diff options
| author | Glenn Elliott <gelliott@cs.unc.edu> | 2012-03-04 19:47:13 -0500 |
|---|---|---|
| committer | Glenn Elliott <gelliott@cs.unc.edu> | 2012-03-04 19:47:13 -0500 |
| commit | c71c03bda1e86c9d5198c5d83f712e695c4f2a1e (patch) | |
| tree | ecb166cb3e2b7e2adb3b5e292245fefd23381ac8 /net/xfrm/xfrm_user.c | |
| parent | ea53c912f8a86a8567697115b6a0d8152beee5c8 (diff) | |
| parent | 6a00f206debf8a5c8899055726ad127dbeeed098 (diff) | |
Merge branch 'mpi-master' into wip-k-fmlpwip-k-fmlp
Conflicts:
litmus/sched_cedf.c
Diffstat (limited to 'net/xfrm/xfrm_user.c')
| -rw-r--r-- | net/xfrm/xfrm_user.c | 267 |
1 files changed, 196 insertions, 71 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 8bae6b22c846..c658cb3bc7c3 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -26,6 +26,7 @@ | |||
| 26 | #include <net/sock.h> | 26 | #include <net/sock.h> |
| 27 | #include <net/xfrm.h> | 27 | #include <net/xfrm.h> |
| 28 | #include <net/netlink.h> | 28 | #include <net/netlink.h> |
| 29 | #include <net/ah.h> | ||
| 29 | #include <asm/uaccess.h> | 30 | #include <asm/uaccess.h> |
| 30 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | 31 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
| 31 | #include <linux/in6.h> | 32 | #include <linux/in6.h> |
| @@ -118,6 +119,25 @@ static inline int verify_sec_ctx_len(struct nlattr **attrs) | |||
| 118 | return 0; | 119 | return 0; |
| 119 | } | 120 | } |
| 120 | 121 | ||
| 122 | static inline int verify_replay(struct xfrm_usersa_info *p, | ||
| 123 | struct nlattr **attrs) | ||
| 124 | { | ||
| 125 | struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; | ||
| 126 | |||
| 127 | if ((p->flags & XFRM_STATE_ESN) && !rt) | ||
| 128 | return -EINVAL; | ||
| 129 | |||
| 130 | if (!rt) | ||
| 131 | return 0; | ||
| 132 | |||
| 133 | if (p->id.proto != IPPROTO_ESP) | ||
| 134 | return -EINVAL; | ||
| 135 | |||
| 136 | if (p->replay_window != 0) | ||
| 137 | return -EINVAL; | ||
| 138 | |||
| 139 | return 0; | ||
| 140 | } | ||
| 121 | 141 | ||
| 122 | static int verify_newsa_info(struct xfrm_usersa_info *p, | 142 | static int verify_newsa_info(struct xfrm_usersa_info *p, |
| 123 | struct nlattr **attrs) | 143 | struct nlattr **attrs) |
| @@ -148,7 +168,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, | |||
| 148 | !attrs[XFRMA_ALG_AUTH_TRUNC]) || | 168 | !attrs[XFRMA_ALG_AUTH_TRUNC]) || |
| 149 | attrs[XFRMA_ALG_AEAD] || | 169 | attrs[XFRMA_ALG_AEAD] || |
| 150 | attrs[XFRMA_ALG_CRYPT] || | 170 | attrs[XFRMA_ALG_CRYPT] || |
| 151 | attrs[XFRMA_ALG_COMP]) | 171 | attrs[XFRMA_ALG_COMP] || |
| 172 | attrs[XFRMA_TFCPAD]) | ||
| 152 | goto out; | 173 | goto out; |
| 153 | break; | 174 | break; |
| 154 | 175 | ||
| @@ -165,6 +186,9 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, | |||
| 165 | attrs[XFRMA_ALG_CRYPT]) && | 186 | attrs[XFRMA_ALG_CRYPT]) && |
| 166 | attrs[XFRMA_ALG_AEAD]) | 187 | attrs[XFRMA_ALG_AEAD]) |
| 167 | goto out; | 188 | goto out; |
| 189 | if (attrs[XFRMA_TFCPAD] && | ||
| 190 | p->mode != XFRM_MODE_TUNNEL) | ||
| 191 | goto out; | ||
| 168 | break; | 192 | break; |
| 169 | 193 | ||
| 170 | case IPPROTO_COMP: | 194 | case IPPROTO_COMP: |
| @@ -172,7 +196,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, | |||
| 172 | attrs[XFRMA_ALG_AEAD] || | 196 | attrs[XFRMA_ALG_AEAD] || |
| 173 | attrs[XFRMA_ALG_AUTH] || | 197 | attrs[XFRMA_ALG_AUTH] || |
| 174 | attrs[XFRMA_ALG_AUTH_TRUNC] || | 198 | attrs[XFRMA_ALG_AUTH_TRUNC] || |
| 175 | attrs[XFRMA_ALG_CRYPT]) | 199 | attrs[XFRMA_ALG_CRYPT] || |
| 200 | attrs[XFRMA_TFCPAD]) | ||
| 176 | goto out; | 201 | goto out; |
| 177 | break; | 202 | break; |
| 178 | 203 | ||
| @@ -186,6 +211,7 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, | |||
| 186 | attrs[XFRMA_ALG_CRYPT] || | 211 | attrs[XFRMA_ALG_CRYPT] || |
| 187 | attrs[XFRMA_ENCAP] || | 212 | attrs[XFRMA_ENCAP] || |
| 188 | attrs[XFRMA_SEC_CTX] || | 213 | attrs[XFRMA_SEC_CTX] || |
| 214 | attrs[XFRMA_TFCPAD] || | ||
| 189 | !attrs[XFRMA_COADDR]) | 215 | !attrs[XFRMA_COADDR]) |
| 190 | goto out; | 216 | goto out; |
| 191 | break; | 217 | break; |
| @@ -207,6 +233,8 @@ static int verify_newsa_info(struct xfrm_usersa_info *p, | |||
| 207 | goto out; | 233 | goto out; |
| 208 | if ((err = verify_sec_ctx_len(attrs))) | 234 | if ((err = verify_sec_ctx_len(attrs))) |
| 209 | goto out; | 235 | goto out; |
| 236 | if ((err = verify_replay(p, attrs))) | ||
| 237 | goto out; | ||
| 210 | 238 | ||
| 211 | err = -EINVAL; | 239 | err = -EINVAL; |
| 212 | switch (p->mode) { | 240 | switch (p->mode) { |
| @@ -227,7 +255,7 @@ out: | |||
