1 files changed, 87 insertions, 128 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 4e98193dfa0f..ba9a3fcc2fed 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -26,6 +26,7 @@
 #include <linux/in6.h>
 #include <linux/proc_fs.h>
 #include <linux/init.h>
+#include <linux/slab.h>
 #include <net/net_namespace.h>
 #include <net/netns/generic.h>
 #include <net/xfrm.h>
@@ -35,16 +36,16 @@
 #define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x))
 #define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x))
-static int pfkey_net_id;
+static int pfkey_net_id __read_mostly;
 struct netns_pfkey {
        /* List of all pfkey sockets. */
        struct hlist_head table;
        atomic_t socks_nr;
 };
-static DECLARE_WAIT_QUEUE_HEAD(pfkey_table_wait);
+static DEFINE_MUTEX(pfkey_mutex);
-static DEFINE_RWLOCK(pfkey_table_lock);
-static atomic_t pfkey_table_users = ATOMIC_INIT(0);
+#define DUMMY_MARK 0
+static struct xfrm_mark dummy_mark = {0, 0};
 struct pfkey_sock {
        /* struct sock must be the first member of struct pfkey_sock */
        struct sock     sk;
@@ -108,50 +109,6 @@ static void pfkey_sock_destruct(struct sock *sk)
        atomic_dec(&net_pfkey->socks_nr);
 }
-static void pfkey_table_grab(void)
-{
-        write_lock_bh(&pfkey_table_lock);
-        if (atomic_read(&pfkey_table_users)) {
-                DECLARE_WAITQUEUE(wait, current);
-                add_wait_queue_exclusive(&pfkey_table_wait, &wait);
-                for(;;) {
-                        set_current_state(TASK_UNINTERRUPTIBLE);
-                        if (atomic_read(&pfkey_table_users) == 0)
-                                break;
-                        write_unlock_bh(&pfkey_table_lock);
-                        schedule();
-                        write_lock_bh(&pfkey_table_lock);
-                }
-                __set_current_state(TASK_RUNNING);
-                remove_wait_queue(&pfkey_table_wait, &wait);
-        }
-}
-static __inline__ void pfkey_table_ungrab(void)
-{
-        write_unlock_bh(&pfkey_table_lock);
-        wake_up(&pfkey_table_wait);
-}
-static __inline__ void pfkey_lock_table(void)
-{
-        /* read_lock() synchronizes us to pfkey_table_grab */
-        read_lock(&pfkey_table_lock);
-        atomic_inc(&pfkey_table_users);
-        read_unlock(&pfkey_table_lock);
-}
-static __inline__ void pfkey_unlock_table(void)
-{
-        if (atomic_dec_and_test(&pfkey_table_users))
-                wake_up(&pfkey_table_wait);
-}
 static const struct proto_ops pfkey_ops;
 static void pfkey_insert(struct sock *sk)
@@ -159,16 +116,16 @@ static void pfkey_insert(struct sock *sk)
        struct net *net = sock_net(sk);
        struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
-        pfkey_table_grab();
+        mutex_lock(&pfkey_mutex);
-        sk_add_node(sk, &net_pfkey->table);
+        sk_add_node_rcu(sk, &net_pfkey->table);
-        pfkey_table_ungrab();
+        mutex_unlock(&pfkey_mutex);
 }
 static void pfkey_remove(struct sock *sk)
 {
-        pfkey_table_grab();
+        mutex_lock(&pfkey_mutex);
-        sk_del_node_init(sk);
+        sk_del_node_init_rcu(sk);
-        pfkey_table_ungrab();
+        mutex_unlock(&pfkey_mutex);
 }
 static struct proto key_proto = {
@@ -177,7 +134,8 @@ static struct proto key_proto = {
        .obj_size = sizeof(struct pfkey_sock),
 };
-static int pfkey_create(struct net *net, struct socket *sock, int protocol)
+static int pfkey_create(struct net *net, struct socket *sock, int protocol,
+                        int kern)
 {
        struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
        struct sock *sk;
@@ -222,6 +180,8 @@ static int pfkey_release(struct socket *sock)
        sock_orphan(sk);
        sock->sk = NULL;
        skb_queue_purge(&sk->sk_write_queue);
+        synchronize_rcu();
        sock_put(sk);
        return 0;
@@ -276,8 +236,8 @@ static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
        if (!skb)
                return -ENOMEM;
-        pfkey_lock_table();
+        rcu_read_lock();
-        sk_for_each(sk, node, &net_pfkey->table) {
+        sk_for_each_rcu(sk, node, &net_pfkey->table) {
                struct pfkey_sock *pfk = pfkey_sk(sk);
                int err2;
@@ -308,7 +268,7 @@ static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
                if ((broadcast_flags & BROADCAST_REGISTERED) && err)
                        err = err2;
        }
-        pfkey_unlock_table();
+        rcu_read_unlock();
        if (one_sk != NULL)
                err = pfkey_broadcast_one(skb, &skb2, allocation, one_sk);
@@ -690,7 +650,7 @@ static struct  xfrm_state *pfkey_xfrm_state_lookup(struct net *net, struct sadb_
