1 files changed, 82 insertions, 112 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 76fa6fef6473..43040e97c474 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -26,6 +26,7 @@
 #include <linux/in6.h>
 #include <linux/proc_fs.h>
 #include <linux/init.h>
+#include <linux/slab.h>
 #include <net/net_namespace.h>
 #include <net/netns/generic.h>
 #include <net/xfrm.h>
@@ -41,10 +42,10 @@ struct netns_pfkey {
        struct hlist_head table;
        atomic_t socks_nr;
 };
-static DECLARE_WAIT_QUEUE_HEAD(pfkey_table_wait);
+static DEFINE_MUTEX(pfkey_mutex);
-static DEFINE_RWLOCK(pfkey_table_lock);
-static atomic_t pfkey_table_users = ATOMIC_INIT(0);
+#define DUMMY_MARK 0
+static struct xfrm_mark dummy_mark = {0, 0};
 struct pfkey_sock {
        /* struct sock must be the first member of struct pfkey_sock */
        struct sock     sk;
@@ -98,7 +99,7 @@ static void pfkey_sock_destruct(struct sock *sk)
        skb_queue_purge(&sk->sk_receive_queue);
        if (!sock_flag(sk, SOCK_DEAD)) {
-                printk("Attempt to release alive pfkey socket: %p\n", sk);
+                pr_err("Attempt to release alive pfkey socket: %p\n", sk);
                return;
        }
@@ -108,50 +109,6 @@ static void pfkey_sock_destruct(struct sock *sk)
        atomic_dec(&net_pfkey->socks_nr);
 }
-static void pfkey_table_grab(void)
-{
-        write_lock_bh(&pfkey_table_lock);
-        if (atomic_read(&pfkey_table_users)) {
-                DECLARE_WAITQUEUE(wait, current);
-                add_wait_queue_exclusive(&pfkey_table_wait, &wait);
-                for(;;) {
-                        set_current_state(TASK_UNINTERRUPTIBLE);
-                        if (atomic_read(&pfkey_table_users) == 0)
-                                break;
-                        write_unlock_bh(&pfkey_table_lock);
-                        schedule();
-                        write_lock_bh(&pfkey_table_lock);
-                }
-                __set_current_state(TASK_RUNNING);
-                remove_wait_queue(&pfkey_table_wait, &wait);
-        }
-}
-static __inline__ void pfkey_table_ungrab(void)
-{
-        write_unlock_bh(&pfkey_table_lock);
-        wake_up(&pfkey_table_wait);
-}
-static __inline__ void pfkey_lock_table(void)
-{
-        /* read_lock() synchronizes us to pfkey_table_grab */
-        read_lock(&pfkey_table_lock);
-        atomic_inc(&pfkey_table_users);
-        read_unlock(&pfkey_table_lock);
-}
-static __inline__ void pfkey_unlock_table(void)
-{
-        if (atomic_dec_and_test(&pfkey_table_users))
-                wake_up(&pfkey_table_wait);
-}
 static const struct proto_ops pfkey_ops;
 static void pfkey_insert(struct sock *sk)
@@ -159,16 +116,16 @@ static void pfkey_insert(struct sock *sk)
        struct net *net = sock_net(sk);
        struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
-        pfkey_table_grab();
+        mutex_lock(&pfkey_mutex);
-        sk_add_node(sk, &net_pfkey->table);
+        sk_add_node_rcu(sk, &net_pfkey->table);
-        pfkey_table_ungrab();
+        mutex_unlock(&pfkey_mutex);
 }
 static void pfkey_remove(struct sock *sk)
 {
-        pfkey_table_grab();
+        mutex_lock(&pfkey_mutex);
-        sk_del_node_init(sk);
+        sk_del_node_init_rcu(sk);
-        pfkey_table_ungrab();
+        mutex_unlock(&pfkey_mutex);
 }
 static struct proto key_proto = {
@@ -223,6 +180,8 @@ static int pfkey_release(struct socket *sock)
        sock_orphan(sk);
        sock->sk = NULL;
        skb_queue_purge(&sk->sk_write_queue);
+        synchronize_rcu();
        sock_put(sk);
        return 0;
@@ -277,8 +236,8 @@ static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
        if (!skb)
                return -ENOMEM;
-        pfkey_lock_table();
+        rcu_read_lock();
-        sk_for_each(sk, node, &net_pfkey->table) {
+        sk_for_each_rcu(sk, node, &net_pfkey->table) {
                struct pfkey_sock *pfk = pfkey_sk(sk);
                int err2;
@@ -309,7 +268,7 @@ static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
                if ((broadcast_flags & BROADCAST_REGISTERED) && err)
                        err = err2;
        }
-        pfkey_unlock_table();
+        rcu_read_unlock();
        if (one_sk != NULL)
                err = pfkey_broadcast_one(skb, &skb2, allocation, one_sk);
@@ -691,7 +650,7 @@ static struct  xfrm_state *pfkey_xfrm_state_lookup(struct net *net, struct sadb_
        if (!xaddr)
                return NULL;
