1 files changed, 49 insertions, 55 deletions
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
index 6bb1d42f0fac..85d842e6e431 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -84,15 +84,15 @@ static void netlbl_domhsh_free_entry(struct rcu_head *entry)
 #endif /* IPv6 */
        ptr = container_of(entry, struct netlbl_dom_map, rcu);
-        if (ptr->type == NETLBL_NLTYPE_ADDRSELECT) {
+        if (ptr->def.type == NETLBL_NLTYPE_ADDRSELECT) {
                netlbl_af4list_foreach_safe(iter4, tmp4,
-                                            &ptr->type_def.addrsel->list4) {
+                                            &ptr->def.addrsel->list4) {
                        netlbl_af4list_remove_entry(iter4);
                        kfree(netlbl_domhsh_addr4_entry(iter4));
                }
 #if IS_ENABLED(CONFIG_IPV6)
                netlbl_af6list_foreach_safe(iter6, tmp6,
-                                            &ptr->type_def.addrsel->list6) {
+                                            &ptr->def.addrsel->list6) {
                        netlbl_af6list_remove_entry(iter6);
                        kfree(netlbl_domhsh_addr6_entry(iter6));
                }
@@ -213,21 +213,21 @@ static void netlbl_domhsh_audit_add(struct netlbl_dom_map *entry,
                if (addr4 != NULL) {
                        struct netlbl_domaddr4_map *map4;
                        map4 = netlbl_domhsh_addr4_entry(addr4);
-                        type = map4->type;
+                        type = map4->def.type;
-                        cipsov4 = map4->type_def.cipsov4;
+                        cipsov4 = map4->def.cipso;
                        netlbl_af4list_audit_addr(audit_buf, 0, NULL,
                                                  addr4->addr, addr4->mask);
 #if IS_ENABLED(CONFIG_IPV6)
                } else if (addr6 != NULL) {
                        struct netlbl_domaddr6_map *map6;
                        map6 = netlbl_domhsh_addr6_entry(addr6);
-                        type = map6->type;
+                        type = map6->def.type;
                        netlbl_af6list_audit_addr(audit_buf, 0, NULL,
                                                  &addr6->addr, &addr6->mask);
 #endif /* IPv6 */
                } else {
-                        type = entry->type;
+                        type = entry->def.type;
-                        cipsov4 = entry->type_def.cipsov4;
+                        cipsov4 = entry->def.cipso;
                }
                switch (type) {
                case NETLBL_NLTYPE_UNLABELED:
@@ -265,26 +265,25 @@ static int netlbl_domhsh_validate(const struct netlbl_dom_map *entry)
        if (entry == NULL)
                return -EINVAL;
-        switch (entry->type) {
+        switch (entry->def.type) {
        case NETLBL_NLTYPE_UNLABELED:
-                if (entry->type_def.cipsov4 != NULL ||
+                if (entry->def.cipso != NULL || entry->def.addrsel != NULL)
-                    entry->type_def.addrsel != NULL)
                        return -EINVAL;
                break;
        case NETLBL_NLTYPE_CIPSOV4:
-                if (entry->type_def.cipsov4 == NULL)
+                if (entry->def.cipso == NULL)
                        return -EINVAL;
                break;
        case NETLBL_NLTYPE_ADDRSELECT:
-                netlbl_af4list_foreach(iter4, &entry->type_def.addrsel->list4) {
+                netlbl_af4list_foreach(iter4, &entry->def.addrsel->list4) {
                        map4 = netlbl_domhsh_addr4_entry(iter4);
-                        switch (map4->type) {
+                        switch (map4->def.type) {
                        case NETLBL_NLTYPE_UNLABELED:
-                                if (map4->type_def.cipsov4 != NULL)
+                                if (map4->def.cipso != NULL)
                                        return -EINVAL;
                                break;
                        case NETLBL_NLTYPE_CIPSOV4:
-                                if (map4->type_def.cipsov4 == NULL)
+                                if (map4->def.cipso == NULL)
                                        return -EINVAL;
                                break;
                        default:
@@ -292,9 +291,9 @@ static int netlbl_domhsh_validate(const struct netlbl_dom_map *entry)
                        }
                }
 #if IS_ENABLED(CONFIG_IPV6)
