[IPSEC]: Move common code into xfrm_alloc_spi

This patch moves some common code that conceptually belongs to the xfrm core
from af_key/xfrm_user into xfrm_alloc_spi.

In particular, the spin lock on the state is now taken inside xfrm_alloc_spi.
Previously it also protected the construction of the response PF_KEY/XFRM
messages to user-space.  This is inconsistent as other identical constructions
are not protected by the state lock.  This is bad because they in fact should
be protected but only in certain spots (so as not to hold the lock for too
long which may cause packet drops).

The SPI byte order conversion has also been moved.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 4 insertions, 9 deletions

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 8e10e9098a83..52c7fce54641 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -784,16 +784,11 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
         if (x == NULL)
                 goto out_noput;
 
-        resp_skb = ERR_PTR(-ENOENT);
-
-        spin_lock_bh(&x->lock);
-        if (x->km.state != XFRM_STATE_DEAD) {
-                xfrm_alloc_spi(x, htonl(p->min), htonl(p->max));
-                if (x->id.spi)
-                        resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq);
-        }
-        spin_unlock_bh(&x->lock);
+        err = xfrm_alloc_spi(x, p->min, p->max);
+        if (err)
+                goto out;
 
+        resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq);
         if (IS_ERR(resp_skb)) {
                 err = PTR_ERR(resp_skb);
                 goto out;