aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_policy.c13
-rw-r--r--net/xfrm/xfrm_proc.c2
-rw-r--r--net/xfrm/xfrm_state.c18
-rw-r--r--net/xfrm/xfrm_sysctl.c4
-rw-r--r--net/xfrm/xfrm_user.c8
5 files changed, 30 insertions, 15 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 0ecb16a9a883..eb870fcc29cc 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -771,7 +771,8 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi
771 771
772int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) 772int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
773{ 773{
774 int dir, err = 0; 774 int dir, err = 0, cnt = 0;
775 struct xfrm_policy *dp;
775 776
776 write_lock_bh(&xfrm_policy_lock); 777 write_lock_bh(&xfrm_policy_lock);
777 778
@@ -789,8 +790,10 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
789 &net->xfrm.policy_inexact[dir], bydst) { 790 &net->xfrm.policy_inexact[dir], bydst) {
790 if (pol->type != type) 791 if (pol->type != type)
791 continue; 792 continue;
792 __xfrm_policy_unlink(pol, dir); 793 dp = __xfrm_policy_unlink(pol, dir);
793 write_unlock_bh(&xfrm_policy_lock); 794 write_unlock_bh(&xfrm_policy_lock);
795 if (dp)
796 cnt++;
794 797
795 xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, 798 xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,
796 audit_info->sessionid, 799 audit_info->sessionid,
@@ -809,8 +812,10 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
809 bydst) { 812 bydst) {
810 if (pol->type != type) 813 if (pol->type != type)
811 continue; 814 continue;
812 __xfrm_policy_unlink(pol, dir); 815 dp = __xfrm_policy_unlink(pol, dir);
813 write_unlock_bh(&xfrm_policy_lock); 816 write_unlock_bh(&xfrm_policy_lock);
817 if (dp)
818 cnt++;
814 819
815 xfrm_audit_policy_delete(pol, 1, 820 xfrm_audit_policy_delete(pol, 1,
816 audit_info->loginuid, 821 audit_info->loginuid,
@@ -824,6 +829,8 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
824 } 829 }
825 830
826 } 831 }
832 if (!cnt)
833 err = -ESRCH;
827 atomic_inc(&flow_cache_genid); 834 atomic_inc(&flow_cache_genid);
828out: 835out:
829 write_unlock_bh(&xfrm_policy_lock); 836 write_unlock_bh(&xfrm_policy_lock);
diff --git a/net/xfrm/xfrm_proc.c b/net/xfrm/xfrm_proc.c
index fef8db553e8d..c083a4e4e796 100644
--- a/net/xfrm/xfrm_proc.c
+++ b/net/xfrm/xfrm_proc.c
@@ -15,7 +15,7 @@
15#include <net/snmp.h> 15#include <net/snmp.h>
16#include <net/xfrm.h> 16#include <net/xfrm.h>
17 17
18static struct snmp_mib xfrm_mib_list[] = { 18static const struct snmp_mib xfrm_mib_list[] = {
19 SNMP_MIB_ITEM("XfrmInError", LINUX_MIB_XFRMINERROR), 19 SNMP_MIB_ITEM("XfrmInError", LINUX_MIB_XFRMINERROR),
20 SNMP_MIB_ITEM("XfrmInBufferError", LINUX_MIB_XFRMINBUFFERERROR), 20 SNMP_MIB_ITEM("XfrmInBufferError", LINUX_MIB_XFRMINBUFFERERROR),
21 SNMP_MIB_ITEM("XfrmInHdrError", LINUX_MIB_XFRMINHDRERROR), 21 SNMP_MIB_ITEM("XfrmInHdrError", LINUX_MIB_XFRMINHDRERROR),
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index f445ea1c5f52..9fa3322b2a7d 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -603,13 +603,14 @@ xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audi
603 603
604int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info) 604int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info)
605{ 605{
606 int i, err = 0; 606 int i, err = 0, cnt = 0;
607 607
608 spin_lock_bh(&xfrm_state_lock); 608 spin_lock_bh(&xfrm_state_lock);
609 err = xfrm_state_flush_secctx_check(net, proto, audit_info); 609 err = xfrm_state_flush_secctx_check(net, proto, audit_info);
610 if (err) 610 if (err)
611 goto out; 611 goto out;
612 612
613 err = -ESRCH;
613 for (i = 0; i <= net->xfrm.state_hmask; i++) { 614 for (i = 0; i <= net->xfrm.state_hmask; i++) {
614 struct hlist_node *entry; 615 struct hlist_node *entry;
615 struct xfrm_state *x; 616 struct xfrm_state *x;
@@ -626,13 +627,16 @@ restart:
626 audit_info->sessionid, 627 audit_info->sessionid,
