diff options
Diffstat (limited to 'net/xfrm/xfrm_state.c')
| -rw-r--r-- | net/xfrm/xfrm_state.c | 46 |
1 files changed, 43 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 372f06eb8bb7..85f3f43a6cca 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
| @@ -391,12 +391,48 @@ int xfrm_state_delete(struct xfrm_state *x) | |||
| 391 | } | 391 | } |
| 392 | EXPORT_SYMBOL(xfrm_state_delete); | 392 | EXPORT_SYMBOL(xfrm_state_delete); |
| 393 | 393 | ||
| 394 | void xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info) | 394 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
| 395 | static inline int | ||
| 396 | xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info) | ||
| 395 | { | 397 | { |
| 396 | int i; | 398 | int i, err = 0; |
| 397 | int err = 0; | 399 | |
| 400 | for (i = 0; i <= xfrm_state_hmask; i++) { | ||
| 401 | struct hlist_node *entry; | ||
| 402 | struct xfrm_state *x; | ||
| 403 | |||
| 404 | hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) { | ||
| 405 | if (xfrm_id_proto_match(x->id.proto, proto) && | ||
| 406 | (err = security_xfrm_state_delete(x)) != 0) { | ||
| 407 | xfrm_audit_log(audit_info->loginuid, | ||
| 408 | audit_info->secid, | ||
| 409 | AUDIT_MAC_IPSEC_DELSA, | ||
| 410 | 0, NULL, x); | ||
| 411 | |||
| 412 | return err; | ||
| 413 | } | ||
| 414 | } | ||
| 415 | } | ||
| 416 | |||
| 417 | return err; | ||
| 418 | } | ||
| 419 | #else | ||
| 420 | static inline int | ||
| 421 | xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info) | ||
| 422 | { | ||
| 423 | return 0; | ||
| 424 | } | ||
| 425 | #endif | ||
| 426 | |||
| 427 | int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info) | ||
| 428 | { | ||
| 429 | int i, err = 0; | ||
| 398 | 430 | ||
| 399 | spin_lock_bh(&xfrm_state_lock); | 431 | spin_lock_bh(&xfrm_state_lock); |
| 432 | err = xfrm_state_flush_secctx_check(proto, audit_info); | ||
| 433 | if (err) | ||
| 434 | goto out; | ||
| 435 | |||
| 400 | for (i = 0; i <= xfrm_state_hmask; i++) { | 436 | for (i = 0; i <= xfrm_state_hmask; i++) { |
| 401 | struct hlist_node *entry; | 437 | struct hlist_node *entry; |
| 402 | struct xfrm_state *x; | 438 | struct xfrm_state *x; |
| @@ -419,8 +455,12 @@ restart: | |||
| 419 | } | 455 | } |
| 420 | } | 456 | } |
| 421 | } | 457 | } |
| 458 | err = 0; | ||
| 459 | |||
| 460 | out: | ||
| 422 | spin_unlock_bh(&xfrm_state_lock); | 461 | spin_unlock_bh(&xfrm_state_lock); |
| 423 | wake_up(&km_waitq); | 462 | wake_up(&km_waitq); |
| 463 | return err; | ||
| 424 | } | 464 | } |
| 425 | EXPORT_SYMBOL(xfrm_state_flush); | 465 | EXPORT_SYMBOL(xfrm_state_flush); |
| 426 | 466 | ||