Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

Steffen Klassert says: ==================== 1) Fix a sleep in atomic when pfkey_sadb2xfrm_user_sec_ctx() is called from pfkey_compile_policy(). Fix from Nikolay Aleksandrov. 2) security_xfrm_policy_alloc() can be called in process and atomic context. Add an argument to let the callers choose the appropriate way. Fix from Nikolay Aleksandrov. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2014-03-18 12:42:33 -0400
committer: David S. Miller <davem@davemloft.net> 2014-03-18 12:42:33 -0400
commit: 72c2dfdefa42c747c8e61f3d3ebfafc8e8d5762f (patch)
tree: 36ffd7b181a7b72fe02015014086001e440a043d /include
parent: b085f311e85b1d6f75d610097c2f20583b776fda (diff)
parent: 52a4c6404f91f2d2c5592ee6365a8418c4565f53 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 5623a7f965b7..2fc42d191f79 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1040,6 +1040,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *      Allocate a security structure to the xp->security field; the security
 *      field is initialized to NULL when the xfrm_policy is allocated.
 *      Return 0 if operation was successful (memory to allocate, legal context)
+ *      @gfp is to specify the context for the allocation
 * @xfrm_policy_clone_security:
 *      @old_ctx contains an existing xfrm_sec_ctx.
 *      @new_ctxp contains a new xfrm_sec_ctx being cloned from old.
@@ -1683,7 +1684,7 @@ struct security_operations {
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
        int (*xfrm_policy_alloc_security) (struct xfrm_sec_ctx **ctxp,
-                        struct xfrm_user_sec_ctx *sec_ctx);
+                        struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
        int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
        void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
        int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
@@ -2859,7 +2860,8 @@ static inline void security_skb_owned_by(struct sk_buff *skb, struct sock *sk)
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
-int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx);
+int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
+                               struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
 int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
 void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
 int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
@@ -2877,7 +2879,9 @@ void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl);
 #else   /* CONFIG_SECURITY_NETWORK_XFRM */
-static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx)
+static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
+                                             struct xfrm_user_sec_ctx *sec_ctx,
+                                             gfp_t gfp)
 {
        return 0;
 }
author	David S. Miller <davem@davemloft.net>	2014-03-18 12:42:33 -0400
committer	David S. Miller <davem@davemloft.net>	2014-03-18 12:42:33 -0400
commit	72c2dfdefa42c747c8e61f3d3ebfafc8e8d5762f (patch)
tree	36ffd7b181a7b72fe02015014086001e440a043d /include
parent	b085f311e85b1d6f75d610097c2f20583b776fda (diff)
parent	52a4c6404f91f2d2c5592ee6365a8418c4565f53 (diff)