aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@woody.linux-foundation.org>2007-03-07 22:05:34 -0500
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-03-07 22:05:34 -0500
commiteee8abe5de9cbd936b51db292c8d3c406b0e79e7 (patch)
treeeec36145a50ab08e85f45107b9ed15a1bc83535f
parent06aa5b4aae223ea4d623dc68e85466174bb92c84 (diff)
parentde79059ecd7cd650f3788ece978a64586921d1f1 (diff)
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [BRIDGE]: adding new device to bridge should enable if up [IPV6]: Do not set IF_READY if device is down [IPSEC]: xfrm audit hook misplaced in pfkey_delete and xfrm_del_sa [IPSEC]: Add xfrm policy change auditing to pfkey_spdget [IPSEC]: xfrm_policy delete security check misplaced [CONNECTOR]: Bugfix for cn_call_callback() [DCCP]: Revert patch which disables bidirectional mode [IPV6]: Handle np->opt being NULL in ipv6_getsockopt_sticky(). [UDP]: Reread uh pointer after pskb_trim [NETFILTER]: nfnetlink_log: fix crash on bridged packet [NETFILTER]: nfnetlink_log: zero-terminate prefix [NETFILTER]: nf_conntrack_ipv6: fix incorrect classification of IPv6 fragments as ESTABLISHED
-rw-r--r--drivers/connector/connector.c22
-rw-r--r--include/net/xfrm.h5
-rw-r--r--net/bridge/br_if.c4
-rw-r--r--net/dccp/ccids/ccid3.c7
-rw-r--r--net/dccp/input.c21
-rw-r--r--net/ipv4/udp.c1
-rw-r--r--net/ipv6/addrconf.c4
-rw-r--r--net/ipv6/ipv6_sockglue.c10
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c1
-rw-r--r--net/key/af_key.c26
-rw-r--r--net/netfilter/nfnetlink_log.c4
-rw-r--r--net/xfrm/xfrm_policy.c18
-rw-r--r--net/xfrm/xfrm_user.c24
13 files changed, 75 insertions, 72 deletions
diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c
index a44db75bc25b..a905f7820331 100644
--- a/drivers/connector/connector.c
+++ b/drivers/connector/connector.c
@@ -128,7 +128,7 @@ EXPORT_SYMBOL_GPL(cn_netlink_send);
128 */ 128 */
129static int cn_call_callback(struct cn_msg *msg, void (*destruct_data)(void *), void *data) 129static int cn_call_callback(struct cn_msg *msg, void (*destruct_data)(void *), void *data)
130{ 130{
131 struct cn_callback_entry *__cbq; 131 struct cn_callback_entry *__cbq, *__new_cbq;
132 struct cn_dev *dev = &cdev; 132 struct cn_dev *dev = &cdev;
133 int err = -ENODEV; 133 int err = -ENODEV;
134 134
@@ -148,27 +148,27 @@ static int cn_call_callback(struct cn_msg *msg, void (*destruct_data)(void *), v
148 } else { 148 } else {
149 struct cn_callback_data *d; 149 struct cn_callback_data *d;
150 150
151 __cbq = kzalloc(sizeof(*__cbq), GFP_ATOMIC); 151 err = -ENOMEM;
152 if (__cbq) { 152 __new_cbq = kzalloc(sizeof(struct cn_callback_entry), GFP_ATOMIC);
153 d = &__cbq->data; 153 if (__new_cbq) {
154 d = &__new_cbq->data;
154 d->callback_priv = msg; 155 d->callback_priv = msg;
155 d->callback = __cbq->data.callback; 156 d->callback = __cbq->data.callback;
156 d->ddata = data; 157 d->ddata = data;
157 d->destruct_data = destruct_data; 158 d->destruct_data = destruct_data;
158 d->free = __cbq; 159 d->free = __new_cbq;
159 160
160 INIT_WORK(&__cbq->work, 161 INIT_WORK(&__new_cbq->work,
161 &cn_queue_wrapper); 162 &cn_queue_wrapper);
162 163
163 if (queue_work(dev->cbdev->cn_queue, 164 if (queue_work(dev->cbdev->cn_queue,
164 &__cbq->work)) 165 &__new_cbq->work))
165 err = 0; 166 err = 0;
166 else { 167 else {
167 kfree(__cbq); 168 kfree(__new_cbq);
168 err = -EINVAL; 169 err = -EINVAL;
169 } 170 }
170 } else 171 }
171 err = -ENOMEM;
172 } 172 }
173 break; 173 break;
174 } 174 }
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 92a1fc46ea59..5a00aa85b756 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -988,8 +988,9 @@ extern int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int,
988int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); 988int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
989struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, 989struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
990 struct xfrm_selector *sel, 990 struct xfrm_selector *sel,
991 struct xfrm_sec_ctx *ctx, int delete); 991 struct xfrm_sec_ctx *ctx, int delete,
992struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete); 992 int *err);
993struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete, int *err);
993void xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info); 994void xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info);
