Pull asus into release branch

[pandora-kernel.git] / net / xfrm / xfrm_policy.c

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index a24f385..785c3e3 100644 (file)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -735,12 +735,14 @@ EXPORT_SYMBOL(xfrm_policy_insert);
 
 struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
                                          struct xfrm_selector *sel,
-                                         struct xfrm_sec_ctx *ctx, int delete)
+                                         struct xfrm_sec_ctx *ctx, int delete,
+                                         int *err)
 {
        struct xfrm_policy *pol, *ret;
        struct hlist_head *chain;
        struct hlist_node *entry;
 
+       *err = 0;
        write_lock_bh(&xfrm_policy_lock);
        chain = policy_hash_bysel(sel, sel->family, dir);
        ret = NULL;
@@ -750,6 +752,11 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
                    xfrm_sec_ctx_match(ctx, pol->security)) {
                        xfrm_pol_hold(pol);
                        if (delete) {
+                               *err = security_xfrm_policy_delete(pol);
+                               if (*err) {
+                                       write_unlock_bh(&xfrm_policy_lock);
+                                       return pol;
+                               }
                                hlist_del(&pol->bydst);
                                hlist_del(&pol->byidx);
                                xfrm_policy_count[dir]--;
@@ -768,12 +775,14 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
 }
 EXPORT_SYMBOL(xfrm_policy_bysel_ctx);
 
-struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete)
+struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete,
+                                    int *err)
 {
        struct xfrm_policy *pol, *ret;
        struct hlist_head *chain;
        struct hlist_node *entry;
 
+       *err = 0;
        write_lock_bh(&xfrm_policy_lock);
        chain = xfrm_policy_byidx + idx_hash(id);
        ret = NULL;
@@ -781,6 +790,11 @@ struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete)
                if (pol->type == type && pol->index == id) {
                        xfrm_pol_hold(pol);
                        if (delete) {
+                               *err = security_xfrm_policy_delete(pol);
+                               if (*err) {
+                                       write_unlock_bh(&xfrm_policy_lock);
+                                       return pol;
+                               }
                                hlist_del(&pol->bydst);
                                hlist_del(&pol->byidx);
                                xfrm_policy_count[dir]--;
@@ -1550,7 +1564,7 @@ xfrm_state_ok(struct xfrm_tmpl *tmpl, struct xfrm_state *x,
              unsigned short family)
 {
        if (xfrm_state_kern(x))
-               return tmpl->optional && !xfrm_state_addr_cmp(tmpl, x, family);
+               return tmpl->optional && !xfrm_state_addr_cmp(tmpl, x, tmpl->encap_family);
        return  x->id.proto == tmpl->id.proto &&
                (x->id.spi == tmpl->id.spi || !tmpl->id.spi) &&
                (x->props.reqid == tmpl->reqid || !tmpl->reqid) &&
@@ -1997,9 +2011,14 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
        if (audit_enabled == 0)
                return;
 
+       BUG_ON((type == AUDIT_MAC_IPSEC_ADDSA ||
+               type == AUDIT_MAC_IPSEC_DELSA) && !x);
+       BUG_ON((type == AUDIT_MAC_IPSEC_ADDSPD ||
+               type == AUDIT_MAC_IPSEC_DELSPD) && !xp);
+
        audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type);
        if (audit_buf == NULL)
-       return;
+               return;
 
        switch(type) {
        case AUDIT_MAC_IPSEC_ADDSA:
@@ -2070,7 +2089,7 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
                                        sizeof(struct in6_addr));
                        }
                        audit_log_format(audit_buf,
-                                        " src=" NIP6_FMT "dst=" NIP6_FMT,
+                                        " src=" NIP6_FMT " dst=" NIP6_FMT,
                                         NIP6(saddr6), NIP6(daddr6));
                }
                break;