| 227 | } | 255 | } |
| 228 | 256 | ||
| 229 | static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, | 257 | static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, |
| 230 | struct xfrm_algo_desc *(*get_byname)(char *, int), | 258 | struct xfrm_algo_desc *(*get_byname)(const char *, int), |
| 231 | struct nlattr *rta) | 259 | struct nlattr *rta) |
| 232 | { | 260 | { |
| 233 | struct xfrm_algo *p, *ualg; | 261 | struct xfrm_algo *p, *ualg; |
| @@ -296,7 +324,8 @@ static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props, | |||
| 296 | algo = xfrm_aalg_get_byname(ualg->alg_name, 1); | 324 | algo = xfrm_aalg_get_byname(ualg->alg_name, 1); |
| 297 | if (!algo) | 325 | if (!algo) |
| 298 | return -ENOSYS; | 326 | return -ENOSYS; |
| 299 | if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) | 327 | if ((ualg->alg_trunc_len / 8) > MAX_AH_AUTH_LEN || |
| 328 | ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) | ||
| 300 | return -EINVAL; | 329 | return -EINVAL; |
| 301 | *props = algo->desc.sadb_alg_id; | 330 | *props = algo->desc.sadb_alg_id; |
| 302 | 331 | ||
| @@ -337,6 +366,50 @@ static int attach_aead(struct xfrm_algo_aead **algpp, u8 *props, | |||
| 337 | return 0; | 366 | return 0; |
| 338 | } | 367 | } |
| 339 | 368 | ||
| 369 | static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_esn, | ||
| 370 | struct nlattr *rp) | ||
| 371 | { | ||
| 372 | struct xfrm_replay_state_esn *up; | ||
| 373 | |||
| 374 | if (!replay_esn || !rp) | ||
| 375 | return 0; | ||
| 376 | |||
| 377 | up = nla_data(rp); | ||
| 378 | |||
| 379 | if (xfrm_replay_state_esn_len(replay_esn) != | ||
| 380 | xfrm_replay_state_esn_len(up)) | ||
| 381 | return -EINVAL; | ||
| 382 | |||
| 383 | return 0; | ||
| 384 | } | ||
| 385 | |||
| 386 | static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn, | ||
| 387 | struct xfrm_replay_state_esn **preplay_esn, | ||
| 388 | struct nlattr *rta) | ||
| 389 | { | ||
| 390 | struct xfrm_replay_state_esn *p, *pp, *up; | ||
| 391 | |||
| 392 | if (!rta) | ||
| 393 | return 0; | ||
| 394 | |||
| 395 | up = nla_data(rta); | ||
| 396 | |||
| 397 | p = kmemdup(up, xfrm_replay_state_esn_len(up), GFP_KERNEL); | ||
| 398 | if (!p) | ||
| 399 | return -ENOMEM; | ||
| 400 | |||
| 401 | pp = kmemdup(up, xfrm_replay_state_esn_len(up), GFP_KERNEL); | ||
| 402 | if (!pp) { | ||
| 403 | kfree(p); | ||
| 404 | return -ENOMEM; | ||
| 405 | } | ||
| 406 | |||
| 407 | *replay_esn = p; | ||
| 408 | *preplay_esn = pp; | ||
| 409 | |||
| 410 | return 0; | ||
| 411 | } | ||
| 412 | |||
| 340 | static inline int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx) | 413 | static inline int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx) |
| 341 | { | 414 | { |
| 342 | int len = 0; | 415 | int len = 0; |
| @@ -372,10 +445,20 @@ static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info * | |||
| 372 | static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) | 445 | static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) |
| 373 | { | 446 | { |
| 374 | struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; | 447 | struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; |
| 448 | struct nlattr *re = attrs[XFRMA_REPLAY_ESN_VAL]; | ||
| 375 | struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; | 449 | struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; |
| 376 | struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; | 450 | struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; |
| 377 | struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; | 451 | struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; |
| 378 | 452 | ||
| 453 | if (re) { | ||
| 454 | struct xfrm_replay_state_esn *replay_esn; | ||
| 455 | replay_esn = nla_data(re); | ||
| 456 | memcpy(x->replay_esn, replay_esn, | ||
| 457 | xfrm_replay_state_esn_len(replay_esn)); | ||
| 458 | memcpy(x->preplay_esn, replay_esn, | ||
| 459 | xfrm_replay_state_esn_len(replay_esn)); | ||
| 460 | } | ||
| 461 | |||
| 379 | if (rp) { | 462 | if (rp) { |
| 380 | struct xfrm_replay_state *replay; | 463 | struct xfrm_replay_state *replay; |
| 381 | replay = nla_data(rp); | 464 | replay = nla_data(rp); |
| @@ -439,6 +522,9 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, | |||
| 439 | goto error; | 522 | goto error; |
| 440 | } | 523 | } |
| 441 | 524 | ||
| 525 | if (attrs[XFRMA_TFCPAD]) | ||
| 526 | x->tfcpad = nla_get_u32(attrs[XFRMA_TFCPAD]); | ||
| 527 | |||
| 442 | if (attrs[XFRMA_COADDR]) { | 528 | if (attrs[XFRMA_COADDR]) { |