-        return xfrm_state_lookup(net, xaddr, sa->sadb_sa_spi, proto, family);
+        return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family);
 }
 #define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1)))
@@ -1360,7 +1319,7 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
        }
        if (hdr->sadb_msg_seq) {
-                x = xfrm_find_acq_byseq(net, hdr->sadb_msg_seq);
+                x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
                if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) {
                        xfrm_state_put(x);
                        x = NULL;
@@ -1368,7 +1327,7 @@ static int pfkey_getspi(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
        }
        if (!x)
-                x = xfrm_find_acq(net, mode, reqid, proto, xdaddr, xsaddr, 1, family);
+                x = xfrm_find_acq(net, &dummy_mark, mode, reqid, proto, xdaddr, xsaddr, 1, family);
        if (x == NULL)
                return -ENOENT;
@@ -1417,7 +1376,7 @@ static int pfkey_acquire(struct sock *sk, struct sk_buff *skb, struct sadb_msg *
        if (hdr->sadb_msg_seq == 0 || hdr->sadb_msg_errno == 0)
                return 0;
-        x = xfrm_find_acq_byseq(net, hdr->sadb_msg_seq);
+        x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
        if (x == NULL)
                return 0;
@@ -1443,7 +1402,7 @@ static inline int event2poltype(int event)
        case XFRM_MSG_POLEXPIRE:
        //      return SADB_X_SPDEXPIRE;
        default:
-                printk("pfkey: Unknown policy event %d\n", event);
+                pr_err("pfkey: Unknown policy event %d\n", event);
                break;
        }
@@ -1462,7 +1421,7 @@ static inline int event2keytype(int event)
        case XFRM_MSG_EXPIRE:
                return SADB_EXPIRE;
        default:
-                printk("pfkey: Unknown SA event %d\n", event);
+                pr_err("pfkey: Unknown SA event %d\n", event);
                break;
        }
@@ -1712,6 +1671,23 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg
        return 0;
 }
+static int unicast_flush_resp(struct sock *sk, struct sadb_msg *ihdr)
+{
+        struct sk_buff *skb;
+        struct sadb_msg *hdr;
+        skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
+        if (!skb)
+                return -ENOBUFS;
+        hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
+        memcpy(hdr, ihdr, sizeof(struct sadb_msg));
+        hdr->sadb_msg_errno = (uint8_t) 0;
+        hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
+        return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
+}
 static int key_notify_sa_flush(struct km_event *c)
 {
        struct sk_buff *skb;
@@ -1740,7 +1716,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
        unsigned proto;
        struct km_event c;
        struct xfrm_audit audit_info;
-        int err;
+        int err, err2;
        proto = pfkey_satype2proto(hdr->sadb_msg_satype);
        if (proto == 0)
@@ -1750,8 +1726,13 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
        audit_info.sessionid = audit_get_sessionid(current);
        audit_info.secid = 0;
        err = xfrm_state_flush(net, proto, &audit_info);
-        if (err)
+        err2 = unicast_flush_resp(sk, hdr);
-                return err;
+        if (err || err2) {
+                if (err == -ESRCH) /* empty table - go quietly */
+                        err = 0;
+                return err ? err : err2;
+        }
        c.data.proto = proto;
        c.seq = hdr->sadb_msg_seq;
        c.pid = hdr->sadb_msg_pid;
@@ -2149,10 +2130,9 @@ static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c
        int err;
        out_skb = pfkey_xfrm_policy2msg_prep(xp);
-        if (IS_ERR(out_skb)) {
+        if (IS_ERR(out_skb))
-                err = PTR_ERR(out_skb);
+                return PTR_ERR(out_skb);
-                goto out;
-        }
        err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
        if (err < 0)
                return err;
@@ -2168,7 +2148,6 @@ static int key_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c
        out_hdr->sadb_msg_seq = c->seq;
        out_hdr->sadb_msg_pid = c->pid;
        pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
-out:
        return 0;
 }
@@ -2346,7 +2325,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
                        return err;
        }
-        xp = xfrm_policy_bysel_ctx(net, XFRM_POLICY_TYPE_MAIN,
