Merge branch 'net-2.6.26-misc-20080412b' of git://git.linux-ipv6.org/gitroot/yoshfuji/linux-2.6-dev
diff --git a/MAINTAINERS b/MAINTAINERS
index c6ade7e..802d88b 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -3455,7 +3455,7 @@
M: vladislav.yasevich@hp.com
P: Sridhar Samudrala
M: sri@us.ibm.com
-L: lksctp-developers@lists.sourceforge.net
+L: linux-sctp@vger.kernel.org
W: http://lksctp.sourceforge.net
S: Supported
diff --git a/include/linux/security.h b/include/linux/security.h
index c673dfd..f5eb9ff 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -910,24 +910,24 @@
* Security hooks for XFRM operations.
*
* @xfrm_policy_alloc_security:
- * @xp contains the xfrm_policy being added to Security Policy Database
- * used by the XFRM system.
+ * @ctxp is a pointer to the xfrm_sec_ctx being added to Security Policy
+ * Database used by the XFRM system.
* @sec_ctx contains the security context information being provided by
* the user-level policy update program (e.g., setkey).
* Allocate a security structure to the xp->security field; the security
* field is initialized to NULL when the xfrm_policy is allocated.
* Return 0 if operation was successful (memory to allocate, legal context)
* @xfrm_policy_clone_security:
- * @old contains an existing xfrm_policy in the SPD.
- * @new contains a new xfrm_policy being cloned from old.
- * Allocate a security structure to the new->security field
- * that contains the information from the old->security field.
+ * @old_ctx contains an existing xfrm_sec_ctx.
+ * @new_ctxp contains a new xfrm_sec_ctx being cloned from old.
+ * Allocate a security structure in new_ctxp that contains the
+ * information from the old_ctx structure.
* Return 0 if operation was successful (memory to allocate).
* @xfrm_policy_free_security:
- * @xp contains the xfrm_policy
+ * @ctx contains the xfrm_sec_ctx
* Deallocate xp->security.
* @xfrm_policy_delete_security:
- * @xp contains the xfrm_policy.
+ * @ctx contains the xfrm_sec_ctx.
* Authorize deletion of xp->security.
* @xfrm_state_alloc_security:
* @x contains the xfrm_state being added to the Security Association
@@ -947,7 +947,7 @@
* @x contains the xfrm_state.
* Authorize deletion of x->security.
* @xfrm_policy_lookup:
- * @xp contains the xfrm_policy for which the access control is being
+ * @ctx contains the xfrm_sec_ctx for which the access control is being
* checked.
* @fl_secid contains the flow security label that is used to authorize
* access to the policy xp.
@@ -1454,17 +1454,17 @@
#endif /* CONFIG_SECURITY_NETWORK */
#ifdef CONFIG_SECURITY_NETWORK_XFRM
- int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp,
+ int (*xfrm_policy_alloc_security) (struct xfrm_sec_ctx **ctxp,
struct xfrm_user_sec_ctx *sec_ctx);
- int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new);
- void (*xfrm_policy_free_security) (struct xfrm_policy *xp);
- int (*xfrm_policy_delete_security) (struct xfrm_policy *xp);
+ int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
+ void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
+ int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
int (*xfrm_state_alloc_security) (struct xfrm_state *x,
struct xfrm_user_sec_ctx *sec_ctx,
u32 secid);
void (*xfrm_state_free_security) (struct xfrm_state *x);
int (*xfrm_state_delete_security) (struct xfrm_state *x);
- int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
+ int (*xfrm_policy_lookup)(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
int (*xfrm_state_pol_flow_match)(struct xfrm_state *x,
struct xfrm_policy *xp, struct flowi *fl);
int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall);
@@ -2562,16 +2562,16 @@
#ifdef CONFIG_SECURITY_NETWORK_XFRM
-int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx);
-int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new);
