aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/net/xfrm.h10
-rw-r--r--net/key/af_key.c4
-rw-r--r--net/xfrm/xfrm_policy.c5
-rw-r--r--net/xfrm/xfrm_user.c4
4 files changed, 16 insertions, 7 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 0d4353c11093..1ab17565f01c 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -475,6 +475,9 @@ struct xfrm_policy_walk {
475 475
476struct xfrm_policy 476struct xfrm_policy
477{ 477{
478#ifdef CONFIG_NET_NS
479 struct net *xp_net;
480#endif
478 struct hlist_node bydst; 481 struct hlist_node bydst;
479 struct hlist_node byidx; 482 struct hlist_node byidx;
480 483
@@ -499,6 +502,11 @@ struct xfrm_policy
499 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH]; 502 struct xfrm_tmpl xfrm_vec[XFRM_MAX_DEPTH];
500}; 503};
501 504
505static inline struct net *xp_net(struct xfrm_policy *xp)
506{
507 return read_pnet(&xp->xp_net);
508}
509
502struct xfrm_kmaddress { 510struct xfrm_kmaddress {
503 xfrm_address_t local; 511 xfrm_address_t local;
504 xfrm_address_t remote; 512 xfrm_address_t remote;
@@ -1425,7 +1433,7 @@ static inline int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb)
1425} 1433}
1426#endif 1434#endif
1427 1435
1428struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp); 1436struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp);
1429 1437
1430extern void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type); 1438extern void xfrm_policy_walk_init(struct xfrm_policy_walk *walk, u8 type);
1431extern int xfrm_policy_walk(struct xfrm_policy_walk *walk, 1439extern int xfrm_policy_walk(struct xfrm_policy_walk *walk,
diff --git a/net/key/af_key.c b/net/key/af_key.c
index f202ba6c8dcb..036315d6b665 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2174,7 +2174,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2174 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX) 2174 if (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir >= IPSEC_DIR_MAX)
2175 return -EINVAL; 2175 return -EINVAL;
2176 2176
2177 xp = xfrm_policy_alloc(GFP_KERNEL); 2177 xp = xfrm_policy_alloc(&init_net, GFP_KERNEL);
2178 if (xp == NULL) 2178 if (xp == NULL)
2179 return -ENOBUFS; 2179 return -ENOBUFS;
2180 2180
@@ -3141,7 +3141,7 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
3141 (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND)) 3141 (!pol->sadb_x_policy_dir || pol->sadb_x_policy_dir > IPSEC_DIR_OUTBOUND))
3142 return NULL; 3142 return NULL;
3143 3143
3144 xp = xfrm_policy_alloc(GFP_ATOMIC); 3144 xp = xfrm_policy_alloc(&init_net, GFP_ATOMIC);
3145 if (xp == NULL) { 3145 if (xp == NULL) {
3146 *dir = -ENOBUFS; 3146 *dir = -ENOBUFS;
3147 return NULL; 3147 return NULL;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index cf2bf3aa7ab4..3eccefae2c8a 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -228,13 +228,14 @@ expired:
228 * SPD calls. 228 * SPD calls.
229 */ 229 */
230 230
231struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp) 231struct xfrm_policy *xfrm_policy_alloc(struct net *net, gfp_t gfp)
232{ 232{
233 struct xfrm_policy *policy; 233 struct xfrm_policy *policy;
234 234
235 policy = kzalloc(sizeof(struct xfrm_policy), gfp); 235 policy = kzalloc(sizeof(struct xfrm_policy), gfp);
236 236
237 if (policy) { 237 if (policy) {
238 write_pnet(&policy->xp_net, net);
238 INIT_LIST_HEAD(&policy->walk.all); 239 INIT_LIST_HEAD(&policy->walk.all);
239 INIT_HLIST_NODE(&policy->bydst); 240 INIT_HLIST_NODE(&policy->bydst);
240 INIT_HLIST_NODE(&policy->byidx); 241 INIT_HLIST_NODE(&policy->byidx);
@@ -1153,7 +1154,7 @@ int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol)
1153 1154
1154static struct xfrm_policy *clone_policy(struct xfrm_policy *old, int dir) 1155static struct xfrm_policy *clone_policy(struct xfrm_policy *old, int dir)
1155{ 1156{
1156 struct xfrm_policy *newp = xfrm_policy_alloc(GFP_ATOMIC); 1157 struct xfrm_policy *newp = xfrm_policy_alloc(xp_net(old), GFP_ATOMIC);
1157 1158
1158 if (newp) { 1159 if (newp) {
1159 newp->selector = old->selector; 1160 newp->selector = old->selector;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 65cdaa5c2280..765c01e784e9 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1080,7 +1080,7 @@ static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_i
1080 1080
1081static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) 1081static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp)
1082{ 1082{
1083 struct xfrm_policy *xp = xfrm_policy_alloc(GFP_KERNEL); 1083 struct xfrm_policy *xp = xfrm_policy_alloc(&init_net, GFP_KERNEL);
1084 int err; 1084 int err;
1085 1085
1086 if (!xp) { 1086 if (!xp) {
@@ -2291,7 +2291,7 @@ static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt,
2291 if (p->dir > XFRM_POLICY_OUT) 2291 if (p->dir > XFRM_POLICY_OUT)
2292 return NULL; 2292 return NULL;
2293 2293
2294 xp = xfrm_policy_alloc(GFP_KERNEL); 2294 xp = xfrm_policy_alloc(&init_net, GFP_KERNEL);
2295 if (xp == NULL) { 2295 if (xp == NULL) {
2296 *dir = -ENOBUFS; 2296 *dir = -ENOBUFS;
2297 return NULL; 2297 return NULL;