2 files changed, 22 insertions, 2 deletions

diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index f3ef4c38d315..3bc144a79fa5 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -504,6 +504,9 @@ done:
                 break;
         case IPV6_IPSEC_POLICY:
         case IPV6_XFRM_POLICY:
+                retv = -EPERM;
+                if (!capable(CAP_NET_ADMIN))
+                        break;
                 retv = xfrm_user_policy(sk, optname, optval, optlen);
                 break;
 
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index b788f55e139b..e553e5b80d6e 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -195,7 +195,6 @@ static struct ip_tunnel * ipip6_tunnel_locate(struct ip_tunnel_parm *parms, int
         dev_hold(dev);
 
         ipip6_tunnel_link(nt);
-        /* Do not decrement MOD_USE_COUNT here. */
         return nt;
 
 failed:
@@ -794,10 +793,28 @@ static struct net_protocol sit_protocol = {
         .err_handler    =       ipip6_err,
 };
 
+static void __exit sit_destroy_tunnels(void)
+{
+        int prio;
+
+        for (prio = 1; prio < 4; prio++) {
+                int h;
+                for (h = 0; h < HASH_SIZE; h++) {
+                        struct ip_tunnel *t;
+                        while ((t = tunnels[prio][h]) != NULL)
+                                unregister_netdevice(t->dev);
+                }
+        }
+}
+
 void __exit sit_cleanup(void)
 {
         inet_del_protocol(&sit_protocol, IPPROTO_IPV6);
-        unregister_netdev(ipip6_fb_tunnel_dev);
+
+        rtnl_lock();
+        sit_destroy_tunnels();
+        unregister_netdevice(ipip6_fb_tunnel_dev);
+        rtnl_unlock();
 }
 
 int __init sit_init(void)