (seemingly known) bug where we mangle the pfkey header in a potentially shared SKB, which is fixed here. Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/key/af_key.c201
1 files changed, 107 insertions, 94 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 56372853142..7fb54577f5b 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -70,7 +70,7 @@ static inline struct pfkey_sock *pfkey_sk(struct sock *sk)
70 return (struct pfkey_sock *)sk; 70 return (struct pfkey_sock *)sk;
71} 71}
72 72
73static int pfkey_can_dump(struct sock *sk) 73static int pfkey_can_dump(const struct sock *sk)
74{ 74{
75 if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf) 75 if (3 * atomic_read(&sk->sk_rmem_alloc) <= 2 * sk->sk_rcvbuf)
76 return 1; 76 return 1;
@@ -303,12 +303,13 @@ static int pfkey_do_dump(struct pfkey_sock *pfk)
303 return rc; 303 return rc;
304} 304}
305 305
306static inline void pfkey_hdr_dup(struct sadb_msg *new, struct sadb_msg *orig) 306static inline void pfkey_hdr_dup(struct sadb_msg *new,
307 const struct sadb_msg *orig)
307{ 308{
308 *new = *orig; 309 *new = *orig;
309} 310}
310 311
311static int pfkey_error(struct sadb_msg *orig, int err, struct sock *sk) 312static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk)
312{ 313{
313 struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL); 314 struct sk_buff *skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_KERNEL);
314 struct sadb_msg *hdr; 315 struct sadb_msg *hdr;
@@ -369,13 +370,13 @@ static u8 sadb_ext_min_len[] = {
369}; 370};
370 371
371/* Verify sadb_address_{len,prefixlen} against sa_family. */ 372/* Verify sadb_address_{len,prefixlen} against sa_family. */
372static int verify_address_len(void *p) 373static int verify_address_len(const void *p)
373{ 374{
374 struct sadb_address *sp = p; 375 const struct sadb_address *sp = p;
375 struct sockaddr *addr = (struct sockaddr *)(sp + 1); 376 const struct sockaddr *addr = (const struct sockaddr *)(sp + 1);
376 struct sockaddr_in *sin; 377 const struct sockaddr_in *sin;
377#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 378#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
378 struct sockaddr_in6 *sin6; 379 const struct sockaddr_in6 *sin6;
379#endif 380#endif
380 int len; 381 int len;
381 382
@@ -411,16 +412,16 @@ static int verify_address_len(void *p)
411 return 0; 412 return 0;
412} 413}
413 414
414static inline int pfkey_sec_ctx_len(struct sadb_x_sec_ctx *sec_ctx) 415static inline int pfkey_sec_ctx_len(const struct sadb_x_sec_ctx *sec_ctx)
415{ 416{
416 return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) + 417 return DIV_ROUND_UP(sizeof(struct sadb_x_sec_ctx) +
417 sec_ctx->sadb_x_ctx_len, 418 sec_ctx->sadb_x_ctx_len,
418 sizeof(uint64_t)); 419 sizeof(uint64_t));
419} 420}
420 421
421static inline int verify_sec_ctx_len(void *p) 422static inline int verify_sec_ctx_len(const void *p)
422{ 423{
423 struct sadb_x_sec_ctx *sec_ctx = (struct sadb_x_sec_ctx *)p; 424 const struct sadb_x_sec_ctx *sec_ctx = p;
424 int len = sec_ctx->sadb_x_ctx_len; 425 int len = sec_ctx->sadb_x_ctx_len;
425 426
426 if (len > PAGE_SIZE) 427 if (len > PAGE_SIZE)
@@ -434,7 +435,7 @@ static inline int verify_sec_ctx_len(void *p)
434 return 0; 435 return 0;
435} 436}
436 437
437static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(struct sadb_x_sec_ctx *sec_ctx) 438static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(const struct sadb_x_sec_ctx *sec_ctx)
438{ 439{
439 struct xfrm_user_sec_ctx *uctx = NULL; 440 struct xfrm_user_sec_ctx *uctx = NULL;
440 int ctx_size = sec_ctx->sadb_x_ctx_len; 441 int ctx_size = sec_ctx->sadb_x_ctx_len;
@@ -455,16 +456,16 @@ static inline struct xfrm_user_sec_ctx *pfkey_sadb2xfrm_user_sec_ctx(struct sadb
455 return uctx; 456 return uctx;
456} 457}
457 458
458static int present_and_same_family(struct sadb_address *src, 459static int present_and_same_family(const struct sadb_address *src,
459 struct sadb_address *dst) 460 const struct sadb_address *dst)
460{ 461{
461 struct sockaddr *s_addr, *d_addr; 462 const struct sockaddr *s_addr, *d_addr;
462 463
463 if (!src || !dst) 464 if (!src || !dst)
464 return 0; 465 return 0;
465 466
