commit eee8abe5de9cbd936b51db292c8d3c406b0e79e7 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[BRIDGE]: adding new device to bridge should enable if up
[IPV6]: Do not set IF_READY if device is down
[IPSEC]: xfrm audit hook misplaced in pfkey_delete and xfrm_del_sa
[IPSEC]: Add xfrm policy change auditing to pfkey_spdget
[IPSEC]: xfrm_policy delete security check misplaced
[CONNECTOR]: Bugfix for cn_call_callback()
[DCCP]: Revert patch which disables bidirectional mode
[IPV6]: Handle np->opt being NULL in ipv6_getsockopt_sticky().
[UDP]: Reread uh pointer after pskb_trim
[NETFILTER]: nfnetlink_log: fix crash on bridged packet
[NETFILTER]: nfnetlink_log: zero-terminate prefix
[NETFILTER]: nf_conntrack_ipv6: fix incorrect classification of IPv6 fragments as ESTABLISHED

Linus Torvalds 19 years ago eee8abe5 06aa5b4a

+75 -72

13 changed files

expand all

unified split

drivers

connector

connector.c

include

net

xfrm.h

net

bridge

br_if.c

dccp

ccids

ccid3.c

input.c

ipv4

udp.c

ipv6

addrconf.c

ipv6_sockglue.c

netfilter

nf_conntrack_l3proto_ipv6.c

key

af_key.c

netfilter

nfnetlink_log.c

xfrm

xfrm_policy.c

xfrm_user.c

+11 -11

drivers/connector/connector.c

··· 128 */ 129 static int cn_call_callback(struct cn_msg *msg, void (*destruct_data)(void *), void *data) 130 { 131 - struct cn_callback_entry *__cbq; 132 struct cn_dev *dev = &cdev; 133 int err = -ENODEV; 134 ··· 148 } else { 149 struct cn_callback_data *d; 150 151 - __cbq = kzalloc(sizeof(*__cbq), GFP_ATOMIC); 152 - if (__cbq) { 153 - d = &__cbq->data; 154 d->callback_priv = msg; 155 d->callback = __cbq->data.callback; 156 d->ddata = data; 157 d->destruct_data = destruct_data; 158 - d->free = __cbq; 159 160 - INIT_WORK(&__cbq->work, 161 &cn_queue_wrapper); 162 - 163 if (queue_work(dev->cbdev->cn_queue, 164 - &__cbq->work)) 165 err = 0; 166 else { 167 - kfree(__cbq); 168 err = -EINVAL; 169 } 170 - } else 171 - err = -ENOMEM; 172 } 173 break; 174 }

··· 128 */ 129 static int cn_call_callback(struct cn_msg *msg, void (*destruct_data)(void *), void *data) 130 { 131 + struct cn_callback_entry *__cbq, *__new_cbq; 132 struct cn_dev *dev = &cdev; 133 int err = -ENODEV; 134 ··· 148 } else { 149 struct cn_callback_data *d; 150 151 + err = -ENOMEM; 152 + __new_cbq = kzalloc(sizeof(struct cn_callback_entry), GFP_ATOMIC); 153 + if (__new_cbq) { 154 + d = &__new_cbq->data; 155 d->callback_priv = msg; 156 d->callback = __cbq->data.callback; 157 d->ddata = data; 158 d->destruct_data = destruct_data; 159 + d->free = __new_cbq; 160 161 + INIT_WORK(&__new_cbq->work, 162 &cn_queue_wrapper); 163 + 164 if (queue_work(dev->cbdev->cn_queue, 165 + &__new_cbq->work)) 166 err = 0; 167 else { 168 + kfree(__new_cbq); 169 err = -EINVAL; 170 } 171 + } 172 } 173 break; 174 }

+3 -2

include/net/xfrm.h

··· 988 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); 989 struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, 990 struct xfrm_selector *sel, 991 - struct xfrm_sec_ctx *ctx, int delete); 992 - struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete); 993 void xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info); 994 u32 xfrm_get_acqseq(void); 995 void xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi);

