tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
net: use skb_sec_path helper in more places
skb_sec_path gains 'const' qualifier to avoid
xt_policy.c: 'skb_sec_path' discards 'const' qualifier from pointer target type
same reasoning as previous conversions: Won't need to touch these
spots anymore when skb->sp is removed.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by
Florian Westphal
and committed by
David S. Miller
2294be0f
7af8f4ca
+52
-31
+1
-1
include/linux/skbuff.h
+1
-1
include/linux/skbuff.h
+4
-2
include/net/xfrm.h
+4
-2
include/net/xfrm.h
···
1896
1896
#ifdef CONFIG_XFRM
1897
1897
static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
1898
1898
{
1899
-
return skb->sp->xvec[skb->sp->len - 1];
1899
+
struct sec_path *sp = skb_sec_path(skb);
1900
+
1901
+
return sp->xvec[sp->len - 1];
1900
1902
}
1901
1903
#endif
1902
1904
1903
1905
static inline struct xfrm_offload *xfrm_offload(struct sk_buff *skb)
1904
1906
{
1905
1907
#ifdef CONFIG_XFRM
1906
-
struct sec_path *sp = skb->sp;
1908
+
struct sec_path *sp = skb_sec_path(skb);
1907
1909
1908
1910
if (!sp || !sp->olen || sp->len != sp->olen)
1909
1911
return NULL;
+6
-3
net/ipv4/esp4.c
+6
-3
net/ipv4/esp4.c
···
125
125
void *tmp;
126
126
struct xfrm_state *x;
127
127
128
-
if (xo && (xo->flags & XFRM_DEV_RESUME))
129
-
x = skb->sp->xvec[skb->sp->len - 1];
130
-
else
128
+
if (xo && (xo->flags & XFRM_DEV_RESUME)) {
129
+
struct sec_path *sp = skb_sec_path(skb);
130
+
131
+
x = sp->xvec[sp->len - 1];
132
+
} else {
131
133
x = skb_dst(skb)->xfrm;
134
+
}
132
135
133
136
tmp = ESP_SKB_CB(skb)->tmp;
134
137
esp_ssg_unref(x, tmp);
+3
-1
net/ipv4/esp4_offload.c
+3
-1
net/ipv4/esp4_offload.c
···
115
115
struct crypto_aead *aead;
116
116
netdev_features_t esp_features = features;
117
117
struct xfrm_offload *xo = xfrm_offload(skb);
118
+
struct sec_path *sp;
118
119
119
120
if (!xo)
120
121
return ERR_PTR(-EINVAL);
···
123
122
if (!(skb_shinfo(skb)->gso_type & SKB_GSO_ESP))
124
123
return ERR_PTR(-EINVAL);
125
124
126
-
x = skb->sp->xvec[skb->sp->len - 1];
125
+
sp = skb_sec_path(skb);
126
+
x = sp->xvec[sp->len - 1];
127
127
aead = x->data;
128
128
esph = ip_esp_hdr(skb);
129
129
+6
-3
net/ipv6/esp6.c
+6
-3
net/ipv6/esp6.c
···
145
145
void *tmp;
146
146
struct xfrm_state *x;
147
147
148
-
if (xo && (xo->flags & XFRM_DEV_RESUME))
149
-
x = skb->sp->xvec[skb->sp->len - 1];
150
-
else
148
+
if (xo && (xo->flags & XFRM_DEV_RESUME)) {
149
+
struct sec_path *sp = skb_sec_path(skb);
150
+
151
+
x = sp->xvec[sp->len - 1];
152
+
} else {
151
153
x = skb_dst(skb)->xfrm;
154
+
}
152
155
153
156
tmp = ESP_SKB_CB(skb)->tmp;
154
157
esp_ssg_unref(x, tmp);
+3
-1
net/ipv6/esp6_offload.c
+3
-1
net/ipv6/esp6_offload.c
···
142
142
struct crypto_aead *aead;
143
143
netdev_features_t esp_features = features;
144
144
struct xfrm_offload *xo = xfrm_offload(skb);
145
+
struct sec_path *sp;
145
146
146
147
if (!xo)
147
148
return ERR_PTR(-EINVAL);
···
150
149
if (!(skb_shinfo(skb)->gso_type & SKB_GSO_ESP))
151
150
return ERR_PTR(-EINVAL);
152
151
153
-
x = skb->sp->xvec[skb->sp->len - 1];
152
+
sp = skb_sec_path(skb);
153
+
x = sp->xvec[sp->len - 1];
154
154
aead = x->data;
155
155
esph = ip_esp_hdr(skb);
156
156
+1
-1
net/ipv6/xfrm6_input.c
+1
-1
net/ipv6/xfrm6_input.c
+1
-1
net/netfilter/nft_xfrm.c
+1
-1
net/netfilter/nft_xfrm.c
+1
-1
net/netfilter/xt_policy.c
+1
-1
net/netfilter/xt_policy.c
+3
-1
net/xfrm/xfrm_device.c
+3
-1
net/xfrm/xfrm_device.c
···
32
32
struct softnet_data *sd;
33
33
netdev_features_t esp_features = features;
34
34
struct xfrm_offload *xo = xfrm_offload(skb);
35
+
struct sec_path *sp;
35
36
36
37
if (!xo)
37
38
return skb;
···
40
39
if (!(features & NETIF_F_HW_ESP))
41
40
esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK);
42
41
43
-
x = skb->sp->xvec[skb->sp->len - 1];
42
+
sp = skb_sec_path(skb);
43
+