466 s_addr = (struct sockaddr *)(src + 1); 467 s_addr = (const struct sockaddr *)(src + 1);
467 d_addr = (struct sockaddr *)(dst + 1); 468 d_addr = (const struct sockaddr *)(dst + 1);
468 if (s_addr->sa_family != d_addr->sa_family) 469 if (s_addr->sa_family != d_addr->sa_family)
469 return 0; 470 return 0;
470 if (s_addr->sa_family != AF_INET 471 if (s_addr->sa_family != AF_INET
@@ -477,15 +478,15 @@ static int present_and_same_family(struct sadb_address *src,
477 return 1; 478 return 1;
478} 479}
479 480
480static int parse_exthdrs(struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 481static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void **ext_hdrs)
481{ 482{
482 char *p = (char *) hdr; 483 const char *p = (char *) hdr;
483 int len = skb->len; 484 int len = skb->len;
484 485
485 len -= sizeof(*hdr); 486 len -= sizeof(*hdr);
486 p += sizeof(*hdr); 487 p += sizeof(*hdr);
487 while (len > 0) { 488 while (len > 0) {
488 struct sadb_ext *ehdr = (struct sadb_ext *) p; 489 const struct sadb_ext *ehdr = (const struct sadb_ext *) p;
489 uint16_t ext_type; 490 uint16_t ext_type;
490 int ext_len; 491 int ext_len;
491 492
@@ -514,7 +515,7 @@ static int parse_exthdrs(struct sk_buff *skb, struct sadb_msg *hdr, void **ext_h
514 if (verify_sec_ctx_len(p)) 515 if (verify_sec_ctx_len(p))
515 return -EINVAL; 516 return -EINVAL;
516 } 517 }
517 ext_hdrs[ext_type-1] = p; 518 ext_hdrs[ext_type-1] = (void *) p;
518 } 519 }
519 p += ext_len; 520 p += ext_len;
520 len -= ext_len; 521 len -= ext_len;
@@ -606,21 +607,21 @@ int pfkey_sockaddr_extract(const struct sockaddr *sa, xfrm_address_t *xaddr)
606} 607}
607 608
608static 609static
609int pfkey_sadb_addr2xfrm_addr(struct sadb_address *addr, xfrm_address_t *xaddr) 610int pfkey_sadb_addr2xfrm_addr(const struct sadb_address *addr, xfrm_address_t *xaddr)
610{ 611{
611 return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1), 612 return pfkey_sockaddr_extract((struct sockaddr *)(addr + 1),
612 xaddr); 613 xaddr);
613} 614}
614 615
615static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, struct sadb_msg *hdr, void **ext_hdrs) 616static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, const struct sadb_msg *hdr, void * const *ext_hdrs)
616{ 617{
617 struct sadb_sa *sa; 618 const struct sadb_sa *sa;
618 struct sadb_address *addr; 619 const struct sadb_address *addr;
619 uint16_t proto; 620 uint16_t proto;
620 unsigned short family; 621 unsigned short family;
621 xfrm_address_t *xaddr; 622 xfrm_address_t *xaddr;
622 623
623 sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; 624 sa = (const struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1];
624 if (sa == NULL) 625 if (sa == NULL)
625 return NULL; 626 return NULL;
626 627
@@ -629,18 +630,18 @@ static struct xfrm_state *pfkey_xfrm_state_lookup(struct net *net, struct sadb_
629 return NULL; 630 return NULL;
630 631
631 /* sadb_address_len should be checked by caller */ 632 /* sadb_address_len should be checked by caller */
632 addr = (struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1]; 633 addr = (const struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1];
633 if (addr == NULL) 634 if (addr == NULL)
634 return NULL; 635 return NULL;
635 636
636 family = ((struct sockaddr *)(addr + 1))->sa_family; 637 family = ((const struct sockaddr *)(addr + 1))->sa_family;
637 switch (family) { 638 switch (family) {
638 case AF_INET: 639 case AF_INET:
639 xaddr = (xfrm_address_t *)&((struct sockaddr_in *)(addr + 1))->sin_addr; 640 xaddr = (xfrm_address_t *)&((const struct sockaddr_in *)(addr + 1))->sin_addr;
640 break; 641 break;
641#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 642#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
642 case AF_INET6: 643 case AF_INET6:
643 xaddr = (xfrm_address_t *)&((struct sockaddr_in6 *)(addr + 1))->sin6_addr; 644 xaddr = (xfrm_address_t *)&((const struct sockaddr_in6 *)(addr + 1))->sin6_addr;
644 break; 645 break;
645#endif 646#endif
646 default: 647 default:
@@ -691,8 +692,8 @@ static inline int pfkey_mode_to_xfrm(int mode)
691} 692}
692 693
693static unsigned int pfkey_sockaddr_fill(const xfrm_address_t *xaddr, __be16 port, 694static unsigned int pfkey_sockaddr_fill(const xfrm_address_t *xaddr, __be16 port,
