3 files changed, 43 insertions, 7 deletions

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 30a940b147b0..d409c9d5e293 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -218,6 +218,9 @@ extern void km_state_notify(struct xfrm_state *x, struct km_event *c);
 
 struct xfrm_tmpl;
 extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
+extern void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
+extern int __xfrm_state_delete(struct xfrm_state *x);
+
 struct xfrm_state_afinfo {
         unsigned short          family;
         rwlock_t                lock;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index a613b5c7d409..7784adbb3362 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -52,13 +52,13 @@ static DEFINE_SPINLOCK(xfrm_state_gc_lock);
 
 static int xfrm_state_gc_flush_bundles;
 
-static int __xfrm_state_delete(struct xfrm_state *x);
+int __xfrm_state_delete(struct xfrm_state *x);
 
 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
 
 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
-static void km_state_expired(struct xfrm_state *x, int hard);
+void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
 
 static void xfrm_state_gc_destroy(struct xfrm_state *x)
 {
@@ -157,7 +157,7 @@ static void xfrm_timer_handler(unsigned long data)
 
         x->km.dying = warn;
         if (warn)
-                km_state_expired(x, 0);
+                km_state_expired(x, 0, 0);
 resched:
         if (next != LONG_MAX &&
             !mod_timer(&x->timer, jiffies + make_jiffies(next)))
@@ -172,7 +172,7 @@ expired:
                 goto resched;
         }
         if (!__xfrm_state_delete(x) && x->id.spi)
-                km_state_expired(x, 1);
+                km_state_expired(x, 1, 0);
 
 out:
         spin_unlock(&x->lock);
@@ -221,7 +221,7 @@ void __xfrm_state_destroy(struct xfrm_state *x)
 }
 EXPORT_SYMBOL(__xfrm_state_destroy);
 
-static int __xfrm_state_delete(struct xfrm_state *x)
+int __xfrm_state_delete(struct xfrm_state *x)
 {
         int err = -ESRCH;
 
@@ -260,6 +260,7 @@ static int __xfrm_state_delete(struct xfrm_state *x)
 
         return err;
 }
+EXPORT_SYMBOL(__xfrm_state_delete);
 
 int xfrm_state_delete(struct xfrm_state *x)
 {
@@ -595,7 +596,7 @@ int xfrm_state_check_expire(struct xfrm_state *x)
             (x->curlft.bytes >= x->lft.soft_byte_limit ||
              x->curlft.packets >= x->lft.soft_packet_limit)) {
                 x->km.dying = 1;
-                km_state_expired(x, 0);
+                km_state_expired(x, 0, 0);
         }
         return 0;
 }
@@ -909,11 +910,12 @@ void km_state_notify(struct xfrm_state *x, struct km_event *c)
 EXPORT_SYMBOL(km_policy_notify);
 EXPORT_SYMBOL(km_state_notify);
 
-void km_state_expired(struct xfrm_state *x, int hard)
+void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
 {
         struct km_event c;
 
         c.data.hard = hard;
+        c.pid = pid;
         c.event = XFRM_MSG_EXPIRE;
         km_state_notify(x, &c);
 
@@ -921,6 +923,7 @@ void km_state_expired(struct xfrm_state *x, int hard)
                 wake_up(&km_waitq);
 }
 
+EXPORT_SYMBOL(km_state_expired);
 /*
  * We send to all registered managers regardless of failure
  * We are happy with one success
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index d6e6527fd8d7..2dc1e69b2cb7 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1232,6 +1232,34 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **x
         return 0;
 }
 
+static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
+{
+        struct xfrm_state *x;
+        int err;
+        struct xfrm_user_expire *ue = NLMSG_DATA(nlh);
+        struct xfrm_usersa_info *p = &ue->state;
+
+        x = xfrm_state_lookup(&p->id.daddr, p->id.spi, p->id.proto, p->family);
+                err = -ENOENT;
+
+        if (x == NULL)
+                return err;
+
+        err = -EINVAL;
+
+        spin_lock_bh(&x->lock);
+        if (x->km.state != XFRM_STATE_VALID)
+                goto out;
+        km_state_expired(x, ue->hard, current->pid);
+
+        if (ue->hard)
+                __xfrm_state_delete(x);
+out:
+        spin_unlock_bh(&x->lock);
+        xfrm_state_put(x);
+        return err;
+}
+
 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
 {
         struct xfrm_policy *xp;
@@ -1296,6 +1324,7 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
         [XFRM_MSG_GETPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
         [XFRM_MSG_ALLOCSPI    - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info),
         [XFRM_MSG_ACQUIRE     - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire),
+        [XFRM_MSG_EXPIRE      - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire),
         [XFRM_MSG_UPDPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info),
         [XFRM_MSG_UPDSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info),
         [XFRM_MSG_FLUSHSA     - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush),
@@ -1320,6 +1349,7 @@ static struct xfrm_link {
                                                    .dump = xfrm_dump_policy   },
         [XFRM_MSG_ALLOCSPI    - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi },
         [XFRM_MSG_ACQUIRE     - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire   },
+        [XFRM_MSG_EXPIRE      - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire },
         [XFRM_MSG_UPDPOLICY   - XFRM_MSG_BASE] = { .doit = xfrm_add_policy    },
         [XFRM_MSG_UPDSA       - XFRM_MSG_BASE] = { .doit = xfrm_add_sa        },
         [XFRM_MSG_FLUSHSA     - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa      },