+        xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
                                   pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
                                   1, &err);
        security_xfrm_policy_free(pol_ctx);
@@ -2594,8 +2573,8 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
                return -EINVAL;
        delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
-        xp = xfrm_policy_byid(net, XFRM_POLICY_TYPE_MAIN, dir,
+        xp = xfrm_policy_byid(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
-                              pol->sadb_x_policy_id, delete, &err);
+                              dir, pol->sadb_x_policy_id, delete, &err);
        if (xp == NULL)
                return -ENOENT;
@@ -2706,14 +2685,19 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
        struct net *net = sock_net(sk);
        struct km_event c;
        struct xfrm_audit audit_info;
-        int err;
+        int err, err2;
        audit_info.loginuid = audit_get_loginuid(current);
        audit_info.sessionid = audit_get_sessionid(current);
        audit_info.secid = 0;
        err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
-        if (err)
+        err2 = unicast_flush_resp(sk, hdr);
+        if (err || err2) {
+                if (err == -ESRCH) /* empty table - old silent behavior */
+                        return 0;
                return err;
+        }
        c.data.type = XFRM_POLICY_TYPE_MAIN;
        c.event = XFRM_MSG_FLUSHPOLICY;
        c.pid = hdr->sadb_msg_pid;
@@ -2985,7 +2969,7 @@ static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c)
        case XFRM_MSG_NEWAE: /* not yet supported */
                break;
        default:
-                printk("pfkey: Unknown SA event %d\n", c->event);
+                pr_err("pfkey: Unknown SA event %d\n", c->event);
                break;
        }
@@ -3009,7 +2993,7 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_e
                        break;
                return key_notify_policy_flush(c);
        default:
-                printk("pfkey: Unknown policy event %d\n", c->event);
+                pr_err("pfkey: Unknown policy event %d\n", c->event);
                break;
        }
@@ -3019,12 +3003,11 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_e
 static u32 get_acqseq(void)
 {
        u32 res;
-        static u32 acqseq;
+        static atomic_t acqseq;
-        static DEFINE_SPINLOCK(acqseq_lock);
-        spin_lock_bh(&acqseq_lock);
+        do {
-        res = (++acqseq ? : ++acqseq);
+                res = atomic_inc_return(&acqseq);
-        spin_unlock_bh(&acqseq_lock);
+        } while (!res);
        return res;
 }
@@ -3655,9 +3638,8 @@ static const struct net_proto_family pfkey_family_ops = {
 #ifdef CONFIG_PROC_FS
 static int pfkey_seq_show(struct seq_file *f, void *v)
 {
-        struct sock *s;
+        struct sock *s = sk_entry(v);
-        s = (struct sock *)v;
        if (v == SEQ_START_TOKEN)
                seq_printf(f ,"sk       RefCnt Rmem   Wmem   User   Inode\n");
        else
@@ -3676,19 +3658,9 @@ static void *pfkey_seq_start(struct seq_file *f, loff_t *ppos)
 {
        struct net *net = seq_file_net(f);
        struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
-        struct sock *s;
-        struct hlist_node *node;
-        loff_t pos = *ppos;
-        read_lock(&pfkey_table_lock);
-        if (pos == 0)
-                return SEQ_START_TOKEN;
-        sk_for_each(s, node, &net_pfkey->table)
+        rcu_read_lock();
-                if (pos-- == 1)
+        return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos);
-                        return s;
-        return NULL;
 }
 static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
@@ -3696,15 +3668,12 @@ static void *pfkey_seq_next(struct seq_file *f, void *v, loff_t *ppos)
        struct net *net = seq_file_net(f);
        struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
-        ++*ppos;
+        return seq_hlist_next_rcu(v, &net_pfkey->table, ppos);
-        return (v == SEQ_START_TOKEN) ?
-                sk_head(&net_pfkey->table) :
-                        sk_next((struct sock *)v);
 }
 static void pfkey_seq_stop(struct seq_file *f, void *v)
 {
-        read_unlock(&pfkey_table_lock);
+        rcu_read_unlock();
 }
 static const struct seq_operations pfkey_seq_ops = {
@@ -3738,17 +3707,17 @@ static int __net_init pfkey_init_proc(struct net *net)