| 443 | x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]), | 529 | x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]), |
| 444 | sizeof(*x->coaddr), GFP_KERNEL); | 530 | sizeof(*x->coaddr), GFP_KERNEL); |
| @@ -448,7 +534,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, | |||
| 448 | 534 | ||
| 449 | xfrm_mark_get(attrs, &x->mark); | 535 | xfrm_mark_get(attrs, &x->mark); |
| 450 | 536 | ||
| 451 | err = xfrm_init_state(x); | 537 | err = __xfrm_init_state(x, false); |
| 452 | if (err) | 538 | if (err) |
| 453 | goto error; | 539 | goto error; |
| 454 | 540 | ||
| @@ -456,16 +542,19 @@ static struct xfrm_state *xfrm_state_construct(struct net *net, | |||
| 456 | security_xfrm_state_alloc(x, nla_data(attrs[XFRMA_SEC_CTX]))) | 542 | security_xfrm_state_alloc(x, nla_data(attrs[XFRMA_SEC_CTX]))) |
| 457 | goto error; | 543 | goto error; |
| 458 | 544 | ||
| 545 | if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn, | ||
| 546 | attrs[XFRMA_REPLAY_ESN_VAL]))) | ||
| 547 | goto error; | ||
| 548 | |||
| 459 | x->km.seq = p->seq; | 549 | x->km.seq = p->seq; |
| 460 | x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth; | 550 | x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth; |
| 461 | /* sysctl_xfrm_aevent_etime is in 100ms units */ | 551 | /* sysctl_xfrm_aevent_etime is in 100ms units */ |
| 462 | x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M; | 552 | x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M; |
| 463 | x->preplay.bitmap = 0; | ||
| 464 | x->preplay.seq = x->replay.seq+x->replay_maxdiff; | ||
| 465 | x->preplay.oseq = x->replay.oseq +x->replay_maxdiff; | ||
| 466 | 553 | ||
| 467 | /* override default values from above */ | 554 | if ((err = xfrm_init_replay(x))) |
| 555 | goto error; | ||
| 468 | 556 | ||
| 557 | /* override default values from above */ | ||
| 469 | xfrm_update_ae_params(x, attrs); | 558 | xfrm_update_ae_params(x, attrs); |
| 470 | 559 | ||
| 471 | return x; | 560 | return x; |
| @@ -486,9 +575,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 486 | struct xfrm_state *x; | 575 | struct xfrm_state *x; |
| 487 | int err; | 576 | int err; |
| 488 | struct km_event c; | 577 | struct km_event c; |
| 489 | uid_t loginuid = NETLINK_CB(skb).loginuid; | 578 | uid_t loginuid = audit_get_loginuid(current); |
| 490 | u32 sessionid = NETLINK_CB(skb).sessionid; | 579 | u32 sessionid = audit_get_sessionid(current); |
| 491 | u32 sid = NETLINK_CB(skb).sid; | 580 | u32 sid; |
| 492 | 581 | ||
| 493 | err = verify_newsa_info(p, attrs); | 582 | err = verify_newsa_info(p, attrs); |
| 494 | if (err) | 583 | if (err) |
| @@ -504,6 +593,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 504 | else | 593 | else |
| 505 | err = xfrm_state_update(x); | 594 | err = xfrm_state_update(x); |
| 506 | 595 | ||
| 596 | security_task_getsecid(current, &sid); | ||
| 507 | xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid); | 597 | xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid); |
| 508 | 598 | ||
| 509 | if (err < 0) { | 599 | if (err < 0) { |
| @@ -564,9 +654,9 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 564 | int err = -ESRCH; | 654 | int err = -ESRCH; |
| 565 | struct km_event c; | 655 | struct km_event c; |
| 566 | struct xfrm_usersa_id *p = nlmsg_data(nlh); | 656 | struct xfrm_usersa_id *p = nlmsg_data(nlh); |
| 567 | uid_t loginuid = NETLINK_CB(skb).loginuid; | 657 | uid_t loginuid = audit_get_loginuid(current); |
| 568 | u32 sessionid = NETLINK_CB(skb).sessionid; | 658 | u32 sessionid = audit_get_sessionid(current); |
| 569 | u32 sid = NETLINK_CB(skb).sid; | 659 | u32 sid; |
| 570 | 660 | ||
| 571 | x = xfrm_user_state_lookup(net, p, attrs, &err); | 661 | x = xfrm_user_state_lookup(net, p, attrs, &err); |
| 572 | if (x == NULL) | 662 | if (x == NULL) |
| @@ -591,6 +681,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 591 | km_state_notify(x, &c); | 681 | km_state_notify(x, &c); |
| 592 | 682 | ||
| 593 | out: | 683 | out: |
| 684 | security_task_getsecid(current, &sid); | ||
| 594 | xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid); | 685 | xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid); |
| 595 | xfrm_state_put(x); | 686 | xfrm_state_put(x); |
| 596 | return err; | 687 | return err; |
| @@ -688,9 +779,16 @@ static int copy_to_user_state_extra(struct xfrm_state *x, | |||
| 688 | if (x->encap) | 779 | if (x->encap) |
| 689 | NLA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); | 780 | NLA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); |
| 690 | 781 | ||
| 782 | if (x->tfcpad) | ||
| 783 | NLA_PUT_U32(skb, XFRMA_TFCPAD, x->tfcpad); | ||