-                netlbl_af6list_foreach(iter6, &entry->type_def.addrsel->list6) {
+                netlbl_af6list_foreach(iter6, &entry->def.addrsel->list6) {
                        map6 = netlbl_domhsh_addr6_entry(iter6);
-                        switch (map6->type) {
+                        switch (map6->def.type) {
                        case NETLBL_NLTYPE_UNLABELED:
                                break;
                        default:
@@ -402,32 +401,31 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
                        rcu_assign_pointer(netlbl_domhsh_def, entry);
                }
-                if (entry->type == NETLBL_NLTYPE_ADDRSELECT) {
+                if (entry->def.type == NETLBL_NLTYPE_ADDRSELECT) {
                        netlbl_af4list_foreach_rcu(iter4,
-                                               &entry->type_def.addrsel->list4)
+                                                   &entry->def.addrsel->list4)
                                netlbl_domhsh_audit_add(entry, iter4, NULL,
                                                        ret_val, audit_info);
 #if IS_ENABLED(CONFIG_IPV6)
                        netlbl_af6list_foreach_rcu(iter6,
-                                               &entry->type_def.addrsel->list6)
+                                                   &entry->def.addrsel->list6)
                                netlbl_domhsh_audit_add(entry, NULL, iter6,
                                                        ret_val, audit_info);
 #endif /* IPv6 */
                } else
                        netlbl_domhsh_audit_add(entry, NULL, NULL,
                                                ret_val, audit_info);
-        } else if (entry_old->type == NETLBL_NLTYPE_ADDRSELECT &&
+        } else if (entry_old->def.type == NETLBL_NLTYPE_ADDRSELECT &&
-                   entry->type == NETLBL_NLTYPE_ADDRSELECT) {
+                   entry->def.type == NETLBL_NLTYPE_ADDRSELECT) {
                struct list_head *old_list4;
                struct list_head *old_list6;
-                old_list4 = &entry_old->type_def.addrsel->list4;
+                old_list4 = &entry_old->def.addrsel->list4;
-                old_list6 = &entry_old->type_def.addrsel->list6;
+                old_list6 = &entry_old->def.addrsel->list6;
                /* we only allow the addition of address selectors if all of
                 * the selectors do not exist in the existing domain map */
-                netlbl_af4list_foreach_rcu(iter4,
+                netlbl_af4list_foreach_rcu(iter4, &entry->def.addrsel->list4)
-                                           &entry->type_def.addrsel->list4)
                        if (netlbl_af4list_search_exact(iter4->addr,
                                                        iter4->mask,
                                                        old_list4)) {
@@ -435,8 +433,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
                                goto add_return;
                        }
 #if IS_ENABLED(CONFIG_IPV6)
-                netlbl_af6list_foreach_rcu(iter6,
+                netlbl_af6list_foreach_rcu(iter6, &entry->def.addrsel->list6)
-                                           &entry->type_def.addrsel->list6)
                        if (netlbl_af6list_search_exact(&iter6->addr,
                                                        &iter6->mask,
                                                        old_list6)) {
@@ -446,7 +443,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
 #endif /* IPv6 */
                netlbl_af4list_foreach_safe(iter4, tmp4,
-                                            &entry->type_def.addrsel->list4) {
+                                            &entry->def.addrsel->list4) {
                        netlbl_af4list_remove_entry(iter4);
                        iter4->valid = 1;
                        ret_val = netlbl_af4list_add(iter4, old_list4);
@@ -457,7 +454,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
                }
 #if IS_ENABLED(CONFIG_IPV6)
                netlbl_af6list_foreach_safe(iter6, tmp6,
-                                            &entry->type_def.addrsel->list6) {
+                                            &entry->def.addrsel->list6) {
                        netlbl_af6list_remove_entry(iter6);
                        iter6->valid = 1;
                        ret_val = netlbl_af6list_add(iter6, old_list6);
