diff options
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
-rw-r--r-- | net/xfrm/xfrm_policy.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 946b715db5ec..785c3e39f062 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -735,12 +735,14 @@ EXPORT_SYMBOL(xfrm_policy_insert); | |||
735 | 735 | ||
736 | struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, | 736 | struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, |
737 | struct xfrm_selector *sel, | 737 | struct xfrm_selector *sel, |
738 | struct xfrm_sec_ctx *ctx, int delete) | 738 | struct xfrm_sec_ctx *ctx, int delete, |
739 | int *err) | ||
739 | { | 740 | { |
740 | struct xfrm_policy *pol, *ret; | 741 | struct xfrm_policy *pol, *ret; |
741 | struct hlist_head *chain; | 742 | struct hlist_head *chain; |
742 | struct hlist_node *entry; | 743 | struct hlist_node *entry; |
743 | 744 | ||
745 | *err = 0; | ||
744 | write_lock_bh(&xfrm_policy_lock); | 746 | write_lock_bh(&xfrm_policy_lock); |
745 | chain = policy_hash_bysel(sel, sel->family, dir); | 747 | chain = policy_hash_bysel(sel, sel->family, dir); |
746 | ret = NULL; | 748 | ret = NULL; |
@@ -750,6 +752,11 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, | |||
750 | xfrm_sec_ctx_match(ctx, pol->security)) { | 752 | xfrm_sec_ctx_match(ctx, pol->security)) { |
751 | xfrm_pol_hold(pol); | 753 | xfrm_pol_hold(pol); |
752 | if (delete) { | 754 | if (delete) { |
755 | *err = security_xfrm_policy_delete(pol); | ||
756 | if (*err) { | ||
757 | write_unlock_bh(&xfrm_policy_lock); | ||
758 | return pol; | ||
759 | } | ||
753 | hlist_del(&pol->bydst); | 760 | hlist_del(&pol->bydst); |
754 | hlist_del(&pol->byidx); | 761 | hlist_del(&pol->byidx); |
755 | xfrm_policy_count[dir]--; | 762 | xfrm_policy_count[dir]--; |
@@ -768,12 +775,14 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, | |||
768 | } | 775 | } |
769 | EXPORT_SYMBOL(xfrm_policy_bysel_ctx); | 776 | EXPORT_SYMBOL(xfrm_policy_bysel_ctx); |
770 | 777 | ||
771 | struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete) | 778 | struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete, |
779 | int *err) | ||
772 | { | 780 | { |
773 | struct xfrm_policy *pol, *ret; | 781 | struct xfrm_policy *pol, *ret; |
774 | struct hlist_head *chain; | 782 | struct hlist_head *chain; |
775 | struct hlist_node *entry; | 783 | struct hlist_node *entry; |
776 | 784 | ||
785 | *err = 0; | ||
777 | write_lock_bh(&xfrm_policy_lock); | 786 | write_lock_bh(&xfrm_policy_lock); |
778 | chain = xfrm_policy_byidx + idx_hash(id); | 787 | chain = xfrm_policy_byidx + idx_hash(id); |
779 | ret = NULL; | 788 | ret = NULL; |
@@ -781,6 +790,11 @@ struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete) | |||
781 | if (pol->type == type && pol->index == id) { | 790 | if (pol->type == type && pol->index == id) { |
782 | xfrm_pol_hold(pol); | 791 | xfrm_pol_hold(pol); |
783 | if (delete) { | 792 | if (delete) { |
793 | *err = security_xfrm_policy_delete(pol); | ||
794 | if (*err) { | ||
795 | write_unlock_bh(&xfrm_policy_lock); | ||
796 | return pol; | ||
797 | } | ||
784 | hlist_del(&pol->bydst); | 798 | hlist_del(&pol->bydst); |
785 | hlist_del(&pol->byidx); | 799 | hlist_del(&pol->byidx); |
786 | xfrm_policy_count[dir]--; | 800 | xfrm_policy_count[dir]--; |
@@ -2075,7 +2089,7 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result, | |||
2075 | sizeof(struct in6_addr)); | 2089 | sizeof(struct in6_addr)); |
2076 | } | 2090 | } |
2077 | audit_log_format(audit_buf, | 2091 | audit_log_format(audit_buf, |
2078 | " src=" NIP6_FMT "dst=" NIP6_FMT, | 2092 | " src=" NIP6_FMT " dst=" NIP6_FMT, |
2079 | NIP6(saddr6), NIP6(daddr6)); | 2093 | NIP6(saddr6), NIP6(daddr6)); |
2080 | } | 2094 | } |
2081 | break; | 2095 | break; |