        if (!xaddr)
                return NULL;
-        return xfrm_state_lookup(net, xaddr, sa->sadb_sa_spi, proto, family);
+        return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family);
 }
 #define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
@@ -1192,6 +1152,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
                        x->aalg->alg_key_len = key->sadb_key_bits;
                        memcpy(x->aalg->alg_key, key+1, keysize);
                }
+                x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits;
                x->props.aalgo = sa->sadb_sa_auth;
                /* x->algo.flags = sa->sadb_sa_flags; */
        }
@@ -1358,7 +1319,7 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
        }
        if (hdr->sadb_msg_seq) {
-                x = xfrm_find_acq_byseq(net, hdr->sadb_msg_seq);
+                x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
                if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) {
                        xfrm_state_put(x);
                        x = NULL;
@@ -1366,7 +1327,7 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
        }
        if (!x)
-                x = xfrm_find_acq(net, mode, reqid, proto, xdaddr, xsaddr, 1, family);
+                x = xfrm_find_acq(net, &dummy_mark, mode, reqid, proto, xdaddr, xsaddr, 1, family);
        if (x == NULL)
                return -ENOENT;
@@ -1415,7 +1376,7 @@ static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, struct sadb_msg *
        if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0)
                return 0;
-        x = xfrm_find_acq_byseq(net, hdr->sadb_msg_seq);
+        x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
        if (x == NULL)
                return 0;
@@ -1710,6 +1671,23 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg
        return 0;
 }
+static int unicast_flush_resp(struct sock *sk, struct sadb_msg *ihdr)
+{
+        struct sk_buff *skb;
+        struct sadb_msg *hdr;
+        skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
+        if (!skb)
+                return -ENOBUFS;
+        hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
+        memcpy(hdr, ihdr, sizeof(struct sadb_msg));
+        hdr->sadb_msg_errno = (uint8_t) 0;
+        hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
+        return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
+}
 static int key_notify_sa_flush(struct km_event *c)
 {
        struct sk_buff *skb;
@@ -1738,7 +1716,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
        unsigned proto;
        struct km_event c;
        struct xfrm_audit audit_info;
-        int err;
+        int err, err2;
        proto = pfkey_satype2proto(hdr->sadb_msg_satype);
        if (proto == 0)
@@ -1748,8 +1726,13 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
        audit_info.sessionid = audit_get_sessionid(current);
        audit_info.secid = 0;
        err = xfrm_state_flush(net, proto, &audit_info);
-        if (err)
+        err2 = unicast_flush_resp(sk, hdr);
-                return err;
+        if (err || err2) {
+                if (err == -ESRCH) /* empty table - go quietly */
+                        err = 0;
+                return err ? err : err2;
+        }
        c.data.proto = proto;
        c.seq = hdr->sadb_msg_seq;
        c.pid = hdr->sadb_msg_pid;
@@ -2147,10 +2130,9 @@ static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c
        int err;
        out_skb = pfkey_xfrm_policy2msg_prep(xp);
-        if (IS_ERR(out_skb)) {
+        if (IS_ERR(out_skb))
-                err = PTR_ERR(out_skb);
+                return PTR_ERR(out_skb);
-                goto out;
-        }
        err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
        if (err < 0)
                return err;
@@ -2166,7 +2148,6 @@ static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c
        out_hdr->sadb_msg_seq = c->seq;
        out_hdr->sadb_msg_pid = c->pid;
        pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
-out:
        return 0;
 }
@@ -2344,7 +2325,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
                        return err;
        }
-        xp = xfrm_policy_bysel_ctx(net, XFRM_POLICY_TYPE_MAIN,
+        xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
                                   pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
                                   1, &err);
        security_xfrm_policy_free(pol_ctx);
@@ -2592,8 +2573,8 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
                return -EINVAL;
        delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
-        xp = xfrm_policy_byid(net, XFRM_POLICY_TYPE_MAIN, dir,
+        xp = xfrm_policy_byid(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
-                              pol->sadb_x_policy_id, delete, &err);
+                              dir, pol->sadb_x_policy_id, delete, &err);
        if (xp == NULL)
                return -ENOENT;
@@ -2704,14 +2685,19 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
        struct net *net = sock_net(sk);
        struct km_event c;
        struct xfrm_audit audit_info;
-        int err;
+        int err, err2;
        audit_info.loginuid = audit_get_loginuid(current);
        audit_info.sessionid = audit_get_sessionid(current);
        audit_info.secid = 0;
        err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
-        if (err)
+        err2 = unicast_flush_resp(sk, hdr);
+        if (err || err2) {
+                if (err == -ESRCH) /* empty table - old silent behavior */
+                        return 0;
                return err;
+        }
        c.data.type = XFRM_POLICY_TYPE_MAIN;
        c.event = XFRM_MSG_FLUSHPOLICY;
        c.pid = hdr->sadb_msg_pid;
@@ -3017,12 +3003,11 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_e
 static u32 get_acqseq(void)
 {
        u32 res;
-        static u32 acqseq;
+        static atomic_t acqseq;
-        static DEFINE_SPINLOCK(acqseq_lock);
-        spin_lock_bh(&acqseq_lock);
+        do {
-        res = (++acqseq ? : ++acqseq);
+                res = atomic_inc_return(&acqseq);
-        spin_unlock_bh(&acqseq_lock);
+        } while (!res);
        return res;
 }
@@ -3606,7 +3591,7 @@ static int pfkey_recvmsg(struct kiocb *kiocb,
        if (err)
                goto out_free;
-        sock_recv_timestamp(msg, sk, skb);
+        sock_recv_ts_and_drops(msg, sk, skb);
        err = (flags & MSG_TRUNC) ? skb->len : copied;
@@ -3644,7 +3629,7 @@ static const struct proto_ops pfkey_ops = {
        .recvmsg        =       pfkey_recvmsg,
 };
-static struct net_proto_family pfkey_family_ops = {
+static const struct net_proto_family pfkey_family_ops = {
        .family =       PF_KEY,
        .create =       pfkey_create,
        .owner  =       THIS_MODULE,
@@ -3653,9 +3638,8 @@ static struct net_proto_family pfkey_family_ops = {
 #ifdef CONFIG_PROC_FS
 static int pfkey_seq_show(struct seq_file *f, void *v)
 {
-        struct sock *s;
+        struct sock *s = sk_entry(v);
-        s = (struct sock *)v;
        if (v == SEQ_START_TOKEN)
                seq_printf(f ,"sk       RefCnt Rmem   Wmem   User   Inode\n");
        else
@@ -3674,19 +3658,9 @@ static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos)
 {
        struct net *net = seq_file_net(f);
        struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
-        struct sock *s;
-        struct hlist_node *node;
-        loff_t pos = *ppos;
-        read_lock(&pfkey_table_lock);
-        if (pos == 0)
-                return SEQ_START_TOKEN;
-        sk_for_each(s, node, &net_pfkey->table)
-                if (pos-- == 1)
-                        return s;
-        return NULL;
+        rcu_read_lock();
+        return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos);
 }
 static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
@@ -3694,15 +3668,12 @@ static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
        struct net *net = seq_file_net(f);
        struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
-        ++*ppos;
+        return seq_hlist_next_rcu(v, &net_pfkey->table, ppos);
-        return (v == SEQ_START_TOKEN) ?
-                sk_head(&net_pfkey->table) :
-                        sk_next((struct sock *)v);
 }
 static void pfkey_seq_stop(struct seq_file *f, void *v)
 {
-        read_unlock(&pfkey_table_lock);
+        rcu_read_unlock();
 }
 static const struct seq_operations pfkey_seq_ops = {
@@ -3736,17 +3707,17 @@ static int __net_init pfkey_init_proc(struct net *net)
        return 0;
 }
-static void pfkey_exit_proc(struct net *net)
+static void __net_exit pfkey_exit_proc(struct net *net)
 {
        proc_net_remove(net, "pfkey");
 }
 #else
-static int __net_init pfkey_init_proc(struct net *net)
+static inline int pfkey_init_proc(struct net *net)
 {
        return 0;
 }
-static void pfkey_exit_proc(struct net *net)
+static inline void pfkey_exit_proc(struct net *net)
 {
 }
 #endif
@@ -3764,28 +3735,14 @@ static struct xfrm_mgr pfkeyv2_mgr =
 static int __net_init pfkey_net_init(struct net *net)
 {
-        struct netns_pfkey *net_pfkey;
+        struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
        int rv;