        return 0;
 }
-static void pfkey_exit_proc(struct net *net)
+static void __net_exit pfkey_exit_proc(struct net *net)
 {
        proc_net_remove(net, "pfkey");
 }
 #else
-static int __net_init pfkey_init_proc(struct net *net)
+static inline int pfkey_init_proc(struct net *net)
 {
        return 0;
 }
-static void pfkey_exit_proc(struct net *net)
+static inline void pfkey_exit_proc(struct net *net)
 {
 }
 #endif
@@ -3794,9 +3763,9 @@ static struct pernet_operations pfkey_net_ops = {
 static void __exit ipsec_pfkey_exit(void)
 {
-        unregister_pernet_subsys(&pfkey_net_ops);
        xfrm_unregister_km(&pfkeyv2_mgr);
        sock_unregister(PF_KEY);
+        unregister_pernet_subsys(&pfkey_net_ops);
        proto_unregister(&key_proto);
 }
@@ -3807,21 +3776,22 @@ static int __init ipsec_pfkey_init(void)
        if (err != 0)
                goto out;
-        err = sock_register(&pfkey_family_ops);
+        err = register_pernet_subsys(&pfkey_net_ops);
        if (err != 0)
                goto out_unregister_key_proto;
+        err = sock_register(&pfkey_family_ops);
+        if (err != 0)
+                goto out_unregister_pernet;
        err = xfrm_register_km(&pfkeyv2_mgr);
        if (err != 0)
                goto out_sock_unregister;
-        err = register_pernet_subsys(&pfkey_net_ops);
-        if (err != 0)
-                goto out_xfrm_unregister_km;
 out:
        return err;
-out_xfrm_unregister_km:
-        xfrm_unregister_km(&pfkeyv2_mgr);
 out_sock_unregister:
        sock_unregister(PF_KEY);
+out_unregister_pernet:
+        unregister_pernet_subsys(&pfkey_net_ops);
 out_unregister_key_proto:
        proto_unregister(&key_proto);
        goto out;

diff --git a/net/key/af_key.c b/net/key/af_key.c index 76fa6fef6473..43040e97c474 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c
@@ -26,6 +26,7 @@
26	#include <linux/in6.h>	26	#include <linux/in6.h>
27	#include <linux/proc_fs.h>	27	#include <linux/proc_fs.h>
28	#include <linux/init.h>	28	#include <linux/init.h>
		29	#include <linux/slab.h>
29	#include <net/net_namespace.h>	30	#include <net/net_namespace.h>
30	#include <net/netns/generic.h>	31	#include <net/netns/generic.h>
31	#include <net/xfrm.h>	32	#include <net/xfrm.h>
@@ -41,10 +42,10 @@ struct netns_pfkey {
41	struct hlist_head table;	42	struct hlist_head table;
42	atomic_t socks_nr;	43	atomic_t socks_nr;
43	};	44	};
44	static DECLARE_WAIT_QUEUE_HEAD(pfkey_table_wait);	45	static DEFINE_MUTEX(pfkey_mutex);
45	static DEFINE_RWLOCK(pfkey_table_lock);
46	static atomic_t pfkey_table_users = ATOMIC_INIT(0);
47		46
		47	#define DUMMY_MARK 0
		48	static struct xfrm_mark dummy_mark = {0, 0};
48	struct pfkey_sock {	49	struct pfkey_sock {
49	/* struct sock must be the first member of struct pfkey_sock */	50	/* struct sock must be the first member of struct pfkey_sock */
50	struct sock sk;	51	struct sock sk;
@@ -98,7 +99,7 @@ static void pfkey_sock_destruct(struct sock *sk)
98	skb_queue_purge(&sk->sk_receive_queue);	99	skb_queue_purge(&sk->sk_receive_queue);
99		100
100	if (!sock_flag(sk, SOCK_DEAD)) {	101	if (!sock_flag(sk, SOCK_DEAD)) {
101	printk("Attempt to release alive pfkey socket: %p\n", sk);	102	pr_err("Attempt to release alive pfkey socket: %p\n", sk);
102	return;	103	return;
103	}	104	}
104		105
@@ -108,50 +109,6 @@ static void pfkey_sock_destruct(struct sock *sk)
108	atomic_dec(&net_pfkey->socks_nr);	109	atomic_dec(&net_pfkey->socks_nr);
109	}	110	}
110		111
111	static void pfkey_table_grab(void)
112	{
113	write_lock_bh(&pfkey_table_lock);
114
115	if (atomic_read(&pfkey_table_users)) {
116	DECLARE_WAITQUEUE(wait, current);
117
118	add_wait_queue_exclusive(&pfkey_table_wait, &wait);
119	for(;;) {
120	set_current_state(TASK_UNINTERRUPTIBLE);
121	if (atomic_read(&pfkey_table_users) == 0)
122	break;
123	write_unlock_bh(&pfkey_table_lock);
124	schedule();
125	write_lock_bh(&pfkey_table_lock);
126	}
127
128	__set_current_state(TASK_RUNNING);
129	remove_wait_queue(&pfkey_table_wait, &wait);
130	}
131	}
132
133	static __inline__ void pfkey_table_ungrab(void)
134	{
135	write_unlock_bh(&pfkey_table_lock);
136	wake_up(&pfkey_table_wait);
137	}
138
139	static __inline__ void pfkey_lock_table(void)
140	{
141	/* read_lock() synchronizes us to pfkey_table_grab */
142
143	read_lock(&pfkey_table_lock);
144	atomic_inc(&pfkey_table_users);
145	read_unlock(&pfkey_table_lock);
146	}
147
148	static __inline__ void pfkey_unlock_table(void)
149	{
150	if (atomic_dec_and_test(&pfkey_table_users))
