aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/can/raw.c21
-rw-r--r--net/compat.c117
-rw-r--r--net/core/dev.c2
-rw-r--r--net/ipv4/af_inet.c2
-rw-r--r--net/ipv4/ip_sockglue.c5
-rw-r--r--net/ipv4/tcp_input.c3
-rw-r--r--net/ipv6/Kconfig2
-rw-r--r--net/ipv6/ip6mr.c2
-rw-r--r--net/ipv6/ipv6_sockglue.c5
-rw-r--r--net/irda/irnet/irnet_irda.c65
-rw-r--r--net/irda/irnet/irnet_irda.h8
-rw-r--r--net/key/af_key.c17
-rw-r--r--net/mac80211/Kconfig4
-rw-r--r--net/netfilter/nf_queue.c2
-rw-r--r--net/netlabel/netlabel_unlabeled.c1
-rw-r--r--net/netlabel/netlabel_user.c4
-rw-r--r--net/netlabel/netlabel_user.h1
-rw-r--r--net/netlink/af_netlink.c1
-rw-r--r--net/sunrpc/xprt.c2
-rw-r--r--net/tipc/msg.h7
-rw-r--r--net/xfrm/xfrm_algo.c3
-rw-r--r--net/xfrm/xfrm_output.c2
-rw-r--r--net/xfrm/xfrm_policy.c12
-rw-r--r--net/xfrm/xfrm_state.c15
-rw-r--r--net/xfrm/xfrm_user.c41
25 files changed, 249 insertions, 95 deletions
diff --git a/net/can/raw.c b/net/can/raw.c
index 201cbfc6b9ec..69877b8e7e9c 100644
--- a/net/can/raw.c
+++ b/net/can/raw.c
@@ -435,15 +435,13 @@ static int raw_setsockopt(struct socket *sock, int level, int optname,
435 if (!filter) 435 if (!filter)
436 return -ENOMEM; 436 return -ENOMEM;
437 437
438 err = copy_from_user(filter, optval, optlen); 438 if (copy_from_user(filter, optval, optlen)) {
439 if (err) {
440 kfree(filter); 439 kfree(filter);
441 return err; 440 return -EFAULT;
442 } 441 }
443 } else if (count == 1) { 442 } else if (count == 1) {
444 err = copy_from_user(&sfilter, optval, optlen); 443 if (copy_from_user(&sfilter, optval, optlen))
445 if (err) 444 return -EFAULT;
446 return err;
447 } 445 }
448 446
449 lock_sock(sk); 447 lock_sock(sk);
@@ -493,9 +491,8 @@ static int raw_setsockopt(struct socket *sock, int level, int optname,
493 if (optlen != sizeof(err_mask)) 491 if (optlen != sizeof(err_mask))
494 return -EINVAL; 492 return -EINVAL;
495 493
496 err = copy_from_user(&err_mask, optval, optlen); 494 if (copy_from_user(&err_mask, optval, optlen))
497 if (err) 495 return -EFAULT;
498 return err;
499 496
500 err_mask &= CAN_ERR_MASK; 497 err_mask &= CAN_ERR_MASK;
501 498
@@ -531,7 +528,8 @@ static int raw_setsockopt(struct socket *sock, int level, int optname,
531 if (optlen != sizeof(ro->loopback)) 528 if (optlen != sizeof(ro->loopback))
532 return -EINVAL; 529 return -EINVAL;
533 530
534 err = copy_from_user(&ro->loopback, optval, optlen); 531 if (copy_from_user(&ro->loopback, optval, optlen))
532 return -EFAULT;
535 533
536 break; 534 break;
537 535
@@ -539,7 +537,8 @@ static int raw_setsockopt(struct socket *sock, int level, int optname,
539 if (optlen != sizeof(ro->recv_own_msgs)) 537 if (optlen != sizeof(ro->recv_own_msgs))
540 return -EINVAL; 538 return -EINVAL;
541 539
542 err = copy_from_user(&ro->recv_own_msgs, optval, optlen); 540 if (copy_from_user(&ro->recv_own_msgs, optval, optlen))
541 return -EFAULT;
543 542
544 break; 543 break;
545 544
diff --git a/net/compat.c b/net/compat.c
index 80013fb69a61..01bf95d0832e 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -24,6 +24,8 @@
24 24
25#include <net/scm.h> 25#include <net/scm.h>
26#include <net/sock.h> 26#include <net/sock.h>
27#include <net/ip.h>
28#include <net/ipv6.h>
27#include <asm/uaccess.h> 29#include <asm/uaccess.h>
28#include <net/compat.h> 30#include <net/compat.h>
29 31
@@ -521,6 +523,121 @@ asmlinkage long compat_sys_getsockopt(int fd, int level, int optname,
521 } 523 }
522 return err; 524 return err;
523} 525}
526
527struct compat_group_req {
528 __u32 gr_interface;
529 struct __kernel_sockaddr_storage gr_group
530 __attribute__ ((aligned(4)));
531} __attribute__ ((packed));
532
533struct compat_group_source_req {
534 __u32 gsr_interface;
535 struct __kernel_sockaddr_storage gsr_group
536 __attribute__ ((aligned(4)));
537 struct __kernel_sockaddr_storage gsr_source
538 __attribute__ ((aligned(4)));
539} __attribute__ ((packed));
540
541struct compat_group_filter {
542 __u32 gf_interface;
543 struct __kernel_sockaddr_storage gf_group
544 __attribute__ ((aligned(4)));
545 __u32 gf_fmode;
546 __u32 gf_numsrc;
547 struct __kernel_sockaddr_storage gf_slist[1]
548 __attribute__ ((aligned(4)));
549} __attribute__ ((packed));
550
551
552int compat_mc_setsockopt(struct sock *sock, int level, int optname,
553 char __user *optval, int optlen,
554 int (*setsockopt)(struct sock *,int,int,char __user *,int))
555{
556 char __user *koptval = optval;
557 int koptlen = optlen;
558
559 switch (optname) {
560 case MCAST_JOIN_GROUP:
561 case MCAST_LEAVE_GROUP:
562 {
563 struct compat_group_req __user *gr32 = (void *)optval;
564 struct group_req __user *kgr =
565 compat_alloc_user_space(sizeof(struct group_req));
566 u32 interface;
567
568 if (!access_ok(VERIFY_READ, gr32, sizeof(*gr32)) ||
569 !access_ok(VERIFY_WRITE, kgr, sizeof(struct group_req)) ||
570 __get_user(interface, &gr32->gr_interface) ||
571 __put_user(interface, &kgr->gr_interface) ||
572 copy_in_user(&kgr->gr_group, &gr32->gr_group,
573 sizeof(kgr->gr_group)))
574 return -EFAULT;
575 koptval = (char __user *)kgr;
576 koptlen = sizeof(struct group_req);
577 break;
578 }
579 case MCAST_JOIN_SOURCE_GROUP:
580 case MCAST_LEAVE_SOURCE_GROUP:
581 case MCAST_BLOCK_SOURCE:
582 case MCAST_UNBLOCK_SOURCE:
583 {
584 struct compat_group_source_req __user *gsr32 = (void *)optval;
585 struct group_source_req *kgsr = compat_alloc_user_space(
586 sizeof(struct group_source_req));
587 u32 interface;
588