-        net_pfkey = kmalloc(sizeof(struct netns_pfkey), GFP_KERNEL);
-        if (!net_pfkey) {
-                rv = -ENOMEM;
-                goto out_kmalloc;
-        }
        INIT_HLIST_HEAD(&net_pfkey->table);
        atomic_set(&net_pfkey->socks_nr, 0);
-        rv = net_assign_generic(net, pfkey_net_id, net_pfkey);
-        if (rv < 0)
-                goto out_assign;
        rv = pfkey_init_proc(net);
-        if (rv < 0)
-                goto out_proc;
-        return 0;
-out_proc:
-out_assign:
-        kfree(net_pfkey);
-out_kmalloc:
        return rv;
 }
@@ -3795,19 +3752,20 @@ static void __net_exit pfkey_net_exit(struct net *net)
        pfkey_exit_proc(net);
        BUG_ON(!hlist_empty(&net_pfkey->table));
-        kfree(net_pfkey);
 }
 static struct pernet_operations pfkey_net_ops = {
        .init = pfkey_net_init,
        .exit = pfkey_net_exit,
+        .id   = &pfkey_net_id,
+        .size = sizeof(struct netns_pfkey),
 };
 static void __exit ipsec_pfkey_exit(void)
 {
-        unregister_pernet_gen_subsys(pfkey_net_id, &pfkey_net_ops);
        xfrm_unregister_km(&pfkeyv2_mgr);
        sock_unregister(PF_KEY);
+        unregister_pernet_subsys(&pfkey_net_ops);
        proto_unregister(&key_proto);
 }
@@ -3818,21 +3776,22 @@ static int __init ipsec_pfkey_init(void)
        if (err != 0)
                goto out;
-        err = sock_register(&pfkey_family_ops);
+        err = register_pernet_subsys(&pfkey_net_ops);
        if (err != 0)
                goto out_unregister_key_proto;
+        err = sock_register(&pfkey_family_ops);
+        if (err != 0)
+                goto out_unregister_pernet;
        err = xfrm_register_km(&pfkeyv2_mgr);
        if (err != 0)
                goto out_sock_unregister;
-        err = register_pernet_gen_subsys(&pfkey_net_id, &pfkey_net_ops);
-        if (err != 0)
-                goto out_xfrm_unregister_km;
 out:
        return err;
-out_xfrm_unregister_km:
-        xfrm_unregister_km(&pfkeyv2_mgr);
 out_sock_unregister:
        sock_unregister(PF_KEY);
+out_unregister_pernet:
+        unregister_pernet_subsys(&pfkey_net_ops);
 out_unregister_key_proto:
        proto_unregister(&key_proto);
        goto out;

diff --git a/net/key/af_key.c b/net/key/af_key.c index 4e98193dfa0f..ba9a3fcc2fed 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c
@@ -26,6 +26,7 @@
26	#include <linux/in6.h>	26	#include <linux/in6.h>
27	#include <linux/proc_fs.h>	27	#include <linux/proc_fs.h>
28	#include <linux/init.h>	28	#include <linux/init.h>
		29	#include <linux/slab.h>
29	#include <net/net_namespace.h>	30	#include <net/net_namespace.h>
30	#include <net/netns/generic.h>	31	#include <net/netns/generic.h>
31	#include <net/xfrm.h>	32	#include <net/xfrm.h>
@@ -35,16 +36,16 @@
35	#define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x))	36	#define _X2KEY(x) ((x) == XFRM_INF ? 0 : (x))
36	#define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x))	37	#define _KEY2X(x) ((x) == 0 ? XFRM_INF : (x))
37		38
38	static int pfkey_net_id;	39	static int pfkey_net_id __read_mostly;
39	struct netns_pfkey {	40	struct netns_pfkey {
40	/* List of all pfkey sockets. */	41	/* List of all pfkey sockets. */
41	struct hlist_head table;	42	struct hlist_head table;
42	atomic_t socks_nr;	43	atomic_t socks_nr;
43	};	44	};
44	static DECLARE_WAIT_QUEUE_HEAD(pfkey_table_wait);	45	static DEFINE_MUTEX(pfkey_mutex);
45	static DEFINE_RWLOCK(pfkey_table_lock);
46	static atomic_t pfkey_table_users = ATOMIC_INIT(0);
47		46
		47	#define DUMMY_MARK 0
		48	static struct xfrm_mark dummy_mark = {0, 0};
48	struct pfkey_sock {	49	struct pfkey_sock {
49	/* struct sock must be the first member of struct pfkey_sock */	50	/* struct sock must be the first member of struct pfkey_sock */
50	struct sock sk;	51	struct sock sk;
@@ -108,50 +109,6 @@ static void pfkey_sock_destruct(struct sock *sk)
108	atomic_dec(&net_pfkey->socks_nr);	109	atomic_dec(&net_pfkey->socks_nr);
109	}	110	}
110		111
111	static void pfkey_table_grab(void)
112	{
113	write_lock_bh(&pfkey_table_lock);
114
115	if (atomic_read(&pfkey_table_users)) {
116	DECLARE_WAITQUEUE(wait, current);
117
118	add_wait_queue_exclusive(&pfkey_table_wait, &wait);
119	for(;;) {
120	set_current_state(TASK_UNINTERRUPTIBLE);
121	if (atomic_read(&pfkey_table_users) == 0)
122	break;
123	write_unlock_bh(&pfkey_table_lock);
124	schedule();
125	write_lock_bh(&pfkey_table_lock);
126	}
127
128	__set_current_state(TASK_RUNNING);
129	remove_wait_queue(&pfkey_table_wait, &wait);
130	}
131	}
132
133	static __inline__ void pfkey_table_ungrab(void)
134	{
135	write_unlock_bh(&pfkey_table_lock);
136	wake_up(&pfkey_table_wait);
137	}
138
139	static __inline__ void pfkey_lock_table(void)
