aboutsummaryrefslogtreecommitdiffstats
path: root/net/key
diff options
context:
space:
mode:
Diffstat (limited to 'net/key')
-rw-r--r--net/key/af_key.c26
1 files changed, 14 insertions, 12 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 1c58204d767e..a4e7e2db0ff3 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1467,9 +1467,6 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
1467 1467
1468 err = xfrm_state_delete(x); 1468 err = xfrm_state_delete(x);
1469 1469
1470 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
1471 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
1472
1473 if (err < 0) 1470 if (err < 0)
1474 goto out; 1471 goto out;
1475 1472
@@ -1478,6 +1475,8 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
1478 c.event = XFRM_MSG_DELSA; 1475 c.event = XFRM_MSG_DELSA;
1479 km_state_notify(x, &c); 1476 km_state_notify(x, &c);
1480out: 1477out:
1478 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
1479 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
1481 xfrm_state_put(x); 1480 xfrm_state_put(x);
1482 1481
1483 return err; 1482 return err;
@@ -2294,14 +2293,12 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2294 } 2293 }
2295 2294
2296 xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1, 2295 xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1,
2297 &sel, tmp.security, 1); 2296 &sel, tmp.security, 1, &err);
2298 security_xfrm_policy_free(&tmp); 2297 security_xfrm_policy_free(&tmp);
2299 2298
2300 if (xp == NULL) 2299 if (xp == NULL)
2301 return -ENOENT; 2300 return -ENOENT;
2302 2301
2303 err = security_xfrm_policy_delete(xp);
2304
2305 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 2302 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
2306 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 2303 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
2307 2304
@@ -2539,7 +2536,7 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb,
2539static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2536static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
2540{ 2537{
2541 unsigned int dir; 2538 unsigned int dir;
2542 int err; 2539 int err = 0, delete;
2543 struct sadb_x_policy *pol; 2540 struct sadb_x_policy *pol;
2544 struct xfrm_policy *xp; 2541 struct xfrm_policy *xp;
2545 struct km_event c; 2542 struct km_event c;
@@ -2551,16 +2548,20 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2551 if (dir >= XFRM_POLICY_MAX) 2548 if (dir >= XFRM_POLICY_MAX)
2552 return -EINVAL; 2549 return -EINVAL;
2553 2550
2551 delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
2554 xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id, 2552 xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id,
2555 hdr->sadb_msg_type == SADB_X_SPDDELETE2); 2553 delete, &err);
2556 if (xp == NULL) 2554 if (xp == NULL)
2557 return -ENOENT; 2555 return -ENOENT;
2558 2556
2559 err = 0; 2557 if (delete) {
2558 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
2559 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
2560 2560
2561 c.seq = hdr->sadb_msg_seq; 2561 if (err)
2562 c.pid = hdr->sadb_msg_pid; 2562 goto out;
2563 if (hdr->sadb_msg_type == SADB_X_SPDDELETE2) { 2563 c.seq = hdr->sadb_msg_seq;
2564 c.pid = hdr->sadb_msg_pid;
2564 c.data.byid = 1; 2565 c.data.byid = 1;
2565 c.event = XFRM_MSG_DELPOLICY; 2566 c.event = XFRM_MSG_DELPOLICY;
2566 km_policy_notify(xp, dir, &c); 2567 km_policy_notify(xp, dir, &c);
@@ -2568,6 +2569,7 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2568 err = key_pol_get_resp(sk, xp, hdr, dir); 2569 err = key_pol_get_resp(sk, xp, hdr, dir);
2569 } 2570 }
2570 2571
2572out:
2571 xfrm_pol_put(xp); 2573 xfrm_pol_put(xp);
2572 return err; 2574 return err;
2573} 2575}
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-05 18:08:39 -0500