aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2014-05-22 16:00:00 -0400
committerDavid S. Miller <davem@davemloft.net>2014-05-22 16:00:00 -0400
commit65db611a5cc17182b62c0edc4bf31cf272d58304 (patch)
tree51987fafb7ab0946369e0e4b4d713f2887b2d870 /net/xfrm
parentb3f7a7b48f429e52f3d3dc36d253627c2a73803b (diff)
parentfc68086ce888a10220c7c79a2a3b44cb85d4074c (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
Steffen Klassert says: ==================== pull request (net-next): ipsec-next 2014-05-22 This is the last ipsec pull request before I leave for a three weeks vacation tomorrow. David, can you please take urgent ipsec patches directly into net/net-next during this time? I'll continue to run the ipsec/ipsec-next trees as soon as I'm back. 1) Simplify the xfrm audit handling, from Tetsuo Handa. 2) Codingstyle cleanup for xfrm_output, from abian Frederick. Please pull or let me know if there are problems. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_output.c5
-rw-r--r--net/xfrm/xfrm_policy.c46
-rw-r--r--net/xfrm/xfrm_state.c37
-rw-r--r--net/xfrm/xfrm_user.c53
4 files changed, 36 insertions, 105 deletions
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 3bb2cdc13b46..c51e8f7b8653 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -199,6 +199,7 @@ int xfrm_output(struct sk_buff *skb)
199 199
200 return xfrm_output2(skb); 200 return xfrm_output2(skb);
201} 201}
202EXPORT_SYMBOL_GPL(xfrm_output);
202 203
203int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb) 204int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)
204{ 205{
@@ -213,6 +214,7 @@ int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)
213 return -EAFNOSUPPORT; 214 return -EAFNOSUPPORT;
214 return inner_mode->afinfo->extract_output(x, skb); 215 return inner_mode->afinfo->extract_output(x, skb);
215} 216}
217EXPORT_SYMBOL_GPL(xfrm_inner_extract_output);
216 218
217void xfrm_local_error(struct sk_buff *skb, int mtu) 219void xfrm_local_error(struct sk_buff *skb, int mtu)
218{ 220{
@@ -233,7 +235,4 @@ void xfrm_local_error(struct sk_buff *skb, int mtu)
233 afinfo->local_error(skb, mtu); 235 afinfo->local_error(skb, mtu);
234 xfrm_state_put_afinfo(afinfo); 236 xfrm_state_put_afinfo(afinfo);
235} 237}
236
237EXPORT_SYMBOL_GPL(xfrm_output);
238EXPORT_SYMBOL_GPL(xfrm_inner_extract_output);
239EXPORT_SYMBOL_GPL(xfrm_local_error); 238EXPORT_SYMBOL_GPL(xfrm_local_error);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index e63f242ae03e..a8ef5108e0d8 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -769,7 +769,7 @@ EXPORT_SYMBOL(xfrm_policy_byid);
769 769
770#ifdef CONFIG_SECURITY_NETWORK_XFRM 770#ifdef CONFIG_SECURITY_NETWORK_XFRM
771static inline int 771static inline int
772xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audit_info) 772xfrm_policy_flush_secctx_check(struct net *net, u8 type, bool task_valid)
773{ 773{
774 int dir, err = 0; 774 int dir, err = 0;
775 775
@@ -783,10 +783,7 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi
783 continue; 783 continue;
784 err = security_xfrm_policy_delete(pol->security); 784 err = security_xfrm_policy_delete(pol->security);
785 if (err) { 785 if (err) {
786 xfrm_audit_policy_delete(pol, 0, 786 xfrm_audit_policy_delete(pol, 0, task_valid);
787 audit_info->loginuid,
788 audit_info->sessionid,
789 audit_info->secid);
790 return err; 787 return err;
791 } 788 }
792 } 789 }
@@ -800,9 +797,7 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi
800 pol->security); 797 pol->security);
801 if (err) { 798 if (err) {
802 xfrm_audit_policy_delete(pol, 0, 799 xfrm_audit_policy_delete(pol, 0,
803 audit_info->loginuid, 800 task_valid);
804 audit_info->sessionid,
805 audit_info->secid);
806 return err; 801 return err;
807 } 802 }
808 } 803 }
@@ -812,19 +807,19 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi
812} 807}
813#else 808#else
814static inline int 809static inline int
815xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audit_info) 810xfrm_policy_flush_secctx_check(struct net *net, u8 type, bool task_valid)
816{ 811{
817 return 0; 812 return 0;
818} 813}
819#endif 814#endif
820 815
821int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) 816int xfrm_policy_flush(struct net *net, u8 type, bool task_valid)
822{ 817{
823 int dir, err = 0, cnt = 0; 818 int dir, err = 0, cnt = 0;
824 819
825 write_lock_bh(&net->xfrm.xfrm_policy_lock); 820 write_lock_bh(&net->xfrm.xfrm_policy_lock);
826 821
827 err = xfrm_policy_flush_secctx_check(net, type, audit_info); 822 err = xfrm_policy_flush_secctx_check(net, type, task_valid);
828 if (err) 823 if (err)
829 goto out; 824 goto out;
830 825
@@ -841,9 +836,7 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
841 write_unlock_bh(&net->xfrm.xfrm_policy_lock); 836 write_unlock_bh(&net->xfrm.xfrm_policy_lock);
842 cnt++; 837 cnt++;
843 838
844 xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, 839 xfrm_audit_policy_delete(pol, 1, task_valid);
845 audit_info->sessionid,
846 audit_info->secid);
847 840
848 xfrm_policy_kill(pol); 841 xfrm_policy_kill(pol);
849 842
@@ -862,10 +855,7 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
862 write_unlock_bh(&net->xfrm.xfrm_policy_lock); 855 write_unlock_bh(&net->xfrm.xfrm_policy_lock);
863 cnt++; 856 cnt++;
864 857
865 xfrm_audit_policy_delete(pol, 1, 858 xfrm_audit_policy_delete(pol, 1, task_valid);
866 audit_info->loginuid,
867 audit_info->sessionid,
868 audit_info->secid);
869 xfrm_policy_kill(pol); 859 xfrm_policy_kill(pol);
870 860
871 write_lock_bh(&net->xfrm.xfrm_policy_lock); 861 write_lock_bh(&net->xfrm.xfrm_policy_lock);
@@ -2860,21 +2850,14 @@ out_byidx:
2860 2850
2861static void xfrm_policy_fini(struct net *net) 2851static void xfrm_policy_fini(struct net *net)
2862{ 2852{
2863 struct xfrm_audit audit_info;
2864 unsigned int sz; 2853 unsigned int sz;
2865 int dir; 2854 int dir;
2866 2855
2867 flush_work(&net->xfrm.policy_hash_work); 2856 flush_work(&net->xfrm.policy_hash_work);
2868#ifdef CONFIG_XFRM_SUB_POLICY 2857#ifdef CONFIG_XFRM_SUB_POLICY
2869 audit_info.loginuid = INVALID_UID; 2858 xfrm_policy_flush(net, XFRM_POLICY_TYPE_SUB, false);
2870 audit_info.sessionid = (unsigned int)-1;
2871 audit_info.secid = 0;
2872 xfrm_policy_flush(net, XFRM_POLICY_TYPE_SUB, &audit_info);
2873#endif 2859#endif
2874 audit_info.loginuid = INVALID_UID; 2860 xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, false);
2875 audit_info.sessionid = (unsigned int)-1;
2876 audit_info.secid = 0;
2877 xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
2878 2861
2879 WARN_ON(!list_empty(&net->xfrm.policy_all)); 2862 WARN_ON(!list_empty(&net->xfrm.policy_all));
2880 2863
@@ -2989,15 +2972,14 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,
2989 } 2972 }
2990} 2973}
2991 2974
2992void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, 2975void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, bool task_valid)