140	{
141	/* read_lock() synchronizes us to pfkey_table_grab */
142
143	read_lock(&pfkey_table_lock);
144	atomic_inc(&pfkey_table_users);
145	read_unlock(&pfkey_table_lock);
146	}
147
148	static __inline__ void pfkey_unlock_table(void)
149	{
150	if (atomic_dec_and_test(&pfkey_table_users))
151	wake_up(&pfkey_table_wait);
152	}
153
154
155	static const struct proto_ops pfkey_ops;	112	static const struct proto_ops pfkey_ops;
156		113
157	static void pfkey_insert(struct sock *sk)	114	static void pfkey_insert(struct sock *sk)
@@ -159,16 +116,16 @@ static void pfkey_insert(struct sock *sk)
159	struct net *net = sock_net(sk);	116	struct net *net = sock_net(sk);
160	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);	117	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
161		118
162	pfkey_table_grab();	119	mutex_lock(&pfkey_mutex);
163	sk_add_node(sk, &net_pfkey->table);	120	sk_add_node_rcu(sk, &net_pfkey->table);
164	pfkey_table_ungrab();	121	mutex_unlock(&pfkey_mutex);
165	}	122	}
166		123
167	static void pfkey_remove(struct sock *sk)	124	static void pfkey_remove(struct sock *sk)
168	{	125	{
169	pfkey_table_grab();	126	mutex_lock(&pfkey_mutex);
170	sk_del_node_init(sk);	127	sk_del_node_init_rcu(sk);
171	pfkey_table_ungrab();	128	mutex_unlock(&pfkey_mutex);
172	}	129	}
173		130
174	static struct proto key_proto = {	131	static struct proto key_proto = {
@@ -177,7 +134,8 @@ static struct proto key_proto = {
177	.obj_size = sizeof(struct pfkey_sock),	134	.obj_size = sizeof(struct pfkey_sock),
178	};	135	};
179		136
180	static int pfkey_create(struct net net, struct socket sock, int protocol)	137	static int pfkey_create(struct net net, struct socket sock, int protocol,
		138	int kern)
181	{	139	{
182	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);	140	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
183	struct sock *sk;	141	struct sock *sk;
@@ -222,6 +180,8 @@ static int pfkey_release(struct socket *sock)
222	sock_orphan(sk);	180	sock_orphan(sk);
223	sock->sk = NULL;	181	sock->sk = NULL;
224	skb_queue_purge(&sk->sk_write_queue);	182	skb_queue_purge(&sk->sk_write_queue);
		183
		184	synchronize_rcu();
225	sock_put(sk);	185	sock_put(sk);
226		186
227	return 0;	187	return 0;
@@ -276,8 +236,8 @@ static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
276	if (!skb)	236	if (!skb)
277	return -ENOMEM;	237	return -ENOMEM;
278		238
279	pfkey_lock_table();	239	rcu_read_lock();
280	sk_for_each(sk, node, &net_pfkey->table) {	240	sk_for_each_rcu(sk, node, &net_pfkey->table) {
281	struct pfkey_sock *pfk = pfkey_sk(sk);	241	struct pfkey_sock *pfk = pfkey_sk(sk);
282	int err2;	242	int err2;
283		243
@@ -308,7 +268,7 @@ static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
308	if ((broadcast_flags & BROADCAST_REGISTERED) && err)	268	if ((broadcast_flags & BROADCAST_REGISTERED) && err)
309	err = err2;	269	err = err2;
310	}	270	}
311	pfkey_unlock_table();	271	rcu_read_unlock();
312		272
313	if (one_sk != NULL)	273	if (one_sk != NULL)
314	err = pfkey_broadcast_one(skb, &skb2, allocation, one_sk);	274	err = pfkey_broadcast_one(skb, &skb2, allocation, one_sk);
@@ -690,7 +650,7 @@ static struct xfrm_state pfkey_xfrm_state_lookup(struct net net, struct sadb_
690	if (!xaddr)	650	if (!xaddr)
691	return NULL;	651	return NULL;
692		652
693	return xfrm_state_lookup(net, xaddr, sa->sadb_sa_spi, proto, family);	653	return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family);
694	}	654	}
695		655
696	#define PFKEY_ALIGN8(a) (1 + (((a) - 1) \| (8 - 1)))	656	#define PFKEY_ALIGN8(a) (1 + (((a) - 1) \| (8 - 1)))
@@ -1192,6 +1152,7 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
1192	x->aalg->alg_key_len = key->sadb_key_bits;	1152	x->aalg->alg_key_len = key->sadb_key_bits;
1193	memcpy(x->aalg->alg_key, key+1, keysize);	1153	memcpy(x->aalg->alg_key, key+1, keysize);
1194	}	1154	}
		1155	x->aalg->alg_trunc_len = a->uinfo.auth.icv_truncbits;
1195	x->props.aalgo = sa->sadb_sa_auth;	1156	x->props.aalgo = sa->sadb_sa_auth;
1196	/* x->algo.flags = sa->sadb_sa_flags; */	1157	/* x->algo.flags = sa->sadb_sa_flags; */
1197	}	1158	}
@@ -1358,7 +1319,7 @@ static int pfkey_getspi(struct sock sk, struct sk_buff skb, struct sadb_msg *h
1358	}	1319	}
1359		1320
1360	if (hdr->sadb_msg_seq) {	1321	if (hdr->sadb_msg_seq) {
1361	x = xfrm_find_acq_byseq(net, hdr->sadb_msg_seq);	1322	x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1362	if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) {	1323	if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) {
1363	xfrm_state_put(x);	1324	xfrm_state_put(x);
1364	x = NULL;	1325	x = NULL;
@@ -1366,7 +1327,7 @@ static int pfkey_getspi(struct sock sk, struct sk_buff skb, struct sadb_msg *h