@@ -538,18 +535,18 @@ int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry,
                struct netlbl_af4list *iter4;
                struct netlbl_domaddr4_map *map4;
-                switch (entry->type) {
+                switch (entry->def.type) {
                case NETLBL_NLTYPE_ADDRSELECT:
                        netlbl_af4list_foreach_rcu(iter4,
-                                             &entry->type_def.addrsel->list4) {
+                                             &entry->def.addrsel->list4) {
                                map4 = netlbl_domhsh_addr4_entry(iter4);
-                                cipso_v4_doi_putdef(map4->type_def.cipsov4);
+                                cipso_v4_doi_putdef(map4->def.cipso);
                        }
                        /* no need to check the IPv6 list since we currently
                         * support only unlabeled protocols for IPv6 */
                        break;
                case NETLBL_NLTYPE_CIPSOV4:
-                        cipso_v4_doi_putdef(entry->type_def.cipsov4);
+                        cipso_v4_doi_putdef(entry->def.cipso);
                        break;
                }
                call_rcu(&entry->rcu, netlbl_domhsh_free_entry);
@@ -590,20 +587,21 @@ int netlbl_domhsh_remove_af4(const char *domain,
                entry_map = netlbl_domhsh_search(domain);
        else
                entry_map = netlbl_domhsh_search_def(domain);
-        if (entry_map == NULL || entry_map->type != NETLBL_NLTYPE_ADDRSELECT)
+        if (entry_map == NULL ||
+            entry_map->def.type != NETLBL_NLTYPE_ADDRSELECT)
                goto remove_af4_failure;
        spin_lock(&netlbl_domhsh_lock);
        entry_addr = netlbl_af4list_remove(addr->s_addr, mask->s_addr,
-                                           &entry_map->type_def.addrsel->list4);
+                                           &entry_map->def.addrsel->list4);
        spin_unlock(&netlbl_domhsh_lock);
        if (entry_addr == NULL)
                goto remove_af4_failure;
-        netlbl_af4list_foreach_rcu(iter4, &entry_map->type_def.addrsel->list4)
+        netlbl_af4list_foreach_rcu(iter4, &entry_map->def.addrsel->list4)
                goto remove_af4_single_addr;
 #if IS_ENABLED(CONFIG_IPV6)
-        netlbl_af6list_foreach_rcu(iter6, &entry_map->type_def.addrsel->list6)
+        netlbl_af6list_foreach_rcu(iter6, &entry_map->def.addrsel->list6)
                goto remove_af4_single_addr;
 #endif /* IPv6 */
        /* the domain mapping is empty so remove it from the mapping table */
@@ -616,7 +614,7 @@ remove_af4_single_addr:
         * shouldn't be a problem */
        synchronize_rcu();
        entry = netlbl_domhsh_addr4_entry(entry_addr);
-        cipso_v4_doi_putdef(entry->type_def.cipsov4);
+        cipso_v4_doi_putdef(entry->def.cipso);
        kfree(entry);
        return 0;
@@ -693,8 +691,8 @@ struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain)
 * responsible for ensuring that rcu_read_[un]lock() is called.
 *
 */
-struct netlbl_domaddr4_map *netlbl_domhsh_getentry_af4(const char *domain,
+struct netlbl_dommap_def *netlbl_domhsh_getentry_af4(const char *domain,
-                                                       __be32 addr)
+                                                     __be32 addr)
 {
        struct netlbl_dom_map *dom_iter;
        struct netlbl_af4list *addr_iter;
@@ -702,15 +700,13 @@ struct netlbl_domaddr4_map *netlbl_domhsh_getentry_af4(const char *domain,
        dom_iter = netlbl_domhsh_search_def(domain);
        if (dom_iter == NULL)
                return NULL;
-        if (dom_iter->type != NETLBL_NLTYPE_ADDRSELECT)
-                return NULL;
-        addr_iter = netlbl_af4list_search(addr,
+        if (dom_iter->def.type != NETLBL_NLTYPE_ADDRSELECT)
-                                          &dom_iter->type_def.addrsel->list4);
+                return &dom_iter->def;
+        addr_iter = netlbl_af4list_search(addr, &dom_iter->def.addrsel->list4);
        if (addr_iter == NULL)
                return NULL;
+        return &(netlbl_domhsh_addr4_entry(addr_iter)->def);
-        return netlbl_domhsh_addr4_entry(addr_iter);
 }
 #if IS_ENABLED(CONFIG_IPV6)
@@ -725,7 +721,7 @@ struct netlbl_domaddr4_map *netlbl_domhsh_getentry_af4(const char *domain,
 * responsible for ensuring that rcu_read_[un]lock() is called.