2993 kuid_t auid, unsigned int sessionid, u32 secid)
2994{ 2976{
2995 struct audit_buffer *audit_buf; 2977 struct audit_buffer *audit_buf;
2996 2978
2997 audit_buf = xfrm_audit_start("SPD-add"); 2979 audit_buf = xfrm_audit_start("SPD-add");
2998 if (audit_buf == NULL) 2980 if (audit_buf == NULL)
2999 return; 2981 return;
3000 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); 2982 xfrm_audit_helper_usrinfo(task_valid, audit_buf);
3001 audit_log_format(audit_buf, " res=%u", result); 2983 audit_log_format(audit_buf, " res=%u", result);
3002 xfrm_audit_common_policyinfo(xp, audit_buf); 2984 xfrm_audit_common_policyinfo(xp, audit_buf);
3003 audit_log_end(audit_buf); 2985 audit_log_end(audit_buf);
@@ -3005,14 +2987,14 @@ void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
3005EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); 2987EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
3006 2988
3007void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, 2989void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
3008 kuid_t auid, unsigned int sessionid, u32 secid) 2990 bool task_valid)
3009{ 2991{
3010 struct audit_buffer *audit_buf; 2992 struct audit_buffer *audit_buf;
3011 2993
3012 audit_buf = xfrm_audit_start("SPD-delete"); 2994 audit_buf = xfrm_audit_start("SPD-delete");
3013 if (audit_buf == NULL) 2995 if (audit_buf == NULL)
3014 return; 2996 return;
3015 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); 2997 xfrm_audit_helper_usrinfo(task_valid, audit_buf);
3016 audit_log_format(audit_buf, " res=%u", result); 2998 audit_log_format(audit_buf, " res=%u", result);
3017 xfrm_audit_common_policyinfo(xp, audit_buf); 2999 xfrm_audit_common_policyinfo(xp, audit_buf);
3018 audit_log_end(audit_buf); 3000 audit_log_end(audit_buf);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 8e9c781a6bba..0ab54134bb40 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -463,9 +463,7 @@ expired:
463 if (!err) 463 if (!err)
464 km_state_expired(x, 1, 0); 464 km_state_expired(x, 1, 0);
465 465
466 xfrm_audit_state_delete(x, err ? 0 : 1, 466 xfrm_audit_state_delete(x, err ? 0 : 1, true);
467 audit_get_loginuid(current),
468 audit_get_sessionid(current), 0);
469 467
470out: 468out:
471 spin_unlock(&x->lock); 469 spin_unlock(&x->lock);
@@ -562,7 +560,7 @@ EXPORT_SYMBOL(xfrm_state_delete);
562 560
563#ifdef CONFIG_SECURITY_NETWORK_XFRM 561#ifdef CONFIG_SECURITY_NETWORK_XFRM
564static inline int 562static inline int
565xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info) 563xfrm_state_flush_secctx_check(struct net *net, u8 proto, bool task_valid)
566{ 564{
567 int i, err = 0; 565 int i, err = 0;
568 566
@@ -572,10 +570,7 @@ xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audi
572 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { 570 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
573 if (xfrm_id_proto_match(x->id.proto, proto) && 571 if (xfrm_id_proto_match(x->id.proto, proto) &&
574 (err = security_xfrm_state_delete(x)) != 0) { 572 (err = security_xfrm_state_delete(x)) != 0) {
575 xfrm_audit_state_delete(x, 0, 573 xfrm_audit_state_delete(x, 0, task_valid);
576 audit_info->loginuid,
577 audit_info->sessionid,
578 audit_info->secid);
579 return err; 574 return err;
580 } 575 }
581 } 576 }
@@ -585,18 +580,18 @@ xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audi
585} 580}
586#else 581#else
587static inline int 582static inline int
588xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info) 583xfrm_state_flush_secctx_check(struct net *net, u8 proto, bool task_valid)
589{ 584{
590 return 0; 585 return 0;
591} 586}
592#endif 587#endif
593 588
594int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info) 589int xfrm_state_flush(struct net *net, u8 proto, bool task_valid)
595{ 590{
596 int i, err = 0, cnt = 0; 591 int i, err = 0, cnt = 0;
597 592
598 spin_lock_bh(&net->xfrm.xfrm_state_lock); 593 spin_lock_bh(&net->xfrm.xfrm_state_lock);
599 err = xfrm_state_flush_secctx_check(net, proto, audit_info); 594 err = xfrm_state_flush_secctx_check(net, proto, task_valid);
600 if (err) 595 if (err)
601 goto out; 596 goto out;
602 597
@@ -612,9 +607,7 @@ restart:
612 607
613 err = xfrm_state_delete(x); 608 err = xfrm_state_delete(x);
614 xfrm_audit_state_delete(x, err ? 0 : 1, 609 xfrm_audit_state_delete(x, err ? 0 : 1,
615 audit_info->loginuid, 610 task_valid);
616 audit_info->sessionid,
617 audit_info->secid);
618 xfrm_state_put(x); 611 xfrm_state_put(x);
619 if (!err) 612 if (!err)
620 cnt++; 613 cnt++;
@@ -2128,14 +2121,10 @@ out_bydst:
2128 2121
2129void xfrm_state_fini(struct net *net) 2122void xfrm_state_fini(struct net *net)
2130{ 2123{
2131 struct xfrm_audit audit_info;
2132 unsigned int sz; 2124 unsigned int sz;
2133 2125
2134 flush_work(&net->xfrm.state_hash_work); 2126 flush_work(&net->xfrm.state_hash_work);
2135 audit_info.loginuid = INVALID_UID; 2127 xfrm_state_flush(net, IPSEC_PROTO_ANY, false);
2136 audit_info.sessionid = (unsigned int)-1;
2137 audit_info.secid = 0;
2138 xfrm_state_flush(net, IPSEC_PROTO_ANY, &audit_info);
2139 flush_work(&net->xfrm.state_gc_work); 2128 flush_work(&net->xfrm.state_gc_work);
2140 2129
2141 WARN_ON(!list_empty(&net->xfrm.state_all)); 2130 WARN_ON(!list_empty(&net->xfrm.state_all));
@@ -2198,30 +2187,28 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2198 } 2187 }
2199} 2188}
2200 2189
2201void xfrm_audit_state_add(struct xfrm_state *x, int result, 2190void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid)
2202 kuid_t auid, unsigned int sessionid, u32 secid)
2203{ 2191{
2204 struct audit_buffer *audit_buf; 2192 struct audit_buffer *audit_buf;
2205 2193
2206 audit_buf = xfrm_audit_start("SAD-add"); 2194 audit_buf = xfrm_audit_start("SAD-add");
2207 if (audit_buf == NULL) 2195 if (audit_buf == NULL)
2208 return; 2196 return;
2209 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); 2197 xfrm_audit_helper_usrinfo(task_valid, audit_buf);
2210 xfrm_audit_helper_sainfo(x, audit_buf); 2198 xfrm_audit_helper_sainfo(x, audit_buf);
2211 audit_log_format(audit_buf, " res=%u", result); 2199 audit_log_format(audit_buf, " res=%u", result);
2212 audit_log_end(audit_buf); 2200 audit_log_end(audit_buf);
2213} 2201}
2214EXPORT_SYMBOL_GPL(xfrm_audit_state_add); 2202EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2215 2203
2216void xfrm_audit_state_delete(struct xfrm_state *x, int result, 2204void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid)
2217 kuid_t auid, unsigned int sessionid, u32 secid)
2218{ 2205{
2219 struct audit_buffer *audit_buf; 2206 struct audit_buffer *audit_buf;
2220 2207
2221 audit_buf = xfrm_audit_start("SAD-delete"); 2208 audit_buf = xfrm_audit_start("SAD-delete");
2222 if (audit_buf == NULL) 2209 if (audit_buf == NULL)
2223 return; 2210 return;
2224 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); 2211 xfrm_audit_helper_usrinfo(task_valid, audit_buf);
