1 files changed, 11 insertions, 12 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 6db58924368a..1fb0fe42a72e 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2292,7 +2292,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
                        goto out;
                }
-                err = security_xfrm_policy_alloc(xp, uctx);
+                err = security_xfrm_policy_alloc(&xp->security, uctx);
                kfree(uctx);
                if (err)
@@ -2352,10 +2352,11 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
        int err;
        struct sadb_address *sa;
        struct sadb_x_policy *pol;
-        struct xfrm_policy *xp, tmp;
+        struct xfrm_policy *xp;
        struct xfrm_selector sel;
        struct km_event c;
        struct sadb_x_sec_ctx *sec_ctx;
+        struct xfrm_sec_ctx *pol_ctx;
        if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
                                     ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
@@ -2385,25 +2386,23 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
                sel.dport_mask = htons(0xffff);
        sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1];
-        memset(&tmp, 0, sizeof(struct xfrm_policy));
        if (sec_ctx != NULL) {
                struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
                if (!uctx)
                        return -ENOMEM;
-                err = security_xfrm_policy_alloc(&tmp, uctx);
+                err = security_xfrm_policy_alloc(&pol_ctx, uctx);
                kfree(uctx);
                if (err)
                        return err;
-        }
+        } else
+                pol_ctx = NULL;
-        xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1,
-                                   &sel, tmp.security, 1, &err);
-        security_xfrm_policy_free(&tmp);
+        xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN,
+                                   pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
+                                   1, &err);
+        security_xfrm_policy_free(pol_ctx);
        if (xp == NULL)
                return -ENOENT;
@@ -3298,7 +3297,7 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
                if ((*dir = verify_sec_ctx_len(p)))
                        goto out;
                uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
-                *dir = security_xfrm_policy_alloc(xp, uctx);
+                *dir = security_xfrm_policy_alloc(&xp->security, uctx);
                kfree(uctx);
                if (*dir)

diff --git a/net/key/af_key.c b/net/key/af_key.c index 6db58924368a..1fb0fe42a72e 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c
@@ -2292,7 +2292,7 @@ static int pfkey_spdadd(struct sock sk, struct sk_buff skb, struct sadb_msg *h
2292	goto out;	2292	goto out;
2293	}	2293	}
2294		2294
2295	err = security_xfrm_policy_alloc(xp, uctx);	2295	err = security_xfrm_policy_alloc(&xp->security, uctx);
2296	kfree(uctx);	2296	kfree(uctx);
2297		2297
2298	if (err)	2298	if (err)
@@ -2352,10 +2352,11 @@ static int pfkey_spddelete(struct sock sk, struct sk_buff skb, struct sadb_msg
2352	int err;	2352	int err;
2353	struct sadb_address *sa;	2353	struct sadb_address *sa;
2354	struct sadb_x_policy *pol;	2354	struct sadb_x_policy *pol;
2355	struct xfrm_policy *xp, tmp;	2355	struct xfrm_policy *xp;
2356	struct xfrm_selector sel;	2356	struct xfrm_selector sel;
2357	struct km_event c;	2357	struct km_event c;
2358	struct sadb_x_sec_ctx *sec_ctx;	2358	struct sadb_x_sec_ctx *sec_ctx;
		2359	struct xfrm_sec_ctx *pol_ctx;
2359		2360
2360	if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],	2361	if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
2361	ext_hdrs[SADB_EXT_ADDRESS_DST-1]) \|\|	2362	ext_hdrs[SADB_EXT_ADDRESS_DST-1]) \|\|
@@ -2385,25 +2386,23 @@ static int pfkey_spddelete(struct sock sk, struct sk_buff skb, struct sadb_msg
2385	sel.dport_mask = htons(0xffff);	2386	sel.dport_mask = htons(0xffff);
2386		2387
2387	sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1];	2388	sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1];
2388	memset(&tmp, 0, sizeof(struct xfrm_policy));
2389
2390	if (sec_ctx != NULL) {	2389	if (sec_ctx != NULL) {
2391	struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);	2390	struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
2392		2391
2393	if (!uctx)	2392	if (!uctx)
2394	return -ENOMEM;	2393	return -ENOMEM;
2395		2394
2396	err = security_xfrm_policy_alloc(&tmp, uctx);	2395	err = security_xfrm_policy_alloc(&pol_ctx, uctx);
2397	kfree(uctx);	2396	kfree(uctx);
2398
2399	if (err)	2397	if (err)
2400	return err;	2398	return err;
2401	}	2399	} else
2402		2400	pol_ctx = NULL;
2403	xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1,
2404	&sel, tmp.security, 1, &err);
2405	security_xfrm_policy_free(&tmp);
2406		2401
		2402	xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN,
		2403	pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
		2404	1, &err);
		2405	security_xfrm_policy_free(pol_ctx);
2407	if (xp == NULL)	2406	if (xp == NULL)
2408	return -ENOENT;	2407	return -ENOENT;
2409		2408
@@ -3298,7 +3297,7 @@ static struct xfrm_policy pfkey_compile_policy(struct sock sk, int opt,
3298	if ((*dir = verify_sec_ctx_len(p)))	3297	if ((*dir = verify_sec_ctx_len(p)))
3299	goto out;	3298	goto out;
3300	uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);	3299	uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
3301	*dir = security_xfrm_policy_alloc(xp, uctx);	3300	*dir = security_xfrm_policy_alloc(&xp->security, uctx);
3302	kfree(uctx);	3301	kfree(uctx);
3303		3302
3304	if (*dir)	3303	if (*dir)