 *
 */
-struct netlbl_domaddr6_map *netlbl_domhsh_getentry_af6(const char *domain,
+struct netlbl_dommap_def *netlbl_domhsh_getentry_af6(const char *domain,
                                                   const struct in6_addr *addr)
 {
        struct netlbl_dom_map *dom_iter;
@@ -734,15 +730,13 @@ struct netlbl_domaddr6_map *netlbl_domhsh_getentry_af6(const char *domain,
        dom_iter = netlbl_domhsh_search_def(domain);
        if (dom_iter == NULL)
                return NULL;
-        if (dom_iter->type != NETLBL_NLTYPE_ADDRSELECT)
-                return NULL;
-        addr_iter = netlbl_af6list_search(addr,
+        if (dom_iter->def.type != NETLBL_NLTYPE_ADDRSELECT)
-                                          &dom_iter->type_def.addrsel->list6);
+                return &dom_iter->def;
+        addr_iter = netlbl_af6list_search(addr, &dom_iter->def.addrsel->list6);
        if (addr_iter == NULL)
                return NULL;
+        return &(netlbl_domhsh_addr6_entry(addr_iter)->def);
-        return netlbl_domhsh_addr6_entry(addr_iter);
 }
 #endif /* IPv6 */

diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c index 6bb1d42f0fac..85d842e6e431 100644 --- a/net/netlabel/netlabel_domainhash.c +++ b/net/netlabel/netlabel_domainhash.c
@@ -84,15 +84,15 @@ static void netlbl_domhsh_free_entry(struct rcu_head *entry)
84	#endif /* IPv6 */	84	#endif /* IPv6 */
85		85
86	ptr = container_of(entry, struct netlbl_dom_map, rcu);	86	ptr = container_of(entry, struct netlbl_dom_map, rcu);
87	if (ptr->type == NETLBL_NLTYPE_ADDRSELECT) {	87	if (ptr->def.type == NETLBL_NLTYPE_ADDRSELECT) {
88	netlbl_af4list_foreach_safe(iter4, tmp4,	88	netlbl_af4list_foreach_safe(iter4, tmp4,
89	&ptr->type_def.addrsel->list4) {	89	&ptr->def.addrsel->list4) {
90	netlbl_af4list_remove_entry(iter4);	90	netlbl_af4list_remove_entry(iter4);
91	kfree(netlbl_domhsh_addr4_entry(iter4));	91	kfree(netlbl_domhsh_addr4_entry(iter4));
92	}	92	}
93	#if IS_ENABLED(CONFIG_IPV6)	93	#if IS_ENABLED(CONFIG_IPV6)
94	netlbl_af6list_foreach_safe(iter6, tmp6,	94	netlbl_af6list_foreach_safe(iter6, tmp6,
95	&ptr->type_def.addrsel->list6) {	95	&ptr->def.addrsel->list6) {
96	netlbl_af6list_remove_entry(iter6);	96	netlbl_af6list_remove_entry(iter6);
97	kfree(netlbl_domhsh_addr6_entry(iter6));	97	kfree(netlbl_domhsh_addr6_entry(iter6));
98	}	98	}
@@ -213,21 +213,21 @@ static void netlbl_domhsh_audit_add(struct netlbl_dom_map *entry,
213	if (addr4 != NULL) {	213	if (addr4 != NULL) {
214	struct netlbl_domaddr4_map *map4;	214	struct netlbl_domaddr4_map *map4;
215	map4 = netlbl_domhsh_addr4_entry(addr4);	215	map4 = netlbl_domhsh_addr4_entry(addr4);
216	type = map4->type;	216	type = map4->def.type;
217	cipsov4 = map4->type_def.cipsov4;	217	cipsov4 = map4->def.cipso;
218	netlbl_af4list_audit_addr(audit_buf, 0, NULL,	218	netlbl_af4list_audit_addr(audit_buf, 0, NULL,
219	addr4->addr, addr4->mask);	219	addr4->addr, addr4->mask);
220	#if IS_ENABLED(CONFIG_IPV6)	220	#if IS_ENABLED(CONFIG_IPV6)
221	} else if (addr6 != NULL) {	221	} else if (addr6 != NULL) {
222	struct netlbl_domaddr6_map *map6;	222	struct netlbl_domaddr6_map *map6;
223	map6 = netlbl_domhsh_addr6_entry(addr6);	223	map6 = netlbl_domhsh_addr6_entry(addr6);
224	type = map6->type;	224	type = map6->def.type;