2225 xfrm_audit_helper_sainfo(x, audit_buf); 2212 xfrm_audit_helper_sainfo(x, audit_buf);
2226 audit_log_format(audit_buf, " res=%u", result); 2213 audit_log_format(audit_buf, " res=%u", result);
2227 audit_log_end(audit_buf); 2214 audit_log_end(audit_buf);
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 51398ae6cda8..fd9a16a6d1de 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -597,9 +597,6 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
597 struct xfrm_state *x; 597 struct xfrm_state *x;
598 int err; 598 int err;
599 struct km_event c; 599 struct km_event c;
600 kuid_t loginuid = audit_get_loginuid(current);
601 unsigned int sessionid = audit_get_sessionid(current);
602 u32 sid;
603 600
604 err = verify_newsa_info(p, attrs); 601 err = verify_newsa_info(p, attrs);
605 if (err) 602 if (err)
@@ -615,8 +612,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
615 else 612 else
616 err = xfrm_state_update(x); 613 err = xfrm_state_update(x);
617 614
618 security_task_getsecid(current, &sid); 615 xfrm_audit_state_add(x, err ? 0 : 1, true);
619 xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid);
620 616
621 if (err < 0) { 617 if (err < 0) {
622 x->km.state = XFRM_STATE_DEAD; 618 x->km.state = XFRM_STATE_DEAD;
@@ -676,9 +672,6 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
676 int err = -ESRCH; 672 int err = -ESRCH;
677 struct km_event c; 673 struct km_event c;
678 struct xfrm_usersa_id *p = nlmsg_data(nlh); 674 struct xfrm_usersa_id *p = nlmsg_data(nlh);
679 kuid_t loginuid = audit_get_loginuid(current);
680 unsigned int sessionid = audit_get_sessionid(current);
681 u32 sid;
682 675
683 x = xfrm_user_state_lookup(net, p, attrs, &err); 676 x = xfrm_user_state_lookup(net, p, attrs, &err);
684 if (x == NULL) 677 if (x == NULL)
@@ -703,8 +696,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
703 km_state_notify(x, &c); 696 km_state_notify(x, &c);
704 697
705out: 698out:
706 security_task_getsecid(current, &sid); 699 xfrm_audit_state_delete(x, err ? 0 : 1, true);
707 xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid);
708 xfrm_state_put(x); 700 xfrm_state_put(x);
709 return err; 701 return err;
710} 702}
@@ -1414,9 +1406,6 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1414 struct km_event c; 1406 struct km_event c;
1415 int err; 1407 int err;
1416 int excl; 1408 int excl;
1417 kuid_t loginuid = audit_get_loginuid(current);
1418 unsigned int sessionid = audit_get_sessionid(current);
1419 u32 sid;
1420 1409
1421 err = verify_newpolicy_info(p); 1410 err = verify_newpolicy_info(p);
1422 if (err) 1411 if (err)
@@ -1435,8 +1424,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1435 * a type XFRM_MSG_UPDPOLICY - JHS */ 1424 * a type XFRM_MSG_UPDPOLICY - JHS */
1436 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1425 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
1437 err = xfrm_policy_insert(p->dir, xp, excl); 1426 err = xfrm_policy_insert(p->dir, xp, excl);
1438 security_task_getsecid(current, &sid); 1427 xfrm_audit_policy_add(xp, err ? 0 : 1, true);
1439 xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid);
1440 1428
1441 if (err) { 1429 if (err) {
1442 security_xfrm_policy_free(xp->security); 1430 security_xfrm_policy_free(xp->security);
@@ -1673,13 +1661,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1673 NETLINK_CB(skb).portid); 1661 NETLINK_CB(skb).portid);
1674 } 1662 }
1675 } else { 1663 } else {
