diff options
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/cipso_ipv4.c | 64 | ||||
| -rw-r--r-- | net/ipv4/devinet.c | 6 |
2 files changed, 22 insertions, 48 deletions
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index 86a2b52aad38..ab56a052ce31 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c | |||
| @@ -45,6 +45,7 @@ | |||
| 45 | #include <net/cipso_ipv4.h> | 45 | #include <net/cipso_ipv4.h> |
| 46 | #include <asm/atomic.h> | 46 | #include <asm/atomic.h> |
| 47 | #include <asm/bug.h> | 47 | #include <asm/bug.h> |
| 48 | #include <asm/unaligned.h> | ||
| 48 | 49 | ||
| 49 | struct cipso_v4_domhsh_entry { | 50 | struct cipso_v4_domhsh_entry { |
| 50 | char *domain; | 51 | char *domain; |
| @@ -1000,7 +1001,7 @@ static int cipso_v4_map_cat_enum_valid(const struct cipso_v4_doi *doi_def, | |||
| 1000 | return -EFAULT; | 1001 | return -EFAULT; |
| 1001 | 1002 | ||
| 1002 | for (iter = 0; iter < enumcat_len; iter += 2) { | 1003 | for (iter = 0; iter < enumcat_len; iter += 2) { |
| 1003 | cat = ntohs(*((__be16 *)&enumcat[iter])); | 1004 | cat = ntohs(get_unaligned((__be16 *)&enumcat[iter])); |
| 1004 | if (cat <= cat_prev) | 1005 | if (cat <= cat_prev) |
| 1005 | return -EFAULT; | 1006 | return -EFAULT; |
| 1006 | cat_prev = cat; | 1007 | cat_prev = cat; |
| @@ -1068,8 +1069,8 @@ static int cipso_v4_map_cat_enum_ntoh(const struct cipso_v4_doi *doi_def, | |||
| 1068 | 1069 | ||
| 1069 | for (iter = 0; iter < net_cat_len; iter += 2) { | 1070 | for (iter = 0; iter < net_cat_len; iter += 2) { |
| 1070 | ret_val = netlbl_secattr_catmap_setbit(secattr->mls_cat, | 1071 | ret_val = netlbl_secattr_catmap_setbit(secattr->mls_cat, |
| 1071 | ntohs(*((__be16 *)&net_cat[iter])), | 1072 | ntohs(get_unaligned((__be16 *)&net_cat[iter])), |
| 1072 | GFP_ATOMIC); | 1073 | GFP_ATOMIC); |
| 1073 | if (ret_val != 0) | 1074 | if (ret_val != 0) |
| 1074 | return ret_val; | 1075 | return ret_val; |
| 1075 | } | 1076 | } |
| @@ -1102,9 +1103,10 @@ static int cipso_v4_map_cat_rng_valid(const struct cipso_v4_doi *doi_def, | |||
| 1102 | return -EFAULT; | 1103 | return -EFAULT; |
| 1103 | 1104 | ||
| 1104 | for (iter = 0; iter < rngcat_len; iter += 4) { | 1105 | for (iter = 0; iter < rngcat_len; iter += 4) { |
| 1105 | cat_high = ntohs(*((__be16 *)&rngcat[iter])); | 1106 | cat_high = ntohs(get_unaligned((__be16 *)&rngcat[iter])); |
| 1106 | if ((iter + 4) <= rngcat_len) | 1107 | if ((iter + 4) <= rngcat_len) |
| 1107 | cat_low = ntohs(*((__be16 *)&rngcat[iter + 2])); | 1108 | cat_low = ntohs( |
| 1109 | get_unaligned((__be16 *)&rngcat[iter + 2])); | ||
| 1108 | else | 1110 | else |
| 1109 | cat_low = 0; | 1111 | cat_low = 0; |
| 1110 | 1112 | ||
| @@ -1201,9 +1203,10 @@ static int cipso_v4_map_cat_rng_ntoh(const struct cipso_v4_doi *doi_def, | |||
| 1201 | u16 cat_high; | 1203 | u16 cat_high; |
| 1202 | 1204 | ||
| 1203 | for (net_iter = 0; net_iter < net_cat_len; net_iter += 4) { | 1205 | for (net_iter = 0; net_iter < net_cat_len; net_iter += 4) { |
| 1204 | cat_high = ntohs(*((__be16 *)&net_cat[net_iter])); | 1206 | cat_high = ntohs(get_unaligned((__be16 *)&net_cat[net_iter])); |
| 1205 | if ((net_iter + 4) <= net_cat_len) | 1207 | if ((net_iter + 4) <= net_cat_len) |
| 1206 | cat_low = ntohs(*((__be16 *)&net_cat[net_iter + 2])); | 1208 | cat_low = ntohs( |
| 1209 | get_unaligned((__be16 *)&net_cat[net_iter + 2])); | ||
| 1207 | else | 1210 | else |
| 1208 | cat_low = 0; | 1211 | cat_low = 0; |
