diff options
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 695761ff1321..7736b23c3f03 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -1016,12 +1016,16 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struc | |||
| 1016 | sk->sk_family); | 1016 | sk->sk_family); |
| 1017 | int err = 0; | 1017 | int err = 0; |
| 1018 | 1018 | ||
| 1019 | if (match) | 1019 | if (match) { |
| 1020 | err = security_xfrm_policy_lookup(pol, fl->secid, policy_to_flow_dir(dir)); | 1020 | err = security_xfrm_policy_lookup(pol, fl->secid, |
| 1021 | 1021 | policy_to_flow_dir(dir)); | |
| 1022 | if (match && !err) | 1022 | if (!err) |
| 1023 | xfrm_pol_hold(pol); | 1023 | xfrm_pol_hold(pol); |
| 1024 | else | 1024 | else if (err == -ESRCH) |
| 1025 | pol = NULL; | ||
| 1026 | else | ||
| 1027 | pol = ERR_PTR(err); | ||
| 1028 | } else | ||
| 1025 | pol = NULL; | 1029 | pol = NULL; |
| 1026 | } | 1030 | } |
| 1027 | read_unlock_bh(&xfrm_policy_lock); | 1031 | read_unlock_bh(&xfrm_policy_lock); |
| @@ -1313,8 +1317,11 @@ restart: | |||
| 1313 | pol_dead = 0; | 1317 | pol_dead = 0; |
| 1314 | xfrm_nr = 0; | 1318 | xfrm_nr = 0; |
| 1315 | 1319 | ||
| 1316 | if (sk && sk->sk_policy[1]) | 1320 | if (sk && sk->sk_policy[1]) { |
| 1317 | policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl); | 1321 | policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl); |
| 1322 | if (IS_ERR(policy)) | ||
| 1323 | return PTR_ERR(policy); | ||
| 1324 | } | ||
| 1318 | 1325 | ||
| 1319 | if (!policy) { | 1326 | if (!policy) { |
| 1320 | /* To accelerate a bit... */ | 1327 | /* To accelerate a bit... */ |
| @@ -1607,8 +1614,11 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, | |||
| 1607 | } | 1614 | } |
| 1608 | 1615 | ||
| 1609 | pol = NULL; | 1616 | pol = NULL; |
| 1610 | if (sk && sk->sk_policy[dir]) | 1617 | if (sk && sk->sk_policy[dir]) { |
| 1611 | pol = xfrm_sk_policy_lookup(sk, dir, &fl); | 1618 | pol = xfrm_sk_policy_lookup(sk, dir, &fl); |
| 1619 | if (IS_ERR(pol)) | ||
| 1620 | return 0; | ||
| 1621 | } | ||
| 1612 | 1622 | ||
| 1613 | if (!pol) | 1623 | if (!pol) |
| 1614 | pol = flow_cache_lookup(&fl, family, fl_dir, | 1624 | pol = flow_cache_lookup(&fl, family, fl_dir, |