225	netlbl_af6list_audit_addr(audit_buf, 0, NULL,	225	netlbl_af6list_audit_addr(audit_buf, 0, NULL,
226	&addr6->addr, &addr6->mask);	226	&addr6->addr, &addr6->mask);
227	#endif /* IPv6 */	227	#endif /* IPv6 */
228	} else {	228	} else {
229	type = entry->type;	229	type = entry->def.type;
230	cipsov4 = entry->type_def.cipsov4;	230	cipsov4 = entry->def.cipso;
231	}	231	}
232	switch (type) {	232	switch (type) {
233	case NETLBL_NLTYPE_UNLABELED:	233	case NETLBL_NLTYPE_UNLABELED:
@@ -265,26 +265,25 @@ static int netlbl_domhsh_validate(const struct netlbl_dom_map *entry)
265	if (entry == NULL)	265	if (entry == NULL)
266	return -EINVAL;	266	return -EINVAL;
267		267
268	switch (entry->type) {	268	switch (entry->def.type) {
269	case NETLBL_NLTYPE_UNLABELED:	269	case NETLBL_NLTYPE_UNLABELED:
270	if (entry->type_def.cipsov4 != NULL \|\|	270	if (entry->def.cipso != NULL \|\| entry->def.addrsel != NULL)
271	entry->type_def.addrsel != NULL)
272	return -EINVAL;	271	return -EINVAL;
273	break;	272	break;
274	case NETLBL_NLTYPE_CIPSOV4:	273	case NETLBL_NLTYPE_CIPSOV4:
275	if (entry->type_def.cipsov4 == NULL)	274	if (entry->def.cipso == NULL)
276	return -EINVAL;	275	return -EINVAL;
277	break;	276	break;
278	case NETLBL_NLTYPE_ADDRSELECT:	277	case NETLBL_NLTYPE_ADDRSELECT:
279	netlbl_af4list_foreach(iter4, &entry->type_def.addrsel->list4) {	278	netlbl_af4list_foreach(iter4, &entry->def.addrsel->list4) {
280	map4 = netlbl_domhsh_addr4_entry(iter4);	279	map4 = netlbl_domhsh_addr4_entry(iter4);
281	switch (map4->type) {	280	switch (map4->def.type) {
282	case NETLBL_NLTYPE_UNLABELED:	281	case NETLBL_NLTYPE_UNLABELED:
283	if (map4->type_def.cipsov4 != NULL)	282	if (map4->def.cipso != NULL)
284	return -EINVAL;	283	return -EINVAL;
285	break;	284	break;
286	case NETLBL_NLTYPE_CIPSOV4:	285	case NETLBL_NLTYPE_CIPSOV4:
287	if (map4->type_def.cipsov4 == NULL)	286	if (map4->def.cipso == NULL)
288	return -EINVAL;	287	return -EINVAL;
289	break;	288	break;
290	default:	289	default:
@@ -292,9 +291,9 @@ static int netlbl_domhsh_validate(const struct netlbl_dom_map *entry)
292	}	291	}
293	}	292	}
294	#if IS_ENABLED(CONFIG_IPV6)	293	#if IS_ENABLED(CONFIG_IPV6)
295	netlbl_af6list_foreach(iter6, &entry->type_def.addrsel->list6) {	294	netlbl_af6list_foreach(iter6, &entry->def.addrsel->list6) {
296	map6 = netlbl_domhsh_addr6_entry(iter6);	295	map6 = netlbl_domhsh_addr6_entry(iter6);
297	switch (map6->type) {	296	switch (map6->def.type) {
298	case NETLBL_NLTYPE_UNLABELED:	297	case NETLBL_NLTYPE_UNLABELED:
299	break;	298	break;
300	default:	299	default:
@@ -402,32 +401,31 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
402	rcu_assign_pointer(netlbl_domhsh_def, entry);	401	rcu_assign_pointer(netlbl_domhsh_def, entry);
403	}	402	}
404		403
405	if (entry->type == NETLBL_NLTYPE_ADDRSELECT) {	404	if (entry->def.type == NETLBL_NLTYPE_ADDRSELECT) {
406	netlbl_af4list_foreach_rcu(iter4,	405	netlbl_af4list_foreach_rcu(iter4,
407	&entry->type_def.addrsel->list4)	406	&entry->def.addrsel->list4)
408	netlbl_domhsh_audit_add(entry, iter4, NULL,	407	netlbl_domhsh_audit_add(entry, iter4, NULL,
409	ret_val, audit_info);	408	ret_val, audit_info);
410	#if IS_ENABLED(CONFIG_IPV6)	409	#if IS_ENABLED(CONFIG_IPV6)
411	netlbl_af6list_foreach_rcu(iter6,	410	netlbl_af6list_foreach_rcu(iter6,
412	&entry->type_def.addrsel->list6)	411	&entry->def.addrsel->list6)