151	wake_up(&pfkey_table_wait);
152	}
153
154
155	static const struct proto_ops pfkey_ops;	112	static const struct proto_ops pfkey_ops;
156		113
157	static void pfkey_insert(struct sock *sk)	114	static void pfkey_insert(struct sock *sk)
@@ -159,16 +116,16 @@ static void pfkey_insert(struct sock *sk)
159	struct net *net = sock_net(sk);	116	struct net *net = sock_net(sk);
160	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);	117	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
161		118
162	pfkey_table_grab();	119	mutex_lock(&pfkey_mutex);
163	sk_add_node(sk, &net_pfkey->table);	120	sk_add_node_rcu(sk, &net_pfkey->table);
164	pfkey_table_ungrab();	121	mutex_unlock(&pfkey_mutex);
165	}	122	}
166		123
167	static void pfkey_remove(struct sock *sk)	124	static void pfkey_remove(struct sock *sk)
168	{	125	{
169	pfkey_table_grab();	126	mutex_lock(&pfkey_mutex);
170	sk_del_node_init(sk);	127	sk_del_node_init_rcu(sk);
171	pfkey_table_ungrab();	128	mutex_unlock(&pfkey_mutex);
172	}	129	}
173		130
174	static struct proto key_proto = {	131	static struct proto key_proto = {
@@ -223,6 +180,8 @@ static int pfkey_release(struct socket *sock)
223	sock_orphan(sk);	180	sock_orphan(sk);
224	sock->sk = NULL;	181	sock->sk = NULL;
225	skb_queue_purge(&sk->sk_write_queue);	182	skb_queue_purge(&sk->sk_write_queue);
		183
		184	synchronize_rcu();
226	sock_put(sk);	185	sock_put(sk);
227		186
228	return 0;	187	return 0;
@@ -277,8 +236,8 @@ static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
277	if (!skb)	236	if (!skb)
278	return -ENOMEM;	237	return -ENOMEM;
279		238
280	pfkey_lock_table();	239	rcu_read_lock();
281	sk_for_each(sk, node, &net_pfkey->table) {	240	sk_for_each_rcu(sk, node, &net_pfkey->table) {
282	struct pfkey_sock *pfk = pfkey_sk(sk);	241	struct pfkey_sock *pfk = pfkey_sk(sk);
283	int err2;	242	int err2;
284		243
@@ -309,7 +268,7 @@ static int pfkey_broadcast(struct sk_buff *skb, gfp_t allocation,
309	if ((broadcast_flags & BROADCAST_REGISTERED) && err)	268	if ((broadcast_flags & BROADCAST_REGISTERED) && err)
310	err = err2;	269	err = err2;
311	}	270	}
312	pfkey_unlock_table();	271	rcu_read_unlock();
313		272
314	if (one_sk != NULL)	273	if (one_sk != NULL)
315	err = pfkey_broadcast_one(skb, &skb2, allocation, one_sk);	274	err = pfkey_broadcast_one(skb, &skb2, allocation, one_sk);
@@ -691,7 +650,7 @@ static struct xfrm_state pfkey_xfrm_state_lookup(struct net net, struct sadb_
691	if (!xaddr)	650	if (!xaddr)
692	return NULL;	651	return NULL;
693		652
694	return xfrm_state_lookup(net, xaddr, sa->sadb_sa_spi, proto, family);	653	return xfrm_state_lookup(net, DUMMY_MARK, xaddr, sa->sadb_sa_spi, proto, family);
695	}	654	}
696		655
697	#define PFKEY_ALIGN8(a) (1 + (((a) - 1) \| (8 - 1)))	656	#define PFKEY_ALIGN8(a) (1 + (((a) - 1) \| (8 - 1)))
@@ -1360,7 +1319,7 @@ static int pfkey_getspi(struct sock sk, struct sk_buff skb, struct sadb_msg *h
1360	}	1319	}
1361		1320
1362	if (hdr->sadb_msg_seq) {	1321	if (hdr->sadb_msg_seq) {
1363	x = xfrm_find_acq_byseq(net, hdr->sadb_msg_seq);	1322	x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1364	if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) {	1323	if (x && xfrm_addr_cmp(&x->id.daddr, xdaddr, family)) {
1365	xfrm_state_put(x);	1324	xfrm_state_put(x);
1366	x = NULL;	1325	x = NULL;
@@ -1368,7 +1327,7 @@ static int pfkey_getspi(struct sock sk, struct sk_buff skb, struct sadb_msg *h
1368	}	1327	}
1369		1328
1370	if (!x)	1329	if (!x)
1371	x = xfrm_find_acq(net, mode, reqid, proto, xdaddr, xsaddr, 1, family);	1330	x = xfrm_find_acq(net, &dummy_mark, mode, reqid, proto, xdaddr, xsaddr, 1, family);
1372		1331
1373	if (x == NULL)	1332	if (x == NULL)
1374	return -ENOENT;	1333	return -ENOENT;
@@ -1417,7 +1376,7 @@ static int pfkey_acquire(struct sock sk, struct sk_buff skb, struct sadb_msg *
1417	if (hdr->sadb_msg_seq == 0 \|\| hdr->sadb_msg_errno == 0)	1376	if (hdr->sadb_msg_seq == 0 \|\| hdr->sadb_msg_errno == 0)
1418	return 0;	1377	return 0;
1419		1378
1420	x = xfrm_find_acq_byseq(net, hdr->sadb_msg_seq);	1379	x = xfrm_find_acq_byseq(net, DUMMY_MARK, hdr->sadb_msg_seq);
1421	if (x == NULL)	1380	if (x == NULL)
1422	return 0;	1381	return 0;
1423		1382
@@ -1443,7 +1402,7 @@ static inline int event2poltype(int event)
1443	case XFRM_MSG_POLEXPIRE:	1402	case XFRM_MSG_POLEXPIRE:
1444	// return SADB_X_SPDEXPIRE;	1403	// return SADB_X_SPDEXPIRE;
1445	default:	1404	default:
1446	printk("pfkey: Unknown policy event %d\n", event);	1405	pr_err("pfkey: Unknown policy event %d\n", event);