589 if (!access_ok(VERIFY_READ, gsr32, sizeof(*gsr32)) ||
590 !access_ok(VERIFY_WRITE, kgsr,
591 sizeof(struct group_source_req)) ||
592 __get_user(interface, &gsr32->gsr_interface) ||
593 __put_user(interface, &kgsr->gsr_interface) ||
594 copy_in_user(&kgsr->gsr_group, &gsr32->gsr_group,
595 sizeof(kgsr->gsr_group)) ||
596 copy_in_user(&kgsr->gsr_source, &gsr32->gsr_source,
597 sizeof(kgsr->gsr_source)))
598 return -EFAULT;
599 koptval = (char __user *)kgsr;
600 koptlen = sizeof(struct group_source_req);
601 break;
602 }
603 case MCAST_MSFILTER:
604 {
605 struct compat_group_filter __user *gf32 = (void *)optval;
606 struct group_filter *kgf;
607 u32 interface, fmode, numsrc;
608
609 if (!access_ok(VERIFY_READ, gf32, sizeof(*gf32)) ||
610 __get_user(interface, &gf32->gf_interface) ||
611 __get_user(fmode, &gf32->gf_fmode) ||
612 __get_user(numsrc, &gf32->gf_numsrc))
613 return -EFAULT;
614 koptlen = optlen + sizeof(struct group_filter) -
615 sizeof(struct compat_group_filter);
616 if (koptlen < GROUP_FILTER_SIZE(numsrc))
617 return -EINVAL;
618 kgf = compat_alloc_user_space(koptlen);
619 if (!access_ok(VERIFY_WRITE, kgf, koptlen) ||
620 __put_user(interface, &kgf->gf_interface) ||
621 __put_user(fmode, &kgf->gf_fmode) ||
622 __put_user(numsrc, &kgf->gf_numsrc) ||
623 copy_in_user(&kgf->gf_group, &gf32->gf_group,
624 sizeof(kgf->gf_group)) ||
625 (numsrc && copy_in_user(&kgf->gf_slist, &gf32->gf_slist,
626 numsrc * sizeof(kgf->gf_slist[0]))))
627 return -EFAULT;
628 koptval = (char __user *)kgf;
629 break;
630 }
631
632 default:
633 break;
634 }
635 return setsockopt(sock, level, optname, koptval, koptlen);
636}
637
638EXPORT_SYMBOL(compat_mc_setsockopt);
639
640
524/* Argument list sizes for compat_sys_socketcall */ 641/* Argument list sizes for compat_sys_socketcall */
525#define AL(x) ((x) * sizeof(u32)) 642#define AL(x) ((x) * sizeof(u32))
526static unsigned char nas[18]={AL(0),AL(3),AL(3),AL(3),AL(2),AL(3), 643static unsigned char nas[18]={AL(0),AL(3),AL(3),AL(3),AL(2),AL(3),
diff --git a/net/core/dev.c b/net/core/dev.c
index e1df1ab3e04a..ed49da592051 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1524,7 +1524,7 @@ static int dev_gso_segment(struct sk_buff *skb)
1524 if (!segs) 1524 if (!segs)
1525 return 0; 1525 return 0;
1526 1526
1527 if (unlikely(IS_ERR(segs))) 1527 if (IS_ERR(segs))
1528 return PTR_ERR(segs); 1528 return PTR_ERR(segs);
1529 1529
1530 skb->next = segs; 1530 skb->next = segs;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index f2b5270efdaa..24eca23c2db3 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1234,7 +1234,7 @@ static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int features)
1234 segs = ops->gso_segment(skb, features); 1234 segs = ops->gso_segment(skb, features);
1235 rcu_read_unlock(); 1235 rcu_read_unlock();
1236 1236
1237 if (!segs || unlikely(IS_ERR(segs))) 1237 if (!segs || IS_ERR(segs))
1238 goto out; 1238 goto out;
1239 1239
1240 skb = segs; 1240 skb = segs;
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index d8adfd4972e2..4d8d95404f45 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -36,6 +36,7 @@
36#include <linux/mroute.h> 36#include <linux/mroute.h>
37#include <net/route.h> 37#include <net/route.h>
38#include <net/xfrm.h> 38#include <net/xfrm.h>
39#include <net/compat.h>
39#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 40#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
40#include <net/transp_v6.h> 41#include <net/transp_v6.h>
41#endif 42#endif
@@ -923,6 +924,10 @@ int compat_ip_setsockopt(struct sock *sk, int level, int optname,
923 if (level != SOL_IP) 924 if (level != SOL_IP)
924 return -ENOPROTOOPT; 925 return -ENOPROTOOPT;
925 926
927 if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER)
928 return compat_mc_setsockopt(sk, level, optname, optval, optlen,
929 ip_setsockopt);
930
926 err = do_ip_setsockopt(sk, level, optname, optval, optlen); 931 err = do_ip_setsockopt(sk, level, optname, optval, optlen);
927#ifdef CONFIG_NETFILTER 932#ifdef CONFIG_NETFILTER
928 /* we need to exclude all possible ENOPROTOOPTs except default case */ 933 /* we need to exclude all possible ENOPROTOOPTs except default case */
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index ac9b8482f702..0298f80681f2 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4925,8 +4925,7 @@ step5:
4925 tcp_data_snd_check(sk); 4925 tcp_data_snd_check(sk);
4926 tcp_ack_snd_check(sk); 4926 tcp_ack_snd_check(sk);
4927 4927
4928 if (tcp_defer_accept_check(sk)) 4928 tcp_defer_accept_check(sk);
4929 return -1;
4930 return 0; 4929 return 0;
4931 4930
4932csum_error: 4931csum_error:
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index b2c9becc02e8..42814a2ec9d7 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -167,7 +167,7 @@ config IPV6_SIT
167 Tunneling means encapsulating data of one protocol type within 167 Tunneling means encapsulating data of one protocol type within
168 another protocol and sending it over a channel that understands the 168 another protocol and sending it over a channel that understands the
169 encapsulating protocol. This driver implements encapsulation of IPv6 169 encapsulating protocol. This driver implements encapsulation of IPv6
170 into IPv4 packets. This is useful if you want to connect to IPv6 170 into IPv4 packets. This is useful if you want to connect two IPv6
171 networks over an IPv4-only path. 171 networks over an IPv4-only path.