413	netlbl_domhsh_audit_add(entry, NULL, iter6,	412	netlbl_domhsh_audit_add(entry, NULL, iter6,
414	ret_val, audit_info);	413	ret_val, audit_info);
415	#endif /* IPv6 */	414	#endif /* IPv6 */
416	} else	415	} else
417	netlbl_domhsh_audit_add(entry, NULL, NULL,	416	netlbl_domhsh_audit_add(entry, NULL, NULL,
418	ret_val, audit_info);	417	ret_val, audit_info);
419	} else if (entry_old->type == NETLBL_NLTYPE_ADDRSELECT &&	418	} else if (entry_old->def.type == NETLBL_NLTYPE_ADDRSELECT &&
420	entry->type == NETLBL_NLTYPE_ADDRSELECT) {	419	entry->def.type == NETLBL_NLTYPE_ADDRSELECT) {
421	struct list_head *old_list4;	420	struct list_head *old_list4;
422	struct list_head *old_list6;	421	struct list_head *old_list6;
423		422
424	old_list4 = &entry_old->type_def.addrsel->list4;	423	old_list4 = &entry_old->def.addrsel->list4;
425	old_list6 = &entry_old->type_def.addrsel->list6;	424	old_list6 = &entry_old->def.addrsel->list6;
426		425
427	/* we only allow the addition of address selectors if all of	426	/* we only allow the addition of address selectors if all of
428	* the selectors do not exist in the existing domain map */	427	* the selectors do not exist in the existing domain map */
429	netlbl_af4list_foreach_rcu(iter4,	428	netlbl_af4list_foreach_rcu(iter4, &entry->def.addrsel->list4)
430	&entry->type_def.addrsel->list4)
431	if (netlbl_af4list_search_exact(iter4->addr,	429	if (netlbl_af4list_search_exact(iter4->addr,
432	iter4->mask,	430	iter4->mask,
433	old_list4)) {	431	old_list4)) {
@@ -435,8 +433,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
435	goto add_return;	433	goto add_return;
436	}	434	}
437	#if IS_ENABLED(CONFIG_IPV6)	435	#if IS_ENABLED(CONFIG_IPV6)
438	netlbl_af6list_foreach_rcu(iter6,	436	netlbl_af6list_foreach_rcu(iter6, &entry->def.addrsel->list6)
439	&entry->type_def.addrsel->list6)
440	if (netlbl_af6list_search_exact(&iter6->addr,	437	if (netlbl_af6list_search_exact(&iter6->addr,
441	&iter6->mask,	438	&iter6->mask,
442	old_list6)) {	439	old_list6)) {
@@ -446,7 +443,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
446	#endif /* IPv6 */	443	#endif /* IPv6 */
447		444
448	netlbl_af4list_foreach_safe(iter4, tmp4,	445	netlbl_af4list_foreach_safe(iter4, tmp4,
449	&entry->type_def.addrsel->list4) {	446	&entry->def.addrsel->list4) {
450	netlbl_af4list_remove_entry(iter4);	447	netlbl_af4list_remove_entry(iter4);
451	iter4->valid = 1;	448	iter4->valid = 1;
452	ret_val = netlbl_af4list_add(iter4, old_list4);	449	ret_val = netlbl_af4list_add(iter4, old_list4);
@@ -457,7 +454,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
457	}	454	}
458	#if IS_ENABLED(CONFIG_IPV6)	455	#if IS_ENABLED(CONFIG_IPV6)
459	netlbl_af6list_foreach_safe(iter6, tmp6,	456	netlbl_af6list_foreach_safe(iter6, tmp6,
460	&entry->type_def.addrsel->list6) {	457	&entry->def.addrsel->list6) {
461	netlbl_af6list_remove_entry(iter6);	458	netlbl_af6list_remove_entry(iter6);
462	iter6->valid = 1;	459	iter6->valid = 1;
463	ret_val = netlbl_af6list_add(iter6, old_list6);	460	ret_val = netlbl_af6list_add(iter6, old_list6);
@@ -538,18 +535,18 @@ int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry,
538	struct netlbl_af4list *iter4;	535	struct netlbl_af4list *iter4;
539	struct netlbl_domaddr4_map *map4;	536	struct netlbl_domaddr4_map *map4;
540		537