1366	}	1327	}
1367		1328
1368	if (!x)	1329	if (!x)
1369	x = xfrm_find_acq(net, mode, reqid, proto, xdaddr, xsaddr, 1, family);	1330	x = xfrm_find_acq(net, &dummy_mark, mode, reqid, proto, xdaddr, xsaddr, 1, family);
1370		1331
1371	if (x == NULL)	1332	if (x == NULL)
1372	return -ENOENT;	1333	return -ENOENT;
@@ -1415,7 +1376,7 @@ static int pfkey_acquire(struct sock sk, struct sk_buff skb, struct sadb_msg *
1415	if (hdr->sadb_msg_seq == 0 \|\| hdr->sadb_msg_errno == 0)	1376	if (hdr->sadb_msg_seq == 0 \|\| hdr->sadb_msg_errno == 0)
1416	return 0;	1377	return 0;
1417		1378
1418	x = xfrm_find_acq_byseq(net, hdr->sadb_msg_seq);	1379	x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1419	if (x == NULL)	1380	if (x == NULL)
1420	return 0;	1381	return 0;
1421		1382
@@ -1710,6 +1671,23 @@ static int pfkey_register(struct sock sk, struct sk_buff skb, struct sadb_msg
1710	return 0;	1671	return 0;
1711	}	1672	}
1712		1673
		1674	static int unicast_flush_resp(struct sock sk, struct sadb_msg ihdr)
		1675	{
		1676	struct sk_buff *skb;
		1677	struct sadb_msg *hdr;
		1678
		1679	skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
		1680	if (!skb)
		1681	return -ENOBUFS;
		1682
		1683	hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
		1684	memcpy(hdr, ihdr, sizeof(struct sadb_msg));
		1685	hdr->sadb_msg_errno = (uint8_t) 0;
		1686	hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
		1687
		1688	return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
		1689	}
		1690
1713	static int key_notify_sa_flush(struct km_event *c)	1691	static int key_notify_sa_flush(struct km_event *c)
1714	{	1692	{
1715	struct sk_buff *skb;	1693	struct sk_buff *skb;
@@ -1738,7 +1716,7 @@ static int pfkey_flush(struct sock sk, struct sk_buff skb, struct sadb_msg *hd
1738	unsigned proto;	1716	unsigned proto;
1739	struct km_event c;	1717	struct km_event c;
1740	struct xfrm_audit audit_info;	1718	struct xfrm_audit audit_info;
1741	int err;	1719	int err, err2;
1742		1720
1743	proto = pfkey_satype2proto(hdr->sadb_msg_satype);	1721	proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1744	if (proto == 0)	1722	if (proto == 0)
@@ -1748,8 +1726,13 @@ static int pfkey_flush(struct sock sk, struct sk_buff skb, struct sadb_msg *hd
1748	audit_info.sessionid = audit_get_sessionid(current);	1726	audit_info.sessionid = audit_get_sessionid(current);
1749	audit_info.secid = 0;	1727	audit_info.secid = 0;
1750	err = xfrm_state_flush(net, proto, &audit_info);	1728	err = xfrm_state_flush(net, proto, &audit_info);
1751	if (err)	1729	err2 = unicast_flush_resp(sk, hdr);
1752	return err;	1730	if (err \|\| err2) {
		1731	if (err == -ESRCH) /* empty table - go quietly */
		1732	err = 0;
		1733	return err ? err : err2;
		1734	}
		1735
1753	c.data.proto = proto;	1736	c.data.proto = proto;
1754	c.seq = hdr->sadb_msg_seq;	1737	c.seq = hdr->sadb_msg_seq;
1755	c.pid = hdr->sadb_msg_pid;	1738	c.pid = hdr->sadb_msg_pid;
@@ -2147,10 +2130,9 @@ static int key_notify_policy(struct xfrm_policy xp, int dir, struct km_event c
2147	int err;	2130	int err;
2148		2131
2149	out_skb = pfkey_xfrm_policy2msg_prep(xp);	2132	out_skb = pfkey_xfrm_policy2msg_prep(xp);
2150	if (IS_ERR(out_skb)) {	2133	if (IS_ERR(out_skb))
2151	err = PTR_ERR(out_skb);	2134	return PTR_ERR(out_skb);
2152	goto out;	2135
2153	}
2154	err = pfkey_xfrm_policy2msg(out_skb, xp, dir);	2136	err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2155	if (err < 0)	2137	if (err < 0)
2156	return err;	2138	return err;
@@ -2166,7 +2148,6 @@ static int key_notify_policy(struct xfrm_policy xp, int dir, struct km_event c
2166	out_hdr->sadb_msg_seq = c->seq;	2148	out_hdr->sadb_msg_seq = c->seq;
2167	out_hdr->sadb_msg_pid = c->pid;	2149	out_hdr->sadb_msg_pid = c->pid;
2168	pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));	2150	pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
2169	out:
2170	return 0;	2151	return 0;
2171		2152
2172	}	2153	}
@@ -2344,7 +2325,7 @@ static int pfkey_spddelete(struct sock sk, struct sk_buff skb, struct sadb_msg
2344	return err;	2325	return err;
2345	}	2326	}
2346		2327
2347	xp = xfrm_policy_bysel_ctx(net, XFRM_POLICY_TYPE_MAIN,	2328	xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
2348	pol->sadb_x_policy_dir - 1, &sel, pol_ctx,	2329	pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
2349	1, &err);	2330	1, &err);
2350	security_xfrm_policy_free(pol_ctx);	2331	security_xfrm_policy_free(pol_ctx);
@@ -2592,8 +2573,8 @@ static int pfkey_spdget(struct sock sk, struct sk_buff skb, struct sadb_msg *h
2592	return -EINVAL;	2573	return -EINVAL;
2593		2574