1447	break;	1406	break;
1448	}	1407	}
1449		1408
@@ -1462,7 +1421,7 @@ static inline int event2keytype(int event)
1462	case XFRM_MSG_EXPIRE:	1421	case XFRM_MSG_EXPIRE:
1463	return SADB_EXPIRE;	1422	return SADB_EXPIRE;
1464	default:	1423	default:
1465	printk("pfkey: Unknown SA event %d\n", event);	1424	pr_err("pfkey: Unknown SA event %d\n", event);
1466	break;	1425	break;
1467	}	1426	}
1468		1427
@@ -1712,6 +1671,23 @@ static int pfkey_register(struct sock sk, struct sk_buff skb, struct sadb_msg
1712	return 0;	1671	return 0;
1713	}	1672	}
1714		1673
		1674	static int unicast_flush_resp(struct sock sk, struct sadb_msg ihdr)
		1675	{
		1676	struct sk_buff *skb;
		1677	struct sadb_msg *hdr;
		1678
		1679	skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
		1680	if (!skb)
		1681	return -ENOBUFS;
		1682
		1683	hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
		1684	memcpy(hdr, ihdr, sizeof(struct sadb_msg));
		1685	hdr->sadb_msg_errno = (uint8_t) 0;
		1686	hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
		1687
		1688	return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
		1689	}
		1690
1715	static int key_notify_sa_flush(struct km_event *c)	1691	static int key_notify_sa_flush(struct km_event *c)
1716	{	1692	{
1717	struct sk_buff *skb;	1693	struct sk_buff *skb;
@@ -1740,7 +1716,7 @@ static int pfkey_flush(struct sock sk, struct sk_buff skb, struct sadb_msg *hd
1740	unsigned proto;	1716	unsigned proto;
1741	struct km_event c;	1717	struct km_event c;
1742	struct xfrm_audit audit_info;	1718	struct xfrm_audit audit_info;
1743	int err;	1719	int err, err2;
1744		1720
1745	proto = pfkey_satype2proto(hdr->sadb_msg_satype);	1721	proto = pfkey_satype2proto(hdr->sadb_msg_satype);
1746	if (proto == 0)	1722	if (proto == 0)
@@ -1750,8 +1726,13 @@ static int pfkey_flush(struct sock sk, struct sk_buff skb, struct sadb_msg *hd
1750	audit_info.sessionid = audit_get_sessionid(current);	1726	audit_info.sessionid = audit_get_sessionid(current);
1751	audit_info.secid = 0;	1727	audit_info.secid = 0;
1752	err = xfrm_state_flush(net, proto, &audit_info);	1728	err = xfrm_state_flush(net, proto, &audit_info);
1753	if (err)	1729	err2 = unicast_flush_resp(sk, hdr);
1754	return err;	1730	if (err \|\| err2) {
		1731	if (err == -ESRCH) /* empty table - go quietly */
		1732	err = 0;
		1733	return err ? err : err2;
		1734	}
		1735
1755	c.data.proto = proto;	1736	c.data.proto = proto;
1756	c.seq = hdr->sadb_msg_seq;	1737	c.seq = hdr->sadb_msg_seq;
1757	c.pid = hdr->sadb_msg_pid;	1738	c.pid = hdr->sadb_msg_pid;
@@ -2149,10 +2130,9 @@ static int key_notify_policy(struct xfrm_policy xp, int dir, struct km_event c
2149	int err;	2130	int err;
2150		2131
2151	out_skb = pfkey_xfrm_policy2msg_prep(xp);	2132	out_skb = pfkey_xfrm_policy2msg_prep(xp);
2152	if (IS_ERR(out_skb)) {	2133	if (IS_ERR(out_skb))
2153	err = PTR_ERR(out_skb);	2134	return PTR_ERR(out_skb);
2154	goto out;	2135
2155	}
2156	err = pfkey_xfrm_policy2msg(out_skb, xp, dir);	2136	err = pfkey_xfrm_policy2msg(out_skb, xp, dir);
2157	if (err < 0)	2137	if (err < 0)
2158	return err;	2138	return err;
@@ -2168,7 +2148,6 @@ static int key_notify_policy(struct xfrm_policy xp, int dir, struct km_event c
2168	out_hdr->sadb_msg_seq = c->seq;	2148	out_hdr->sadb_msg_seq = c->seq;
2169	out_hdr->sadb_msg_pid = c->pid;	2149	out_hdr->sadb_msg_pid = c->pid;
2170	pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));	2150	pfkey_broadcast(out_skb, GFP_ATOMIC, BROADCAST_ALL, NULL, xp_net(xp));
2171	out:
2172	return 0;	2151	return 0;
2173		2152
2174	}	2153	}
@@ -2346,7 +2325,7 @@ static int pfkey_spddelete(struct sock sk, struct sk_buff skb, struct sadb_msg
2346	return err;	2325	return err;
2347	}	2326	}
2348		2327
2349	xp = xfrm_policy_bysel_ctx(net, XFRM_POLICY_TYPE_MAIN,	2328	xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
2350	pol->sadb_x_policy_dir - 1, &sel, pol_ctx,	2329	pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
2351	1, &err);	2330	1, &err);
2352	security_xfrm_policy_free(pol_ctx);	2331	security_xfrm_policy_free(pol_ctx);
@@ -2594,8 +2573,8 @@ static int pfkey_spdget(struct sock sk, struct sk_buff skb, struct sadb_msg *h
2594	return -EINVAL;	2573	return -EINVAL;
2595		2574
2596	delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);	2575	delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2597	xp = xfrm_policy_byid(net, XFRM_POLICY_TYPE_MAIN, dir,	2576	xp = xfrm_policy_byid(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