172 172
173 Saying M here will produce a module called sit.ko. If unsure, say Y. 173 Saying M here will produce a module called sit.ko. If unsure, say Y.
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index c8c6e33d1163..2de3c464fe75 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -358,7 +358,7 @@ static int pim6_rcv(struct sk_buff *skb)
358 if (pim->type != ((PIM_VERSION << 4) | PIM_REGISTER) || 358 if (pim->type != ((PIM_VERSION << 4) | PIM_REGISTER) ||
359 (pim->flags & PIM_NULL_REGISTER) || 359 (pim->flags & PIM_NULL_REGISTER) ||
360 (ip_compute_csum((void *)pim, sizeof(*pim)) != 0 && 360 (ip_compute_csum((void *)pim, sizeof(*pim)) != 0 &&
361 (u16)csum_fold(skb_checksum(skb, 0, skb->len, 0)))) 361 csum_fold(skb_checksum(skb, 0, skb->len, 0))))
362 goto drop; 362 goto drop;
363 363
364 /* check if the inner packet is destined to mcast group */ 364 /* check if the inner packet is destined to mcast group */
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 06de9d0e1f6b..db6fdc1498aa 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -52,6 +52,7 @@
52#include <net/udp.h> 52#include <net/udp.h>
53#include <net/udplite.h> 53#include <net/udplite.h>
54#include <net/xfrm.h> 54#include <net/xfrm.h>
55#include <net/compat.h>
55 56
56#include <asm/uaccess.h> 57#include <asm/uaccess.h>
57 58
@@ -779,6 +780,10 @@ int compat_ipv6_setsockopt(struct sock *sk, int level, int optname,
779 if (level != SOL_IPV6) 780 if (level != SOL_IPV6)
780 return -ENOPROTOOPT; 781 return -ENOPROTOOPT;
781 782
783 if (optname >= MCAST_JOIN_GROUP && optname <= MCAST_MSFILTER)
784 return compat_mc_setsockopt(sk, level, optname, optval, optlen,
785 ipv6_setsockopt);
786
782 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen); 787 err = do_ipv6_setsockopt(sk, level, optname, optval, optlen);
783#ifdef CONFIG_NETFILTER 788#ifdef CONFIG_NETFILTER
784 /* we need to exclude all possible ENOPROTOOPTs except default case */ 789 /* we need to exclude all possible ENOPROTOOPTs except default case */
diff --git a/net/irda/irnet/irnet_irda.c b/net/irda/irnet/irnet_irda.c
index a4f1439ffdd8..75497e55927d 100644
--- a/net/irda/irnet/irnet_irda.c
+++ b/net/irda/irnet/irnet_irda.c
@@ -9,6 +9,7 @@
9 */ 9 */
10 10
11#include "irnet_irda.h" /* Private header */ 11#include "irnet_irda.h" /* Private header */
12#include <linux/seq_file.h>
12 13
13/* 14/*
14 * PPP disconnect work: we need to make sure we're in 15 * PPP disconnect work: we need to make sure we're in
@@ -1717,34 +1718,23 @@ irnet_expiry_indication(discinfo_t * expiry,
1717 */ 1718 */
1718 1719
1719#ifdef CONFIG_PROC_FS 1720#ifdef CONFIG_PROC_FS
1720/*------------------------------------------------------------------*/
1721/*
1722 * Function irnet_proc_read (buf, start, offset, len, unused)
1723 *
1724 * Give some info to the /proc file system
1725 */
1726static int 1721static int
1727irnet_proc_read(char * buf, 1722irnet_proc_show(struct seq_file *m, void *v)
1728 char ** start,
1729 off_t offset,
1730 int len)
1731{ 1723{
1732 irnet_socket * self; 1724 irnet_socket * self;
1733 char * state; 1725 char * state;
1734 int i = 0; 1726 int i = 0;
1735 1727
1736 len = 0;
1737
1738 /* Get the IrNET server information... */ 1728 /* Get the IrNET server information... */
1739 len += sprintf(buf+len, "IrNET server - "); 1729 seq_printf(m, "IrNET server - ");
1740 len += sprintf(buf+len, "IrDA state: %s, ", 1730 seq_printf(m, "IrDA state: %s, ",
1741 (irnet_server.running ? "running" : "dead")); 1731 (irnet_server.running ? "running" : "dead"));
1742 len += sprintf(buf+len, "stsap_sel: %02x, ", irnet_server.s.stsap_sel); 1732 seq_printf(m, "stsap_sel: %02x, ", irnet_server.s.stsap_sel);
1743 len += sprintf(buf+len, "dtsap_sel: %02x\n", irnet_server.s.dtsap_sel); 1733 seq_printf(m, "dtsap_sel: %02x\n", irnet_server.s.dtsap_sel);
1744 1734
1745 /* Do we need to continue ? */ 1735 /* Do we need to continue ? */
1746 if(!irnet_server.running) 1736 if(!irnet_server.running)
1747 return len; 1737 return 0;
1748 1738
1749 /* Protect access to the instance list */ 1739 /* Protect access to the instance list */
1750 spin_lock_bh(&irnet_server.spinlock); 1740 spin_lock_bh(&irnet_server.spinlock);
@@ -1754,23 +1744,23 @@ irnet_proc_read(char * buf,
1754 while(self != NULL) 1744 while(self != NULL)
1755 { 1745 {
1756 /* Start printing info about the socket. */ 1746 /* Start printing info about the socket. */
1757 len += sprintf(buf+len, "\nIrNET socket %d - ", i++); 1747 seq_printf(m, "\nIrNET socket %d - ", i++);
1758 1748
1759 /* First, get the requested configuration */ 1749 /* First, get the requested configuration */
1760 len += sprintf(buf+len, "Requested IrDA name: \"%s\", ", self->rname); 1750 seq_printf(m, "Requested IrDA name: \"%s\", ", self->rname);
1761 len += sprintf(buf+len, "daddr: %08x, ", self->rdaddr); 1751 seq_printf(m, "daddr: %08x, ", self->rdaddr);
1762 len += sprintf(buf+len, "saddr: %08x\n", self->rsaddr); 1752 seq_printf(m, "saddr: %08x\n", self->rsaddr);
1763 1753
1764 /* Second, get all the PPP info */ 1754 /* Second, get all the PPP info */
1765 len += sprintf(buf+len, " PPP state: %s", 1755 seq_printf(m, " PPP state: %s",