994u32 xfrm_get_acqseq(void); 995u32 xfrm_get_acqseq(void);
995void xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi); 996void xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi);
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 6845a258408f..f3a2e29be40c 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -428,6 +428,10 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
428 spin_lock_bh(&br->lock); 428 spin_lock_bh(&br->lock);
429 br_stp_recalculate_bridge_id(br); 429 br_stp_recalculate_bridge_id(br);
430 br_features_recompute(br); 430 br_features_recompute(br);
431
432 if ((dev->flags & IFF_UP) && netif_carrier_ok(dev) &&
433 (br->dev->flags & IFF_UP))
434 br_stp_enable_port(p);
431 spin_unlock_bh(&br->lock); 435 spin_unlock_bh(&br->lock);
432 436
433 dev_set_mtu(br->dev, br_min_mtu(br)); 437 dev_set_mtu(br->dev, br_min_mtu(br));
diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c
index 5361a4d8e13b..746f79d104b3 100644
--- a/net/dccp/ccids/ccid3.c
+++ b/net/dccp/ccids/ccid3.c
@@ -545,12 +545,7 @@ static void ccid3_hc_tx_packet_recv(struct sock *sk, struct sk_buff *skb)
545 /* set idle flag */ 545 /* set idle flag */
546 hctx->ccid3hctx_idle = 1; 546 hctx->ccid3hctx_idle = 1;
547 break; 547 break;
548 case TFRC_SSTATE_NO_SENT: 548 case TFRC_SSTATE_NO_SENT: /* fall through */
549 /*
550 * XXX when implementing bidirectional rx/tx check this again
551 */
552 DCCP_WARN("Illegal ACK received - no packet sent\n");
553 /* fall through */
554 case TFRC_SSTATE_TERM: /* ignore feedback when closing */ 549 case TFRC_SSTATE_TERM: /* ignore feedback when closing */
555 break; 550 break;
556 } 551 }
diff --git a/net/dccp/input.c b/net/dccp/input.c
index 287099f7f042..78b043c458bf 100644
--- a/net/dccp/input.c
+++ b/net/dccp/input.c
@@ -248,18 +248,8 @@ int dccp_rcv_established(struct sock *sk, struct sk_buff *skb,
248 DCCP_ACKVEC_STATE_RECEIVED)) 248 DCCP_ACKVEC_STATE_RECEIVED))
249 goto discard; 249 goto discard;
250 250
251 /* 251 ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb);
252 * Deliver to the CCID module in charge. 252 ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb);
253 * FIXME: Currently DCCP operates one-directional only, i.e. a listening
254 * server is not at the same time a connecting client. There is
255 * not much sense in delivering to both rx/tx sides at the moment
256 * (only one is active at a time); when moving to bidirectional
257 * service, this needs to be revised.
258 */
259 if (dccp_sk(sk)->dccps_role == DCCP_ROLE_CLIENT)
260 ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb);
261 else /* listening or connected server */
262 ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb);
263 253
264 return __dccp_rcv_established(sk, skb, dh, len); 254 return __dccp_rcv_established(sk, skb, dh, len);
265discard: 255discard:
@@ -494,11 +484,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
494 DCCP_ACKVEC_STATE_RECEIVED)) 484 DCCP_ACKVEC_STATE_RECEIVED))
495 goto discard; 485 goto discard;
496 486
497 /* XXX see the comments in dccp_rcv_established about this */ 487 ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb);
498 if (dccp_sk(sk)->dccps_role == DCCP_ROLE_CLIENT) 488 ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb);
499 ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb);
500 else
501 ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb);
502 } 489 }
503 490
504 /* 491 /*
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index ce6c46034314..fc620a7c1db4 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1215,6 +1215,7 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
1215 1215
1216 if (ulen < sizeof(*uh) || pskb_trim_rcsum(skb, ulen)) 1216 if (ulen < sizeof(*uh) || pskb_trim_rcsum(skb, ulen))
1217 goto short_packet; 1217 goto short_packet;
1218 uh = skb->h.uh;
1218 1219
1219 udp4_csum_init(skb, uh); 1220 udp4_csum_init(skb, uh);
1220 1221
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index e16f1bba5dff..a7fee6b27320 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -342,10 +342,6 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
342 } 342 }
343#endif 343#endif
344 344
345 if (netif_carrier_ok(dev))
346 ndev->if_flags |= IF_READY;
347
348
349 ipv6_mc_init_dev(ndev); 345 ipv6_mc_init_dev(ndev);
350 ndev->tstamp = jiffies; 346 ndev->tstamp = jiffies;
351#ifdef CONFIG_SYSCTL 347#ifdef CONFIG_SYSCTL