2594	delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);	2575	delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2595	xp = xfrm_policy_byid(net, XFRM_POLICY_TYPE_MAIN, dir,	2576	xp = xfrm_policy_byid(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
2596	pol->sadb_x_policy_id, delete, &err);	2577	dir, pol->sadb_x_policy_id, delete, &err);
2597	if (xp == NULL)	2578	if (xp == NULL)
2598	return -ENOENT;	2579	return -ENOENT;
2599		2580
@@ -2704,14 +2685,19 @@ static int pfkey_spdflush(struct sock sk, struct sk_buff skb, struct sadb_msg
2704	struct net *net = sock_net(sk);	2685	struct net *net = sock_net(sk);
2705	struct km_event c;	2686	struct km_event c;
2706	struct xfrm_audit audit_info;	2687	struct xfrm_audit audit_info;
2707	int err;	2688	int err, err2;
2708		2689
2709	audit_info.loginuid = audit_get_loginuid(current);	2690	audit_info.loginuid = audit_get_loginuid(current);
2710	audit_info.sessionid = audit_get_sessionid(current);	2691	audit_info.sessionid = audit_get_sessionid(current);
2711	audit_info.secid = 0;	2692	audit_info.secid = 0;
2712	err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);	2693	err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
2713	if (err)	2694	err2 = unicast_flush_resp(sk, hdr);
		2695	if (err \|\| err2) {
		2696	if (err == -ESRCH) /* empty table - old silent behavior */
		2697	return 0;
2714	return err;	2698	return err;
		2699	}
		2700
2715	c.data.type = XFRM_POLICY_TYPE_MAIN;	2701	c.data.type = XFRM_POLICY_TYPE_MAIN;
2716	c.event = XFRM_MSG_FLUSHPOLICY;	2702	c.event = XFRM_MSG_FLUSHPOLICY;
2717	c.pid = hdr->sadb_msg_pid;	2703	c.pid = hdr->sadb_msg_pid;
@@ -3017,12 +3003,11 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_e
3017	static u32 get_acqseq(void)	3003	static u32 get_acqseq(void)
3018	{	3004	{
3019	u32 res;	3005	u32 res;
3020	static u32 acqseq;	3006	static atomic_t acqseq;
3021	static DEFINE_SPINLOCK(acqseq_lock);
3022		3007
3023	spin_lock_bh(&acqseq_lock);	3008	do {
3024	res = (++acqseq ? : ++acqseq);	3009	res = atomic_inc_return(&acqseq);
3025	spin_unlock_bh(&acqseq_lock);	3010	} while (!res);
3026	return res;	3011	return res;
3027	}	3012	}
3028		3013
@@ -3606,7 +3591,7 @@ static int pfkey_recvmsg(struct kiocb *kiocb,
3606	if (err)	3591	if (err)
3607	goto out_free;	3592	goto out_free;
3608		3593
3609	sock_recv_timestamp(msg, sk, skb);	3594	sock_recv_ts_and_drops(msg, sk, skb);
3610		3595
3611	err = (flags & MSG_TRUNC) ? skb->len : copied;	3596	err = (flags & MSG_TRUNC) ? skb->len : copied;
3612		3597
@@ -3644,7 +3629,7 @@ static const struct proto_ops pfkey_ops = {
3644	.recvmsg = pfkey_recvmsg,	3629	.recvmsg = pfkey_recvmsg,
3645	};	3630	};
3646		3631
3647	static struct net_proto_family pfkey_family_ops = {	3632	static const struct net_proto_family pfkey_family_ops = {
3648	.family = PF_KEY,	3633	.family = PF_KEY,
3649	.create = pfkey_create,	3634	.create = pfkey_create,
3650	.owner = THIS_MODULE,	3635	.owner = THIS_MODULE,
@@ -3653,9 +3638,8 @@ static struct net_proto_family pfkey_family_ops = {
3653	#ifdef CONFIG_PROC_FS	3638	#ifdef CONFIG_PROC_FS
3654	static int pfkey_seq_show(struct seq_file f, void v)	3639	static int pfkey_seq_show(struct seq_file f, void v)
3655	{	3640	{
3656	struct sock *s;	3641	struct sock *s = sk_entry(v);
3657		3642
3658	s = (struct sock *)v;
3659	if (v == SEQ_START_TOKEN)	3643	if (v == SEQ_START_TOKEN)
3660	seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");	3644	seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");
3661	else	3645	else
@@ -3674,19 +3658,9 @@ static void pfkey_seq_start(struct seq_file f, loff_t *ppos)
3674	{	3658	{
3675	struct net *net = seq_file_net(f);	3659	struct net *net = seq_file_net(f);
3676	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);	3660	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3677	struct sock *s;
3678	struct hlist_node *node;
3679	loff_t pos = *ppos;
3680
3681	read_lock(&pfkey_table_lock);
3682	if (pos == 0)
3683	return SEQ_START_TOKEN;
3684
3685	sk_for_each(s, node, &net_pfkey->table)
3686	if (pos-- == 1)
3687	return s;
3688		3661
3689	return NULL;	3662	rcu_read_lock();
		3663	return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos);
3690	}	3664	}
3691		3665
3692	static void pfkey_seq_next(struct seq_file f, void v, loff_t ppos)	3666	static void pfkey_seq_next(struct seq_file f, void v, loff_t ppos)
@@ -3694,15 +3668,12 @@ static void pfkey_seq_next(struct seq_file f, void v, loff_t ppos)
3694	struct net *net = seq_file_net(f);	3668	struct net *net = seq_file_net(f);
3695	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);	3669	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3696		3670
3697	++*ppos;	3671	return seq_hlist_next_rcu(v, &net_pfkey->table, ppos);
3698	return (v == SEQ_START_TOKEN) ?
