diff options
| author | David S. Miller <davem@davemloft.net> | 2013-08-22 19:04:41 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-08-22 19:04:41 -0400 |
| commit | baf3b3f227e6d2c143a03f03dcbd50b55089eda4 (patch) | |
| tree | 3744aa127aa718733ab3712bd40dac62d207511e /net | |
| parent | 3bca8de22082f6c02a176dbb344e5234d9d5cc02 (diff) | |
| parent | e3fec5a1c5a1ab4a85ca3f4e41c626fb953ce162 (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
Steffen Klassert says:
====================
1) Some constifications, from Mathias Krause.
2) Catch bugs if a hold timer is still active when xfrm_policy_destroy()
is called, from Fan Du.
3) Remove a redundant address family checking, from Fan Du.
4) Make xfrm_state timer monotonic to be independent of system clock changes,
from Fan Du.
5) Remove an outdated comment on returning -EREMOTE in the xfrm_lookup(),
from Rami Rosen.
Please pull or let me know if there are problems.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/key/af_key.c | 14 | ||||
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 4 | ||||
| -rw-r--r-- | net/xfrm/xfrm_state.c | 15 |
3 files changed, 13 insertions, 20 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index ab8bd2cabfa0..9d585370c5b4 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
| @@ -45,7 +45,7 @@ struct netns_pfkey { | |||
| 45 | static DEFINE_MUTEX(pfkey_mutex); | 45 | static DEFINE_MUTEX(pfkey_mutex); |
| 46 | 46 | ||
| 47 | #define DUMMY_MARK 0 | 47 | #define DUMMY_MARK 0 |
| 48 | static struct xfrm_mark dummy_mark = {0, 0}; | 48 | static const struct xfrm_mark dummy_mark = {0, 0}; |
| 49 | struct pfkey_sock { | 49 | struct pfkey_sock { |
| 50 | /* struct sock must be the first member of struct pfkey_sock */ | 50 | /* struct sock must be the first member of struct pfkey_sock */ |
| 51 | struct sock sk; | 51 | struct sock sk; |
| @@ -338,7 +338,7 @@ static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk) | |||
| 338 | return 0; | 338 | return 0; |
| 339 | } | 339 | } |
| 340 | 340 | ||
| 341 | static u8 sadb_ext_min_len[] = { | 341 | static const u8 sadb_ext_min_len[] = { |
| 342 | [SADB_EXT_RESERVED] = (u8) 0, | 342 | [SADB_EXT_RESERVED] = (u8) 0, |
| 343 | [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa), | 343 | [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa), |
| 344 | [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime), | 344 | [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime), |
| @@ -1196,10 +1196,6 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, | |||
| 1196 | 1196 | ||
| 1197 | x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1], | 1197 | x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1], |
| 1198 | &x->props.saddr); | 1198 | &x->props.saddr); |
| 1199 | if (!x->props.family) { | ||
| 1200 | err = -EAFNOSUPPORT; | ||
| 1201 | goto out; | ||
| 1202 | } | ||
| 1203 | pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1], | 1199 | pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1], |
| 1204 | &x->id.daddr); | 1200 | &x->id.daddr); |
| 1205 | 1201 | ||
| @@ -2205,10 +2201,6 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_ | |||
| 2205 | 2201 | ||
| 2206 | sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1]; | 2202 | sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1]; |
| 2207 | xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr); | 2203 | xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr); |
| 2208 | if (!xp->family) { | ||
| 2209 | err = -EINVAL; | ||
| 2210 | goto out; | ||
| 2211 | } | ||
| 2212 | xp->selector.family = xp->family; | 2204 | xp->selector.family = xp->family; |
| 2213 | xp->selector.prefixlen_s = sa->sadb_address_prefixlen; | 2205 | xp->selector.prefixlen_s = sa->sadb_address_prefixlen; |
| 2214 | xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); | 2206 | xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); |
| @@ -2737,7 +2729,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sad | |||
| 2737 | 2729 | ||
| 2738 | typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb, | 2730 | typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb, |
| 2739 | const struct sadb_msg *hdr, void * const *ext_hdrs); | 2731 | const struct sadb_msg *hdr, void * const *ext_hdrs); |
| 2740 | static pfkey_handler pfkey_funcs[SADB_MAX + 1] = { | 2732 | static const pfkey_handler pfkey_funcs[SADB_MAX + 1] = { |