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 286c86735aed..4e0561a082d0 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -795,11 +795,15 @@ int compat_ipv6_setsockopt(struct sock *sk, int level, int optname,
795EXPORT_SYMBOL(compat_ipv6_setsockopt); 795EXPORT_SYMBOL(compat_ipv6_setsockopt);
796#endif 796#endif
797 797
798static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_opt_hdr *hdr, 798static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt,
799 char __user *optval, int len) 799 char __user *optval, int len)
800{ 800{
801 if (!hdr) 801 struct ipv6_opt_hdr *hdr;
802
803 if (!opt || !opt->hopopt)
802 return 0; 804 return 0;
805 hdr = opt->hopopt;
806
803 len = min_t(int, len, ipv6_optlen(hdr)); 807 len = min_t(int, len, ipv6_optlen(hdr));
804 if (copy_to_user(optval, hdr, ipv6_optlen(hdr))) 808 if (copy_to_user(optval, hdr, ipv6_optlen(hdr)))
805 return -EFAULT; 809 return -EFAULT;
@@ -940,7 +944,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
940 { 944 {
941 945
942 lock_sock(sk); 946 lock_sock(sk);
943 len = ipv6_getsockopt_sticky(sk, np->opt->hopopt, 947 len = ipv6_getsockopt_sticky(sk, np->opt,
944 optval, len); 948 optval, len);
945 release_sock(sk); 949 release_sock(sk);
946 return put_user(len, optlen); 950 return put_user(len, optlen);
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 6f19c4a49560..d1102455668d 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -257,6 +257,7 @@ static unsigned int ipv6_conntrack_in(unsigned int hooknum,
257 } 257 }
258 nf_conntrack_get(reasm->nfct); 258 nf_conntrack_get(reasm->nfct);
259 (*pskb)->nfct = reasm->nfct; 259 (*pskb)->nfct = reasm->nfct;
260 (*pskb)->nfctinfo = reasm->nfctinfo;
260 return NF_ACCEPT; 261 return NF_ACCEPT;
261 } 262 }
262 263
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 1c58204d767e..a4e7e2db0ff3 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1467,9 +1467,6 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
1467 1467
1468 err = xfrm_state_delete(x); 1468 err = xfrm_state_delete(x);
1469 1469
1470 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
1471 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
1472
1473 if (err < 0) 1470 if (err < 0)
1474 goto out; 1471 goto out;
1475 1472
@@ -1478,6 +1475,8 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
1478 c.event = XFRM_MSG_DELSA; 1475 c.event = XFRM_MSG_DELSA;
1479 km_state_notify(x, &c); 1476 km_state_notify(x, &c);
1480out: 1477out:
1478 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
1479 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
1481 xfrm_state_put(x); 1480 xfrm_state_put(x);
1482 1481
1483 return err; 1482 return err;
@@ -2294,14 +2293,12 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2294 } 2293 }
2295 2294
2296 xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1, 2295 xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1,
2297 &sel, tmp.security, 1); 2296 &sel, tmp.security, 1, &err);
2298 security_xfrm_policy_free(&tmp); 2297 security_xfrm_policy_free(&tmp);
2299 2298
2300 if (xp == NULL) 2299 if (xp == NULL)
2301 return -ENOENT; 2300 return -ENOENT;
2302 2301
2303 err = security_xfrm_policy_delete(xp);
2304
2305 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 2302 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
2306 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 2303 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
2307 2304
@@ -2539,7 +2536,7 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2539static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2536static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2540{ 2537{
2541 unsigned int dir; 2538 unsigned int dir;
2542 int err; 2539 int err = 0, delete;
2543 struct sadb_x_policy *pol; 2540 struct sadb_x_policy *pol;
2544 struct xfrm_policy *xp; 2541 struct xfrm_policy *xp;
2545 struct km_event c; 2542 struct km_event c;
@@ -2551,16 +2548,20 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2551 if (dir >= XFRM_POLICY_MAX) 2548 if (dir >= XFRM_POLICY_MAX)
2552 return -EINVAL; 2549 return -EINVAL;
2553 2550
2551 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2554 xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id, 2552 xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id,
2555 hdr->sadb_msg_type == SADB_X_SPDDELETE2); 2553 delete, &err);
2556 if (xp == NULL) 2554 if (xp == NULL)