| 784 | |||
| 691 | if (xfrm_mark_put(skb, &x->mark)) | 785 | if (xfrm_mark_put(skb, &x->mark)) |
| 692 | goto nla_put_failure; | 786 | goto nla_put_failure; |
| 693 | 787 | ||
| 788 | if (x->replay_esn) | ||
| 789 | NLA_PUT(skb, XFRMA_REPLAY_ESN_VAL, | ||
| 790 | xfrm_replay_state_esn_len(x->replay_esn), x->replay_esn); | ||
| 791 | |||
| 694 | if (x->security && copy_sec_ctx(x->security, skb) < 0) | 792 | if (x->security && copy_sec_ctx(x->security, skb) < 0) |
| 695 | goto nla_put_failure; | 793 | goto nla_put_failure; |
| 696 | 794 | ||
| @@ -799,7 +897,7 @@ static int build_spdinfo(struct sk_buff *skb, struct net *net, | |||
| 799 | u32 *f; | 897 | u32 *f; |
| 800 | 898 | ||
| 801 | nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0); | 899 | nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0); |
| 802 | if (nlh == NULL) /* shouldnt really happen ... */ | 900 | if (nlh == NULL) /* shouldn't really happen ... */ |
| 803 | return -EMSGSIZE; | 901 | return -EMSGSIZE; |
| 804 | 902 | ||
| 805 | f = nlmsg_data(nlh); | 903 | f = nlmsg_data(nlh); |
| @@ -859,7 +957,7 @@ static int build_sadinfo(struct sk_buff *skb, struct net *net, | |||
| 859 | u32 *f; | 957 | u32 *f; |
| 860 | 958 | ||
| 861 | nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0); | 959 | nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0); |
| 862 | if (nlh == NULL) /* shouldnt really happen ... */ | 960 | if (nlh == NULL) /* shouldn't really happen ... */ |
| 863 | return -EMSGSIZE; | 961 | return -EMSGSIZE; |
| 864 | 962 | ||
| 865 | f = nlmsg_data(nlh); | 963 | f = nlmsg_data(nlh); |
| @@ -1251,9 +1349,9 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1251 | struct km_event c; | 1349 | struct km_event c; |
| 1252 | int err; | 1350 | int err; |
| 1253 | int excl; | 1351 | int excl; |
| 1254 | uid_t loginuid = NETLINK_CB(skb).loginuid; | 1352 | uid_t loginuid = audit_get_loginuid(current); |
| 1255 | u32 sessionid = NETLINK_CB(skb).sessionid; | 1353 | u32 sessionid = audit_get_sessionid(current); |
| 1256 | u32 sid = NETLINK_CB(skb).sid; | 1354 | u32 sid; |
| 1257 | 1355 | ||
| 1258 | err = verify_newpolicy_info(p); | 1356 | err = verify_newpolicy_info(p); |
| 1259 | if (err) | 1357 | if (err) |
| @@ -1266,12 +1364,13 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1266 | if (!xp) | 1364 | if (!xp) |
| 1267 | return err; | 1365 | return err; |
| 1268 | 1366 | ||
| 1269 | /* shouldnt excl be based on nlh flags?? | 1367 | /* shouldn't excl be based on nlh flags?? |
| 1270 | * Aha! this is anti-netlink really i.e more pfkey derived | 1368 | * Aha! this is anti-netlink really i.e more pfkey derived |
| 1271 | * in netlink excl is a flag and you wouldnt need | 1369 | * in netlink excl is a flag and you wouldnt need |
| 1272 | * a type XFRM_MSG_UPDPOLICY - JHS */ | 1370 | * a type XFRM_MSG_UPDPOLICY - JHS */ |
| 1273 | excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; | 1371 | excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; |
| 1274 | err = xfrm_policy_insert(p->dir, xp, excl); | 1372 | err = xfrm_policy_insert(p->dir, xp, excl); |
| 1373 | security_task_getsecid(current, &sid); | ||
| 1275 | xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid); | 1374 | xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid); |
| 1276 | 1375 | ||
| 1277 | if (err) { | 1376 | if (err) { |
| @@ -1508,10 +1607,11 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1508 | NETLINK_CB(skb).pid); | 1607 | NETLINK_CB(skb).pid); |
| 1509 | } | 1608 | } |
| 1510 | } else { | 1609 | } else { |
| 1511 | uid_t loginuid = NETLINK_CB(skb).loginuid; | 1610 | uid_t loginuid = audit_get_loginuid(current); |
| 1512 | u32 sessionid = NETLINK_CB(skb).sessionid; | 1611 | u32 sessionid = audit_get_sessionid(current); |
| 1513 | u32 sid = NETLINK_CB(skb).sid; | 1612 | u32 sid; |
| 1514 | 1613 | ||
| 1614 | security_task_getsecid(current, &sid); | ||
| 1515 | xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid, | 1615 | xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid, |
| 1516 | sid); | 1616 | sid); |
| 1517 | 1617 | ||
| @@ -1539,9 +1639,9 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1539 | struct xfrm_audit audit_info; | 1639 | struct xfrm_audit audit_info; |
| 1540 | int err; | 1640 | int err; |
| 1541 | 1641 | ||
| 1542 | audit_info.loginuid = NETLINK_CB(skb).loginuid; | 1642 | audit_info.loginuid = audit_get_loginuid(current); |
| 1543 | audit_info.sessionid = NETLINK_CB(skb).sessionid; | 1643 | audit_info.sessionid = audit_get_sessionid(current); |