1766 (self->ppp_open ? "registered" : "unregistered")); 1756 (self->ppp_open ? "registered" : "unregistered"));
1767 if(self->ppp_open) 1757 if(self->ppp_open)
1768 { 1758 {
1769 len += sprintf(buf+len, ", unit: ppp%d", 1759 seq_printf(m, ", unit: ppp%d",
1770 ppp_unit_number(&self->chan)); 1760 ppp_unit_number(&self->chan));
1771 len += sprintf(buf+len, ", channel: %d", 1761 seq_printf(m, ", channel: %d",
1772 ppp_channel_index(&self->chan)); 1762 ppp_channel_index(&self->chan));
1773 len += sprintf(buf+len, ", mru: %d", 1763 seq_printf(m, ", mru: %d",
1774 self->mru); 1764 self->mru);
1775 /* Maybe add self->flags ? Later... */ 1765 /* Maybe add self->flags ? Later... */
1776 } 1766 }
@@ -1789,10 +1779,10 @@ irnet_proc_read(char * buf,
1789 state = "weird"; 1779 state = "weird";
1790 else 1780 else
1791 state = "idle"; 1781 state = "idle";
1792 len += sprintf(buf+len, "\n IrDA state: %s, ", state); 1782 seq_printf(m, "\n IrDA state: %s, ", state);
1793 len += sprintf(buf+len, "daddr: %08x, ", self->daddr); 1783 seq_printf(m, "daddr: %08x, ", self->daddr);
1794 len += sprintf(buf+len, "stsap_sel: %02x, ", self->stsap_sel); 1784 seq_printf(m, "stsap_sel: %02x, ", self->stsap_sel);
1795 len += sprintf(buf+len, "dtsap_sel: %02x\n", self->dtsap_sel); 1785 seq_printf(m, "dtsap_sel: %02x\n", self->dtsap_sel);
1796 1786
1797 /* Next socket, please... */ 1787 /* Next socket, please... */
1798 self = (irnet_socket *) hashbin_get_next(irnet_server.list); 1788 self = (irnet_socket *) hashbin_get_next(irnet_server.list);
@@ -1801,8 +1791,21 @@ irnet_proc_read(char * buf,
1801 /* Spin lock end */ 1791 /* Spin lock end */
1802 spin_unlock_bh(&irnet_server.spinlock); 1792 spin_unlock_bh(&irnet_server.spinlock);
1803 1793
1804 return len; 1794 return 0;
1805} 1795}
1796
1797static int irnet_proc_open(struct inode *inode, struct file *file)
1798{
1799 return single_open(file, irnet_proc_show, NULL);
1800}
1801
1802static const struct file_operations irnet_proc_fops = {
1803 .owner = THIS_MODULE,
1804 .open = irnet_proc_open,
1805 .read = seq_read,
1806 .llseek = seq_lseek,
1807 .release = single_release,
1808};
1806#endif /* PROC_FS */ 1809#endif /* PROC_FS */
1807 1810
1808 1811
@@ -1841,7 +1844,7 @@ irda_irnet_init(void)
1841 1844
1842#ifdef CONFIG_PROC_FS 1845#ifdef CONFIG_PROC_FS
1843 /* Add a /proc file for irnet infos */ 1846 /* Add a /proc file for irnet infos */
1844 create_proc_info_entry("irnet", 0, proc_irda, irnet_proc_read); 1847 proc_create("irnet", 0, proc_irda, &irnet_proc_fops);
1845#endif /* CONFIG_PROC_FS */ 1848#endif /* CONFIG_PROC_FS */
1846 1849
1847 /* Setup the IrNET server */ 1850 /* Setup the IrNET server */
diff --git a/net/irda/irnet/irnet_irda.h b/net/irda/irnet/irnet_irda.h
index 0ba92d0d5204..3e408952a3f1 100644
--- a/net/irda/irnet/irnet_irda.h
+++ b/net/irda/irnet/irnet_irda.h
@@ -159,14 +159,6 @@ static void
159 DISCOVERY_MODE, 159 DISCOVERY_MODE,
160 void *); 160 void *);
161#endif 161#endif
162/* -------------------------- PROC ENTRY -------------------------- */
163#ifdef CONFIG_PROC_FS
164static int
165 irnet_proc_read(char *,
166 char **,
167 off_t,
168 int);
169#endif /* CONFIG_PROC_FS */
170 162
171/**************************** VARIABLES ****************************/ 163/**************************** VARIABLES ****************************/
172 164
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 2403a31fe0f6..9e7236ff6bcc 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1498,7 +1498,8 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
1498 err = xfrm_state_update(x); 1498 err = xfrm_state_update(x);
1499 1499
1500 xfrm_audit_state_add(x, err ? 0 : 1, 1500 xfrm_audit_state_add(x, err ? 0 : 1,
1501 audit_get_loginuid(current), 0); 1501 audit_get_loginuid(current),
1502 audit_get_sessionid(current), 0);
1502 1503
1503 if (err < 0) { 1504 if (err < 0) {
1504 x->km.state = XFRM_STATE_DEAD; 1505 x->km.state = XFRM_STATE_DEAD;
@@ -1552,7 +1553,8 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
1552 km_state_notify(x, &c); 1553 km_state_notify(x, &c);
1553out: 1554out:
1554 xfrm_audit_state_delete(x, err ? 0 : 1, 1555 xfrm_audit_state_delete(x, err ? 0 : 1,
1555 audit_get_loginuid(current), 0); 1556 audit_get_loginuid(current),
1557 audit_get_sessionid(current), 0);
1556 xfrm_state_put(x); 1558 xfrm_state_put(x);
1557 1559
1558 return err; 1560 return err;
@@ -1728,6 +1730,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
1728 return -EINVAL; 1730 return -EINVAL;
1729 1731
1730 audit_info.loginuid = audit_get_loginuid(current); 1732 audit_info.loginuid = audit_get_loginuid(current);
1733 audit_info.sessionid = audit_get_sessionid(current);
1731 audit_info.secid = 0; 1734 audit_info.secid = 0;
1732 err = xfrm_state_flush(proto, &audit_info); 1735 err = xfrm_state_flush(proto, &audit_info);
1733 if (err) 1736 if (err)
@@ -2324,7 +2327,8 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2324 hdr->sadb_msg_type != SADB_X_SPDUPDATE); 2327 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2325 2328
2326 xfrm_audit_policy_add(xp, err ? 0 : 1, 2329 xfrm_audit_policy_add(xp, err ? 0 : 1,