| 1209 | 1212 | ||
| @@ -1565,7 +1568,7 @@ int cipso_v4_validate(unsigned char **option) | |||
| 1565 | } | 1568 | } |
| 1566 | 1569 | ||
| 1567 | rcu_read_lock(); | 1570 | rcu_read_lock(); |
| 1568 | doi_def = cipso_v4_doi_search(ntohl(*((__be32 *)&opt[2]))); | 1571 | doi_def = cipso_v4_doi_search(ntohl(get_unaligned((__be32 *)&opt[2]))); |
| 1569 | if (doi_def == NULL) { | 1572 | if (doi_def == NULL) { |
| 1570 | err_offset = 2; | 1573 | err_offset = 2; |
| 1571 | goto validate_return_locked; | 1574 | goto validate_return_locked; |
| @@ -1709,22 +1712,22 @@ void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway) | |||
| 1709 | } | 1712 | } |
| 1710 | 1713 | ||
| 1711 | /** | 1714 | /** |
| 1712 | * cipso_v4_socket_setattr - Add a CIPSO option to a socket | 1715 | * cipso_v4_sock_setattr - Add a CIPSO option to a socket |
| 1713 | * @sock: the socket | 1716 | * @sk: the socket |
| 1714 | * @doi_def: the CIPSO DOI to use | 1717 | * @doi_def: the CIPSO DOI to use |
| 1715 | * @secattr: the specific security attributes of the socket | 1718 | * @secattr: the specific security attributes of the socket |
| 1716 | * | 1719 | * |
| 1717 | * Description: | 1720 | * Description: |
| 1718 | * Set the CIPSO option on the given socket using the DOI definition and | 1721 | * Set the CIPSO option on the given socket using the DOI definition and |
| 1719 | * security attributes passed to the function. This function requires | 1722 | * security attributes passed to the function. This function requires |
| 1720 | * exclusive access to @sock->sk, which means it either needs to be in the | 1723 | * exclusive access to @sk, which means it either needs to be in the |
| 1721 | * process of being created or locked via lock_sock(sock->sk). Returns zero on | 1724 | * process of being created or locked. Returns zero on success and negative |
| 1722 | * success and negative values on failure. | 1725 | * values on failure. |
| 1723 | * | 1726 | * |
| 1724 | */ | 1727 | */ |
| 1725 | int cipso_v4_socket_setattr(const struct socket *sock, | 1728 | int cipso_v4_sock_setattr(struct sock *sk, |
| 1726 | const struct cipso_v4_doi *doi_def, | 1729 | const struct cipso_v4_doi *doi_def, |
| 1727 | const struct netlbl_lsm_secattr *secattr) | 1730 | const struct netlbl_lsm_secattr *secattr) |
| 1728 | { | 1731 | { |
| 1729 | int ret_val = -EPERM; | 1732 | int ret_val = -EPERM; |
| 1730 | u32 iter; | 1733 | u32 iter; |
| @@ -1732,7 +1735,6 @@ int cipso_v4_socket_setattr(const struct socket *sock, | |||
| 1732 | u32 buf_len = 0; | 1735 | u32 buf_len = 0; |
| 1733 | u32 opt_len; | 1736 | u32 opt_len; |
| 1734 | struct ip_options *opt = NULL; | 1737 | struct ip_options *opt = NULL; |
| 1735 | struct sock *sk; | ||
| 1736 | struct inet_sock *sk_inet; | 1738 | struct inet_sock *sk_inet; |
| 1737 | struct inet_connection_sock *sk_conn; | 1739 | struct inet_connection_sock *sk_conn; |
| 1738 | 1740 | ||
| @@ -1740,7 +1742,6 @@ int cipso_v4_socket_setattr(const struct socket *sock, | |||
| 1740 | * defined yet but it is not a problem as the only users of these | 1742 | * defined yet but it is not a problem as the only users of these |
| 1741 | * "lite" PF_INET sockets are functions which do an accept() call | 1743 | * "lite" PF_INET sockets are functions which do an accept() call |
| 1742 | * afterwards so we will label the socket as part of the accept(). */ | 1744 | * afterwards so we will label the socket as part of the accept(). */ |