| 1544 | audit_info.secid = NETLINK_CB(skb).sid; | 1644 | security_task_getsecid(current, &audit_info.secid); |
| 1545 | err = xfrm_state_flush(net, p->proto, &audit_info); | 1645 | err = xfrm_state_flush(net, p->proto, &audit_info); |
| 1546 | if (err) { | 1646 | if (err) { |
| 1547 | if (err == -ESRCH) /* empty table */ | 1647 | if (err == -ESRCH) /* empty table */ |
| @@ -1558,17 +1658,21 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1558 | return 0; | 1658 | return 0; |
| 1559 | } | 1659 | } |
| 1560 | 1660 | ||
| 1561 | static inline size_t xfrm_aevent_msgsize(void) | 1661 | static inline size_t xfrm_aevent_msgsize(struct xfrm_state *x) |
| 1562 | { | 1662 | { |
| 1663 | size_t replay_size = x->replay_esn ? | ||
| 1664 | xfrm_replay_state_esn_len(x->replay_esn) : | ||
| 1665 | sizeof(struct xfrm_replay_state); | ||
| 1666 | |||
| 1563 | return NLMSG_ALIGN(sizeof(struct xfrm_aevent_id)) | 1667 | return NLMSG_ALIGN(sizeof(struct xfrm_aevent_id)) |
| 1564 | + nla_total_size(sizeof(struct xfrm_replay_state)) | 1668 | + nla_total_size(replay_size) |
| 1565 | + nla_total_size(sizeof(struct xfrm_lifetime_cur)) | 1669 | + nla_total_size(sizeof(struct xfrm_lifetime_cur)) |
| 1566 | + nla_total_size(sizeof(struct xfrm_mark)) | 1670 | + nla_total_size(sizeof(struct xfrm_mark)) |
| 1567 | + nla_total_size(4) /* XFRM_AE_RTHR */ | 1671 | + nla_total_size(4) /* XFRM_AE_RTHR */ |
| 1568 | + nla_total_size(4); /* XFRM_AE_ETHR */ | 1672 | + nla_total_size(4); /* XFRM_AE_ETHR */ |
| 1569 | } | 1673 | } |
| 1570 | 1674 | ||
| 1571 | static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) | 1675 | static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c) |
| 1572 | { | 1676 | { |
| 1573 | struct xfrm_aevent_id *id; | 1677 | struct xfrm_aevent_id *id; |
| 1574 | struct nlmsghdr *nlh; | 1678 | struct nlmsghdr *nlh; |
| @@ -1586,7 +1690,13 @@ static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_eve | |||
| 1586 | id->reqid = x->props.reqid; | 1690 | id->reqid = x->props.reqid; |
| 1587 | id->flags = c->data.aevent; | 1691 | id->flags = c->data.aevent; |
| 1588 | 1692 | ||
| 1589 | NLA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay); | 1693 | if (x->replay_esn) |
| 1694 | NLA_PUT(skb, XFRMA_REPLAY_ESN_VAL, | ||
| 1695 | xfrm_replay_state_esn_len(x->replay_esn), | ||
| 1696 | x->replay_esn); | ||
| 1697 | else | ||
| 1698 | NLA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay); | ||
| 1699 | |||
| 1590 | NLA_PUT(skb, XFRMA_LTIME_VAL, sizeof(x->curlft), &x->curlft); | 1700 | NLA_PUT(skb, XFRMA_LTIME_VAL, sizeof(x->curlft), &x->curlft); |
| 1591 | 1701 | ||
| 1592 | if (id->flags & XFRM_AE_RTHR) | 1702 | if (id->flags & XFRM_AE_RTHR) |
| @@ -1619,16 +1729,16 @@ static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1619 | struct xfrm_aevent_id *p = nlmsg_data(nlh); | 1729 | struct xfrm_aevent_id *p = nlmsg_data(nlh); |
| 1620 | struct xfrm_usersa_id *id = &p->sa_id; | 1730 | struct xfrm_usersa_id *id = &p->sa_id; |
| 1621 | 1731 | ||
| 1622 | r_skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); | ||
| 1623 | if (r_skb == NULL) | ||
| 1624 | return -ENOMEM; | ||
| 1625 | |||
| 1626 | mark = xfrm_mark_get(attrs, &m); | 1732 | mark = xfrm_mark_get(attrs, &m); |
| 1627 | 1733 | ||
| 1628 | x = xfrm_state_lookup(net, mark, &id->daddr, id->spi, id->proto, id->family); | 1734 | x = xfrm_state_lookup(net, mark, &id->daddr, id->spi, id->proto, id->family); |
| 1629 | if (x == NULL) { | 1735 | if (x == NULL) |
| 1630 | kfree_skb(r_skb); | ||
| 1631 | return -ESRCH; | 1736 | return -ESRCH; |
| 1737 | |||
| 1738 | r_skb = nlmsg_new(xfrm_aevent_msgsize(x), GFP_ATOMIC); | ||
| 1739 | if (r_skb == NULL) { | ||
| 1740 | xfrm_state_put(x); | ||
| 1741 | return -ENOMEM; | ||
| 1632 | } | 1742 | } |
| 1633 | 1743 | ||
| 1634 | /* | 1744 | /* |
| @@ -1660,9 +1770,10 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1660 | struct xfrm_mark m; | 1770 | struct xfrm_mark m; |
| 1661 | struct xfrm_aevent_id *p = nlmsg_data(nlh); | 1771 | struct xfrm_aevent_id *p = nlmsg_data(nlh); |
| 1662 | struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; | 1772 | struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; |
| 1773 | struct nlattr *re = attrs[XFRMA_REPLAY_ESN_VAL]; | ||
| 1663 | struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; | 1774 | struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; |
| 1664 | 1775 | ||
| 1665 | if (!lt && !rp) | 1776 | if (!lt && !rp && !re) |
| 1666 | return err; | 1777 | return err; |
| 1667 | 1778 | ||
| 1668 | /* pedantic mode - thou shalt sayeth replaceth */ | 1779 | /* pedantic mode - thou shalt sayeth replaceth */ |