694 struct sockaddr *sa, 695 struct sockaddr *sa,
695 unsigned short family) 696 unsigned short family)
696{ 697{
697 switch (family) { 698 switch (family) {
698 case AF_INET: 699 case AF_INET:
@@ -720,7 +721,7 @@ static unsigned int pfkey_sockaddr_fill(const xfrm_address_t *xaddr, __be16 port
720 return 0; 721 return 0;
721} 722}
722 723
723static struct sk_buff *__pfkey_xfrm_state2msg(struct xfrm_state *x, 724static struct sk_buff *__pfkey_xfrm_state2msg(const struct xfrm_state *x,
724 int add_keys, int hsc) 725 int add_keys, int hsc)
725{ 726{
726 struct sk_buff *skb; 727 struct sk_buff *skb;
@@ -1010,7 +1011,7 @@ static struct sk_buff *__pfkey_xfrm_state2msg(struct xfrm_state *x,
1010} 1011}
1011 1012
1012 1013
1013static inline struct sk_buff *pfkey_xfrm_state2msg(struct xfrm_state *x) 1014static inline struct sk_buff *pfkey_xfrm_state2msg(const struct xfrm_state *x)
1014{ 1015{
1015 struct sk_buff *skb; 1016 struct sk_buff *skb;
1016 1017
@@ -1019,26 +1020,26 @@ static inline struct sk_buff *pfkey_xfrm_state2msg(struct xfrm_state *x)
1019 return skb; 1020 return skb;
1020} 1021}
1021 1022
1022static inline struct sk_buff *pfkey_xfrm_state2msg_expire(struct xfrm_state *x, 1023static inline struct sk_buff *pfkey_xfrm_state2msg_expire(const struct xfrm_state *x,
1023 int hsc) 1024 int hsc)
1024{ 1025{
1025 return __pfkey_xfrm_state2msg(x, 0, hsc); 1026 return __pfkey_xfrm_state2msg(x, 0, hsc);
1026} 1027}
1027 1028
1028static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, 1029static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1029 struct sadb_msg *hdr, 1030 const struct sadb_msg *hdr,
1030 void **ext_hdrs) 1031 void * const *ext_hdrs)
1031{ 1032{
1032 struct xfrm_state *x; 1033 struct xfrm_state *x;
1033 struct sadb_lifetime *lifetime; 1034 const struct sadb_lifetime *lifetime;
1034 struct sadb_sa *sa; 1035 const struct sadb_sa *sa;
1035 struct sadb_key *key; 1036 const struct sadb_key *key;
1036 struct sadb_x_sec_ctx *sec_ctx; 1037 const struct sadb_x_sec_ctx *sec_ctx;
1037 uint16_t proto; 1038 uint16_t proto;
1038 int err; 1039 int err;
1039 1040
1040 1041
1041 sa = (struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1]; 1042 sa = (const struct sadb_sa *) ext_hdrs[SADB_EXT_SA-1];
1042 if (!sa || 1043 if (!sa ||
1043 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1], 1044 !present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
1044 ext_hdrs[SADB_EXT_ADDRESS_DST-1])) 1045 ext_hdrs[SADB_EXT_ADDRESS_DST-1]))
@@ -1077,7 +1078,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1077 sa->sadb_sa_encrypt > SADB_X_CALG_MAX) || 1078 sa->sadb_sa_encrypt > SADB_X_CALG_MAX) ||
1078 sa->sadb_sa_encrypt > SADB_EALG_MAX) 1079 sa->sadb_sa_encrypt > SADB_EALG_MAX)
1079 return ERR_PTR(-EINVAL); 1080 return ERR_PTR(-EINVAL);
1080 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1]; 1081 key = (const struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1];
1081 if (key != NULL && 1082 if (key != NULL &&
1082 sa->sadb_sa_auth != SADB_X_AALG_NULL && 1083 sa->sadb_sa_auth != SADB_X_AALG_NULL &&
1083 ((key->sadb_key_bits+7) / 8 == 0 || 1084 ((key->sadb_key_bits+7) / 8 == 0 ||
@@ -1104,14 +1105,14 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1104 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC) 1105 if (sa->sadb_sa_flags & SADB_SAFLAGS_NOPMTUDISC)
1105 x->props.flags |= XFRM_STATE_NOPMTUDISC; 1106 x->props.flags |= XFRM_STATE_NOPMTUDISC;
1106 1107
1107 lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_HARD-1]; 1108 lifetime = (const struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_HARD-1];
1108 if (lifetime != NULL) { 1109 if (lifetime != NULL) {
1109 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 1110 x->lft.hard_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1110 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 1111 x->lft.hard_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
1111 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime; 1112 x->lft.hard_add_expires_seconds = lifetime->sadb_lifetime_addtime;
1112 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime; 1113 x->lft.hard_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1113 } 1114 }