541	switch (entry->type) {	538	switch (entry->def.type) {
542	case NETLBL_NLTYPE_ADDRSELECT:	539	case NETLBL_NLTYPE_ADDRSELECT:
543	netlbl_af4list_foreach_rcu(iter4,	540	netlbl_af4list_foreach_rcu(iter4,
544	&entry->type_def.addrsel->list4) {	541	&entry->def.addrsel->list4) {
545	map4 = netlbl_domhsh_addr4_entry(iter4);	542	map4 = netlbl_domhsh_addr4_entry(iter4);
546	cipso_v4_doi_putdef(map4->type_def.cipsov4);	543	cipso_v4_doi_putdef(map4->def.cipso);
547	}	544	}
548	/* no need to check the IPv6 list since we currently	545	/* no need to check the IPv6 list since we currently
549	* support only unlabeled protocols for IPv6 */	546	* support only unlabeled protocols for IPv6 */
550	break;	547	break;
551	case NETLBL_NLTYPE_CIPSOV4:	548	case NETLBL_NLTYPE_CIPSOV4:
552	cipso_v4_doi_putdef(entry->type_def.cipsov4);	549	cipso_v4_doi_putdef(entry->def.cipso);
553	break;	550	break;
554	}	551	}
555	call_rcu(&entry->rcu, netlbl_domhsh_free_entry);	552	call_rcu(&entry->rcu, netlbl_domhsh_free_entry);
@@ -590,20 +587,21 @@ int netlbl_domhsh_remove_af4(const char *domain,
590	entry_map = netlbl_domhsh_search(domain);	587	entry_map = netlbl_domhsh_search(domain);
591	else	588	else
592	entry_map = netlbl_domhsh_search_def(domain);	589	entry_map = netlbl_domhsh_search_def(domain);
593	if (entry_map == NULL \|\| entry_map->type != NETLBL_NLTYPE_ADDRSELECT)	590	if (entry_map == NULL \|\|
		591	entry_map->def.type != NETLBL_NLTYPE_ADDRSELECT)
594	goto remove_af4_failure;	592	goto remove_af4_failure;
595		593
596	spin_lock(&netlbl_domhsh_lock);	594	spin_lock(&netlbl_domhsh_lock);
597	entry_addr = netlbl_af4list_remove(addr->s_addr, mask->s_addr,	595	entry_addr = netlbl_af4list_remove(addr->s_addr, mask->s_addr,
598	&entry_map->type_def.addrsel->list4);	596	&entry_map->def.addrsel->list4);
599	spin_unlock(&netlbl_domhsh_lock);	597	spin_unlock(&netlbl_domhsh_lock);
600		598
601	if (entry_addr == NULL)	599	if (entry_addr == NULL)
602	goto remove_af4_failure;	600	goto remove_af4_failure;
603	netlbl_af4list_foreach_rcu(iter4, &entry_map->type_def.addrsel->list4)	601	netlbl_af4list_foreach_rcu(iter4, &entry_map->def.addrsel->list4)
604	goto remove_af4_single_addr;	602	goto remove_af4_single_addr;
605	#if IS_ENABLED(CONFIG_IPV6)	603	#if IS_ENABLED(CONFIG_IPV6)
606	netlbl_af6list_foreach_rcu(iter6, &entry_map->type_def.addrsel->list6)	604	netlbl_af6list_foreach_rcu(iter6, &entry_map->def.addrsel->list6)
607	goto remove_af4_single_addr;	605	goto remove_af4_single_addr;
608	#endif /* IPv6 */	606	#endif /* IPv6 */
609	/* the domain mapping is empty so remove it from the mapping table */	607	/* the domain mapping is empty so remove it from the mapping table */
@@ -616,7 +614,7 @@ remove_af4_single_addr:
616	* shouldn't be a problem */	614	* shouldn't be a problem */
617	synchronize_rcu();	615	synchronize_rcu();
618	entry = netlbl_domhsh_addr4_entry(entry_addr);	616	entry = netlbl_domhsh_addr4_entry(entry_addr);
619	cipso_v4_doi_putdef(entry->type_def.cipsov4);	617	cipso_v4_doi_putdef(entry->def.cipso);
620	kfree(entry);	618	kfree(entry);
621	return 0;	619	return 0;
622		620
@@ -693,8 +691,8 @@ struct netlbl_dom_map netlbl_domhsh_getentry(const char domain)
693	* responsible for ensuring that rcu_read_[un]lock() is called.	691	* responsible for ensuring that rcu_read_[un]lock() is called.