2598	pol->sadb_x_policy_id, delete, &err);	2577	dir, pol->sadb_x_policy_id, delete, &err);
2599	if (xp == NULL)	2578	if (xp == NULL)
2600	return -ENOENT;	2579	return -ENOENT;
2601		2580
@@ -2706,14 +2685,19 @@ static int pfkey_spdflush(struct sock sk, struct sk_buff skb, struct sadb_msg
2706	struct net *net = sock_net(sk);	2685	struct net *net = sock_net(sk);
2707	struct km_event c;	2686	struct km_event c;
2708	struct xfrm_audit audit_info;	2687	struct xfrm_audit audit_info;
2709	int err;	2688	int err, err2;
2710		2689
2711	audit_info.loginuid = audit_get_loginuid(current);	2690	audit_info.loginuid = audit_get_loginuid(current);
2712	audit_info.sessionid = audit_get_sessionid(current);	2691	audit_info.sessionid = audit_get_sessionid(current);
2713	audit_info.secid = 0;	2692	audit_info.secid = 0;
2714	err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);	2693	err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
2715	if (err)	2694	err2 = unicast_flush_resp(sk, hdr);
		2695	if (err \|\| err2) {
		2696	if (err == -ESRCH) /* empty table - old silent behavior */
		2697	return 0;
2716	return err;	2698	return err;
		2699	}
		2700
2717	c.data.type = XFRM_POLICY_TYPE_MAIN;	2701	c.data.type = XFRM_POLICY_TYPE_MAIN;
2718	c.event = XFRM_MSG_FLUSHPOLICY;	2702	c.event = XFRM_MSG_FLUSHPOLICY;
2719	c.pid = hdr->sadb_msg_pid;	2703	c.pid = hdr->sadb_msg_pid;
@@ -2985,7 +2969,7 @@ static int pfkey_send_notify(struct xfrm_state x, struct km_event c)
2985	case XFRM_MSG_NEWAE: /* not yet supported */	2969	case XFRM_MSG_NEWAE: /* not yet supported */
2986	break;	2970	break;
2987	default:	2971	default:
2988	printk("pfkey: Unknown SA event %d\n", c->event);	2972	pr_err("pfkey: Unknown SA event %d\n", c->event);
2989	break;	2973	break;
2990	}	2974	}
2991		2975
@@ -3009,7 +2993,7 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_e
3009	break;	2993	break;
3010	return key_notify_policy_flush(c);	2994	return key_notify_policy_flush(c);
3011	default:	2995	default:
3012	printk("pfkey: Unknown policy event %d\n", c->event);	2996	pr_err("pfkey: Unknown policy event %d\n", c->event);
3013	break;	2997	break;
3014	}	2998	}
3015		2999
@@ -3019,12 +3003,11 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_e
3019	static u32 get_acqseq(void)	3003	static u32 get_acqseq(void)
3020	{	3004	{
3021	u32 res;	3005	u32 res;
3022	static u32 acqseq;	3006	static atomic_t acqseq;
3023	static DEFINE_SPINLOCK(acqseq_lock);
3024		3007
3025	spin_lock_bh(&acqseq_lock);	3008	do {
3026	res = (++acqseq ? : ++acqseq);	3009	res = atomic_inc_return(&acqseq);
3027	spin_unlock_bh(&acqseq_lock);	3010	} while (!res);
3028	return res;	3011	return res;
3029	}	3012	}
3030		3013
@@ -3655,9 +3638,8 @@ static const struct net_proto_family pfkey_family_ops = {
3655	#ifdef CONFIG_PROC_FS	3638	#ifdef CONFIG_PROC_FS
3656	static int pfkey_seq_show(struct seq_file f, void v)	3639	static int pfkey_seq_show(struct seq_file f, void v)
3657	{	3640	{
3658	struct sock *s;	3641	struct sock *s = sk_entry(v);
3659		3642
3660	s = (struct sock *)v;
3661	if (v == SEQ_START_TOKEN)	3643	if (v == SEQ_START_TOKEN)
3662	seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");	3644	seq_printf(f ,"sk RefCnt Rmem Wmem User Inode\n");
3663	else	3645	else
@@ -3676,19 +3658,9 @@ static void pfkey_seq_start(struct seq_file f, loff_t *ppos)
3676	{	3658	{
3677	struct net *net = seq_file_net(f);	3659	struct net *net = seq_file_net(f);
3678	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);	3660	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3679	struct sock *s;
3680	struct hlist_node *node;
3681	loff_t pos = *ppos;
3682
3683	read_lock(&pfkey_table_lock);
3684	if (pos == 0)
3685	return SEQ_START_TOKEN;
3686		3661
3687	sk_for_each(s, node, &net_pfkey->table)	3662	rcu_read_lock();
3688	if (pos-- == 1)	3663	return seq_hlist_start_head_rcu(&net_pfkey->table, *ppos);
3689	return s;
3690
3691	return NULL;
3692	}	3664	}
3693		3665
3694	static void pfkey_seq_next(struct seq_file f, void v, loff_t ppos)	3666	static void pfkey_seq_next(struct seq_file f, void v, loff_t ppos)
@@ -3696,15 +3668,12 @@ static void pfkey_seq_next(struct seq_file f, void v, loff_t ppos)
3696	struct net *net = seq_file_net(f);	3668	struct net *net = seq_file_net(f);
3697	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);	3669	struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
3698		3670
3699	++*ppos;	3671	return seq_hlist_next_rcu(v, &net_pfkey->table, ppos);
3700	return (v == SEQ_START_TOKEN) ?