| 2741 | [SADB_RESERVED] = pfkey_reserved, | 2733 | [SADB_RESERVED] = pfkey_reserved, |
| 2742 | [SADB_GETSPI] = pfkey_getspi, | 2734 | [SADB_GETSPI] = pfkey_getspi, |
| 2743 | [SADB_UPDATE] = pfkey_add, | 2735 | [SADB_UPDATE] = pfkey_add, |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index d8da6b8c6ba8..ad8cc7bcf065 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -308,7 +308,7 @@ void xfrm_policy_destroy(struct xfrm_policy *policy) | |||
| 308 | { | 308 | { |
| 309 | BUG_ON(!policy->walk.dead); | 309 | BUG_ON(!policy->walk.dead); |
| 310 | 310 | ||
| 311 | if (del_timer(&policy->timer)) | 311 | if (del_timer(&policy->timer) || del_timer(&policy->polq.hold_timer)) |
| 312 | BUG(); | 312 | BUG(); |
| 313 | 313 | ||
| 314 | security_xfrm_policy_free(policy->security); | 314 | security_xfrm_policy_free(policy->security); |
| @@ -2132,8 +2132,6 @@ restart: | |||
| 2132 | * have the xfrm_state's. We need to wait for KM to | 2132 | * have the xfrm_state's. We need to wait for KM to |
| 2133 | * negotiate new SA's or bail out with error.*/ | 2133 | * negotiate new SA's or bail out with error.*/ |
| 2134 | if (net->xfrm.sysctl_larval_drop) { | 2134 | if (net->xfrm.sysctl_larval_drop) { |
| 2135 | /* EREMOTE tells the caller to generate | ||
| 2136 | * a one-shot blackhole route. */ | ||
| 2137 | dst_release(dst); | 2135 | dst_release(dst); |
| 2138 | xfrm_pols_put(pols, drop_pols); | 2136 | xfrm_pols_put(pols, drop_pols); |
| 2139 | XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES); | 2137 | XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES); |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 78f66fa92449..4f8ace855864 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
| @@ -499,7 +499,8 @@ struct xfrm_state *xfrm_state_alloc(struct net *net) | |||
| 499 | INIT_HLIST_NODE(&x->bydst); | 499 | INIT_HLIST_NODE(&x->bydst); |
| 500 | INIT_HLIST_NODE(&x->bysrc); | 500 | INIT_HLIST_NODE(&x->bysrc); |
| 501 | INIT_HLIST_NODE(&x->byspi); | 501 | INIT_HLIST_NODE(&x->byspi); |
| 502 | tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler, CLOCK_REALTIME, HRTIMER_MODE_ABS); | 502 | tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler, |
| 503 | CLOCK_BOOTTIME, HRTIMER_MODE_ABS); | ||
| 503 | setup_timer(&x->rtimer, xfrm_replay_timer_handler, | 504 | setup_timer(&x->rtimer, xfrm_replay_timer_handler, |
| 504 | (unsigned long)x); | 505 | (unsigned long)x); |
| 505 | x->curlft.add_time = get_seconds(); | 506 | x->curlft.add_time = get_seconds(); |
| @@ -990,11 +991,13 @@ void xfrm_state_insert(struct xfrm_state *x) | |||
| 990 | EXPORT_SYMBOL(xfrm_state_insert); | 991 | EXPORT_SYMBOL(xfrm_state_insert); |
| 991 | 992 | ||
| 992 | /* xfrm_state_lock is held */ | 993 | /* xfrm_state_lock is held */ |
| 993 | static struct xfrm_state *__find_acq_core(struct net *net, struct xfrm_mark *m, | 994 | static struct xfrm_state *__find_acq_core(struct net *net, |
| 995 | const struct xfrm_mark *m, | ||
| 994 | unsigned short family, u8 mode, | 996 | unsigned short family, u8 mode, |
| 995 | u32 reqid, u8 proto, | 997 | u32 reqid, u8 proto, |
| 996 | const xfrm_address_t *daddr, | 998 | const xfrm_address_t *daddr, |
| 997 | const xfrm_address_t *saddr, int create) | 999 | const xfrm_address_t *saddr, |
| 1000 | int create) | ||
| 998 | { | 1001 | { |
| 999 | unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family); | 1002 | unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family); |
| 1000 | struct xfrm_state *x; | 1003 | struct xfrm_state *x; |
| @@ -1399,9 +1402,9 @@ xfrm_state_lookup_byaddr(struct net *net, u32 mark, | |||
| 1399 | EXPORT_SYMBOL(xfrm_state_lookup_byaddr); | 1402 | EXPORT_SYMBOL(xfrm_state_lookup_byaddr); |
| 1400 | 1403 | ||
| 1401 | struct xfrm_state * | 1404 | struct xfrm_state * |
| 1402 | xfrm_find_acq(struct net *net, struct xfrm_mark *mark, u8 mode, u32 reqid, u8 proto, | 1405 | xfrm_find_acq(struct net *net, const struct xfrm_mark *mark, u8 mode, u32 reqid, |
| 1403 | const xfrm_address_t *daddr, const xfrm_address_t *saddr, | 1406 | u8 proto, const xfrm_address_t *daddr, |
| 1404 | int create, unsigned short family) | 1407 | const xfrm_address_t *saddr, int create, unsigned short family) |
| 1405 | { | 1408 | { |
| 1406 | struct xfrm_state *x; | 1409 | struct xfrm_state *x; |
| 1407 | 1410 | ||