1114 lifetime = (struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_SOFT-1]; 1115 lifetime = (const struct sadb_lifetime*) ext_hdrs[SADB_EXT_LIFETIME_SOFT-1];
1115 if (lifetime != NULL) { 1116 if (lifetime != NULL) {
1116 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations); 1117 x->lft.soft_packet_limit = _KEY2X(lifetime->sadb_lifetime_allocations);
1117 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes); 1118 x->lft.soft_byte_limit = _KEY2X(lifetime->sadb_lifetime_bytes);
@@ -1119,7 +1120,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1119 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime; 1120 x->lft.soft_use_expires_seconds = lifetime->sadb_lifetime_usetime;
1120 } 1121 }
1121 1122
1122 sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1]; 1123 sec_ctx = (const struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1];
1123 if (sec_ctx != NULL) { 1124 if (sec_ctx != NULL) {
1124 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx); 1125 struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
1125 1126
@@ -1133,7 +1134,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1133 goto out; 1134 goto out;
1134 } 1135 }
1135 1136
1136 key = (struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1]; 1137 key = (const struct sadb_key*) ext_hdrs[SADB_EXT_KEY_AUTH-1];
1137 if (sa->sadb_sa_auth) { 1138 if (sa->sadb_sa_auth) {
1138 int keysize = 0; 1139 int keysize = 0;
1139 struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth); 1140 struct xfrm_algo_desc *a = xfrm_aalg_get_byid(sa->sadb_sa_auth);
@@ -1202,7 +1203,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1202 &x->id.daddr); 1203 &x->id.daddr);
1203 1204
1204 if (ext_hdrs[SADB_X_EXT_SA2-1]) { 1205 if (ext_hdrs[SADB_X_EXT_SA2-1]) {
1205 struct sadb_x_sa2 *sa2 = (void*)ext_hdrs[SADB_X_EXT_SA2-1]; 1206 const struct sadb_x_sa2 *sa2 = ext_hdrs[SADB_X_EXT_SA2-1];
1206 int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode); 1207 int mode = pfkey_mode_to_xfrm(sa2->sadb_x_sa2_mode);
1207 if (mode < 0) { 1208 if (mode < 0) {
1208 err = -EINVAL; 1209 err = -EINVAL;
@@ -1213,7 +1214,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1213 } 1214 }
1214 1215
1215 if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) { 1216 if (ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]) {
1216 struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1]; 1217 const struct sadb_address *addr = ext_hdrs[SADB_EXT_ADDRESS_PROXY-1];
1217 1218
1218 /* Nobody uses this, but we try. */ 1219 /* Nobody uses this, but we try. */
1219 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr); 1220 x->sel.family = pfkey_sadb_addr2xfrm_addr(addr, &x->sel.saddr);
@@ -1224,7 +1225,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1224 x->sel.family = x->props.family; 1225 x->sel.family = x->props.family;
1225 1226
1226 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) { 1227 if (ext_hdrs[SADB_X_EXT_NAT_T_TYPE-1]) {
1227 struct sadb_x_nat_t_type* n_type; 1228 const struct sadb_x_nat_t_type* n_type;
1228 struct xfrm_encap_tmpl *natt; 1229 struct xfrm_encap_tmpl *natt;
1229 1230
1230 x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL); 1231 x->encap = kmalloc(sizeof(*x->encap), GFP_KERNEL);
@@ -1236,12 +1237,12 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1236 natt->encap_type = n_type->sadb_x_nat_t_type_type; 1237 natt->encap_type = n_type->sadb_x_nat_t_type_type;
1237 1238
1238 if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) { 1239 if (ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]) {
1239 struct sadb_x_nat_t_port* n_port = 1240 const struct sadb_x_nat_t_port *n_port =
1240 ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1]; 1241 ext_hdrs[SADB_X_EXT_NAT_T_SPORT-1];
1241 natt->encap_sport = n_port->sadb_x_nat_t_port_port; 1242 natt->encap_sport = n_port->sadb_x_nat_t_port_port;
1242 } 1243 }
1243 if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) { 1244 if (ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]) {
1244 struct sadb_x_nat_t_port* n_port = 1245 const struct sadb_x_nat_t_port *n_port =