3699	sk_head(&net_pfkey->table) :
3700	sk_next((struct sock *)v);
3701	}	3672	}
3702		3673
3703	static void pfkey_seq_stop(struct seq_file f, void v)	3674	static void pfkey_seq_stop(struct seq_file f, void v)
3704	{	3675	{
3705	read_unlock(&pfkey_table_lock);	3676	rcu_read_unlock();
3706	}	3677	}
3707		3678
3708	static const struct seq_operations pfkey_seq_ops = {	3679	static const struct seq_operations pfkey_seq_ops = {
@@ -3736,17 +3707,17 @@ static int __net_init pfkey_init_proc(struct net *net)
3736	return 0;	3707	return 0;
3737	}	3708	}
3738		3709
3739	static void pfkey_exit_proc(struct net *net)	3710	static void __net_exit pfkey_exit_proc(struct net *net)
3740	{	3711	{
3741	proc_net_remove(net, "pfkey");	3712	proc_net_remove(net, "pfkey");
3742	}	3713	}
3743	#else	3714	#else
3744	static int __net_init pfkey_init_proc(struct net *net)	3715	static inline int pfkey_init_proc(struct net *net)
3745	{	3716	{
3746	return 0;	3717	return 0;
3747	}	3718	}
3748		3719
3749	static void pfkey_exit_proc(struct net *net)	3720	static inline void pfkey_exit_proc(struct net *net)
3750	{	3721	{
3751	}	3722	}
3752	#endif	3723	#endif
@@ -3764,28 +3735,14 @@ static struct xfrm_mgr pfkeyv2_mgr =
3764		3735
3765	static int __net_init pfkey_net_init(struct net *net)	3736	static int __net_init pfkey_net_init(struct net *net)
3766	{	3737	{
3767	struct netns_pfkey *net_pfkey;	3738	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3768	int rv;	3739	int rv;
3769		3740
3770	net_pfkey = kmalloc(sizeof(struct netns_pfkey), GFP_KERNEL);
3771	if (!net_pfkey) {
3772	rv = -ENOMEM;
3773	goto out_kmalloc;
3774	}
3775	INIT_HLIST_HEAD(&net_pfkey->table);	3741	INIT_HLIST_HEAD(&net_pfkey->table);
3776	atomic_set(&net_pfkey->socks_nr, 0);	3742	atomic_set(&net_pfkey->socks_nr, 0);
3777	rv = net_assign_generic(net, pfkey_net_id, net_pfkey);	3743
3778	if (rv < 0)
3779	goto out_assign;
3780	rv = pfkey_init_proc(net);	3744	rv = pfkey_init_proc(net);
3781	if (rv < 0)
3782	goto out_proc;
3783	return 0;
3784		3745
3785	out_proc:
3786	out_assign:
3787	kfree(net_pfkey);
3788	out_kmalloc:
3789	return rv;	3746	return rv;
3790	}	3747	}
3791		3748
@@ -3795,19 +3752,20 @@ static void __net_exit pfkey_net_exit(struct net *net)
3795		3752
3796	pfkey_exit_proc(net);	3753	pfkey_exit_proc(net);
3797	BUG_ON(!hlist_empty(&net_pfkey->table));	3754	BUG_ON(!hlist_empty(&net_pfkey->table));
3798	kfree(net_pfkey);
3799	}	3755	}
3800		3756
3801	static struct pernet_operations pfkey_net_ops = {	3757	static struct pernet_operations pfkey_net_ops = {
3802	.init = pfkey_net_init,	3758	.init = pfkey_net_init,
3803	.exit = pfkey_net_exit,	3759	.exit = pfkey_net_exit,
		3760	.id = &pfkey_net_id,
		3761	.size = sizeof(struct netns_pfkey),
3804	};	3762	};
3805		3763
3806	static void __exit ipsec_pfkey_exit(void)	3764	static void __exit ipsec_pfkey_exit(void)
3807	{	3765	{
3808	unregister_pernet_gen_subsys(pfkey_net_id, &pfkey_net_ops);
3809	xfrm_unregister_km(&pfkeyv2_mgr);	3766	xfrm_unregister_km(&pfkeyv2_mgr);
3810	sock_unregister(PF_KEY);	3767	sock_unregister(PF_KEY);
		3768	unregister_pernet_subsys(&pfkey_net_ops);
3811	proto_unregister(&key_proto);	3769	proto_unregister(&key_proto);
3812	}	3770	}
3813		3771
@@ -3818,21 +3776,22 @@ static int __init ipsec_pfkey_init(void)
3818	if (err != 0)	3776	if (err != 0)
3819	goto out;	3777	goto out;
3820		3778
3821	err = sock_register(&pfkey_family_ops);	3779	err = register_pernet_subsys(&pfkey_net_ops);
3822	if (err != 0)	3780	if (err != 0)
3823	goto out_unregister_key_proto;	3781	goto out_unregister_key_proto;
		3782	err = sock_register(&pfkey_family_ops);
		3783	if (err != 0)
		3784	goto out_unregister_pernet;
3824	err = xfrm_register_km(&pfkeyv2_mgr);	3785	err = xfrm_register_km(&pfkeyv2_mgr);
3825	if (err != 0)	3786	if (err != 0)
3826	goto out_sock_unregister;	3787	goto out_sock_unregister;
3827	err = register_pernet_gen_subsys(&pfkey_net_id, &pfkey_net_ops);
3828	if (err != 0)
3829	goto out_xfrm_unregister_km;
3830	out:	3788	out:
3831	return err;	3789	return err;
3832	out_xfrm_unregister_km:	3790
3833	xfrm_unregister_km(&pfkeyv2_mgr);
3834	out_sock_unregister:	3791	out_sock_unregister:
3835	sock_unregister(PF_KEY);	3792	sock_unregister(PF_KEY);
		3793	out_unregister_pernet:
		3794	unregister_pernet_subsys(&pfkey_net_ops);
3836	out_unregister_key_proto:	3795	out_unregister_key_proto:
3837	proto_unregister(&key_proto);	3796	proto_unregister(&key_proto);
3838	goto out;	3797	goto out;