aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm/xfrm_policy.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
-rw-r--r--net/xfrm/xfrm_policy.c24
1 files changed, 15 insertions, 9 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 15d73e47cc2c..ab4d0e598a2c 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -263,7 +263,7 @@ void xfrm_policy_destroy(struct xfrm_policy *policy)
263 list_del(&policy->bytype); 263 list_del(&policy->bytype);
264 write_unlock_bh(&xfrm_policy_lock); 264 write_unlock_bh(&xfrm_policy_lock);
265 265
266 security_xfrm_policy_free(policy); 266 security_xfrm_policy_free(policy->security);
267 kfree(policy); 267 kfree(policy);
268} 268}
269EXPORT_SYMBOL(xfrm_policy_destroy); 269EXPORT_SYMBOL(xfrm_policy_destroy);
@@ -676,7 +676,8 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
676 xfrm_sec_ctx_match(ctx, pol->security)) { 676 xfrm_sec_ctx_match(ctx, pol->security)) {
677 xfrm_pol_hold(pol); 677 xfrm_pol_hold(pol);
678 if (delete) { 678 if (delete) {
679 *err = security_xfrm_policy_delete(pol); 679 *err = security_xfrm_policy_delete(
680 pol->security);
680 if (*err) { 681 if (*err) {
681 write_unlock_bh(&xfrm_policy_lock); 682 write_unlock_bh(&xfrm_policy_lock);
682 return pol; 683 return pol;
@@ -718,7 +719,8 @@ struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete,
718 if (pol->type == type && pol->index == id) { 719 if (pol->type == type && pol->index == id) {
719 xfrm_pol_hold(pol); 720 xfrm_pol_hold(pol);
720 if (delete) { 721 if (delete) {
721 *err = security_xfrm_policy_delete(pol); 722 *err = security_xfrm_policy_delete(
723 pol->security);
722 if (*err) { 724 if (*err) {
723 write_unlock_bh(&xfrm_policy_lock); 725 write_unlock_bh(&xfrm_policy_lock);
724 return pol; 726 return pol;
@@ -756,7 +758,7 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
756 &xfrm_policy_inexact[dir], bydst) { 758 &xfrm_policy_inexact[dir], bydst) {
757 if (pol->type != type) 759 if (pol->type != type)
758 continue; 760 continue;
759 err = security_xfrm_policy_delete(pol); 761 err = security_xfrm_policy_delete(pol->security);
760 if (err) { 762 if (err) {
761 xfrm_audit_policy_delete(pol, 0, 763 xfrm_audit_policy_delete(pol, 0,
762 audit_info->loginuid, 764 audit_info->loginuid,
@@ -770,7 +772,8 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
770 bydst) { 772 bydst) {
771 if (pol->type != type) 773 if (pol->type != type)
772 continue; 774 continue;
773 err = security_xfrm_policy_delete(pol); 775 err = security_xfrm_policy_delete(
776 pol->security);
774 if (err) { 777 if (err) {
775 xfrm_audit_policy_delete(pol, 0, 778 xfrm_audit_policy_delete(pol, 0,
776 audit_info->loginuid, 779 audit_info->loginuid,
@@ -931,7 +934,8 @@ static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl,
931 934
932 match = xfrm_selector_match(sel, fl, family); 935 match = xfrm_selector_match(sel, fl, family);
933 if (match) 936 if (match)
934 ret = security_xfrm_policy_lookup(pol, fl->secid, dir); 937 ret = security_xfrm_policy_lookup(pol->security, fl->secid,
938 dir);
935 939
936 return ret; 940 return ret;
937} 941}
@@ -1048,8 +1052,9 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struc
1048 int err = 0; 1052 int err = 0;
1049 1053
1050 if (match) { 1054 if (match) {
1051 err = security_xfrm_policy_lookup(pol, fl->secid, 1055 err = security_xfrm_policy_lookup(pol->security,
1052 policy_to_flow_dir(dir)); 1056 fl->secid,
1057 policy_to_flow_dir(dir));
1053 if (!err) 1058 if (!err)
1054 xfrm_pol_hold(pol); 1059 xfrm_pol_hold(pol);
1055 else if (err == -ESRCH) 1060 else if (err == -ESRCH)
@@ -1138,7 +1143,8 @@ static struct xfrm_policy *clone_policy(struct xfrm_policy *old, int dir)
1138 1143
1139 if (newp) { 1144 if (newp) {
1140 newp->selector = old->selector; 1145 newp->selector = old->selector;
1141 if (security_xfrm_policy_clone(old, newp)) { 1146 if (security_xfrm_policy_clone(old->security,
1147 &newp->security)) {
1142 kfree(newp); 1148 kfree(newp);
1143 return NULL; /* ENOMEM */ 1149 return NULL; /* ENOMEM */
1144 } 1150 }
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-28 03:32:57 -0500