algp = RTA_DATA(rt);
- len -= (algp->alg_key_len + 7U) / 8;
+ len -= (algp->alg_key_len + 7U) / 8;
if (len < 0)
return -EINVAL;
}
-static inline int xfrm_user_sec_ctx_size(struct xfrm_policy *xp)
+static inline int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx)
{
- struct xfrm_sec_ctx *xfrm_ctx = xp->security;
int len = 0;
if (xfrm_ctx) {
err = xfrm_state_delete(x);
- xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
- AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
-
if (err < 0)
goto out;
km_state_notify(x, &c);
out:
+ xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
+ AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x);
xfrm_state_put(x);
return err;
}
uctx->ctx_alg = s->ctx_alg;
uctx->ctx_len = s->ctx_len;
memcpy(uctx + 1, s->ctx_str, s->ctx_len);
- return 0;
+ return 0;
rtattr_failure:
return -1;
return err;
if (p->index)
- xp = xfrm_policy_byid(type, p->dir, p->index, delete);
+ xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err);
else {
struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
struct xfrm_policy tmp;
if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
return err;
}
- xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete);
+ xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security,
+ delete, &err);
security_xfrm_policy_free(&tmp);
}
- if (delete)
- xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
- AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);
-
if (xp == NULL)
return -ENOENT;
MSG_DONTWAIT);
}
} else {
- if ((err = security_xfrm_policy_delete(xp)) != 0)
+ xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
+ AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
+
+ if (err != 0)
goto out;
+
c.data.byid = p->index;
c.event = nlh->nlmsg_type;
c.seq = nlh->nlmsg_seq;
km_policy_notify(xp, p->dir, &c);
}
- xfrm_pol_put(xp);
-
out:
+ xfrm_pol_put(xp);
return err;
}
x = xfrm_state_lookup(&id->daddr, id->spi, id->proto, id->family);
if (x == NULL) {
- kfree(r_skb);
+ kfree_skb(r_skb);
return -ESRCH;
}
return err;
if (p->index)
- xp = xfrm_policy_byid(type, p->dir, p->index, 0);
+ xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err);
else {
struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1];
struct xfrm_policy tmp;
if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
return err;
}
- xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 0);
+ xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security,
+ 0, &err);
security_xfrm_policy_free(&tmp);
}
if (xp == NULL)
- return err;
- read_lock(&xp->lock);
+ return -ENOENT;
+ read_lock(&xp->lock);
if (xp->dead) {
read_unlock(&xp->lock);
goto out;
struct xfrm_usersa_info *p = &ue->state;
x = xfrm_state_lookup(&p->id.daddr, p->id.spi, p->id.proto, p->family);
- err = -ENOENT;
+ err = -ENOENT;
if (x == NULL)
return err;
- err = -EINVAL;
-
spin_lock_bh(&x->lock);
+ err = -EINVAL;
if (x->km.state != XFRM_STATE_VALID)
goto out;
km_state_expired(x, ue->hard, current->pid);
xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
AUDIT_MAC_IPSEC_DELSA, 1, NULL, x);
}
+ err = 0;
out:
spin_unlock_bh(&x->lock);
xfrm_state_put(x);
return -1;
}
-static int inline xfrm_sa_len(struct xfrm_state *x)
+static inline int xfrm_sa_len(struct xfrm_state *x)
{
int l = 0;
if (x->aalg)
len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire));
- len += RTA_SPACE(xfrm_user_sec_ctx_size(xp));
+ len += RTA_SPACE(xfrm_user_sec_ctx_size(x->security));
#ifdef CONFIG_XFRM_SUB_POLICY
len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
#endif
len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire));
- len += RTA_SPACE(xfrm_user_sec_ctx_size(xp));
+ len += RTA_SPACE(xfrm_user_sec_ctx_size(xp->security));
#ifdef CONFIG_XFRM_SUB_POLICY
len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
#endif
printk(KERN_INFO "Initializing XFRM netlink socket\n");
nlsk = netlink_kernel_create(NETLINK_XFRM, XFRMNLGRP_MAX,
- xfrm_netlink_rcv, THIS_MODULE);
+ xfrm_netlink_rcv, THIS_MODULE);
if (nlsk == NULL)
return -ENOMEM;
rcu_assign_pointer(xfrm_nl, nlsk);