x = sp->xvec[sp->len - 1];
44
44
if (xo->flags & XFRM_GRO || x->xso.flags & XFRM_OFFLOAD_INBOUND)
45
45
return skb;
46
46
+10
-6
net/xfrm/xfrm_input.c
+10
-6
net/xfrm/xfrm_input.c
···
330
330
daddr = (xfrm_address_t *)(skb_network_header(skb) +
331
331
XFRM_SPI_SKB_CB(skb)->daddroff);
332
332
do {
333
-
if (skb->sp->len == XFRM_MAX_DEPTH) {
333
+
sp = skb_sec_path(skb);
334
+
335
+
if (sp->len == XFRM_MAX_DEPTH) {
334
336
secpath_reset(skb);
335
337
XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);
336
338
goto drop;
···
348
346
349
347
skb->mark = xfrm_smark_get(skb->mark, x);
350
348
351
-
skb->sp->xvec[skb->sp->len++] = x;
349
+
sp->xvec[sp->len++] = x;
352
350
353
351
lock:
354
352
spin_lock(&x->lock);
···
472
470
nf_reset(skb);
473
471
474
472
if (decaps) {
475
-
if (skb->sp)
476
-
skb->sp->olen = 0;
473
+
sp = skb_sec_path(skb);
474
+
if (sp)
475
+
sp->olen = 0;
477
476
skb_dst_drop(skb);
478
477
gro_cells_receive(&gro_cells, skb);
479
478
return 0;
···
485
482
486
483
err = x->inner_mode->afinfo->transport_finish(skb, xfrm_gro || async);
487
484
if (xfrm_gro) {
488
-
if (skb->sp)
489
-
skb->sp->olen = 0;
485
+
sp = skb_sec_path(skb);
486
+
if (sp)
487
+
sp->olen = 0;
490
488
skb_dst_drop(skb);
491
489
gro_cells_receive(&gro_cells, skb);
492
490
return err;
+11
-8
net/xfrm/xfrm_policy.c
+11
-8
net/xfrm/xfrm_policy.c
···
3200
3200
static inline int
3201
3201
xfrm_secpath_reject(int idx, struct sk_buff *skb, const struct flowi *fl)
3202
3202
{
3203
+
struct sec_path *sp = skb_sec_path(skb);
3203
3204
struct xfrm_state *x;
3204
3205
3205
-
if (!skb->sp || idx < 0 || idx >= skb->sp->len)
3206
+
if (!sp || idx < 0 || idx >= sp->len)
3206
3207
return 0;
3207
-
x = skb->sp->xvec[idx];
3208
+
x = sp->xvec[idx];
3208
3209
if (!x->type->reject)
3209
3210
return 0;
3210
3211
return x->type->reject(x, skb, fl);
···
3305
3304
struct flowi fl;
3306
3305
int xerr_idx = -1;
3307
3306
const struct xfrm_if_cb *ifcb;
3307
+
struct sec_path *sp;
3308
3308
struct xfrm_if *xi;
3309
3309
u32 if_id = 0;
3310
3310
···
3330
3328
nf_nat_decode_session(skb, &fl, family);
3331
3329
3332
3330
/* First, check used SA against their selectors. */
3333
-
if (skb->sp) {
3331
+
sp = skb_sec_path(skb);
3332
+
if (sp) {
3334
3333
int i;
3335
3334
3336
-
for (i = skb->sp->len-1; i >= 0; i--) {
3337
-
struct xfrm_state *x = skb->sp->xvec[i];
3335
+
for (i = sp->len - 1; i >= 0; i--) {
3336
+
struct xfrm_state *x = sp->xvec[i];
3338
3337
if (!xfrm_selector_match(&x->sel, &fl, family)) {
3339
3338
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH);
3340
3339
return 0;
···
3362
3359
}
3363
3360
3364
3361
if (!pol) {
3365
-
if (skb->sp && secpath_has_nontransport(skb->sp, 0, &xerr_idx)) {
3362
+
if (sp && secpath_has_nontransport(sp, 0, &xerr_idx)) {
3366
3363
xfrm_secpath_reject(xerr_idx, skb, &fl);
3367
3364
XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOPOLS);
3368
3365
return 0;
···
3391
3388
#endif
3392
3389
3393
3390
if (pol->action == XFRM_POLICY_ALLOW) {
3394
-
struct sec_path *sp;
3395
3391
static struct sec_path dummy;
3396
3392
struct xfrm_tmpl *tp[XFRM_MAX_DEPTH];
3397
3393
struct xfrm_tmpl *stp[XFRM_MAX_DEPTH];
···
3398
3396
int ti = 0;
3399
3397
int i, k;
3400
3398
3401
-
if ((sp = skb->sp) == NULL)
3399
+
sp = skb_sec_path(skb);
3400
+
if (!sp)
3402
3401
sp = &dummy;
3403
3402
3404
3403
for (pi = 0; pi < npols; pi++) {
+2
-2
security/selinux/xfrm.c
+2
-2
security/selinux/xfrm.c
···
230
230
u32 *sid, int ckall)
231
231
{
232
232
u32 sid_session = SECSID_NULL;
233
-
struct sec_path *sp = skb->sp;
233
+
struct sec_path *sp = skb_sec_path(skb);
234
234
235
235
if (sp) {
236
236
int i;
···
408
408
struct common_audit_data *ad)
409
409
{
410
410
int i;
411
-
struct sec_path *sp = skb->sp;
411
+
struct sec_path *sp = skb_sec_path(skb);
412
412
u32 peer_sid = SECINITSID_UNLABELED;
413
413
414
414
if (sp) {