1245 ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1]; 1246 ext_hdrs[SADB_X_EXT_NAT_T_DPORT-1];
1246 natt->encap_dport = n_port->sadb_x_nat_t_port_port; 1247 natt->encap_dport = n_port->sadb_x_nat_t_port_port;
1247 } 1248 }
@@ -1261,12 +1262,12 @@ out:
1261 return ERR_PTR(err); 1262 return ERR_PTR(err);
1262} 1263}
1263 1264
1264static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1265static int pfkey_reserved(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1265{ 1266{
1266 return -EOPNOTSUPP; 1267 return -EOPNOTSUPP;
1267} 1268}
1268 1269
1269static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1270static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1270{ 1271{
1271 struct net *net = sock_net(sk); 1272 struct net *net = sock_net(sk);
1272 struct sk_buff *resp_skb; 1273 struct sk_buff *resp_skb;
@@ -1365,7 +1366,7 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
1365 return 0; 1366 return 0;
1366} 1367}
1367 1368
1368static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1369static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1369{ 1370{
1370 struct net *net = sock_net(sk); 1371 struct net *net = sock_net(sk);
1371 struct xfrm_state *x; 1372 struct xfrm_state *x;
@@ -1453,7 +1454,7 @@ static int key_notify_sa(struct xfrm_state *x, const struct km_event *c)
1453 return 0; 1454 return 0;
1454} 1455}
1455 1456
1456static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1457static int pfkey_add(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1457{ 1458{
1458 struct net *net = sock_net(sk); 1459 struct net *net = sock_net(sk);
1459 struct xfrm_state *x; 1460 struct xfrm_state *x;
@@ -1492,7 +1493,7 @@ out:
1492 return err; 1493 return err;
1493} 1494}
1494 1495
1495static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1496static int pfkey_delete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1496{ 1497{
1497 struct net *net = sock_net(sk); 1498 struct net *net = sock_net(sk);
1498 struct xfrm_state *x; 1499 struct xfrm_state *x;
@@ -1534,7 +1535,7 @@ out:
1534 return err; 1535 return err;
1535} 1536}
1536 1537
1537static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1538static int pfkey_get(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1538{ 1539{
1539 struct net *net = sock_net(sk); 1540 struct net *net = sock_net(sk);
1540 __u8 proto; 1541 __u8 proto;
@@ -1570,7 +1571,7 @@ static int pfkey_get(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
1570 return 0; 1571 return 0;
1571} 1572}
1572 1573
1573static struct sk_buff *compose_sadb_supported(struct sadb_msg *orig, 1574static struct sk_buff *compose_sadb_supported(const struct sadb_msg *orig,
1574 gfp_t allocation) 1575 gfp_t allocation)
1575{ 1576{
1576 struct sk_buff *skb; 1577 struct sk_buff *skb;
@@ -1642,7 +1643,7 @@ out_put_algs:
1642 return skb; 1643 return skb;
1643} 1644}
1644 1645
1645static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1646static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1646{ 1647{
1647 struct pfkey_sock *pfk = pfkey_sk(sk); 1648 struct pfkey_sock *pfk = pfkey_sk(sk);
1648 struct sk_buff *supp_skb; 1649 struct sk_buff *supp_skb;
@@ -1671,7 +1672,7 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg
1671 return 0; 1672 return 0;
1672} 1673}
1673 1674
1674static int unicast_flush_resp(struct sock *sk, struct sadb_msg *ihdr) 1675static int unicast_flush_resp(struct sock *sk, const struct sadb_msg *ihdr)
1675{ 1676{
1676 struct sk_buff *skb; 1677 struct sk_buff *skb;
1677 struct sadb_msg *hdr; 1678 struct sadb_msg *hdr;
@@ -1710,7 +1711,7 @@ static int key_notify_sa_flush(const struct km_event *c)
1710 return 0; 1711 return 0;
1711} 1712}
1712 1713
1713static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1714static int pfkey_flush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1714{ 1715{
1715 struct net *net = sock_net(sk); 1716 struct net *net = sock_net(sk);
1716 unsigned proto; 1717 unsigned proto;
@@ -1784,7 +1785,7 @@ static void pfkey_dump_sa_done(struct pfkey_sock *pfk)
1784 xfrm_state_walk_done(&pfk->dump.u.state); 1785 xfrm_state_walk_done(&pfk->dump.u.state);
1785} 1786}
1786 1787