1676 kuid_t loginuid = audit_get_loginuid(current); 1664 xfrm_audit_policy_delete(xp, err ? 0 : 1, true);
1677 unsigned int sessionid = audit_get_sessionid(current);
1678 u32 sid;
1679
1680 security_task_getsecid(current, &sid);
1681 xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid,
1682 sid);
1683 1665
1684 if (err != 0) 1666 if (err != 0)
1685 goto out; 1667 goto out;
@@ -1704,13 +1686,9 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
1704 struct net *net = sock_net(skb->sk); 1686 struct net *net = sock_net(skb->sk);
1705 struct km_event c; 1687 struct km_event c;
1706 struct xfrm_usersa_flush *p = nlmsg_data(nlh); 1688 struct xfrm_usersa_flush *p = nlmsg_data(nlh);
1707 struct xfrm_audit audit_info;
1708 int err; 1689 int err;
1709 1690
1710 audit_info.loginuid = audit_get_loginuid(current); 1691 err = xfrm_state_flush(net, p->proto, true);
1711 audit_info.sessionid = audit_get_sessionid(current);
1712 security_task_getsecid(current, &audit_info.secid);
1713 err = xfrm_state_flush(net, p->proto, &audit_info);
1714 if (err) { 1692 if (err) {
1715 if (err == -ESRCH) /* empty table */ 1693 if (err == -ESRCH) /* empty table */
1716 return 0; 1694 return 0;
@@ -1894,16 +1872,12 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1894 struct km_event c; 1872 struct km_event c;
1895 u8 type = XFRM_POLICY_TYPE_MAIN; 1873 u8 type = XFRM_POLICY_TYPE_MAIN;
1896 int err; 1874 int err;
1897 struct xfrm_audit audit_info;
1898 1875
1899 err = copy_from_user_policy_type(&type, attrs); 1876 err = copy_from_user_policy_type(&type, attrs);
1900 if (err) 1877 if (err)
1901 return err; 1878 return err;
1902 1879
1903 audit_info.loginuid = audit_get_loginuid(current); 1880 err = xfrm_policy_flush(net, type, true);
1904 audit_info.sessionid = audit_get_sessionid(current);
1905 security_task_getsecid(current, &audit_info.secid);
1906 err = xfrm_policy_flush(net, type, &audit_info);
1907 if (err) { 1881 if (err) {
1908 if (err == -ESRCH) /* empty table */ 1882 if (err == -ESRCH) /* empty table */
1909 return 0; 1883 return 0;
@@ -1969,14 +1943,8 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1969 1943
1970 err = 0; 1944 err = 0;
1971 if (up->hard) { 1945 if (up->hard) {
1972 kuid_t loginuid = audit_get_loginuid(current);
1973 unsigned int sessionid = audit_get_sessionid(current);
1974 u32 sid;
1975
1976 security_task_getsecid(current, &sid);
1977 xfrm_policy_delete(xp, p->dir); 1946 xfrm_policy_delete(xp, p->dir);
1978 xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid); 1947 xfrm_audit_policy_delete(xp, 1, true);
1979
1980 } else { 1948 } else {
1981 // reset the timers here? 1949 // reset the timers here?
1982 WARN(1, "Dont know what to do with soft policy expire\n"); 1950 WARN(1, "Dont know what to do with soft policy expire\n");
@@ -2012,13 +1980,8 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
2012 km_state_expired(x, ue->hard, nlh->nlmsg_pid); 1980 km_state_expired(x, ue->hard, nlh->nlmsg_pid);
2013 1981
2014 if (ue->hard) { 1982 if (ue->hard) {
2015 kuid_t loginuid = audit_get_loginuid(current);
2016 unsigned int sessionid = audit_get_sessionid(current);
2017 u32 sid;
2018
2019 security_task_getsecid(current, &sid);
2020 __xfrm_state_delete(x); 1983 __xfrm_state_delete(x);
2021 xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid); 1984 xfrm_audit_state_delete(x, 1, true);
2022 } 1985 }
2023 err = 0; 1986 err = 0;
2024out: 1987out:
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-24 22:28:36 -0500