2327 audit_get_loginuid(current), 0); 2330 audit_get_loginuid(current),
2331 audit_get_sessionid(current), 0);
2328 2332
2329 if (err) 2333 if (err)
2330 goto out; 2334 goto out;
@@ -2406,7 +2410,8 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2406 return -ENOENT; 2410 return -ENOENT;
2407 2411
2408 xfrm_audit_policy_delete(xp, err ? 0 : 1, 2412 xfrm_audit_policy_delete(xp, err ? 0 : 1,
2409 audit_get_loginuid(current), 0); 2413 audit_get_loginuid(current),
2414 audit_get_sessionid(current), 0);
2410 2415
2411 if (err) 2416 if (err)
2412 goto out; 2417 goto out;
@@ -2667,7 +2672,8 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2667 2672
2668 if (delete) { 2673 if (delete) {
2669 xfrm_audit_policy_delete(xp, err ? 0 : 1, 2674 xfrm_audit_policy_delete(xp, err ? 0 : 1,
2670 audit_get_loginuid(current), 0); 2675 audit_get_loginuid(current),
2676 audit_get_sessionid(current), 0);
2671 2677
2672 if (err) 2678 if (err)
2673 goto out; 2679 goto out;
@@ -2767,6 +2773,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2767 int err; 2773 int err;
2768 2774
2769 audit_info.loginuid = audit_get_loginuid(current); 2775 audit_info.loginuid = audit_get_loginuid(current);
2776 audit_info.sessionid = audit_get_sessionid(current);
2770 audit_info.secid = 0; 2777 audit_info.secid = 0;
2771 err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info); 2778 err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info);
2772 if (err) 2779 if (err)
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index 520a5180a4f6..a24b459dd45a 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -73,7 +73,9 @@ config MAC80211_MESH
73 73
74config MAC80211_LEDS 74config MAC80211_LEDS
75 bool "Enable LED triggers" 75 bool "Enable LED triggers"
76 depends on MAC80211 && LEDS_TRIGGERS 76 depends on MAC80211
77 select NEW_LEDS
78 select LEDS_TRIGGERS
77 ---help--- 79 ---help---
78 This option enables a few LED triggers for different 80 This option enables a few LED triggers for different
79 packet receive/transmit events. 81 packet receive/transmit events.
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index bbd26893c0c4..582ec3efc8a5 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -214,7 +214,7 @@ int nf_queue(struct sk_buff *skb,
214 214
215 segs = skb_gso_segment(skb, 0); 215 segs = skb_gso_segment(skb, 0);
216 kfree_skb(skb); 216 kfree_skb(skb);
217 if (unlikely(IS_ERR(segs))) 217 if (IS_ERR(segs))
218 return 1; 218 return 1;
219 219
220 do { 220 do {
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index d282ad1570a7..0099da5b2591 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1780,6 +1780,7 @@ int __init netlbl_unlabel_defconf(void)
1780 * messages so don't worry to much about these values. */ 1780 * messages so don't worry to much about these values. */
1781 security_task_getsecid(current, &audit_info.secid); 1781 security_task_getsecid(current, &audit_info.secid);
1782 audit_info.loginuid = 0; 1782 audit_info.loginuid = 0;
1783 audit_info.sessionid = 0;
1783 1784
1784 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 1785 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1785 if (entry == NULL) 1786 if (entry == NULL)
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index b17d4203806e..68706b4e3bf8 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -107,7 +107,9 @@ struct audit_buffer *netlbl_audit_start_common(int type,
107 if (audit_buf == NULL) 107 if (audit_buf == NULL)
108 return NULL; 108 return NULL;
109 109
110 audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid); 110 audit_log_format(audit_buf, "netlabel: auid=%u ses=%u",
111 audit_info->loginuid,
112 audit_info->sessionid);
111 113
112 if (audit_info->secid != 0 && 114 if (audit_info->secid != 0 &&
113 security_secid_to_secctx(audit_info->secid, 115 security_secid_to_secctx(audit_info->secid,
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index 6d7f4ab46c2b..6caef8b20611 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -51,6 +51,7 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb,
51{ 51{
52 audit_info->secid = NETLINK_CB(skb).sid; 52 audit_info->secid = NETLINK_CB(skb).sid;
53 audit_info->loginuid = NETLINK_CB(skb).loginuid; 53 audit_info->loginuid = NETLINK_CB(skb).loginuid;
54 audit_info->sessionid = NETLINK_CB(skb).sessionid;
54} 55}
55 56
56/* NetLabel NETLINK I/O functions */ 57/* NetLabel NETLINK I/O functions */
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 46f3e44bb83a..9b97f8006c9c 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1248,6 +1248,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
1248 NETLINK_CB(skb).pid = nlk->pid; 1248 NETLINK_CB(skb).pid = nlk->pid;
1249 NETLINK_CB(skb).dst_group = dst_group; 1249 NETLINK_CB(skb).dst_group = dst_group;
1250 NETLINK_CB(skb).loginuid = audit_get_loginuid(current); 1250 NETLINK_CB(skb).loginuid = audit_get_loginuid(current);
1251 NETLINK_CB(skb).sessionid = audit_get_sessionid(current);
1251 security_task_getsecid(current, &(NETLINK_CB(skb).sid)); 1252 security_task_getsecid(current, &(NETLINK_CB(skb).sid));
1252 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1253 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1253 1254
diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c
index 75d748eee0eb..e1770f7ba0b3 100644
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -445,7 +445,7 @@ EXPORT_SYMBOL_GPL(xprt_wake_pending_tasks);
445/** 445/**
446 * xprt_wait_for_buffer_space - wait for transport output buffer to clear 446 * xprt_wait_for_buffer_space - wait for transport output buffer to clear
447 * @task: task to be put to sleep 447 * @task: task to be put to sleep
448 * 448 * @action: function pointer to be executed after wait
449 */ 449 */
450void xprt_wait_for_buffer_space(struct rpc_task *task, rpc_action action) 450void xprt_wait_for_buffer_space(struct rpc_task *task, rpc_action action)
451{ 451{
diff --git a/net/tipc/msg.h b/net/tipc/msg.h
index 6ad070d87702..ad487e8abcc2 100644
--- a/net/tipc/msg.h
+++ b/net/tipc/msg.h
@@ -70,10 +70,9 @@ static inline void msg_set_bits(struct tipc_msg *m, u32 w,
70 u32 pos, u32 mask, u32 val) 70 u32 pos, u32 mask, u32 val)
71{ 71{
72 val = (val & mask) << pos; 72 val = (val & mask) << pos;
73 val = htonl(val); 73 mask = mask << pos;
74 mask = htonl(mask << pos); 74 m->hdr[w] &= ~htonl(mask);
75 m->hdr[w] &= ~mask; 75 m->hdr[w] |= htonl(val);
76 m->hdr[w] |= val;
77} 76}
78 77
79/* 78/*
diff --git a/net/xfrm/xfrm_algo.c b/net/xfrm/xfrm_algo.c
index 8aa6440d689f..ac765dd9c7f5 100644
--- a/net/xfrm/xfrm_algo.c
+++ b/net/xfrm/xfrm_algo.c
@@ -129,8 +129,7 @@ static struct xfrm_algo_desc aead_list[] = {
129 129
130static struct xfrm_algo_desc aalg_list[] = { 130static struct xfrm_algo_desc aalg_list[] = {
131{ 131{
132 .name = "hmac(digest_null)", 132 .name = "digest_null",
133 .compat = "digest_null",
134 133
135 .uinfo = { 134 .uinfo = {
136 .auth = { 135 .auth = {
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 2519129c6d21..09cd9c0c2d80 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -150,7 +150,7 @@ static int xfrm_output_gso(struct sk_buff *skb)
150 150
151 segs = skb_gso_segment(skb, 0); 151 segs = skb_gso_segment(skb, 0);
152 kfree_skb(skb); 152 kfree_skb(skb);
153 if (unlikely(IS_ERR(segs))) 153 if (IS_ERR(segs))
154 return PTR_ERR(segs); 154 return PTR_ERR(segs);
155 155
156 do { 156 do {
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index e0c0390613c0..cae9fd815543 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -762,6 +762,7 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
762 if (err) { 762 if (err) {
763 xfrm_audit_policy_delete(pol, 0, 763 xfrm_audit_policy_delete(pol, 0,
764 audit_info->loginuid, 764 audit_info->loginuid,
765 audit_info->sessionid,
765 audit_info->secid); 766 audit_info->secid);
766 return err; 767 return err;
767 } 768 }
@@ -777,6 +778,7 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
777 if (err) { 778 if (err) {
778 xfrm_audit_policy_delete(pol, 0, 779 xfrm_audit_policy_delete(pol, 0,
779 audit_info->loginuid, 780 audit_info->loginuid,
781 audit_info->sessionid,
780 audit_info->secid); 782 audit_info->secid);
781 return err; 783 return err;
782 } 784 }
@@ -819,6 +821,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
819 write_unlock_bh(&xfrm_policy_lock); 821 write_unlock_bh(&xfrm_policy_lock);
820 822
821 xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, 823 xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,
824 audit_info->sessionid,
822 audit_info->secid); 825 audit_info->secid);
823 826
824 xfrm_policy_kill(pol); 827 xfrm_policy_kill(pol);
@@ -841,6 +844,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
841 844
842 xfrm_audit_policy_delete(pol, 1, 845 xfrm_audit_policy_delete(pol, 1,
843 audit_info->loginuid, 846 audit_info->loginuid,
847 audit_info->sessionid,
844 audit_info->secid); 848 audit_info->secid);
845 xfrm_policy_kill(pol); 849 xfrm_policy_kill(pol);
846 killed++; 850 killed++;
@@ -2472,14 +2476,14 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,
2472} 2476}
2473 2477
2474void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, 2478void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
2475 u32 auid, u32 secid) 2479 uid_t auid, u32 sessionid, u32 secid)
2476{ 2480{
2477 struct audit_buffer *audit_buf; 2481 struct audit_buffer *audit_buf;
2478 2482
2479 audit_buf = xfrm_audit_start("SPD-add"); 2483 audit_buf = xfrm_audit_start("SPD-add");
2480 if (audit_buf == NULL) 2484 if (audit_buf == NULL)
2481 return; 2485 return;
2482 xfrm_audit_helper_usrinfo(auid, secid, audit_buf); 2486 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2483 audit_log_format(audit_buf, " res=%u", result); 2487 audit_log_format(audit_buf, " res=%u", result);
2484 xfrm_audit_common_policyinfo(xp, audit_buf); 2488 xfrm_audit_common_policyinfo(xp, audit_buf);
2485 audit_log_end(audit_buf); 2489 audit_log_end(audit_buf);
@@ -2487,14 +2491,14 @@ void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
2487EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); 2491EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
2488 2492
2489void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, 2493void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
2490 u32 auid, u32 secid) 2494 uid_t auid, u32 sessionid, u32 secid)
2491{ 2495{
