diff options
Diffstat (limited to 'net/netlabel/netlabel_kapi.c')
| -rw-r--r-- | net/netlabel/netlabel_kapi.c | 43 |
1 files changed, 24 insertions, 19 deletions
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 22faba620e4b..7d8ecea93914 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c | |||
| @@ -121,10 +121,15 @@ int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def, | |||
| 121 | struct netlbl_audit *audit_info) | 121 | struct netlbl_audit *audit_info) |
| 122 | { | 122 | { |
| 123 | int ret_val = -ENOMEM; | 123 | int ret_val = -ENOMEM; |
| 124 | u32 doi; | ||
| 125 | u32 doi_type; | ||
| 124 | struct netlbl_dom_map *entry; | 126 | struct netlbl_dom_map *entry; |
| 125 | const char *type_str; | 127 | const char *type_str; |
| 126 | struct audit_buffer *audit_buf; | 128 | struct audit_buffer *audit_buf; |
| 127 | 129 | ||
| 130 | doi = doi_def->doi; | ||
| 131 | doi_type = doi_def->type; | ||
| 132 | |||
| 128 | entry = kzalloc(sizeof(*entry), GFP_ATOMIC); | 133 | entry = kzalloc(sizeof(*entry), GFP_ATOMIC); |
| 129 | if (entry == NULL) | 134 | if (entry == NULL) |
| 130 | return -ENOMEM; | 135 | return -ENOMEM; |
| @@ -133,32 +138,25 @@ int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def, | |||
| 133 | if (entry->domain == NULL) | 138 | if (entry->domain == NULL) |
| 134 | goto cfg_cipsov4_add_map_failure; | 139 | goto cfg_cipsov4_add_map_failure; |
| 135 | } | 140 | } |
| 136 | entry->type = NETLBL_NLTYPE_CIPSOV4; | ||
| 137 | entry->type_def.cipsov4 = doi_def; | ||
| 138 | |||
| 139 | /* Grab a RCU read lock here so nothing happens to the doi_def variable | ||
| 140 | * between adding it to the CIPSOv4 protocol engine and adding a | ||
| 141 | * domain mapping for it. */ | ||
| 142 | 141 | ||
| 143 | rcu_read_lock(); | ||
| 144 | ret_val = cipso_v4_doi_add(doi_def); | 142 | ret_val = cipso_v4_doi_add(doi_def); |
| 145 | if (ret_val != 0) | 143 | if (ret_val != 0) |
| 146 | goto cfg_cipsov4_add_map_failure_unlock; | 144 | goto cfg_cipsov4_add_map_failure_remove_doi; |
| 145 | entry->type = NETLBL_NLTYPE_CIPSOV4; | ||
| 146 | entry->type_def.cipsov4 = cipso_v4_doi_getdef(doi); | ||
| 147 | if (entry->type_def.cipsov4 == NULL) { | ||
| 148 | ret_val = -ENOENT; | ||
| 149 | goto cfg_cipsov4_add_map_failure_remove_doi; | ||
| 150 | } | ||
| 147 | ret_val = netlbl_domhsh_add(entry, audit_info); | 151 | ret_val = netlbl_domhsh_add(entry, audit_info); |
| 148 | if (ret_val != 0) | 152 | if (ret_val != 0) |
| 149 | goto cfg_cipsov4_add_map_failure_remove_doi; | 153 | goto cfg_cipsov4_add_map_failure_release_doi; |
| 150 | rcu_read_unlock(); | ||
| 151 | |||
| 152 | return 0; | ||
| 153 | 154 | ||
| 154 | cfg_cipsov4_add_map_failure_remove_doi: | 155 | cfg_cipsov4_add_map_return: |
| 155 | cipso_v4_doi_remove(doi_def->doi, audit_info, netlbl_cipsov4_doi_free); | ||
| 156 | cfg_cipsov4_add_map_failure_unlock: | ||
| 157 | rcu_read_unlock(); | ||
| 158 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD, | 156 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD, |
| 159 | audit_info); | 157 | audit_info); |
| 160 | if (audit_buf != NULL) { | 158 | if (audit_buf != NULL) { |
| 161 | switch (doi_def->type) { | 159 | switch (doi_type) { |
| 162 | case CIPSO_V4_MAP_STD: | 160 | case CIPSO_V4_MAP_STD: |
| 163 | type_str = "std"; | 161 | type_str = "std"; |
| 164 | break; | 162 | break; |
| @@ -170,14 +168,21 @@ cfg_cipsov4_add_map_failure_unlock: | |||
| 170 | } | 168 | } |
| 171 | audit_log_format(audit_buf, | 169 | audit_log_format(audit_buf, |
| 172 | " cipso_doi=%u cipso_type=%s res=%u", | 170 | " cipso_doi=%u cipso_type=%s res=%u", |
| 173 | doi_def->doi, type_str, ret_val == 0 ? 1 : 0); | 171 | doi, type_str, ret_val == 0 ? 1 : 0); |
| 174 | audit_log_end(audit_buf); | 172 | audit_log_end(audit_buf); |
| 175 | } | 173 | } |
| 174 | |||
| 175 | return ret_val; | ||
| 176 | |||
| 177 | cfg_cipsov4_add_map_failure_release_doi: | ||
| 178 | cipso_v4_doi_putdef(doi_def); | ||
| 179 | cfg_cipsov4_add_map_failure_remove_doi: | ||
| 180 | cipso_v4_doi_remove(doi, audit_info); | ||
| 176 | cfg_cipsov4_add_map_failure: | 181 | cfg_cipsov4_add_map_failure: |
| 177 | if (entry != NULL) | 182 | if (entry != NULL) |
| 178 | kfree(entry->domain); | 183 | kfree(entry->domain); |
| 179 | kfree(entry); | 184 | kfree(entry); |
| 180 | return ret_val; | 185 | goto cfg_cipsov4_add_map_return; |
| 181 | } | 186 | } |
| 182 | 187 | ||
| 183 | /* | 188 | /* |