3701	sk_head(&net_pfkey->table) :
3702	sk_next((struct sock *)v);
3703	}	3672	}
3704		3673
3705	static void pfkey_seq_stop(struct seq_file f, void v)	3674	static void pfkey_seq_stop(struct seq_file f, void v)
3706	{	3675	{
3707	read_unlock(&pfkey_table_lock);	3676	rcu_read_unlock();
3708	}	3677	}
3709		3678
3710	static const struct seq_operations pfkey_seq_ops = {	3679	static const struct seq_operations pfkey_seq_ops = {
@@ -3738,17 +3707,17 @@ static int __net_init pfkey_init_proc(struct net *net)
3738	return 0;	3707	return 0;
3739	}	3708	}
3740		3709
3741	static void pfkey_exit_proc(struct net *net)	3710	static void __net_exit pfkey_exit_proc(struct net *net)
3742	{	3711	{
3743	proc_net_remove(net, "pfkey");	3712	proc_net_remove(net, "pfkey");
3744	}	3713	}
3745	#else	3714	#else
3746	static int __net_init pfkey_init_proc(struct net *net)	3715	static inline int pfkey_init_proc(struct net *net)
3747	{	3716	{
3748	return 0;	3717	return 0;
3749	}	3718	}
3750		3719
3751	static void pfkey_exit_proc(struct net *net)	3720	static inline void pfkey_exit_proc(struct net *net)
3752	{	3721	{
3753	}	3722	}
3754	#endif	3723	#endif
@@ -3794,9 +3763,9 @@ static struct pernet_operations pfkey_net_ops = {
3794		3763
3795	static void __exit ipsec_pfkey_exit(void)	3764	static void __exit ipsec_pfkey_exit(void)
3796	{	3765	{
3797	unregister_pernet_subsys(&pfkey_net_ops);
3798	xfrm_unregister_km(&pfkeyv2_mgr);	3766	xfrm_unregister_km(&pfkeyv2_mgr);
3799	sock_unregister(PF_KEY);	3767	sock_unregister(PF_KEY);
		3768	unregister_pernet_subsys(&pfkey_net_ops);
3800	proto_unregister(&key_proto);	3769	proto_unregister(&key_proto);
3801	}	3770	}
3802		3771
@@ -3807,21 +3776,22 @@ static int __init ipsec_pfkey_init(void)
3807	if (err != 0)	3776	if (err != 0)
3808	goto out;	3777	goto out;
3809		3778
3810	err = sock_register(&pfkey_family_ops);	3779	err = register_pernet_subsys(&pfkey_net_ops);
3811	if (err != 0)	3780	if (err != 0)
3812	goto out_unregister_key_proto;	3781	goto out_unregister_key_proto;
		3782	err = sock_register(&pfkey_family_ops);
		3783	if (err != 0)
		3784	goto out_unregister_pernet;
3813	err = xfrm_register_km(&pfkeyv2_mgr);	3785	err = xfrm_register_km(&pfkeyv2_mgr);
3814	if (err != 0)	3786	if (err != 0)
3815	goto out_sock_unregister;	3787	goto out_sock_unregister;
3816	err = register_pernet_subsys(&pfkey_net_ops);
3817	if (err != 0)
3818	goto out_xfrm_unregister_km;
3819	out:	3788	out:
3820	return err;	3789	return err;
3821	out_xfrm_unregister_km:	3790
3822	xfrm_unregister_km(&pfkeyv2_mgr);
3823	out_sock_unregister:	3791	out_sock_unregister:
3824	sock_unregister(PF_KEY);	3792	sock_unregister(PF_KEY);
		3793	out_unregister_pernet:
		3794	unregister_pernet_subsys(&pfkey_net_ops);
3825	out_unregister_key_proto:	3795	out_unregister_key_proto:
3826	proto_unregister(&key_proto);	3796	proto_unregister(&key_proto);
3827	goto out;	3797	goto out;