| 1743 | sk = sock->sk; | ||
| 1744 | if (sk == NULL) | 1745 | if (sk == NULL) |
| 1745 | return 0; | 1746 | return 0; |
| 1746 | 1747 | ||
| @@ -1858,7 +1859,7 @@ int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr) | |||
| 1858 | if (ret_val == 0) | 1859 | if (ret_val == 0) |
| 1859 | return ret_val; | 1860 | return ret_val; |
| 1860 | 1861 | ||
| 1861 | doi = ntohl(*(__be32 *)&cipso_ptr[2]); | 1862 | doi = ntohl(get_unaligned((__be32 *)&cipso_ptr[2])); |
| 1862 | rcu_read_lock(); | 1863 | rcu_read_lock(); |
| 1863 | doi_def = cipso_v4_doi_search(doi); | 1864 | doi_def = cipso_v4_doi_search(doi); |
| 1864 | if (doi_def == NULL) { | 1865 | if (doi_def == NULL) { |
| @@ -1892,29 +1893,6 @@ int cipso_v4_sock_getattr(struct sock *sk, struct netlbl_lsm_secattr *secattr) | |||
| 1892 | } | 1893 | } |
| 1893 | 1894 | ||
| 1894 | /** | 1895 | /** |
| 1895 | * cipso_v4_socket_getattr - Get the security attributes from a socket | ||
| 1896 | * @sock: the socket | ||
| 1897 | * @secattr: the security attributes | ||
| 1898 | * | ||
| 1899 | * Description: | ||
| 1900 | * Query @sock to see if there is a CIPSO option attached to the socket and if | ||
| 1901 | * there is return the CIPSO security attributes in @secattr. Returns zero on | ||
| 1902 | * success and negative values on failure. | ||
| 1903 | * | ||
| 1904 | */ | ||
| 1905 | int cipso_v4_socket_getattr(const struct socket *sock, | ||
| 1906 | struct netlbl_lsm_secattr *secattr) | ||
| 1907 | { | ||
| 1908 | int ret_val; | ||
| 1909 | |||
| 1910 | lock_sock(sock->sk); | ||
| 1911 | ret_val = cipso_v4_sock_getattr(sock->sk, secattr); | ||
| 1912 | release_sock(sock->sk); | ||
| 1913 | |||
| 1914 | return ret_val; | ||
| 1915 | } | ||
| 1916 | |||
| 1917 | /** | ||
| 1918 | * cipso_v4_skbuff_getattr - Get the security attributes from the CIPSO option | 1896 | * cipso_v4_skbuff_getattr - Get the security attributes from the CIPSO option |
| 1919 | * @skb: the packet | 1897 | * @skb: the packet |
| 1920 | * @secattr: the security attributes | 1898 | * @secattr: the security attributes |
| @@ -1936,7 +1914,7 @@ int cipso_v4_skbuff_getattr(const struct sk_buff *skb, | |||
| 1936 | if (cipso_v4_cache_check(cipso_ptr, cipso_ptr[1], secattr) == 0) | 1914 | if (cipso_v4_cache_check(cipso_ptr, cipso_ptr[1], secattr) == 0) |
| 1937 | return 0; | 1915 | return 0; |
| 1938 | 1916 | ||
| 1939 | doi = ntohl(*(__be32 *)&cipso_ptr[2]); | 1917 | doi = ntohl(get_unaligned((__be32 *)&cipso_ptr[2])); |
| 1940 | rcu_read_lock(); | 1918 | rcu_read_lock(); |
| 1941 | doi_def = cipso_v4_doi_search(doi); | 1919 | doi_def = cipso_v4_doi_search(doi); |
| 1942 | if (doi_def == NULL) | 1920 | if (doi_def == NULL) |
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index fa97b96a3d89..abf6352f990f 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c | |||
| @@ -327,12 +327,8 @@ static void __inet_del_ifa(struct in_device *in_dev, struct in_ifaddr **ifap, | |||
| 327 | } | 327 | } |
| 328 | 328 | ||
| 329 | } | 329 | } |
| 330 | if (destroy) { | 330 | if (destroy) |
| 331 | inet_free_ifa(ifa1); | 331 | inet_free_ifa(ifa1); |
| 332 | |||
| 333 | if (!in_dev->ifa_list) | ||
| 334 | inetdev_destroy(in_dev); | ||
| 335 | } | ||
| 336 | } | 332 | } |
| 337 | 333 | ||
| 338 | static void inet_del_ifa(struct in_device *in_dev, struct in_ifaddr **ifap, | 334 | static void inet_del_ifa(struct in_device *in_dev, struct in_ifaddr **ifap, |