1787static int pfkey_dump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1788static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1788{ 1789{
1789 u8 proto; 1790 u8 proto;
1790 struct pfkey_sock *pfk = pfkey_sk(sk); 1791 struct pfkey_sock *pfk = pfkey_sk(sk);
@@ -1805,19 +1806,29 @@ static int pfkey_dump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr
1805 return pfkey_do_dump(pfk); 1806 return pfkey_do_dump(pfk);
1806} 1807}
1807 1808
1808static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 1809static int pfkey_promisc(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
1809{ 1810{
1810 struct pfkey_sock *pfk = pfkey_sk(sk); 1811 struct pfkey_sock *pfk = pfkey_sk(sk);
1811 int satype = hdr->sadb_msg_satype; 1812 int satype = hdr->sadb_msg_satype;
1813 bool reset_errno = false;
1812 1814
1813 if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) { 1815 if (hdr->sadb_msg_len == (sizeof(*hdr) / sizeof(uint64_t))) {
1814 /* XXX we mangle packet... */ 1816 reset_errno = true;
1815 hdr->sadb_msg_errno = 0;
1816 if (satype != 0 && satype != 1) 1817 if (satype != 0 && satype != 1)
1817 return -EINVAL; 1818 return -EINVAL;
1818 pfk->promisc = satype; 1819 pfk->promisc = satype;
1819 } 1820 }
1820 pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk)); 1821 if (reset_errno && skb_cloned(skb))
1822 skb = skb_copy(skb, GFP_KERNEL);
1823 else
1824 skb = skb_clone(skb, GFP_KERNEL);
1825
1826 if (reset_errno && skb) {
1827 struct sadb_msg *new_hdr = (struct sadb_msg *) skb->data;
1828 new_hdr->sadb_msg_errno = 0;
1829 }
1830
1831 pfkey_broadcast(skb, GFP_KERNEL, BROADCAST_ALL, NULL, sock_net(sk));
1821 return 0; 1832 return 0;
1822} 1833}
1823 1834
@@ -1921,7 +1932,7 @@ parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol)
1921 return 0; 1932 return 0;
1922} 1933}
1923 1934
1924static inline int pfkey_xfrm_policy2sec_ctx_size(struct xfrm_policy *xp) 1935static inline int pfkey_xfrm_policy2sec_ctx_size(const struct xfrm_policy *xp)
1925{ 1936{
1926 struct xfrm_sec_ctx *xfrm_ctx = xp->security; 1937 struct xfrm_sec_ctx *xfrm_ctx = xp->security;
1927 1938
@@ -1933,9 +1944,9 @@ static inline int pfkey_xfrm_policy2sec_ctx_size(struct xfrm_policy *xp)
1933 return 0; 1944 return 0;
1934} 1945}
1935 1946
1936static int pfkey_xfrm_policy2msg_size(struct xfrm_policy *xp) 1947static int pfkey_xfrm_policy2msg_size(const struct xfrm_policy *xp)
1937{ 1948{
1938 struct xfrm_tmpl *t; 1949 const struct xfrm_tmpl *t;
1939 int sockaddr_size = pfkey_sockaddr_size(xp->family); 1950 int sockaddr_size = pfkey_sockaddr_size(xp->family);
1940 int socklen = 0; 1951 int socklen = 0;
1941 int i; 1952 int i;
@@ -1955,7 +1966,7 @@ static int pfkey_xfrm_policy2msg_size(struct xfrm_policy *xp)
1955 pfkey_xfrm_policy2sec_ctx_size(xp); 1966 pfkey_xfrm_policy2sec_ctx_size(xp);
1956} 1967}
1957 1968
1958static struct sk_buff * pfkey_xfrm_policy2msg_prep(struct xfrm_policy *xp) 1969static struct sk_buff * pfkey_xfrm_policy2msg_prep(const struct xfrm_policy *xp)
1959{ 1970{
1960 struct sk_buff *skb; 1971 struct sk_buff *skb;
1961 int size; 1972 int size;
@@ -1969,7 +1980,7 @@ static struct sk_buff * pfkey_xfrm_policy2msg_prep(struct xfrm_policy *xp)
1969 return skb; 1980 return skb;
1970} 1981}
1971 1982
1972static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, int dir) 1983static int pfkey_xfrm_policy2msg(struct sk_buff *skb, const struct xfrm_policy *xp, int dir)
1973{ 1984{
1974 struct sadb_msg *hdr; 1985 struct sadb_msg *hdr;
1975 struct sadb_address *addr; 1986 struct sadb_address *addr;
@@ -2065,8 +2076,8 @@ static int pfkey_xfrm_policy2msg(struct sk_buff *skb, struct xfrm_policy *xp, in
2065 pol->sadb_x_policy_priority = xp->priority; 2076 pol->sadb_x_policy_priority = xp->priority;
2066 2077
2067 for (i=0; i<xp->xfrm_nr; i++) { 2078 for (i=0; i<xp->xfrm_nr; i++) {
2079 const struct xfrm_tmpl *t = xp->xfrm_vec + i;
2068 struct sadb_x_ipsecrequest *rq; 2080 struct sadb_x_ipsecrequest *rq;
2069 struct xfrm_tmpl *t = xp->xfrm_vec + i;
2070 int req_size; 2081 int req_size;
2071 int mode; 2082 int mode;
2072 2083
@@ -2152,7 +2163,7 @@ static int key_notify_policy(struct xfrm_policy *xp, int dir, const struct km_ev
2152 2163
2153} 2164}
2154 2165