··· 988 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); 989 struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, 990 struct xfrm_selector *sel, 991 + struct xfrm_sec_ctx *ctx, int delete, 992 + int *err); 993 + struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete, int *err); 994 void xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info); 995 u32 xfrm_get_acqseq(void); 996 void xfrm_alloc_spi(struct xfrm_state *x, __be32 minspi, __be32 maxspi);

net/bridge/br_if.c

··· 428 spin_lock_bh(&br->lock); 429 br_stp_recalculate_bridge_id(br); 430 br_features_recompute(br); 431 spin_unlock_bh(&br->lock); 432 433 dev_set_mtu(br->dev, br_min_mtu(br));

··· 428 spin_lock_bh(&br->lock); 429 br_stp_recalculate_bridge_id(br); 430 br_features_recompute(br); 431 + 432 + if ((dev->flags & IFF_UP) && netif_carrier_ok(dev) && 433 + (br->dev->flags & IFF_UP)) 434 + br_stp_enable_port(p); 435 spin_unlock_bh(&br->lock); 436 437 dev_set_mtu(br->dev, br_min_mtu(br));

+1 -6

net/dccp/ccids/ccid3.c

··· 545 /* set idle flag */ 546 hctx->ccid3hctx_idle = 1; 547 break; 548 - case TFRC_SSTATE_NO_SENT: 549 - /* 550 - * XXX when implementing bidirectional rx/tx check this again 551 - */ 552 - DCCP_WARN("Illegal ACK received - no packet sent\n"); 553 - /* fall through */ 554 case TFRC_SSTATE_TERM: /* ignore feedback when closing */ 555 break; 556 }

··· 545 /* set idle flag */ 546 hctx->ccid3hctx_idle = 1; 547 break; 548 + case TFRC_SSTATE_NO_SENT: /* fall through */ 549 case TFRC_SSTATE_TERM: /* ignore feedback when closing */ 550 break; 551 }

+4 -17

net/dccp/input.c

··· 248 DCCP_ACKVEC_STATE_RECEIVED)) 249 goto discard; 250 251 - /* 252 - * Deliver to the CCID module in charge. 253 - * FIXME: Currently DCCP operates one-directional only, i.e. a listening 254 - * server is not at the same time a connecting client. There is 255 - * not much sense in delivering to both rx/tx sides at the moment 256 - * (only one is active at a time); when moving to bidirectional 257 - * service, this needs to be revised. 258 - */ 259 - if (dccp_sk(sk)->dccps_role == DCCP_ROLE_CLIENT) 260 - ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb); 261 - else /* listening or connected server */ 262 - ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb); 263 264 return __dccp_rcv_established(sk, skb, dh, len); 265 discard: ··· 484 DCCP_ACKVEC_STATE_RECEIVED)) 485 goto discard; 486 487 - /* XXX see the comments in dccp_rcv_established about this */ 488 - if (dccp_sk(sk)->dccps_role == DCCP_ROLE_CLIENT) 489 - ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb); 490 - else 491 - ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb); 492 } 493 494 /*

··· 248 DCCP_ACKVEC_STATE_RECEIVED)) 249 goto discard; 250 251 + ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb); 252 + ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb); 253 254 return __dccp_rcv_established(sk, skb, dh, len); 255 discard: ··· 494 DCCP_ACKVEC_STATE_RECEIVED)) 495 goto discard; 496 497 + ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb); 498 + ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb); 499 } 500 501 /*

net/ipv4/udp.c

··· 1215 1216 if (ulen < sizeof(*uh) || pskb_trim_rcsum(skb, ulen)) 1217 goto short_packet; 1218 1219 udp4_csum_init(skb, uh); 1220

··· 1215 1216 if (ulen < sizeof(*uh) || pskb_trim_rcsum(skb, ulen)) 1217 goto short_packet; 1218 + uh = skb->h.uh; 1219 1220 udp4_csum_init(skb, uh); 1221

-4

net/ipv6/addrconf.c

··· 342 } 343 #endif 344 345 - if (netif_carrier_ok(dev)) 346 - ndev->if_flags |= IF_READY; 347 - 348 - 349 ipv6_mc_init_dev(ndev); 350 ndev->tstamp = jiffies; 351 #ifdef CONFIG_SYSCTL

··· 342 } 343 #endif 344 345 ipv6_mc_init_dev(ndev); 346 ndev->tstamp = jiffies; 347 #ifdef CONFIG_SYSCTL