2557 return -ENOENT; 2555 return -ENOENT;
2558 2556
2559 err = 0; 2557 if (delete) {
2558 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
2559 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
2560 2560
2561 c.seq = hdr->sadb_msg_seq; 2561 if (err)
2562 c.pid = hdr->sadb_msg_pid; 2562 goto out;
2563 if (hdr->sadb_msg_type == SADB_X_SPDDELETE2) { 2563 c.seq = hdr->sadb_msg_seq;
2564 c.pid = hdr->sadb_msg_pid;
2564 c.data.byid = 1; 2565 c.data.byid = 1;
2565 c.event = XFRM_MSG_DELPOLICY; 2566 c.event = XFRM_MSG_DELPOLICY;
2566 km_policy_notify(xp, dir, &c); 2567 km_policy_notify(xp, dir, &c);
@@ -2568,6 +2569,7 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2568 err = key_pol_get_resp(sk, xp, hdr, dir); 2569 err = key_pol_get_resp(sk, xp, hdr, dir);
2569 } 2570 }
2570 2571
2572out:
2571 xfrm_pol_put(xp); 2573 xfrm_pol_put(xp);
2572 return err; 2574 return err;
2573} 2575}
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 91a0972ec117..5cb30ebba0f4 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -486,7 +486,7 @@ __build_packet_message(struct nfulnl_instance *inst,
486 * for physical device (when called from ipv4) */ 486 * for physical device (when called from ipv4) */
487 NFA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV, 487 NFA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV,
488 sizeof(tmp_uint), &tmp_uint); 488 sizeof(tmp_uint), &tmp_uint);
489 if (skb->nf_bridge) { 489 if (skb->nf_bridge && skb->nf_bridge->physoutdev) {
490 tmp_uint = 490 tmp_uint =
491 htonl(skb->nf_bridge->physoutdev->ifindex); 491 htonl(skb->nf_bridge->physoutdev->ifindex);
492 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSOUTDEV, 492 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSOUTDEV,
@@ -615,7 +615,7 @@ nfulnl_log_packet(unsigned int pf,
615 615
616 plen = 0; 616 plen = 0;
617 if (prefix) 617 if (prefix)
618 plen = strlen(prefix); 618 plen = strlen(prefix) + 1;
619 619
620 /* all macros expand to constant values at compile time */ 620 /* all macros expand to constant values at compile time */
621 /* FIXME: do we want to make the size calculation conditional based on 621 /* FIXME: do we want to make the size calculation conditional based on
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 946b715db5ec..0c3a70ac5075 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -735,12 +735,14 @@ EXPORT_SYMBOL(xfrm_policy_insert);
735 735
736struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, 736struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
737 struct xfrm_selector *sel, 737 struct xfrm_selector *sel,
738 struct xfrm_sec_ctx *ctx, int delete) 738 struct xfrm_sec_ctx *ctx, int delete,
739 int *err)
739{ 740{
740 struct xfrm_policy *pol, *ret; 741 struct xfrm_policy *pol, *ret;
741 struct hlist_head *chain; 742 struct hlist_head *chain;
742 struct hlist_node *entry; 743 struct hlist_node *entry;
743 744
745 *err = 0;
744 write_lock_bh(&xfrm_policy_lock); 746 write_lock_bh(&xfrm_policy_lock);
745 chain = policy_hash_bysel(sel, sel->family, dir); 747 chain = policy_hash_bysel(sel, sel->family, dir);
746 ret = NULL; 748 ret = NULL;
@@ -750,6 +752,11 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
750 xfrm_sec_ctx_match(ctx, pol->security)) { 752 xfrm_sec_ctx_match(ctx, pol->security)) {
751 xfrm_pol_hold(pol); 753 xfrm_pol_hold(pol);
752 if (delete) { 754 if (delete) {
755 *err = security_xfrm_policy_delete(pol);
756 if (*err) {
757 write_unlock_bh(&xfrm_policy_lock);
758 return pol;
759 }
753 hlist_del(&pol->bydst); 760 hlist_del(&pol->bydst);
754 hlist_del(&pol->byidx); 761 hlist_del(&pol->byidx);
755 xfrm_policy_count[dir]--; 762 xfrm_policy_count[dir]--;
@@ -768,12 +775,14 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
768} 775}
769EXPORT_SYMBOL(xfrm_policy_bysel_ctx); 776EXPORT_SYMBOL(xfrm_policy_bysel_ctx);
770 777
771struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete) 778struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete,
779 int *err)
772{ 780{
773 struct xfrm_policy *pol, *ret; 781 struct xfrm_policy *pol, *ret;
774 struct hlist_head *chain; 782 struct hlist_head *chain;
775 struct hlist_node *entry; 783 struct hlist_node *entry;
776 784
785 *err = 0;
777 write_lock_bh(&xfrm_policy_lock); 786 write_lock_bh(&xfrm_policy_lock);
778 chain = xfrm_policy_byidx + idx_hash(id); 787 chain = xfrm_policy_byidx + idx_hash(id);