2155static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2166static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2156{ 2167{
2157 struct net *net = sock_net(sk); 2168 struct net *net = sock_net(sk);
2158 int err = 0; 2169 int err = 0;
@@ -2273,7 +2284,7 @@ out:
2273 return err; 2284 return err;
2274} 2285}
2275 2286
2276static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2287static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2277{ 2288{
2278 struct net *net = sock_net(sk); 2289 struct net *net = sock_net(sk);
2279 int err; 2290 int err;
@@ -2350,7 +2361,7 @@ out:
2350 return err; 2361 return err;
2351} 2362}
2352 2363
2353static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, struct sadb_msg *hdr, int dir) 2364static int key_pol_get_resp(struct sock *sk, struct xfrm_policy *xp, const struct sadb_msg *hdr, int dir)
2354{ 2365{
2355 int err; 2366 int err;
2356 struct sk_buff *out_skb; 2367 struct sk_buff *out_skb;
@@ -2458,7 +2469,7 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len,
2458} 2469}
2459 2470
2460static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, 2471static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2461 struct sadb_msg *hdr, void **ext_hdrs) 2472 const struct sadb_msg *hdr, void * const *ext_hdrs)
2462{ 2473{
2463 int i, len, ret, err = -EINVAL; 2474 int i, len, ret, err = -EINVAL;
2464 u8 dir; 2475 u8 dir;
@@ -2556,7 +2567,7 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2556#endif 2567#endif
2557 2568
2558 2569
2559static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2570static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2560{ 2571{
2561 struct net *net = sock_net(sk); 2572 struct net *net = sock_net(sk);
2562 unsigned int dir; 2573 unsigned int dir;
@@ -2644,7 +2655,7 @@ static void pfkey_dump_sp_done(struct pfkey_sock *pfk)
2644 xfrm_policy_walk_done(&pfk->dump.u.policy); 2655 xfrm_policy_walk_done(&pfk->dump.u.policy);
2645} 2656}
2646 2657
2647static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2658static int pfkey_spddump(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2648{ 2659{
2649 struct pfkey_sock *pfk = pfkey_sk(sk); 2660 struct pfkey_sock *pfk = pfkey_sk(sk);
2650 2661
@@ -2680,7 +2691,7 @@ static int key_notify_policy_flush(const struct km_event *c)
2680 2691
2681} 2692}
2682 2693
2683static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2694static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr, void * const *ext_hdrs)
2684{ 2695{
2685 struct net *net = sock_net(sk); 2696 struct net *net = sock_net(sk);
2686 struct km_event c; 2697 struct km_event c;
@@ -2709,7 +2720,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2709} 2720}
2710 2721
2711typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb, 2722typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb,
2712 struct sadb_msg *hdr, void **ext_hdrs); 2723 const struct sadb_msg *hdr, void * const *ext_hdrs);
2713static pfkey_handler pfkey_funcs[SADB_MAX + 1] = { 2724static pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
2714 [SADB_RESERVED] = pfkey_reserved, 2725 [SADB_RESERVED] = pfkey_reserved,
2715 [SADB_GETSPI] = pfkey_getspi, 2726 [SADB_GETSPI] = pfkey_getspi,
@@ -2736,7 +2747,7 @@ static pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
2736 [SADB_X_MIGRATE] = pfkey_migrate, 2747 [SADB_X_MIGRATE] = pfkey_migrate,
2737}; 2748};
2738 2749
2739static int pfkey_process(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr) 2750static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb_msg *hdr)
2740{ 2751{
2741 void *ext_hdrs[SADB_EXT_MAX]; 2752 void *ext_hdrs[SADB_EXT_MAX];
2742 int err; 2753 int err;
@@ -2781,7 +2792,8 @@ static struct sadb_msg *pfkey_get_base_msg(struct sk_buff *skb, int *errp)
2781 return hdr; 2792 return hdr;
2782} 2793}
2783 2794
2784static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d) 2795static inline int aalg_tmpl_set(const struct xfrm_tmpl *t,
2796 const struct xfrm_algo_desc *d)
2785{ 2797{
2786 unsigned int id = d->desc.sadb_alg_id; 2798 unsigned int id = d->desc.sadb_alg_id;
2787 2799
@@ -2791,7 +2803,8 @@ static inline int aalg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