| @@ -1678,6 +1789,10 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1678 | if (x->km.state != XFRM_STATE_VALID) | 1789 | if (x->km.state != XFRM_STATE_VALID) |
| 1679 | goto out; | 1790 | goto out; |
| 1680 | 1791 | ||
| 1792 | err = xfrm_replay_verify_len(x->replay_esn, rp); | ||
| 1793 | if (err) | ||
| 1794 | goto out; | ||
| 1795 | |||
| 1681 | spin_lock_bh(&x->lock); | 1796 | spin_lock_bh(&x->lock); |
| 1682 | xfrm_update_ae_params(x, attrs); | 1797 | xfrm_update_ae_params(x, attrs); |
| 1683 | spin_unlock_bh(&x->lock); | 1798 | spin_unlock_bh(&x->lock); |
| @@ -1706,9 +1821,9 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1706 | if (err) | 1821 | if (err) |
| 1707 | return err; | 1822 | return err; |
| 1708 | 1823 | ||
| 1709 | audit_info.loginuid = NETLINK_CB(skb).loginuid; | 1824 | audit_info.loginuid = audit_get_loginuid(current); |
| 1710 | audit_info.sessionid = NETLINK_CB(skb).sessionid; | 1825 | audit_info.sessionid = audit_get_sessionid(current); |
| 1711 | audit_info.secid = NETLINK_CB(skb).sid; | 1826 | security_task_getsecid(current, &audit_info.secid); |
| 1712 | err = xfrm_policy_flush(net, type, &audit_info); | 1827 | err = xfrm_policy_flush(net, type, &audit_info); |
| 1713 | if (err) { | 1828 | if (err) { |
| 1714 | if (err == -ESRCH) /* empty table */ | 1829 | if (err == -ESRCH) /* empty table */ |
| @@ -1775,9 +1890,11 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1775 | 1890 | ||
| 1776 | err = 0; | 1891 | err = 0; |
| 1777 | if (up->hard) { | 1892 | if (up->hard) { |
| 1778 | uid_t loginuid = NETLINK_CB(skb).loginuid; | 1893 | uid_t loginuid = audit_get_loginuid(current); |
| 1779 | uid_t sessionid = NETLINK_CB(skb).sessionid; | 1894 | u32 sessionid = audit_get_sessionid(current); |
| 1780 | u32 sid = NETLINK_CB(skb).sid; | 1895 | u32 sid; |
| 1896 | |||
| 1897 | security_task_getsecid(current, &sid); | ||
| 1781 | xfrm_policy_delete(xp, p->dir); | 1898 | xfrm_policy_delete(xp, p->dir); |
| 1782 | xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid); | 1899 | xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid); |
| 1783 | 1900 | ||
| @@ -1816,9 +1933,11 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1816 | km_state_expired(x, ue->hard, current->pid); | 1933 | km_state_expired(x, ue->hard, current->pid); |
| 1817 | 1934 | ||
| 1818 | if (ue->hard) { | 1935 | if (ue->hard) { |
| 1819 | uid_t loginuid = NETLINK_CB(skb).loginuid; | 1936 | uid_t loginuid = audit_get_loginuid(current); |
| 1820 | uid_t sessionid = NETLINK_CB(skb).sessionid; | 1937 | u32 sessionid = audit_get_sessionid(current); |
| 1821 | u32 sid = NETLINK_CB(skb).sid; | 1938 | u32 sid; |
| 1939 | |||
| 1940 | security_task_getsecid(current, &sid); | ||
| 1822 | __xfrm_state_delete(x); | 1941 | __xfrm_state_delete(x); |
| 1823 | xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid); | 1942 | xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid); |
| 1824 | } | 1943 | } |
| @@ -1972,7 +2091,7 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1972 | #endif | 2091 | #endif |
| 1973 | 2092 | ||
| 1974 | #ifdef CONFIG_XFRM_MIGRATE | 2093 | #ifdef CONFIG_XFRM_MIGRATE |
| 1975 | static int copy_to_user_migrate(struct xfrm_migrate *m, struct sk_buff *skb) | 2094 | static int copy_to_user_migrate(const struct xfrm_migrate *m, struct sk_buff *skb) |
| 1976 | { | 2095 | { |
| 1977 | struct xfrm_user_migrate um; | 2096 | struct xfrm_user_migrate um; |
| 1978 | 2097 | ||
| @@ -1990,7 +2109,7 @@ static int copy_to_user_migrate(struct xfrm_migrate *m, struct sk_buff *skb) | |||
| 1990 | return nla_put(skb, XFRMA_MIGRATE, sizeof(um), &um); | 2109 | return nla_put(skb, XFRMA_MIGRATE, sizeof(um), &um); |
| 1991 | } | 2110 | } |
| 1992 | 2111 | ||
| 1993 | static int copy_to_user_kmaddress(struct xfrm_kmaddress *k, struct sk_buff *skb) | 2112 | static int copy_to_user_kmaddress(const struct xfrm_kmaddress *k, struct sk_buff *skb) |
| 1994 | { | 2113 | { |
| 1995 | struct xfrm_user_kmaddress uk; | 2114 | struct xfrm_user_kmaddress uk; |
| 1996 | 2115 | ||
| @@ -2011,11 +2130,11 @@ static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma) | |||
| 2011 | + userpolicy_type_attrsize(); | 2130 | + userpolicy_type_attrsize(); |
| 2012 | } | 2131 | } |
| 2013 | 2132 | ||
| 2014 | static int build_migrate(struct sk_buff *skb, struct xfrm_migrate *m, | 2133 | static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m, |
| 2015 | int num_migrate, struct xfrm_kmaddress *k, | 2134 | int num_migrate, const struct xfrm_kmaddress *k, |