+7 -3

net/ipv6/ipv6_sockglue.c

··· 795 EXPORT_SYMBOL(compat_ipv6_setsockopt); 796 #endif 797 798 - static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_opt_hdr *hdr, 799 char __user *optval, int len) 800 { 801 - if (!hdr) 802 return 0; 803 len = min_t(int, len, ipv6_optlen(hdr)); 804 if (copy_to_user(optval, hdr, ipv6_optlen(hdr))) 805 return -EFAULT; ··· 944 { 945 946 lock_sock(sk); 947 - len = ipv6_getsockopt_sticky(sk, np->opt->hopopt, 948 optval, len); 949 release_sock(sk); 950 return put_user(len, optlen);

··· 795 EXPORT_SYMBOL(compat_ipv6_setsockopt); 796 #endif 797 798 + static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt, 799 char __user *optval, int len) 800 { 801 + struct ipv6_opt_hdr *hdr; 802 + 803 + if (!opt || !opt->hopopt) 804 return 0; 805 + hdr = opt->hopopt; 806 + 807 len = min_t(int, len, ipv6_optlen(hdr)); 808 if (copy_to_user(optval, hdr, ipv6_optlen(hdr))) 809 return -EFAULT; ··· 940 { 941 942 lock_sock(sk); 943 + len = ipv6_getsockopt_sticky(sk, np->opt, 944 optval, len); 945 release_sock(sk); 946 return put_user(len, optlen);

net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c

··· 257 } 258 nf_conntrack_get(reasm->nfct); 259 (*pskb)->nfct = reasm->nfct; 260 return NF_ACCEPT; 261 } 262

··· 257 } 258 nf_conntrack_get(reasm->nfct); 259 (*pskb)->nfct = reasm->nfct; 260 + (*pskb)->nfctinfo = reasm->nfctinfo; 261 return NF_ACCEPT; 262 } 263

+14 -12

net/key/af_key.c

··· 1467 1468 err = xfrm_state_delete(x); 1469 1470 - xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 1471 - AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); 1472 - 1473 if (err < 0) 1474 goto out; 1475 ··· 1475 c.event = XFRM_MSG_DELSA; 1476 km_state_notify(x, &c); 1477 out: 1478 xfrm_state_put(x); 1479 1480 return err; ··· 2293 } 2294 2295 xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1, 2296 - &sel, tmp.security, 1); 2297 security_xfrm_policy_free(&tmp); 2298 2299 if (xp == NULL) 2300 return -ENOENT; 2301 - 2302 - err = security_xfrm_policy_delete(xp); 2303 2304 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 2305 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); ··· 2536 static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2537 { 2538 unsigned int dir; 2539 - int err; 2540 struct sadb_x_policy *pol; 2541 struct xfrm_policy *xp; 2542 struct km_event c; ··· 2548 if (dir >= XFRM_POLICY_MAX) 2549 return -EINVAL; 2550 2551 xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id, 2552 - hdr->sadb_msg_type == SADB_X_SPDDELETE2); 2553 if (xp == NULL) 2554 return -ENOENT; 2555 2556 - err = 0; 2557 2558 - c.seq = hdr->sadb_msg_seq; 2559 - c.pid = hdr->sadb_msg_pid; 2560 - if (hdr->sadb_msg_type == SADB_X_SPDDELETE2) { 2561 c.data.byid = 1; 2562 c.event = XFRM_MSG_DELPOLICY; 2563 km_policy_notify(xp, dir, &c); ··· 2569 err = key_pol_get_resp(sk, xp, hdr, dir); 2570 } 2571 2572 xfrm_pol_put(xp); 2573 return err; 2574 }