694	*	692	*
695	*/	693	*/
696	struct netlbl_domaddr4_map netlbl_domhsh_getentry_af4(const char domain,	694	struct netlbl_dommap_def netlbl_domhsh_getentry_af4(const char domain,
697	__be32 addr)	695	__be32 addr)
698	{	696	{
699	struct netlbl_dom_map *dom_iter;	697	struct netlbl_dom_map *dom_iter;
700	struct netlbl_af4list *addr_iter;	698	struct netlbl_af4list *addr_iter;
@@ -702,15 +700,13 @@ struct netlbl_domaddr4_map netlbl_domhsh_getentry_af4(const char domain,
702	dom_iter = netlbl_domhsh_search_def(domain);	700	dom_iter = netlbl_domhsh_search_def(domain);
703	if (dom_iter == NULL)	701	if (dom_iter == NULL)
704	return NULL;	702	return NULL;
705	if (dom_iter->type != NETLBL_NLTYPE_ADDRSELECT)
706	return NULL;
707		703
708	addr_iter = netlbl_af4list_search(addr,	704	if (dom_iter->def.type != NETLBL_NLTYPE_ADDRSELECT)
709	&dom_iter->type_def.addrsel->list4);	705	return &dom_iter->def;
		706	addr_iter = netlbl_af4list_search(addr, &dom_iter->def.addrsel->list4);
710	if (addr_iter == NULL)	707	if (addr_iter == NULL)
711	return NULL;	708	return NULL;
712		709	return &(netlbl_domhsh_addr4_entry(addr_iter)->def);
713	return netlbl_domhsh_addr4_entry(addr_iter);
714	}	710	}
715		711
716	#if IS_ENABLED(CONFIG_IPV6)	712	#if IS_ENABLED(CONFIG_IPV6)
@@ -725,7 +721,7 @@ struct netlbl_domaddr4_map netlbl_domhsh_getentry_af4(const char domain,
725	* responsible for ensuring that rcu_read_[un]lock() is called.	721	* responsible for ensuring that rcu_read_[un]lock() is called.
726	*	722	*
727	*/	723	*/
728	struct netlbl_domaddr6_map netlbl_domhsh_getentry_af6(const char domain,	724	struct netlbl_dommap_def netlbl_domhsh_getentry_af6(const char domain,
729	const struct in6_addr *addr)	725	const struct in6_addr *addr)
730	{	726	{
731	struct netlbl_dom_map *dom_iter;	727	struct netlbl_dom_map *dom_iter;
@@ -734,15 +730,13 @@ struct netlbl_domaddr6_map netlbl_domhsh_getentry_af6(const char domain,
734	dom_iter = netlbl_domhsh_search_def(domain);	730	dom_iter = netlbl_domhsh_search_def(domain);
735	if (dom_iter == NULL)	731	if (dom_iter == NULL)
736	return NULL;	732	return NULL;
737	if (dom_iter->type != NETLBL_NLTYPE_ADDRSELECT)
738	return NULL;
739		733
740	addr_iter = netlbl_af6list_search(addr,	734	if (dom_iter->def.type != NETLBL_NLTYPE_ADDRSELECT)
741	&dom_iter->type_def.addrsel->list6);	735	return &dom_iter->def;
		736	addr_iter = netlbl_af6list_search(addr, &dom_iter->def.addrsel->list6);
742	if (addr_iter == NULL)	737	if (addr_iter == NULL)
743	return NULL;	738	return NULL;
744		739	return &(netlbl_domhsh_addr6_entry(addr_iter)->def);
745	return netlbl_domhsh_addr6_entry(addr_iter);
746	}	740	}
747	#endif /* IPv6 */	741	#endif /* IPv6 */
748		742