| 2016 | struct xfrm_selector *sel, u8 dir, u8 type) | 2135 | const struct xfrm_selector *sel, u8 dir, u8 type) |
| 2017 | { | 2136 | { |
| 2018 | struct xfrm_migrate *mp; | 2137 | const struct xfrm_migrate *mp; |
| 2019 | struct xfrm_userpolicy_id *pol_id; | 2138 | struct xfrm_userpolicy_id *pol_id; |
| 2020 | struct nlmsghdr *nlh; | 2139 | struct nlmsghdr *nlh; |
| 2021 | int i; | 2140 | int i; |
| @@ -2047,9 +2166,9 @@ nlmsg_failure: | |||
| 2047 | return -EMSGSIZE; | 2166 | return -EMSGSIZE; |
| 2048 | } | 2167 | } |
| 2049 | 2168 | ||
| 2050 | static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, | 2169 | static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, |
| 2051 | struct xfrm_migrate *m, int num_migrate, | 2170 | const struct xfrm_migrate *m, int num_migrate, |
| 2052 | struct xfrm_kmaddress *k) | 2171 | const struct xfrm_kmaddress *k) |
| 2053 | { | 2172 | { |
| 2054 | struct net *net = &init_net; | 2173 | struct net *net = &init_net; |
| 2055 | struct sk_buff *skb; | 2174 | struct sk_buff *skb; |
| @@ -2065,9 +2184,9 @@ static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, | |||
| 2065 | return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_MIGRATE, GFP_ATOMIC); | 2184 | return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_MIGRATE, GFP_ATOMIC); |
| 2066 | } | 2185 | } |
| 2067 | #else | 2186 | #else |
| 2068 | static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, | 2187 | static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, |
| 2069 | struct xfrm_migrate *m, int num_migrate, | 2188 | const struct xfrm_migrate *m, int num_migrate, |
| 2070 | struct xfrm_kmaddress *k) | 2189 | const struct xfrm_kmaddress *k) |
| 2071 | { | 2190 | { |
| 2072 | return -ENOPROTOOPT; | 2191 | return -ENOPROTOOPT; |
| 2073 | } | 2192 | } |
| @@ -2122,6 +2241,8 @@ static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = { | |||
| 2122 | [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) }, | 2241 | [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) }, |
| 2123 | [XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) }, | 2242 | [XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) }, |
| 2124 | [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) }, | 2243 | [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) }, |
| 2244 | [XFRMA_TFCPAD] = { .type = NLA_U32 }, | ||
| 2245 | [XFRMA_REPLAY_ESN_VAL] = { .len = sizeof(struct xfrm_replay_state_esn) }, | ||
| 2125 | }; | 2246 | }; |
| 2126 | 2247 | ||
| 2127 | static struct xfrm_link { | 2248 | static struct xfrm_link { |
| @@ -2205,7 +2326,7 @@ static inline size_t xfrm_expire_msgsize(void) | |||
| 2205 | + nla_total_size(sizeof(struct xfrm_mark)); | 2326 | + nla_total_size(sizeof(struct xfrm_mark)); |
| 2206 | } | 2327 | } |
| 2207 | 2328 | ||
| 2208 | static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) | 2329 | static int build_expire(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c) |
| 2209 | { | 2330 | { |
| 2210 | struct xfrm_user_expire *ue; | 2331 | struct xfrm_user_expire *ue; |
| 2211 | struct nlmsghdr *nlh; | 2332 | struct nlmsghdr *nlh; |
| @@ -2227,7 +2348,7 @@ nla_put_failure: | |||
| 2227 | return -EMSGSIZE; | 2348 | return -EMSGSIZE; |
| 2228 | } | 2349 | } |
| 2229 | 2350 | ||
| 2230 | static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) | 2351 | static int xfrm_exp_state_notify(struct xfrm_state *x, const struct km_event *c) |
| 2231 | { | 2352 | { |
| 2232 | struct net *net = xs_net(x); | 2353 | struct net *net = xs_net(x); |
| 2233 | struct sk_buff *skb; | 2354 | struct sk_buff *skb; |
| @@ -2244,12 +2365,12 @@ static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) | |||
| 2244 | return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); | 2365 | return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); |
| 2245 | } | 2366 | } |
| 2246 | 2367 | ||
| 2247 | static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) | 2368 | static int xfrm_aevent_state_notify(struct xfrm_state *x, const struct km_event *c) |
| 2248 | { | 2369 | { |
| 2249 | struct net *net = xs_net(x); | 2370 | struct net *net = xs_net(x); |
| 2250 | struct sk_buff *skb; | 2371 | struct sk_buff *skb; |
| 2251 | 2372 | ||
| 2252 | skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); | 2373 | skb = nlmsg_new(xfrm_aevent_msgsize(x), GFP_ATOMIC); |
| 2253 | if (skb == NULL) | 2374 | if (skb == NULL) |
| 2254 | return -ENOMEM; | 2375 | return -ENOMEM; |
| 2255 | 2376 | ||
| @@ -2259,7 +2380,7 @@ static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) | |||