··· 1467 1468 err = xfrm_state_delete(x); 1469 1470 if (err < 0) 1471 goto out; 1472 ··· 1478 c.event = XFRM_MSG_DELSA; 1479 km_state_notify(x, &c); 1480 out: 1481 + xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 1482 + AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); 1483 xfrm_state_put(x); 1484 1485 return err; ··· 2294 } 2295 2296 xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1, 2297 + &sel, tmp.security, 1, &err); 2298 security_xfrm_policy_free(&tmp); 2299 2300 if (xp == NULL) 2301 return -ENOENT; 2302 2303 xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 2304 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); ··· 2539 static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs) 2540 { 2541 unsigned int dir; 2542 + int err = 0, delete; 2543 struct sadb_x_policy *pol; 2544 struct xfrm_policy *xp; 2545 struct km_event c; ··· 2551 if (dir >= XFRM_POLICY_MAX) 2552 return -EINVAL; 2553 2554 + delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2); 2555 xp = xfrm_policy_byid(XFRM_POLICY_TYPE_MAIN, dir, pol->sadb_x_policy_id, 2556 + delete, &err); 2557 if (xp == NULL) 2558 return -ENOENT; 2559 2560 + if (delete) { 2561 + xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, 2562 + AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 2563 2564 + if (err) 2565 + goto out; 2566 + c.seq = hdr->sadb_msg_seq; 2567 + c.pid = hdr->sadb_msg_pid; 2568 c.data.byid = 1; 2569 c.event = XFRM_MSG_DELPOLICY; 2570 km_policy_notify(xp, dir, &c); ··· 2568 err = key_pol_get_resp(sk, xp, hdr, dir); 2569 } 2570 2571 + out: 2572 xfrm_pol_put(xp); 2573 return err; 2574 }

+2 -2

net/netfilter/nfnetlink_log.c

··· 486 * for physical device (when called from ipv4) */ 487 NFA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV, 488 sizeof(tmp_uint), &tmp_uint); 489 - if (skb->nf_bridge) { 490 tmp_uint = 491 htonl(skb->nf_bridge->physoutdev->ifindex); 492 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSOUTDEV, ··· 615 616 plen = 0; 617 if (prefix) 618 - plen = strlen(prefix); 619 620 /* all macros expand to constant values at compile time */ 621 /* FIXME: do we want to make the size calculation conditional based on

··· 486 * for physical device (when called from ipv4) */ 487 NFA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV, 488 sizeof(tmp_uint), &tmp_uint); 489 + if (skb->nf_bridge && skb->nf_bridge->physoutdev) { 490 tmp_uint = 491 htonl(skb->nf_bridge->physoutdev->ifindex); 492 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSOUTDEV, ··· 615 616 plen = 0; 617 if (prefix) 618 + plen = strlen(prefix) + 1; 619 620 /* all macros expand to constant values at compile time */ 621 /* FIXME: do we want to make the size calculation conditional based on

+16 -2

net/xfrm/xfrm_policy.c

··· 735 736 struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, 737 struct xfrm_selector *sel, 738 - struct xfrm_sec_ctx *ctx, int delete) 739 { 740 struct xfrm_policy *pol, *ret; 741 struct hlist_head *chain; 742 struct hlist_node *entry; 743 744 write_lock_bh(&xfrm_policy_lock); 745 chain = policy_hash_bysel(sel, sel->family, dir); 746 ret = NULL; ··· 752 xfrm_sec_ctx_match(ctx, pol->security)) { 753 xfrm_pol_hold(pol); 754 if (delete) { 755 hlist_del(&pol->bydst); 756 hlist_del(&pol->byidx); 757 xfrm_policy_count[dir]--; ··· 775 } 776 EXPORT_SYMBOL(xfrm_policy_bysel_ctx); 777 778 - struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete) 779 { 780 struct xfrm_policy *pol, *ret; 781 struct hlist_head *chain; 782 struct hlist_node *entry; 783 784 write_lock_bh(&xfrm_policy_lock); 785 chain = xfrm_policy_byidx + idx_hash(id); 786 ret = NULL; ··· 790 if (pol->type == type && pol->index == id) { 791 xfrm_pol_hold(pol); 792 if (delete) { 793 hlist_del(&pol->bydst); 794 hlist_del(&pol->byidx); 795 xfrm_policy_count[dir]--;