2492 struct audit_buffer *audit_buf; 2496 struct audit_buffer *audit_buf;
2493 2497
2494 audit_buf = xfrm_audit_start("SPD-delete"); 2498 audit_buf = xfrm_audit_start("SPD-delete");
2495 if (audit_buf == NULL) 2499 if (audit_buf == NULL)
2496 return; 2500 return;
2497 xfrm_audit_helper_usrinfo(auid, secid, audit_buf); 2501 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2498 audit_log_format(audit_buf, " res=%u", result); 2502 audit_log_format(audit_buf, " res=%u", result);
2499 xfrm_audit_common_policyinfo(xp, audit_buf); 2503 xfrm_audit_common_policyinfo(xp, audit_buf);
2500 audit_log_end(audit_buf); 2504 audit_log_end(audit_buf);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 5dcc10b93c86..72fddafd891a 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -496,7 +496,8 @@ expired:
496 km_state_expired(x, 1, 0); 496 km_state_expired(x, 1, 0);
497 497
498 xfrm_audit_state_delete(x, err ? 0 : 1, 498 xfrm_audit_state_delete(x, err ? 0 : 1,
499 audit_get_loginuid(current), 0); 499 audit_get_loginuid(current),
500 audit_get_sessionid(current), 0);
500 501
501out: 502out:
502 spin_unlock(&x->lock); 503 spin_unlock(&x->lock);
@@ -603,6 +604,7 @@ xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
603 (err = security_xfrm_state_delete(x)) != 0) { 604 (err = security_xfrm_state_delete(x)) != 0) {
604 xfrm_audit_state_delete(x, 0, 605 xfrm_audit_state_delete(x, 0,
605 audit_info->loginuid, 606 audit_info->loginuid,
607 audit_info->sessionid,
606 audit_info->secid); 608 audit_info->secid);
607 return err; 609 return err;
608 } 610 }
@@ -641,6 +643,7 @@ restart:
641 err = xfrm_state_delete(x); 643 err = xfrm_state_delete(x);
642 xfrm_audit_state_delete(x, err ? 0 : 1, 644 xfrm_audit_state_delete(x, err ? 0 : 1,
643 audit_info->loginuid, 645 audit_info->loginuid,
646 audit_info->sessionid,
644 audit_info->secid); 647 audit_info->secid);
645 xfrm_state_put(x); 648 xfrm_state_put(x);
646 649
@@ -2112,7 +2115,7 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2112 iph6 = ipv6_hdr(skb); 2115 iph6 = ipv6_hdr(skb);
2113 audit_log_format(audit_buf, 2116 audit_log_format(audit_buf,
2114 " src=" NIP6_FMT " dst=" NIP6_FMT 2117 " src=" NIP6_FMT " dst=" NIP6_FMT
2115 " flowlbl=0x%x%x%x", 2118 " flowlbl=0x%x%02x%02x",
2116 NIP6(iph6->saddr), 2119 NIP6(iph6->saddr),
2117 NIP6(iph6->daddr), 2120 NIP6(iph6->daddr),
2118 iph6->flow_lbl[0] & 0x0f, 2121 iph6->flow_lbl[0] & 0x0f,
@@ -2123,14 +2126,14 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2123} 2126}
2124 2127
2125void xfrm_audit_state_add(struct xfrm_state *x, int result, 2128void xfrm_audit_state_add(struct xfrm_state *x, int result,
2126 u32 auid, u32 secid) 2129 uid_t auid, u32 sessionid, u32 secid)
2127{ 2130{
2128 struct audit_buffer *audit_buf; 2131 struct audit_buffer *audit_buf;
2129 2132
2130 audit_buf = xfrm_audit_start("SAD-add"); 2133 audit_buf = xfrm_audit_start("SAD-add");
2131 if (audit_buf == NULL) 2134 if (audit_buf == NULL)
2132 return; 2135 return;
2133 xfrm_audit_helper_usrinfo(auid, secid, audit_buf); 2136 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2134 xfrm_audit_helper_sainfo(x, audit_buf); 2137 xfrm_audit_helper_sainfo(x, audit_buf);
2135 audit_log_format(audit_buf, " res=%u", result); 2138 audit_log_format(audit_buf, " res=%u", result);
2136 audit_log_end(audit_buf); 2139 audit_log_end(audit_buf);
@@ -2138,14 +2141,14 @@ void xfrm_audit_state_add(struct xfrm_state *x, int result,
2138EXPORT_SYMBOL_GPL(xfrm_audit_state_add); 2141EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2139 2142
2140void xfrm_audit_state_delete(struct xfrm_state *x, int result, 2143void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2141 u32 auid, u32 secid) 2144 uid_t auid, u32 sessionid, u32 secid)
2142{ 2145{
2143 struct audit_buffer *audit_buf; 2146 struct audit_buffer *audit_buf;
2144 2147
2145 audit_buf = xfrm_audit_start("SAD-delete"); 2148 audit_buf = xfrm_audit_start("SAD-delete");
2146 if (audit_buf == NULL) 2149 if (audit_buf == NULL)
2147 return; 2150 return;
2148 xfrm_audit_helper_usrinfo(auid, secid, audit_buf); 2151 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2149 xfrm_audit_helper_sainfo(x, audit_buf); 2152 xfrm_audit_helper_sainfo(x, audit_buf);
2150 audit_log_format(audit_buf, " res=%u", result); 2153 audit_log_format(audit_buf, " res=%u", result);
2151 audit_log_end(audit_buf); 2154 audit_log_end(audit_buf);
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 22a30ae582a2..a1b0fbe3ea35 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -407,6 +407,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
407 struct xfrm_state *x; 407 struct xfrm_state *x;
408 int err; 408 int err;
409 struct km_event c; 409 struct km_event c;
410 uid_t loginuid = NETLINK_CB(skb).loginuid;
411 u32 sessionid = NETLINK_CB(skb).sessionid;
412 u32 sid = NETLINK_CB(skb).sid;
410 413
411 err = verify_newsa_info(p, attrs); 414 err = verify_newsa_info(p, attrs);
412 if (err) 415 if (err)
@@ -422,8 +425,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
422 else 425 else
423 err = xfrm_state_update(x); 426 err = xfrm_state_update(x);
424 427