| 2259 | return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_AEVENTS, GFP_ATOMIC); | 2380 | return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_AEVENTS, GFP_ATOMIC); |
| 2260 | } | 2381 | } |
| 2261 | 2382 | ||
| 2262 | static int xfrm_notify_sa_flush(struct km_event *c) | 2383 | static int xfrm_notify_sa_flush(const struct km_event *c) |
| 2263 | { | 2384 | { |
| 2264 | struct net *net = c->net; | 2385 | struct net *net = c->net; |
| 2265 | struct xfrm_usersa_flush *p; | 2386 | struct xfrm_usersa_flush *p; |
| @@ -2301,6 +2422,10 @@ static inline size_t xfrm_sa_len(struct xfrm_state *x) | |||
| 2301 | l += nla_total_size(sizeof(*x->calg)); | 2422 | l += nla_total_size(sizeof(*x->calg)); |
| 2302 | if (x->encap) | 2423 | if (x->encap) |
| 2303 | l += nla_total_size(sizeof(*x->encap)); | 2424 | l += nla_total_size(sizeof(*x->encap)); |
| 2425 | if (x->tfcpad) | ||
| 2426 | l += nla_total_size(sizeof(x->tfcpad)); | ||
| 2427 | if (x->replay_esn) | ||
| 2428 | l += nla_total_size(xfrm_replay_state_esn_len(x->replay_esn)); | ||
| 2304 | if (x->security) | 2429 | if (x->security) |
| 2305 | l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) + | 2430 | l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) + |
| 2306 | x->security->ctx_len); | 2431 | x->security->ctx_len); |
| @@ -2313,7 +2438,7 @@ static inline size_t xfrm_sa_len(struct xfrm_state *x) | |||
| 2313 | return l; | 2438 | return l; |
| 2314 | } | 2439 | } |
| 2315 | 2440 | ||
| 2316 | static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) | 2441 | static int xfrm_notify_sa(struct xfrm_state *x, const struct km_event *c) |
| 2317 | { | 2442 | { |
| 2318 | struct net *net = xs_net(x); | 2443 | struct net *net = xs_net(x); |
| 2319 | struct xfrm_usersa_info *p; | 2444 | struct xfrm_usersa_info *p; |
| @@ -2370,7 +2495,7 @@ nla_put_failure: | |||
| 2370 | return -1; | 2495 | return -1; |
| 2371 | } | 2496 | } |
| 2372 | 2497 | ||
| 2373 | static int xfrm_send_state_notify(struct xfrm_state *x, struct km_event *c) | 2498 | static int xfrm_send_state_notify(struct xfrm_state *x, const struct km_event *c) |
| 2374 | { | 2499 | { |
| 2375 | 2500 | ||
| 2376 | switch (c->event) { | 2501 | switch (c->event) { |
| @@ -2529,7 +2654,7 @@ static inline size_t xfrm_polexpire_msgsize(struct xfrm_policy *xp) | |||
| 2529 | } | 2654 | } |
| 2530 | 2655 | ||
| 2531 | static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, | 2656 | static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, |
| 2532 | int dir, struct km_event *c) | 2657 | int dir, const struct km_event *c) |
| 2533 | { | 2658 | { |
| 2534 | struct xfrm_user_polexpire *upe; | 2659 | struct xfrm_user_polexpire *upe; |
| 2535 | struct nlmsghdr *nlh; | 2660 | struct nlmsghdr *nlh; |
| @@ -2559,7 +2684,7 @@ nlmsg_failure: | |||
| 2559 | return -EMSGSIZE; | 2684 | return -EMSGSIZE; |
| 2560 | } | 2685 | } |
| 2561 | 2686 | ||
| 2562 | static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) | 2687 | static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c) |
| 2563 | { | 2688 | { |
| 2564 | struct net *net = xp_net(xp); | 2689 | struct net *net = xp_net(xp); |
| 2565 | struct sk_buff *skb; | 2690 | struct sk_buff *skb; |
| @@ -2574,7 +2699,7 @@ static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_eve | |||
| 2574 | return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); | 2699 | return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); |
| 2575 | } | 2700 | } |
| 2576 | 2701 | ||
| 2577 | static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) | 2702 | static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c) |
| 2578 | { | 2703 | { |
| 2579 | struct net *net = xp_net(xp); | 2704 | struct net *net = xp_net(xp); |
| 2580 | struct xfrm_userpolicy_info *p; | 2705 | struct xfrm_userpolicy_info *p; |
| @@ -2639,7 +2764,7 @@ nlmsg_failure: | |||
| 2639 | return -1; | 2764 | return -1; |
| 2640 | } | 2765 | } |
| 2641 | 2766 | ||
| 2642 | static int xfrm_notify_policy_flush(struct km_event *c) | 2767 | static int xfrm_notify_policy_flush(const struct km_event *c) |
| 2643 | { | 2768 | { |
| 2644 | struct net *net = c->net; | 2769 | struct net *net = c->net; |
| 2645 | struct nlmsghdr *nlh; | 2770 | struct nlmsghdr *nlh; |
| @@ -2664,7 +2789,7 @@ nlmsg_failure: | |||
| 2664 | return -1; | 2789 | return -1; |
| 2665 | } | 2790 | } |
| 2666 | 2791 | ||
| 2667 | static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) | 2792 | static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c) |
| 2668 | { | 2793 | { |
| 2669 | 2794 | ||
| 2670 | switch (c->event) { | 2795 | switch (c->event) { |