Merge branch 'linux-2.6' into for-2.6.22

author: Paul Mackerras <paulus@samba.org> 2007-04-12 13:50:03 -0400
committer: Paul Mackerras <paulus@samba.org> 2007-04-12 13:50:03 -0400
commit: e049d1ca3094f3d1d94617f456a9961202f96e3a (patch)
tree: a30397ad22f2fbea268bd28fa69c60aad9dfa62a /net/xfrm
parent: edfac96a92b88d3b0b53e3f8231b74beee9ecd1d (diff)
parent: 80584ff3b99c36ead7e130e453b3a48b18072d18 (diff)
3 files changed, 35 insertions, 20 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 946b715db5ec..785c3e39f062 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -735,12 +735,14 @@ EXPORT_SYMBOL(xfrm_policy_insert);
 struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
                                          struct xfrm_selector *sel,
-                                          struct xfrm_sec_ctx *ctx, int delete)
+                                          struct xfrm_sec_ctx *ctx, int delete,
+                                          int *err)
 {
        struct xfrm_policy *pol, *ret;
        struct hlist_head *chain;
        struct hlist_node *entry;
+        *err = 0;
        write_lock_bh(&xfrm_policy_lock);
        chain = policy_hash_bysel(sel, sel->family, dir);
        ret = NULL;
@@ -750,6 +752,11 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
                    xfrm_sec_ctx_match(ctx, pol->security)) {
                        xfrm_pol_hold(pol);
                        if (delete) {
+                                *err = security_xfrm_policy_delete(pol);
+                                if (*err) {
+                                        write_unlock_bh(&xfrm_policy_lock);
+                                        return pol;
+                                }
                                hlist_del(&pol->bydst);
                                hlist_del(&pol->byidx);
                                xfrm_policy_count[dir]--;
@@ -768,12 +775,14 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
 }
 EXPORT_SYMBOL(xfrm_policy_bysel_ctx);
-struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete)
+struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete,
+                                     int *err)
 {
        struct xfrm_policy *pol, *ret;
        struct hlist_head *chain;
        struct hlist_node *entry;
+        *err = 0;
        write_lock_bh(&xfrm_policy_lock);
        chain = xfrm_policy_byidx + idx_hash(id);
        ret = NULL;
@@ -781,6 +790,11 @@ struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete)
                if (pol->type == type && pol->index == id) {
                        xfrm_pol_hold(pol);
                        if (delete) {
+                                *err = security_xfrm_policy_delete(pol);
+                                if (*err) {
+                                        write_unlock_bh(&xfrm_policy_lock);
+                                        return pol;
+                                }
                                hlist_del(&pol->bydst);
                                hlist_del(&pol->byidx);
                                xfrm_policy_count[dir]--;
@@ -2075,7 +2089,7 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
                                        sizeof(struct in6_addr));
                        }
                        audit_log_format(audit_buf,
-                                         " src=" NIP6_FMT "dst=" NIP6_FMT,
+                                         " src=" NIP6_FMT " dst=" NIP6_FMT,
                                         NIP6(saddr6), NIP6(daddr6));
                }
                break;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index a35f9e4ede26..e3a0bcfa5df1 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -704,7 +704,8 @@ static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 re
                    x->props.mode   != mode ||
                    x->props.family != family ||
                    x->km.state     != XFRM_STATE_ACQ ||
-                    x->id.spi       != 0)
+                    x->id.spi       != 0 ||
+                    x->id.proto     != proto)
                        continue;
                switch (family) {
@@ -801,7 +802,8 @@ int xfrm_state_add(struct xfrm_state *x)
        if (use_spi && x->km.seq) {
                x1 = __xfrm_find_acq_byseq(x->km.seq);
-                if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
+                if (x1 && ((x1->id.proto != x->id.proto) ||
+                    xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
                        xfrm_state_put(x1);
                        x1 = NULL;
                }
@@ -1369,7 +1371,8 @@ int xfrm_replay_check(struct xfrm_state *x, __be32 net_seq)
                return 0;
        diff = x->replay.seq - seq;
-        if (diff >= x->props.replay_window) {
+        if (diff >= min_t(unsigned int, x->props.replay_window,
+                          sizeof(x->replay.bitmap) * 8)) {
                x->stats.replay_window++;
                return -EINVAL;
        }
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 956cfe0ff7f8..e81e2fb3d429 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -530,9 +530,6 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
        err = xfrm_state_delete(x);
-        xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
-                       AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
        if (err < 0)
                goto out;
@@ -542,6 +539,8 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
        km_state_notify(x, &c);
 out:
+        xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
+                       AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
        xfrm_state_put(x);
        return err;
 }
@@ -1254,7 +1253,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
                return err;
        if (p->index)
-                xp = xfrm_policy_byid(type, p->dir, p->index, delete);
+                xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err);
        else {
                struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
                struct xfrm_policy tmp;
@@ -1270,7 +1269,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
                        if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
                                return err;
                }
-                xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete);
+                xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security,
+                                           delete, &err);
                security_xfrm_policy_free(&tmp);
        }
        if (xp == NULL)
@@ -1288,8 +1288,6 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
                                              MSG_DONTWAIT);
                }
        } else {
-                err = security_xfrm_policy_delete(xp);
                xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
                               AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
@@ -1303,9 +1301,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
                km_policy_notify(xp, p->dir, &c);
        }
-        xfrm_pol_put(xp);
 out:
+        xfrm_pol_put(xp);
        return err;
 }
@@ -1502,7 +1499,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
                return err;
        if (p->index)
-                xp = xfrm_policy_byid(type, p->dir, p->index, 0);
+                xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err);
        else {
                struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
                struct xfrm_policy tmp;
@@ -1518,13 +1515,14 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
                        if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
                                return err;
                }
-                xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 0);
+                xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security,
+                                           0, &err);
                security_xfrm_policy_free(&tmp);
        }
        if (xp == NULL)
-                return err;
+                return -ENOENT;
-                                                                                        read_lock(&xp->lock);
+        read_lock(&xp->lock);
        if (xp->dead) {
                read_unlock(&xp->lock);
                goto out;
@@ -2027,7 +2025,7 @@ nlmsg_failure:
        return -1;
 }
-static int inline xfrm_sa_len(struct xfrm_state *x)
+static inline int xfrm_sa_len(struct xfrm_state *x)
 {
        int l = 0;
        if (x->aalg)
author	Paul Mackerras <paulus@samba.org>	2007-04-12 13:50:03 -0400
committer	Paul Mackerras <paulus@samba.org>	2007-04-12 13:50:03 -0400
commit	e049d1ca3094f3d1d94617f456a9961202f96e3a (patch)
tree	a30397ad22f2fbea268bd28fa69c60aad9dfa62a /net/xfrm
parent	edfac96a92b88d3b0b53e3f8231b74beee9ecd1d (diff)
parent	80584ff3b99c36ead7e130e453b3a48b18072d18 (diff)