··· 735 736 struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir, 737 struct xfrm_selector *sel, 738 + struct xfrm_sec_ctx *ctx, int delete, 739 + int *err) 740 { 741 struct xfrm_policy *pol, *ret; 742 struct hlist_head *chain; 743 struct hlist_node *entry; 744 745 + *err = 0; 746 write_lock_bh(&xfrm_policy_lock); 747 chain = policy_hash_bysel(sel, sel->family, dir); 748 ret = NULL; ··· 750 xfrm_sec_ctx_match(ctx, pol->security)) { 751 xfrm_pol_hold(pol); 752 if (delete) { 753 + *err = security_xfrm_policy_delete(pol); 754 + if (*err) { 755 + write_unlock_bh(&xfrm_policy_lock); 756 + return pol; 757 + } 758 hlist_del(&pol->bydst); 759 hlist_del(&pol->byidx); 760 xfrm_policy_count[dir]--; ··· 768 } 769 EXPORT_SYMBOL(xfrm_policy_bysel_ctx); 770 771 + struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete, 772 + int *err) 773 { 774 struct xfrm_policy *pol, *ret; 775 struct hlist_head *chain; 776 struct hlist_node *entry; 777 778 + *err = 0; 779 write_lock_bh(&xfrm_policy_lock); 780 chain = xfrm_policy_byidx + idx_hash(id); 781 ret = NULL; ··· 781 if (pol->type == type && pol->index == id) { 782 xfrm_pol_hold(pol); 783 if (delete) { 784 + *err = security_xfrm_policy_delete(pol); 785 + if (*err) { 786 + write_unlock_bh(&xfrm_policy_lock); 787 + return pol; 788 + } 789 hlist_del(&pol->bydst); 790 hlist_del(&pol->byidx); 791 xfrm_policy_count[dir]--;

+11 -13

net/xfrm/xfrm_user.c

··· 530 531 err = xfrm_state_delete(x); 532 533 - xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 534 - AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); 535 - 536 if (err < 0) 537 goto out; 538 ··· 539 km_state_notify(x, &c); 540 541 out: 542 xfrm_state_put(x); 543 return err; 544 } ··· 1253 return err; 1254 1255 if (p->index) 1256 - xp = xfrm_policy_byid(type, p->dir, p->index, delete); 1257 else { 1258 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1259 struct xfrm_policy tmp; ··· 1269 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1270 return err; 1271 } 1272 - xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete); 1273 security_xfrm_policy_free(&tmp); 1274 } 1275 if (xp == NULL) ··· 1288 MSG_DONTWAIT); 1289 } 1290 } else { 1291 - err = security_xfrm_policy_delete(xp); 1292 - 1293 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1294 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 1295 ··· 1301 km_policy_notify(xp, p->dir, &c); 1302 } 1303 1304 - xfrm_pol_put(xp); 1305 - 1306 out: 1307 return err; 1308 } 1309 ··· 1499 return err; 1500 1501 if (p->index) 1502 - xp = xfrm_policy_byid(type, p->dir, p->index, 0); 1503 else { 1504 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1505 struct xfrm_policy tmp; ··· 1515 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1516 return err; 1517 } 1518 - xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 0); 1519 security_xfrm_policy_free(&tmp); 1520 } 1521 1522 if (xp == NULL) 1523 - return err; 1524 - read_lock(&xp->lock); 1525 if (xp->dead) { 1526 read_unlock(&xp->lock); 1527 goto out;

··· 530 531 err = xfrm_state_delete(x); 532 533 if (err < 0) 534 goto out; 535 ··· 542 km_state_notify(x, &c); 543 544 out: 545 + xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 546 + AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); 547 xfrm_state_put(x); 548 return err; 549 } ··· 1254 return err; 1255 1256 if (p->index) 1257 + xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err); 1258 else { 1259 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1260 struct xfrm_policy tmp; ··· 1270 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1271 return err; 1272 } 1273 + xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1274 + delete, &err); 1275 security_xfrm_policy_free(&tmp); 1276 } 1277 if (xp == NULL) ··· 1288 MSG_DONTWAIT); 1289 } 1290 } else { 1291 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1292 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 1293 ··· 1303 km_policy_notify(xp, p->dir, &c); 1304 } 1305 1306 out: 1307 + xfrm_pol_put(xp); 1308 return err; 1309 } 1310 ··· 1502 return err; 1503 1504 if (p->index) 1505 + xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err); 1506 else { 1507 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1508 struct xfrm_policy tmp; ··· 1518 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1519 return err; 1520 } 1521 + xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1522 + 0, &err); 1523 security_xfrm_policy_free(&tmp); 1524 } 1525 1526 if (xp == NULL) 1527 + return -ENOENT; 1528 + read_lock(&xp->lock); 1529 if (xp->dead) { 1530 read_unlock(&xp->lock); 1531 goto out;