xfrm: Using the right namespace to migrate key info

because the home agent could surely be run on a different net namespace other than init_net. The original behavior could lead into inconsistent of key info. Signed-off-by: Fan Du <fan.du@windriver.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Fan Du <fan.du@windriver.com> 2013-11-07 04:47:49 -0500
committer: Steffen Klassert <steffen.klassert@secunet.com> 2013-12-06 00:45:05 -0500
commit: 8d549c4f5d92d80fc6f888fd314e10972ae0ec37 (patch)
tree: ce8175ec97d47ff6cc6a46360bde3788fca49934 /net/xfrm/xfrm_policy.c
parent: e682adf021be796940be6cc10c07be7f7398c220 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index a5bbdfb2874b..907fd2fa70bc 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3076,14 +3076,14 @@ static bool xfrm_migrate_selector_match(const struct xfrm_selector *sel_cmp,
 }
 static struct xfrm_policy * xfrm_migrate_policy_find(const struct xfrm_selector *sel,
-                                                     u8 dir, u8 type)
+                                                     u8 dir, u8 type, struct net *net)
 {
        struct xfrm_policy *pol, *ret = NULL;
        struct hlist_head *chain;
        u32 priority = ~0U;
        read_lock_bh(&xfrm_policy_lock);
-        chain = policy_hash_direct(&init_net, &sel->daddr, &sel->saddr, sel->family, dir);
+        chain = policy_hash_direct(net, &sel->daddr, &sel->saddr, sel->family, dir);
        hlist_for_each_entry(pol, chain, bydst) {
                if (xfrm_migrate_selector_match(sel, &pol->selector) &&
                    pol->type == type) {
@@ -3092,7 +3092,7 @@ static struct xfrm_policy * xfrm_migrate_policy_find(const struct xfrm_selector
                        break;
                }
        }
-        chain = &init_net.xfrm.policy_inexact[dir];
+        chain = &net->xfrm.policy_inexact[dir];
        hlist_for_each_entry(pol, chain, bydst) {
                if (xfrm_migrate_selector_match(sel, &pol->selector) &&
                    pol->type == type &&
@@ -3216,7 +3216,7 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
 int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
                 struct xfrm_migrate *m, int num_migrate,
-                 struct xfrm_kmaddress *k)
+                 struct xfrm_kmaddress *k, struct net *net)
 {
        int i, err, nx_cur = 0, nx_new = 0;
        struct xfrm_policy *pol = NULL;
@@ -3229,7 +3229,7 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
                goto out;
        /* Stage 1 - find policy */
-        if ((pol = xfrm_migrate_policy_find(sel, dir, type)) == NULL) {
+        if ((pol = xfrm_migrate_policy_find(sel, dir, type, net)) == NULL) {
                err = -ENOENT;
                goto out;
        }
author	Fan Du <fan.du@windriver.com>	2013-11-07 04:47:49 -0500
committer	Steffen Klassert <steffen.klassert@secunet.com>	2013-12-06 00:45:05 -0500
commit	8d549c4f5d92d80fc6f888fd314e10972ae0ec37 (patch)
tree	ce8175ec97d47ff6cc6a46360bde3788fca49934 /net/xfrm/xfrm_policy.c
parent	e682adf021be796940be6cc10c07be7f7398c220 (diff)

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index a5bbdfb2874b..907fd2fa70bc 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -3076,14 +3076,14 @@ static bool xfrm_migrate_selector_match(const struct xfrm_selector *sel_cmp,
3076	}	3076	}
3077		3077
3078	static struct xfrm_policy * xfrm_migrate_policy_find(const struct xfrm_selector *sel,	3078	static struct xfrm_policy * xfrm_migrate_policy_find(const struct xfrm_selector *sel,
3079	u8 dir, u8 type)	3079	u8 dir, u8 type, struct net *net)
3080	{	3080	{
3081	struct xfrm_policy pol, ret = NULL;	3081	struct xfrm_policy pol, ret = NULL;
3082	struct hlist_head *chain;	3082	struct hlist_head *chain;
3083	u32 priority = ~0U;	3083	u32 priority = ~0U;
3084		3084
3085	read_lock_bh(&xfrm_policy_lock);	3085	read_lock_bh(&xfrm_policy_lock);
3086	chain = policy_hash_direct(&init_net, &sel->daddr, &sel->saddr, sel->family, dir);	3086	chain = policy_hash_direct(net, &sel->daddr, &sel->saddr, sel->family, dir);
3087	hlist_for_each_entry(pol, chain, bydst) {	3087	hlist_for_each_entry(pol, chain, bydst) {
3088	if (xfrm_migrate_selector_match(sel, &pol->selector) &&	3088	if (xfrm_migrate_selector_match(sel, &pol->selector) &&
3089	pol->type == type) {	3089	pol->type == type) {
@@ -3092,7 +3092,7 @@ static struct xfrm_policy * xfrm_migrate_policy_find(const struct xfrm_selector
3092	break;	3092	break;
3093	}	3093	}
3094	}	3094	}
3095	chain = &init_net.xfrm.policy_inexact[dir];	3095	chain = &net->xfrm.policy_inexact[dir];
3096	hlist_for_each_entry(pol, chain, bydst) {	3096	hlist_for_each_entry(pol, chain, bydst) {
3097	if (xfrm_migrate_selector_match(sel, &pol->selector) &&	3097	if (xfrm_migrate_selector_match(sel, &pol->selector) &&
3098	pol->type == type &&	3098	pol->type == type &&
@@ -3216,7 +3216,7 @@ static int xfrm_migrate_check(const struct xfrm_migrate *m, int num_migrate)
3216		3216
3217	int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,	3217	int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3218	struct xfrm_migrate *m, int num_migrate,	3218	struct xfrm_migrate *m, int num_migrate,
3219	struct xfrm_kmaddress *k)	3219	struct xfrm_kmaddress k, struct net net)
3220	{	3220	{
3221	int i, err, nx_cur = 0, nx_new = 0;	3221	int i, err, nx_cur = 0, nx_new = 0;
3222	struct xfrm_policy *pol = NULL;	3222	struct xfrm_policy *pol = NULL;
@@ -3229,7 +3229,7 @@ int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
3229	goto out;	3229	goto out;
3230		3230
3231	/* Stage 1 - find policy */	3231	/* Stage 1 - find policy */
3232	if ((pol = xfrm_migrate_policy_find(sel, dir, type)) == NULL) {	3232	if ((pol = xfrm_migrate_policy_find(sel, dir, type, net)) == NULL) {
3233	err = -ENOENT;	3233	err = -ENOENT;
3234	goto out;	3234	goto out;
3235	}	3235	}