425 xfrm_audit_state_add(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, 428 xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid);
426 NETLINK_CB(skb).sid);
427 429
428 if (err < 0) { 430 if (err < 0) {
429 x->km.state = XFRM_STATE_DEAD; 431 x->km.state = XFRM_STATE_DEAD;
@@ -478,6 +480,9 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
478 int err = -ESRCH; 480 int err = -ESRCH;
479 struct km_event c; 481 struct km_event c;
480 struct xfrm_usersa_id *p = nlmsg_data(nlh); 482 struct xfrm_usersa_id *p = nlmsg_data(nlh);
483 uid_t loginuid = NETLINK_CB(skb).loginuid;
484 u32 sessionid = NETLINK_CB(skb).sessionid;
485 u32 sid = NETLINK_CB(skb).sid;
481 486
482 x = xfrm_user_state_lookup(p, attrs, &err); 487 x = xfrm_user_state_lookup(p, attrs, &err);
483 if (x == NULL) 488 if (x == NULL)
@@ -502,8 +507,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
502 km_state_notify(x, &c); 507 km_state_notify(x, &c);
503 508
504out: 509out:
505 xfrm_audit_state_delete(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, 510 xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid);
506 NETLINK_CB(skb).sid);
507 xfrm_state_put(x); 511 xfrm_state_put(x);
508 return err; 512 return err;
509} 513}
@@ -1123,6 +1127,9 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1123 struct km_event c; 1127 struct km_event c;
1124 int err; 1128 int err;
1125 int excl; 1129 int excl;
1130 uid_t loginuid = NETLINK_CB(skb).loginuid;
1131 u32 sessionid = NETLINK_CB(skb).sessionid;
1132 u32 sid = NETLINK_CB(skb).sid;
1126 1133
1127 err = verify_newpolicy_info(p); 1134 err = verify_newpolicy_info(p);
1128 if (err) 1135 if (err)
@@ -1141,8 +1148,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1141 * a type XFRM_MSG_UPDPOLICY - JHS */ 1148 * a type XFRM_MSG_UPDPOLICY - JHS */
1142 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1149 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
1143 err = xfrm_policy_insert(p->dir, xp, excl); 1150 err = xfrm_policy_insert(p->dir, xp, excl);
1144 xfrm_audit_policy_add(xp, err ? 0 : 1, NETLINK_CB(skb).loginuid, 1151 xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid);
1145 NETLINK_CB(skb).sid);
1146 1152
1147 if (err) { 1153 if (err) {
1148 security_xfrm_policy_free(xp->security); 1154 security_xfrm_policy_free(xp->security);
@@ -1371,9 +1377,12 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1371 NETLINK_CB(skb).pid); 1377 NETLINK_CB(skb).pid);
1372 } 1378 }
1373 } else { 1379 } else {
1374 xfrm_audit_policy_delete(xp, err ? 0 : 1, 1380 uid_t loginuid = NETLINK_CB(skb).loginuid;
1375 NETLINK_CB(skb).loginuid, 1381 u32 sessionid = NETLINK_CB(skb).sessionid;
1376 NETLINK_CB(skb).sid); 1382 u32 sid = NETLINK_CB(skb).sid;
1383
1384 xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid,
1385 sid);
1377 1386
1378 if (err != 0) 1387 if (err != 0)
1379 goto out; 1388 goto out;
@@ -1399,6 +1408,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
1399 int err; 1408 int err;
1400 1409
1401 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1410 audit_info.loginuid = NETLINK_CB(skb).loginuid;
1411 audit_info.sessionid = NETLINK_CB(skb).sessionid;
1402 audit_info.secid = NETLINK_CB(skb).sid; 1412 audit_info.secid = NETLINK_CB(skb).sid;
1403 err = xfrm_state_flush(p->proto, &audit_info); 1413 err = xfrm_state_flush(p->proto, &audit_info);
1404 if (err) 1414 if (err)
@@ -1546,6 +1556,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1546 return err; 1556 return err;
1547 1557
1548 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1558 audit_info.loginuid = NETLINK_CB(skb).loginuid;
1559 audit_info.sessionid = NETLINK_CB(skb).sessionid;
1549 audit_info.secid = NETLINK_CB(skb).sid; 1560 audit_info.secid = NETLINK_CB(skb).sid;
1550 err = xfrm_policy_flush(type, &audit_info); 1561 err = xfrm_policy_flush(type, &audit_info);
1551 if (err) 1562 if (err)
@@ -1604,9 +1615,11 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1604 read_unlock(&xp->lock); 1615 read_unlock(&xp->lock);
1605 err = 0; 1616 err = 0;
1606 if (up->hard) { 1617 if (up->hard) {
1618 uid_t loginuid = NETLINK_CB(skb).loginuid;
1619 uid_t sessionid = NETLINK_CB(skb).sessionid;
1620 u32 sid = NETLINK_CB(skb).sid;
1607 xfrm_policy_delete(xp, p->dir); 1621 xfrm_policy_delete(xp, p->dir);
1608 xfrm_audit_policy_delete(xp, 1, NETLINK_CB(skb).loginuid, 1622 xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid);
1609 NETLINK_CB(skb).sid);
1610 1623
1611 } else { 1624 } else {
1612 // reset the timers here? 1625 // reset the timers here?
@@ -1640,9 +1653,11 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1640 km_state_expired(x, ue->hard, current->pid); 1653 km_state_expired(x, ue->hard, current->pid);
1641 1654
1642 if (ue->hard) { 1655 if (ue->hard) {
1656 uid_t loginuid = NETLINK_CB(skb).loginuid;
1657 uid_t sessionid = NETLINK_CB(skb).sessionid;
1658 u32 sid = NETLINK_CB(skb).sid;
1643 __xfrm_state_delete(x); 1659 __xfrm_state_delete(x);
1644 xfrm_audit_state_delete(x, 1, NETLINK_CB(skb).loginuid, 1660 xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid);
1645 NETLINK_CB(skb).sid);
1646 } 1661 }
1647 err = 0; 1662 err = 0;
1648out: 1663out:
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-27 01:55:05 -0500