627 audit_info->secid); 628 audit_info->secid);
628 xfrm_state_put(x); 629 xfrm_state_put(x);
630 if (!err)
631 cnt++;
629 632
630 spin_lock_bh(&xfrm_state_lock); 633 spin_lock_bh(&xfrm_state_lock);
631 goto restart; 634 goto restart;
632 } 635 }
633 } 636 }
634 } 637 }
635 err = 0; 638 if (cnt)
639 err = 0;
636 640
637out: 641out:
638 spin_unlock_bh(&xfrm_state_lock); 642 spin_unlock_bh(&xfrm_state_lock);
@@ -1452,12 +1456,12 @@ EXPORT_SYMBOL(xfrm_find_acq_byseq);
1452u32 xfrm_get_acqseq(void) 1456u32 xfrm_get_acqseq(void)
1453{ 1457{
1454 u32 res; 1458 u32 res;
1455 static u32 acqseq; 1459 static atomic_t acqseq;
1456 static DEFINE_SPINLOCK(acqseq_lock); 1460
1461 do {
1462 res = atomic_inc_return(&acqseq);
1463 } while (!res);
1457 1464
1458 spin_lock_bh(&acqseq_lock);
1459 res = (++acqseq ? : ++acqseq);
1460 spin_unlock_bh(&acqseq_lock);
1461 return res; 1465 return res;
1462} 1466}
1463EXPORT_SYMBOL(xfrm_get_acqseq); 1467EXPORT_SYMBOL(xfrm_get_acqseq);
diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c
index 2e221f2cad7e..2c4d6cdcba49 100644
--- a/net/xfrm/xfrm_sysctl.c
+++ b/net/xfrm/xfrm_sysctl.c
@@ -2,7 +2,7 @@
2#include <net/net_namespace.h> 2#include <net/net_namespace.h>
3#include <net/xfrm.h> 3#include <net/xfrm.h>
4 4
5static void __xfrm_sysctl_init(struct net *net) 5static void __net_init __xfrm_sysctl_init(struct net *net)
6{ 6{
7 net->xfrm.sysctl_aevent_etime = XFRM_AE_ETIME; 7 net->xfrm.sysctl_aevent_etime = XFRM_AE_ETIME;
8 net->xfrm.sysctl_aevent_rseqth = XFRM_AE_SEQT_SIZE; 8 net->xfrm.sysctl_aevent_rseqth = XFRM_AE_SEQT_SIZE;
@@ -64,7 +64,7 @@ out_kmemdup:
64 return -ENOMEM; 64 return -ENOMEM;
65} 65}
66 66
67void xfrm_sysctl_fini(struct net *net) 67void __net_exit xfrm_sysctl_fini(struct net *net)
68{ 68{
69 struct ctl_table *table; 69 struct ctl_table *table;
70 70
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index d5a712976004..b0fb7d3bc15e 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1525,7 +1525,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
1525 audit_info.secid = NETLINK_CB(skb).sid; 1525 audit_info.secid = NETLINK_CB(skb).sid;
1526 err = xfrm_state_flush(net, p->proto, &audit_info); 1526 err = xfrm_state_flush(net, p->proto, &audit_info);
1527 if (err) 1527 if (err)
1528 return err; 1528 return 0;
1529 c.data.proto = p->proto; 1529 c.data.proto = p->proto;
1530 c.event = nlh->nlmsg_type; 1530 c.event = nlh->nlmsg_type;
1531 c.seq = nlh->nlmsg_seq; 1531 c.seq = nlh->nlmsg_seq;
@@ -1677,7 +1677,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1677 audit_info.secid = NETLINK_CB(skb).sid; 1677 audit_info.secid = NETLINK_CB(skb).sid;
1678 err = xfrm_policy_flush(net, type, &audit_info); 1678 err = xfrm_policy_flush(net, type, &audit_info);
1679 if (err) 1679 if (err)
1680 return err; 1680 return 0;
1681 c.data.type = type; 1681 c.data.type = type;
1682 c.event = nlh->nlmsg_type; 1682 c.event = nlh->nlmsg_type;
1683 c.seq = nlh->nlmsg_seq; 1683 c.seq = nlh->nlmsg_seq;
@@ -2054,6 +2054,10 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
2054#undef XMSGSIZE 2054#undef XMSGSIZE
2055 2055
2056static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = { 2056static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = {
2057 [XFRMA_SA] = { .len = sizeof(struct xfrm_usersa_info)},
2058 [XFRMA_POLICY] = { .len = sizeof(struct xfrm_userpolicy_info)},
2059 [XFRMA_LASTUSED] = { .type = NLA_U64},
2060 [XFRMA_ALG_AUTH_TRUNC] = { .len = sizeof(struct xfrm_algo_auth)},
2057 [XFRMA_ALG_AEAD] = { .len = sizeof(struct xfrm_algo_aead) }, 2061 [XFRMA_ALG_AEAD] = { .len = sizeof(struct xfrm_algo_aead) },
2058 [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) }, 2062 [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) },
2059 [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) }, 2063 [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) },