Commit baf3b3f2 authored by David S. Miller's avatar David S. Miller

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Steffen Klassert says:

====================
1) Some constifications, from Mathias Krause.

2) Catch bugs if a hold timer is still active when xfrm_policy_destroy()
   is called, from Fan Du.

3) Remove a redundant address family checking, from Fan Du.

4) Make xfrm_state timer monotonic to be independent of system clock changes,
   from Fan Du.

5) Remove an outdated comment on returning -EREMOTE in the xfrm_lookup(),
   from Rami Rosen.

Please pull or let me know if there are problems.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 3bca8de2 e3fec5a1
...@@ -1548,7 +1548,7 @@ struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir, u32 ...@@ -1548,7 +1548,7 @@ struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir, u32
int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info); int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
u32 xfrm_get_acqseq(void); u32 xfrm_get_acqseq(void);
extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
struct xfrm_state *xfrm_find_acq(struct net *net, struct xfrm_mark *mark, struct xfrm_state *xfrm_find_acq(struct net *net, const struct xfrm_mark *mark,
u8 mode, u32 reqid, u8 proto, u8 mode, u32 reqid, u8 proto,
const xfrm_address_t *daddr, const xfrm_address_t *daddr,
const xfrm_address_t *saddr, int create, const xfrm_address_t *saddr, int create,
......
...@@ -45,7 +45,7 @@ struct netns_pfkey { ...@@ -45,7 +45,7 @@ struct netns_pfkey {
static DEFINE_MUTEX(pfkey_mutex); static DEFINE_MUTEX(pfkey_mutex);
#define DUMMY_MARK 0 #define DUMMY_MARK 0
static struct xfrm_mark dummy_mark = {0, 0}; static const struct xfrm_mark dummy_mark = {0, 0};
struct pfkey_sock { struct pfkey_sock {
/* struct sock must be the first member of struct pfkey_sock */ /* struct sock must be the first member of struct pfkey_sock */
struct sock sk; struct sock sk;
...@@ -338,7 +338,7 @@ static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk) ...@@ -338,7 +338,7 @@ static int pfkey_error(const struct sadb_msg *orig, int err, struct sock *sk)
return 0; return 0;
} }
static u8 sadb_ext_min_len[] = { static const u8 sadb_ext_min_len[] = {
[SADB_EXT_RESERVED] = (u8) 0, [SADB_EXT_RESERVED] = (u8) 0,
[SADB_EXT_SA] = (u8) sizeof(struct sadb_sa), [SADB_EXT_SA] = (u8) sizeof(struct sadb_sa),
[SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime), [SADB_EXT_LIFETIME_CURRENT] = (u8) sizeof(struct sadb_lifetime),
...@@ -1196,10 +1196,6 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net, ...@@ -1196,10 +1196,6 @@ static struct xfrm_state * pfkey_msg2xfrm_state(struct net *net,
x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1], x->props.family = pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
&x->props.saddr); &x->props.saddr);
if (!x->props.family) {
err = -EAFNOSUPPORT;
goto out;
}
pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1], pfkey_sadb_addr2xfrm_addr((struct sadb_address *) ext_hdrs[SADB_EXT_ADDRESS_DST-1],
&x->id.daddr); &x->id.daddr);
...@@ -2205,10 +2201,6 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_ ...@@ -2205,10 +2201,6 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_
sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1]; sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr); xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
if (!xp->family) {
err = -EINVAL;
goto out;
}
xp->selector.family = xp->family; xp->selector.family = xp->family;
xp->selector.prefixlen_s = sa->sadb_address_prefixlen; xp->selector.prefixlen_s = sa->sadb_address_prefixlen;
xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto); xp->selector.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
...@@ -2737,7 +2729,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sad ...@@ -2737,7 +2729,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sad
typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb, typedef int (*pfkey_handler)(struct sock *sk, struct sk_buff *skb,
const struct sadb_msg *hdr, void * const *ext_hdrs); const struct sadb_msg *hdr, void * const *ext_hdrs);
static pfkey_handler pfkey_funcs[SADB_MAX + 1] = { static const pfkey_handler pfkey_funcs[SADB_MAX + 1] = {
[SADB_RESERVED] = pfkey_reserved, [SADB_RESERVED] = pfkey_reserved,
[SADB_GETSPI] = pfkey_getspi, [SADB_GETSPI] = pfkey_getspi,
[SADB_UPDATE] = pfkey_add, [SADB_UPDATE] = pfkey_add,
......
...@@ -308,7 +308,7 @@ void xfrm_policy_destroy(struct xfrm_policy *policy) ...@@ -308,7 +308,7 @@ void xfrm_policy_destroy(struct xfrm_policy *policy)
{ {
BUG_ON(!policy->walk.dead); BUG_ON(!policy->walk.dead);
if (del_timer(&policy->timer)) if (del_timer(&policy->timer) || del_timer(&policy->polq.hold_timer))
BUG(); BUG();
security_xfrm_policy_free(policy->security); security_xfrm_policy_free(policy->security);
...@@ -2132,8 +2132,6 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig, ...@@ -2132,8 +2132,6 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,
* have the xfrm_state's. We need to wait for KM to * have the xfrm_state's. We need to wait for KM to
* negotiate new SA's or bail out with error.*/ * negotiate new SA's or bail out with error.*/
if (net->xfrm.sysctl_larval_drop) { if (net->xfrm.sysctl_larval_drop) {
/* EREMOTE tells the caller to generate
* a one-shot blackhole route. */
dst_release(dst); dst_release(dst);
xfrm_pols_put(pols, drop_pols); xfrm_pols_put(pols, drop_pols);
XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES); XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
......
...@@ -499,7 +499,8 @@ struct xfrm_state *xfrm_state_alloc(struct net *net) ...@@ -499,7 +499,8 @@ struct xfrm_state *xfrm_state_alloc(struct net *net)
INIT_HLIST_NODE(&x->bydst); INIT_HLIST_NODE(&x->bydst);
INIT_HLIST_NODE(&x->bysrc); INIT_HLIST_NODE(&x->bysrc);
INIT_HLIST_NODE(&x->byspi); INIT_HLIST_NODE(&x->byspi);
tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler, CLOCK_REALTIME, HRTIMER_MODE_ABS); tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler,
CLOCK_BOOTTIME, HRTIMER_MODE_ABS);
setup_timer(&x->rtimer, xfrm_replay_timer_handler, setup_timer(&x->rtimer, xfrm_replay_timer_handler,
(unsigned long)x); (unsigned long)x);
x->curlft.add_time = get_seconds(); x->curlft.add_time = get_seconds();
...@@ -990,11 +991,13 @@ void xfrm_state_insert(struct xfrm_state *x) ...@@ -990,11 +991,13 @@ void xfrm_state_insert(struct xfrm_state *x)
EXPORT_SYMBOL(xfrm_state_insert); EXPORT_SYMBOL(xfrm_state_insert);
/* xfrm_state_lock is held */ /* xfrm_state_lock is held */
static struct xfrm_state *__find_acq_core(struct net *net, struct xfrm_mark *m, static struct xfrm_state *__find_acq_core(struct net *net,
const struct xfrm_mark *m,
unsigned short family, u8 mode, unsigned short family, u8 mode,
u32 reqid, u8 proto, u32 reqid, u8 proto,
const xfrm_address_t *daddr, const xfrm_address_t *daddr,
const xfrm_address_t *saddr, int create) const xfrm_address_t *saddr,
int create)
{ {
unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family); unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
struct xfrm_state *x; struct xfrm_state *x;
...@@ -1399,9 +1402,9 @@ xfrm_state_lookup_byaddr(struct net *net, u32 mark, ...@@ -1399,9 +1402,9 @@ xfrm_state_lookup_byaddr(struct net *net, u32 mark,
EXPORT_SYMBOL(xfrm_state_lookup_byaddr); EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
struct xfrm_state * struct xfrm_state *
xfrm_find_acq(struct net *net, struct xfrm_mark *mark, u8 mode, u32 reqid, u8 proto, xfrm_find_acq(struct net *net, const struct xfrm_mark *mark, u8 mode, u32 reqid,
const xfrm_address_t *daddr, const xfrm_address_t *saddr, u8 proto, const xfrm_address_t *daddr,
int create, unsigned short family) const xfrm_address_t *saddr, int create, unsigned short family)
{ {
struct xfrm_state *x; struct xfrm_state *x;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment