diff options
-rw-r--r-- | include/net/xfrm.h | 10 | ||||
-rw-r--r-- | net/key/af_key.c | 4 | ||||
-rw-r--r-- | net/xfrm/xfrm_policy.c | 5 | ||||
-rw-r--r-- | net/xfrm/xfrm_user.c | 4 |
4 files changed, 16 insertions, 7 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 0d4353c11093..1ab17565f01c 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -475,6 +475,9 @@ struct xfrm_policy_walk { | |||
475 | 475 | ||
476 | struct xfrm_policy | 476 | struct xfrm_policy |
477 | { | 477 | { |
478 | #ifdef CONFIG_NET_NS | ||
479 | struct net *xp_net; | ||
480 | #endif | ||
478 | struct hlist_node bydst; | 481 | struct hlist_node bydst; |
479 | struct hlist_node byidx; | 482 | struct hlist_node byidx; |
480 | 483 | ||
@@ -499,6 +502,11 @@ struct xfrm_policy | |||
499 | struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; | 502 | struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; |
500 | }; | 503 | }; |
501 | 504 | ||
505 | static inline struct net *xp_net(struct xfrm_policy *xp) | ||
506 | { | ||
507 | return read_pnet(&xp->xp_net); | ||
508 | } | ||
509 | |||
502 | struct xfrm_kmaddress { | 510 | struct xfrm_kmaddress { |
503 | xfrm_address_t local; | 511 | xfrm_address_t local; |
504 | xfrm_address_t remote; | 512 | xfrm_address_t remote; |
@@ -1425,7 +1433,7 @@ static inline int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb) | |||
1425 | } | 1433 | } |
1426 | #endif | 1434 | #endif |
1427 | 1435 | ||
1428 | struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp); | 1436 | struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp); |
1429 | 1437 | ||
1430 | extern void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type); | 1438 | extern void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type); |
1431 | extern int xfrm_policy_walk(struct xfrm_policy_walk *walk, | 1439 | extern int xfrm_policy_walk(struct xfrm_policy_walk *walk, |
diff --git a/net/key/af_key.c b/net/key/af_key.c index f202ba6c8dcb..036315d6b665 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
@@ -2174,7 +2174,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
2174 | if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) | 2174 | if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) |
2175 | return -EINVAL; | 2175 | return -EINVAL; |
2176 | 2176 | ||
2177 | xp = xfrm_policy_alloc(GFP_KERNEL); | 2177 | xp = xfrm_policy_alloc(&init_net, GFP_KERNEL); |
2178 | if (xp == NULL) | 2178 | if (xp == NULL) |
2179 | return -ENOBUFS; | 2179 | return -ENOBUFS; |
2180 | 2180 | ||
@@ -3141,7 +3141,7 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt, | |||
3141 | (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND)) | 3141 | (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND)) |
3142 | return NULL; | 3142 | return NULL; |
3143 | 3143 | ||
3144 | xp = xfrm_policy_alloc(GFP_ATOMIC); | 3144 | xp = xfrm_policy_alloc(&init_net, GFP_ATOMIC); |
3145 | if (xp == NULL) { | 3145 | if (xp == NULL) { |
3146 | *dir = -ENOBUFS; | 3146 | *dir = -ENOBUFS; |
3147 | return NULL; | 3147 | return NULL; |
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index cf2bf3aa7ab4..3eccefae2c8a 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -228,13 +228,14 @@ expired: | |||
228 | * SPD calls. | 228 | * SPD calls. |
229 | */ | 229 | */ |
230 | 230 | ||
231 | struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp) | 231 | struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp) |
232 | { | 232 | { |
233 | struct xfrm_policy *policy; | 233 | struct xfrm_policy *policy; |
234 | 234 | ||
235 | policy = kzalloc(sizeof(struct xfrm_policy), gfp); | 235 | policy = kzalloc(sizeof(struct xfrm_policy), gfp); |
236 | 236 | ||
237 | if (policy) { | 237 | if (policy) { |
238 | write_pnet(&policy->xp_net, net); | ||
238 | INIT_LIST_HEAD(&policy->walk.all); | 239 | INIT_LIST_HEAD(&policy->walk.all); |
239 | INIT_HLIST_NODE(&policy->bydst); | 240 | INIT_HLIST_NODE(&policy->bydst); |
240 | INIT_HLIST_NODE(&policy->byidx); | 241 | INIT_HLIST_NODE(&policy->byidx); |
@@ -1153,7 +1154,7 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol) | |||
1153 | 1154 | ||
1154 | static struct xfrm_policy *clone_policy(struct xfrm_policy *old, int dir) | 1155 | static struct xfrm_policy *clone_policy(struct xfrm_policy *old, int dir) |
1155 | { | 1156 | { |
1156 | struct xfrm_policy *newp = xfrm_policy_alloc(GFP_ATOMIC); | 1157 | struct xfrm_policy *newp = xfrm_policy_alloc(xp_net(old), GFP_ATOMIC); |
1157 | 1158 | ||
1158 | if (newp) { | 1159 | if (newp) { |
1159 | newp->selector = old->selector; | 1160 | newp->selector = old->selector; |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 65cdaa5c2280..765c01e784e9 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -1080,7 +1080,7 @@ static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_i | |||
1080 | 1080 | ||
1081 | static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) | 1081 | static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) |
1082 | { | 1082 | { |
1083 | struct xfrm_policy *xp = xfrm_policy_alloc(GFP_KERNEL); | 1083 | struct xfrm_policy *xp = xfrm_policy_alloc(&init_net, GFP_KERNEL); |
1084 | int err; | 1084 | int err; |
1085 | 1085 | ||
1086 | if (!xp) { | 1086 | if (!xp) { |
@@ -2291,7 +2291,7 @@ static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, | |||
2291 | if (p->dir > XFRM_POLICY_OUT) | 2291 | if (p->dir > XFRM_POLICY_OUT) |
2292 | return NULL; | 2292 | return NULL; |
2293 | 2293 | ||
2294 | xp = xfrm_policy_alloc(GFP_KERNEL); | 2294 | xp = xfrm_policy_alloc(&init_net, GFP_KERNEL); |
2295 | if (xp == NULL) { | 2295 | if (xp == NULL) { |
2296 | *dir = -ENOBUFS; | 2296 | *dir = -ENOBUFS; |
2297 | return NULL; | 2297 | return NULL; |