diff options
Diffstat (limited to 'net/xfrm')
-rw-r--r-- | net/xfrm/xfrm_policy.c | 13 | ||||
-rw-r--r-- | net/xfrm/xfrm_proc.c | 2 | ||||
-rw-r--r-- | net/xfrm/xfrm_state.c | 18 | ||||
-rw-r--r-- | net/xfrm/xfrm_sysctl.c | 4 | ||||
-rw-r--r-- | net/xfrm/xfrm_user.c | 8 |
5 files changed, 30 insertions, 15 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 0ecb16a9a883..eb870fcc29cc 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -771,7 +771,8 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi | |||
771 | 771 | ||
772 | int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | 772 | int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) |
773 | { | 773 | { |
774 | int dir, err = 0; | 774 | int dir, err = 0, cnt = 0; |
775 | struct xfrm_policy *dp; | ||
775 | 776 | ||
776 | write_lock_bh(&xfrm_policy_lock); | 777 | write_lock_bh(&xfrm_policy_lock); |
777 | 778 | ||
@@ -789,8 +790,10 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | |||
789 | &net->xfrm.policy_inexact[dir], bydst) { | 790 | &net->xfrm.policy_inexact[dir], bydst) { |
790 | if (pol->type != type) | 791 | if (pol->type != type) |
791 | continue; | 792 | continue; |
792 | __xfrm_policy_unlink(pol, dir); | 793 | dp = __xfrm_policy_unlink(pol, dir); |
793 | write_unlock_bh(&xfrm_policy_lock); | 794 | write_unlock_bh(&xfrm_policy_lock); |
795 | if (dp) | ||
796 | cnt++; | ||
794 | 797 | ||
795 | xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, | 798 | xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, |
796 | audit_info->sessionid, | 799 | audit_info->sessionid, |
@@ -809,8 +812,10 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | |||
809 | bydst) { | 812 | bydst) { |
810 | if (pol->type != type) | 813 | if (pol->type != type) |
811 | continue; | 814 | continue; |
812 | __xfrm_policy_unlink(pol, dir); | 815 | dp = __xfrm_policy_unlink(pol, dir); |
813 | write_unlock_bh(&xfrm_policy_lock); | 816 | write_unlock_bh(&xfrm_policy_lock); |
817 | if (dp) | ||
818 | cnt++; | ||
814 | 819 | ||
815 | xfrm_audit_policy_delete(pol, 1, | 820 | xfrm_audit_policy_delete(pol, 1, |
816 | audit_info->loginuid, | 821 | audit_info->loginuid, |
@@ -824,6 +829,8 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) | |||
824 | } | 829 | } |
825 | 830 | ||
826 | } | 831 | } |
832 | if (!cnt) | ||
833 | err = -ESRCH; | ||
827 | atomic_inc(&flow_cache_genid); | 834 | atomic_inc(&flow_cache_genid); |
828 | out: | 835 | out: |
829 | write_unlock_bh(&xfrm_policy_lock); | 836 | write_unlock_bh(&xfrm_policy_lock); |
diff --git a/net/xfrm/xfrm_proc.c b/net/xfrm/xfrm_proc.c index fef8db553e8d..c083a4e4e796 100644 --- a/net/xfrm/xfrm_proc.c +++ b/net/xfrm/xfrm_proc.c | |||
@@ -15,7 +15,7 @@ | |||
15 | #include <net/snmp.h> | 15 | #include <net/snmp.h> |
16 | #include <net/xfrm.h> | 16 | #include <net/xfrm.h> |
17 | 17 | ||
18 | static struct snmp_mib xfrm_mib_list[] = { | 18 | static const struct snmp_mib xfrm_mib_list[] = { |
19 | SNMP_MIB_ITEM("XfrmInError", LINUX_MIB_XFRMINERROR), | 19 | SNMP_MIB_ITEM("XfrmInError", LINUX_MIB_XFRMINERROR), |
20 | SNMP_MIB_ITEM("XfrmInBufferError", LINUX_MIB_XFRMINBUFFERERROR), | 20 | SNMP_MIB_ITEM("XfrmInBufferError", LINUX_MIB_XFRMINBUFFERERROR), |
21 | SNMP_MIB_ITEM("XfrmInHdrError", LINUX_MIB_XFRMINHDRERROR), | 21 | SNMP_MIB_ITEM("XfrmInHdrError", LINUX_MIB_XFRMINHDRERROR), |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index f445ea1c5f52..9fa3322b2a7d 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -603,13 +603,14 @@ xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audi | |||
603 | 603 | ||
604 | int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info) | 604 | int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info) |
605 | { | 605 | { |
606 | int i, err = 0; | 606 | int i, err = 0, cnt = 0; |
607 | 607 | ||
608 | spin_lock_bh(&xfrm_state_lock); | 608 | spin_lock_bh(&xfrm_state_lock); |
609 | err = xfrm_state_flush_secctx_check(net, proto, audit_info); | 609 | err = xfrm_state_flush_secctx_check(net, proto, audit_info); |
610 | if (err) | 610 | if (err) |
611 | goto out; | 611 | goto out; |
612 | 612 | ||
613 | err = -ESRCH; | ||
613 | for (i = 0; i <= net->xfrm.state_hmask; i++) { | 614 | for (i = 0; i <= net->xfrm.state_hmask; i++) { |
614 | struct hlist_node *entry; | 615 | struct hlist_node *entry; |
615 | struct xfrm_state *x; | 616 | struct xfrm_state *x; |
@@ -626,13 +627,16 @@ restart: | |||
626 | audit_info->sessionid, | 627 | audit_info->sessionid, |
627 | audit_info->secid); | 628 | audit_info->secid); |
628 | xfrm_state_put(x); | 629 | xfrm_state_put(x); |
630 | if (!err) | ||
631 | cnt++; | ||
629 | 632 | ||
630 | spin_lock_bh(&xfrm_state_lock); | 633 | spin_lock_bh(&xfrm_state_lock); |
631 | goto restart; | 634 | goto restart; |
632 | } | 635 | } |
633 | } | 636 | } |
634 | } | 637 | } |
635 | err = 0; | 638 | if (cnt) |
639 | err = 0; | ||
636 | 640 | ||
637 | out: | 641 | out: |
638 | spin_unlock_bh(&xfrm_state_lock); | 642 | spin_unlock_bh(&xfrm_state_lock); |
@@ -1452,12 +1456,12 @@ EXPORT_SYMBOL(xfrm_find_acq_byseq); | |||
1452 | u32 xfrm_get_acqseq(void) | 1456 | u32 xfrm_get_acqseq(void) |
1453 | { | 1457 | { |
1454 | u32 res; | 1458 | u32 res; |
1455 | static u32 acqseq; | 1459 | static atomic_t acqseq; |
1456 | static DEFINE_SPINLOCK(acqseq_lock); | 1460 | |
1461 | do { | ||
1462 | res = atomic_inc_return(&acqseq); | ||
1463 | } while (!res); | ||
1457 | 1464 | ||
1458 | spin_lock_bh(&acqseq_lock); | ||
1459 | res = (++acqseq ? : ++acqseq); | ||
1460 | spin_unlock_bh(&acqseq_lock); | ||
1461 | return res; | 1465 | return res; |
1462 | } | 1466 | } |
1463 | EXPORT_SYMBOL(xfrm_get_acqseq); | 1467 | EXPORT_SYMBOL(xfrm_get_acqseq); |
diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c index 2e221f2cad7e..2c4d6cdcba49 100644 --- a/net/xfrm/xfrm_sysctl.c +++ b/net/xfrm/xfrm_sysctl.c | |||
@@ -2,7 +2,7 @@ | |||
2 | #include <net/net_namespace.h> | 2 | #include <net/net_namespace.h> |
3 | #include <net/xfrm.h> | 3 | #include <net/xfrm.h> |
4 | 4 | ||
5 | static void __xfrm_sysctl_init(struct net *net) | 5 | static void __net_init __xfrm_sysctl_init(struct net *net) |
6 | { | 6 | { |
7 | net->xfrm.sysctl_aevent_etime = XFRM_AE_ETIME; | 7 | net->xfrm.sysctl_aevent_etime = XFRM_AE_ETIME; |
8 | net->xfrm.sysctl_aevent_rseqth = XFRM_AE_SEQT_SIZE; | 8 | net->xfrm.sysctl_aevent_rseqth = XFRM_AE_SEQT_SIZE; |
@@ -64,7 +64,7 @@ out_kmemdup: | |||
64 | return -ENOMEM; | 64 | return -ENOMEM; |
65 | } | 65 | } |
66 | 66 | ||
67 | void xfrm_sysctl_fini(struct net *net) | 67 | void __net_exit xfrm_sysctl_fini(struct net *net) |
68 | { | 68 | { |
69 | struct ctl_table *table; | 69 | struct ctl_table *table; |
70 | 70 | ||
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index d5a712976004..b0fb7d3bc15e 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -1525,7 +1525,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1525 | audit_info.secid = NETLINK_CB(skb).sid; | 1525 | audit_info.secid = NETLINK_CB(skb).sid; |
1526 | err = xfrm_state_flush(net, p->proto, &audit_info); | 1526 | err = xfrm_state_flush(net, p->proto, &audit_info); |
1527 | if (err) | 1527 | if (err) |
1528 | return err; | 1528 | return 0; |
1529 | c.data.proto = p->proto; | 1529 | c.data.proto = p->proto; |
1530 | c.event = nlh->nlmsg_type; | 1530 | c.event = nlh->nlmsg_type; |
1531 | c.seq = nlh->nlmsg_seq; | 1531 | c.seq = nlh->nlmsg_seq; |
@@ -1677,7 +1677,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1677 | audit_info.secid = NETLINK_CB(skb).sid; | 1677 | audit_info.secid = NETLINK_CB(skb).sid; |
1678 | err = xfrm_policy_flush(net, type, &audit_info); | 1678 | err = xfrm_policy_flush(net, type, &audit_info); |
1679 | if (err) | 1679 | if (err) |
1680 | return err; | 1680 | return 0; |
1681 | c.data.type = type; | 1681 | c.data.type = type; |
1682 | c.event = nlh->nlmsg_type; | 1682 | c.event = nlh->nlmsg_type; |
1683 | c.seq = nlh->nlmsg_seq; | 1683 | c.seq = nlh->nlmsg_seq; |
@@ -2054,6 +2054,10 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { | |||
2054 | #undef XMSGSIZE | 2054 | #undef XMSGSIZE |
2055 | 2055 | ||
2056 | static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = { | 2056 | static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = { |
2057 | [XFRMA_SA] = { .len = sizeof(struct xfrm_usersa_info)}, | ||
2058 | [XFRMA_POLICY] = { .len = sizeof(struct xfrm_userpolicy_info)}, | ||
2059 | [XFRMA_LASTUSED] = { .type = NLA_U64}, | ||
2060 | [XFRMA_ALG_AUTH_TRUNC] = { .len = sizeof(struct xfrm_algo_auth)}, | ||
2057 | [XFRMA_ALG_AEAD] = { .len = sizeof(struct xfrm_algo_aead) }, | 2061 | [XFRMA_ALG_AEAD] = { .len = sizeof(struct xfrm_algo_aead) }, |
2058 | [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) }, | 2062 | [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) }, |
2059 | [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) }, | 2063 | [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) }, |