2791 return (t->aalgos >> id) & 1; 2803 return (t->aalgos >> id) & 1;
2792} 2804}
2793 2805
2794static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d) 2806static inline int ealg_tmpl_set(const struct xfrm_tmpl *t,
2807 const struct xfrm_algo_desc *d)
2795{ 2808{
2796 unsigned int id = d->desc.sadb_alg_id; 2809 unsigned int id = d->desc.sadb_alg_id;
2797 2810
@@ -2801,12 +2814,12 @@ static inline int ealg_tmpl_set(struct xfrm_tmpl *t, struct xfrm_algo_desc *d)
2801 return (t->ealgos >> id) & 1; 2814 return (t->ealgos >> id) & 1;
2802} 2815}
2803 2816
2804static int count_ah_combs(struct xfrm_tmpl *t) 2817static int count_ah_combs(const struct xfrm_tmpl *t)
2805{ 2818{
2806 int i, sz = 0; 2819 int i, sz = 0;
2807 2820
2808 for (i = 0; ; i++) { 2821 for (i = 0; ; i++) {
2809 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); 2822 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2810 if (!aalg) 2823 if (!aalg)
2811 break; 2824 break;
2812 if (aalg_tmpl_set(t, aalg) && aalg->available) 2825 if (aalg_tmpl_set(t, aalg) && aalg->available)
@@ -2815,12 +2828,12 @@ static int count_ah_combs(struct xfrm_tmpl *t)
2815 return sz + sizeof(struct sadb_prop); 2828 return sz + sizeof(struct sadb_prop);
2816} 2829}
2817 2830
2818static int count_esp_combs(struct xfrm_tmpl *t) 2831static int count_esp_combs(const struct xfrm_tmpl *t)
2819{ 2832{
2820 int i, k, sz = 0; 2833 int i, k, sz = 0;
2821 2834
2822 for (i = 0; ; i++) { 2835 for (i = 0; ; i++) {
2823 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 2836 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2824 if (!ealg) 2837 if (!ealg)
2825 break; 2838 break;
2826 2839
@@ -2828,7 +2841,7 @@ static int count_esp_combs(struct xfrm_tmpl *t)
2828 continue; 2841 continue;
2829 2842
2830 for (k = 1; ; k++) { 2843 for (k = 1; ; k++) {
2831 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); 2844 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2832 if (!aalg) 2845 if (!aalg)
2833 break; 2846 break;
2834 2847
@@ -2839,7 +2852,7 @@ static int count_esp_combs(struct xfrm_tmpl *t)
2839 return sz + sizeof(struct sadb_prop); 2852 return sz + sizeof(struct sadb_prop);
2840} 2853}
2841 2854
2842static void dump_ah_combs(struct sk_buff *skb, struct xfrm_tmpl *t) 2855static void dump_ah_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2843{ 2856{
2844 struct sadb_prop *p; 2857 struct sadb_prop *p;
2845 int i; 2858 int i;
@@ -2851,7 +2864,7 @@ static void dump_ah_combs(struct sk_buff *skb, struct xfrm_tmpl *t)
2851 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved)); 2864 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2852 2865
2853 for (i = 0; ; i++) { 2866 for (i = 0; ; i++) {
2854 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i); 2867 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(i);
2855 if (!aalg) 2868 if (!aalg)
2856 break; 2869 break;
2857 2870
@@ -2871,7 +2884,7 @@ static void dump_ah_combs(struct sk_buff *skb, struct xfrm_tmpl *t)
2871 } 2884 }
2872} 2885}
2873 2886
2874static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t) 2887static void dump_esp_combs(struct sk_buff *skb, const struct xfrm_tmpl *t)
2875{ 2888{
2876 struct sadb_prop *p; 2889 struct sadb_prop *p;
2877 int i, k; 2890 int i, k;
@@ -2883,7 +2896,7 @@ static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t)
2883 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved)); 2896 memset(p->sadb_prop_reserved, 0, sizeof(p->sadb_prop_reserved));
2884 2897
2885 for (i=0; ; i++) { 2898 for (i=0; ; i++) {
2886 struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i); 2899 const struct xfrm_algo_desc *ealg = xfrm_ealg_get_byidx(i);
2887 if (!ealg) 2900 if (!ealg)
2888 break; 2901 break;
2889 2902
@@ -2892,7 +2905,7 @@ static void dump_esp_combs(struct sk_buff *skb, struct xfrm_tmpl *t)
2892 2905
2893 for (k = 1; ; k++) { 2906 for (k = 1; ; k++) {
2894 struct sadb_comb *c; 2907 struct sadb_comb *c;
2895 struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k); 2908 const struct xfrm_algo_desc *aalg = xfrm_aalg_get_byidx(k);
2896 if (!aalg) 2909 if (!aalg)
2897 break; 2910 break;
2898 if (!(aalg_tmpl_set(t, aalg) && aalg->available)) 2911 if (!(aalg_tmpl_set(t, aalg) && aalg->available))