2 files changed, 32 insertions, 25 deletions

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 15d73e47cc2c..ab4d0e598a2c 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -263,7 +263,7 @@ void xfrm_policy_destroy(struct xfrm_policy *policy)
         list_del(&policy->bytype);
         write_unlock_bh(&xfrm_policy_lock);
 
-        security_xfrm_policy_free(policy);
+        security_xfrm_policy_free(policy->security);
         kfree(policy);
 }
 EXPORT_SYMBOL(xfrm_policy_destroy);
@@ -676,7 +676,8 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
                     xfrm_sec_ctx_match(ctx, pol->security)) {
                         xfrm_pol_hold(pol);
                         if (delete) {
-                                *err = security_xfrm_policy_delete(pol);
+                                *err = security_xfrm_policy_delete(
+                                                                pol->security);
                                 if (*err) {
                                         write_unlock_bh(&xfrm_policy_lock);
                                         return pol;
@@ -718,7 +719,8 @@ struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete,
                 if (pol->type == type && pol->index == id) {
                         xfrm_pol_hold(pol);
                         if (delete) {
-                                *err = security_xfrm_policy_delete(pol);
+                                *err = security_xfrm_policy_delete(
+                                                                pol->security);
                                 if (*err) {
                                         write_unlock_bh(&xfrm_policy_lock);
                                         return pol;
@@ -756,7 +758,7 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
                                      &xfrm_policy_inexact[dir], bydst) {
                         if (pol->type != type)
                                 continue;
-                        err = security_xfrm_policy_delete(pol);
+                        err = security_xfrm_policy_delete(pol->security);
                         if (err) {
                                 xfrm_audit_policy_delete(pol, 0,
                                                          audit_info->loginuid,
@@ -770,7 +772,8 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
                                              bydst) {
                                 if (pol->type != type)
                                         continue;
-                                err = security_xfrm_policy_delete(pol);
+                                err = security_xfrm_policy_delete(
+                                                                pol->security);
                                 if (err) {
                                         xfrm_audit_policy_delete(pol, 0,
                                                         audit_info->loginuid,
@@ -931,7 +934,8 @@ static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl,
 
         match = xfrm_selector_match(sel, fl, family);
         if (match)
-                ret = security_xfrm_policy_lookup(pol, fl->secid, dir);
+                ret = security_xfrm_policy_lookup(pol->security, fl->secid,
+                                                  dir);
 
         return ret;
 }
@@ -1048,8 +1052,9 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struc
                 int err = 0;
 
                 if (match) {
-                        err = security_xfrm_policy_lookup(pol, fl->secid,
-                                        policy_to_flow_dir(dir));
+                        err = security_xfrm_policy_lookup(pol->security,
+                                                      fl->secid,
+                                                      policy_to_flow_dir(dir));
                         if (!err)
                                 xfrm_pol_hold(pol);
                         else if (err == -ESRCH)
@@ -1138,7 +1143,8 @@ static struct xfrm_policy *clone_policy(struct xfrm_policy *old, int dir)
 
         if (newp) {
                 newp->selector = old->selector;
-                if (security_xfrm_policy_clone(old, newp)) {
+                if (security_xfrm_policy_clone(old->security,
+                                               &newp->security)) {
                         kfree(newp);
                         return NULL;  /* ENOMEM */
                 }
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 5578c909fcf6..ecf9d67daef5 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -959,7 +959,7 @@ static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct nlattr **attrs
                 return 0;
 
         uctx = nla_data(rt);
-        return security_xfrm_policy_alloc(pol, uctx);
+        return security_xfrm_policy_alloc(&pol->security, uctx);
 }
 
 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut,
@@ -1143,7 +1143,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
                               NETLINK_CB(skb).sid);
 
         if (err) {
-                security_xfrm_policy_free(xp);
+                security_xfrm_policy_free(xp->security);
                 kfree(xp);
                 return err;
         }
@@ -1337,22 +1337,23 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
                 xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err);
         else {
                 struct nlattr *rt = attrs[XFRMA_SEC_CTX];
-                struct xfrm_policy tmp;
+                struct xfrm_sec_ctx *ctx;
 
                 err = verify_sec_ctx_len(attrs);
                 if (err)
                         return err;
 
-                memset(&tmp, 0, sizeof(struct xfrm_policy));
                 if (rt) {
                         struct xfrm_user_sec_ctx *uctx = nla_data(rt);
 
-                        if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
+                        err = security_xfrm_policy_alloc(&ctx, uctx);
+                        if (err)
                                 return err;
-                }
-                xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security,
+                } else
+                        ctx = NULL;
+                xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, ctx,
                                            delete, &err);
-                security_xfrm_policy_free(&tmp);
+                security_xfrm_policy_free(ctx);
         }
         if (xp == NULL)
                 return -ENOENT;
@@ -1572,26 +1573,26 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
                 xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err);
         else {
                 struct nlattr *rt = attrs[XFRMA_SEC_CTX];
-                struct xfrm_policy tmp;
+                struct xfrm_sec_ctx *ctx;
 
                 err = verify_sec_ctx_len(attrs);
                 if (err)
                         return err;
 
-                memset(&tmp, 0, sizeof(struct xfrm_policy));
                 if (rt) {
                         struct xfrm_user_sec_ctx *uctx = nla_data(rt);
 
-                        if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
+                        err = security_xfrm_policy_alloc(&ctx, uctx);
+                        if (err)
                                 return err;
-                }
-                xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security,
-                                           0, &err);
-                security_xfrm_policy_free(&tmp);
+                } else
+                        ctx = NULL;
+                xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, ctx, 0, &err);
+                security_xfrm_policy_free(ctx);
         }
-
         if (xp == NULL)
                 return -ENOENT;
+
         read_lock(&xp->lock);
         if (xp->dead) {
                 read_unlock(&xp->lock);