779 ret = NULL; 788 ret = NULL;
@@ -781,6 +790,11 @@ struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete)
781 if (pol->type == type && pol->index == id) { 790 if (pol->type == type && pol->index == id) {
782 xfrm_pol_hold(pol); 791 xfrm_pol_hold(pol);
783 if (delete) { 792 if (delete) {
793 *err = security_xfrm_policy_delete(pol);
794 if (*err) {
795 write_unlock_bh(&xfrm_policy_lock);
796 return pol;
797 }
784 hlist_del(&pol->bydst); 798 hlist_del(&pol->bydst);
785 hlist_del(&pol->byidx); 799 hlist_del(&pol->byidx);
786 xfrm_policy_count[dir]--; 800 xfrm_policy_count[dir]--;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 956cfe0ff7f8..96789952f6a3 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -530,9 +530,6 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
530 530
531 err = xfrm_state_delete(x); 531 err = xfrm_state_delete(x);
532 532
533 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
534 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
535
536 if (err < 0) 533 if (err < 0)
537 goto out; 534 goto out;
538 535
@@ -542,6 +539,8 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
542 km_state_notify(x, &c); 539 km_state_notify(x, &c);
543 540
544out: 541out:
542 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
543 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
545 xfrm_state_put(x); 544 xfrm_state_put(x);
546 return err; 545 return err;
547} 546}
@@ -1254,7 +1253,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1254 return err; 1253 return err;
1255 1254
1256 if (p->index) 1255 if (p->index)
1257 xp = xfrm_policy_byid(type, p->dir, p->index, delete); 1256 xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err);
1258 else { 1257 else {
1259 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1258 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
1260 struct xfrm_policy tmp; 1259 struct xfrm_policy tmp;
@@ -1270,7 +1269,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1270 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1269 if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
1271 return err; 1270 return err;
1272 } 1271 }
1273 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete); 1272 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security,
1273 delete, &err);
1274 security_xfrm_policy_free(&tmp); 1274 security_xfrm_policy_free(&tmp);
1275 } 1275 }
1276 if (xp == NULL) 1276 if (xp == NULL)
@@ -1288,8 +1288,6 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1288 MSG_DONTWAIT); 1288 MSG_DONTWAIT);
1289 } 1289 }
1290 } else { 1290 } else {
1291 err = security_xfrm_policy_delete(xp);
1292
1293 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1291 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
1294 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 1292 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
1295 1293
@@ -1303,9 +1301,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1303 km_policy_notify(xp, p->dir, &c); 1301 km_policy_notify(xp, p->dir, &c);
1304 } 1302 }
1305 1303
1306 xfrm_pol_put(xp);
1307
1308out: 1304out:
1305 xfrm_pol_put(xp);
1309 return err; 1306 return err;
1310} 1307}
1311 1308
@@ -1502,7 +1499,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1502 return err; 1499 return err;
1503 1500
1504 if (p->index) 1501 if (p->index)
1505 xp = xfrm_policy_byid(type, p->dir, p->index, 0); 1502 xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err);
1506 else { 1503 else {
1507 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1504 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
1508 struct xfrm_policy tmp; 1505 struct xfrm_policy tmp;
@@ -1518,13 +1515,14 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1518 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1515 if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
1519 return err; 1516 return err;
1520 } 1517 }
1521 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 0); 1518 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security,
1519 0, &err);
1522 security_xfrm_policy_free(&tmp); 1520 security_xfrm_policy_free(&tmp);
1523 } 1521 }
1524 1522
1525 if (xp == NULL) 1523 if (xp == NULL)
1526 return err; 1524 return -ENOENT;
1527 read_lock(&xp->lock); 1525 read_lock(&xp->lock);
1528 if (xp->dead) { 1526 if (xp->dead) {
1529 read_unlock(&xp->lock); 1527 read_unlock(&xp->lock);
1530 goto out; 1528 goto out;