-void security_xfrm_policy_free(struct xfrm_policy *xp);
-int security_xfrm_policy_delete(struct xfrm_policy *xp);
+int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx);
+int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
+void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
+int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
struct xfrm_sec_ctx *polsec, u32 secid);
int security_xfrm_state_delete(struct xfrm_state *x);
void security_xfrm_state_free(struct xfrm_state *x);
-int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
+int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp, struct flowi *fl);
int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
@@ -2579,21 +2579,21 @@
#else /* CONFIG_SECURITY_NETWORK_XFRM */
-static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
+static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx)
{
return 0;
}
-static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
+static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
{
return 0;
}
-static inline void security_xfrm_policy_free(struct xfrm_policy *xp)
+static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
{
}
-static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
+static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
{
return 0;
}
@@ -2619,7 +2619,7 @@
return 0;
}
-static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
+static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
{
return 0;
}
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 0ca67d7..5e53a85 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -162,7 +162,7 @@
/**
* struct netlbl_lsm_secattr - NetLabel LSM security attributes
- * @flags: indicate which attributes are contained in this structure
+ * @flags: indicate structure attributes, see NETLBL_SECATTR_*
* @type: indicate the NLTYPE of the attributes
* @domain: the NetLabel LSM domain
* @cache: NetLabel LSM specific cache
@@ -180,17 +180,22 @@
* NetLabel itself when returning security attributes to the LSM.
*
*/
+struct netlbl_lsm_secattr {
+ u32 flags;
+ /* bitmap values for 'flags' */
#define NETLBL_SECATTR_NONE 0x00000000
#define NETLBL_SECATTR_DOMAIN 0x00000001
+#define NETLBL_SECATTR_DOMAIN_CPY (NETLBL_SECATTR_DOMAIN | \
+ NETLBL_SECATTR_FREE_DOMAIN)
#define NETLBL_SECATTR_CACHE 0x00000002
#define NETLBL_SECATTR_MLS_LVL 0x00000004
#define NETLBL_SECATTR_MLS_CAT 0x00000008
#define NETLBL_SECATTR_SECID 0x00000010
+ /* bitmap meta-values for 'flags' */
+#define NETLBL_SECATTR_FREE_DOMAIN 0x01000000
#define NETLBL_SECATTR_CACHEABLE (NETLBL_SECATTR_MLS_LVL | \
NETLBL_SECATTR_MLS_CAT | \
NETLBL_SECATTR_SECID)
-struct netlbl_lsm_secattr {
- u32 flags;
u32 type;
char *domain;
struct netlbl_lsm_cache *cache;
@@ -303,7 +308,8 @@
*/
static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr)
{
- kfree(secattr->domain);
+ if (secattr->flags & NETLBL_SECATTR_FREE_DOMAIN)
+ kfree(secattr->domain);
if (secattr->flags & NETLBL_SECATTR_CACHE)
netlbl_secattr_cache_free(secattr->cache);
if (secattr->flags & NETLBL_SECATTR_MLS_CAT)
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 6db5892..1fb0fe4 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2292,7 +2292,7 @@
goto out;
}
- err = security_xfrm_policy_alloc(xp, uctx);
+ err = security_xfrm_policy_alloc(&xp->security, uctx);
kfree(uctx);
if (err)
@@ -2352,10 +2352,11 @@
int err;
struct sadb_address *sa;
struct sadb_x_policy *pol;
- struct xfrm_policy *xp, tmp;
+ struct xfrm_policy *xp;
struct xfrm_selector sel;
struct km_event c;
struct sadb_x_sec_ctx *sec_ctx;
+ struct xfrm_sec_ctx *pol_ctx;
if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
ext_hdrs[SADB_EXT_ADDRESS_DST-1]) ||
@@ -2385,25 +2386,23 @@
sel.dport_mask = htons(0xffff);
sec_ctx = (struct sadb_x_sec_ctx *) ext_hdrs[SADB_X_EXT_SEC_CTX-1];
- memset(&tmp, 0, sizeof(struct xfrm_policy));
-
if (sec_ctx != NULL) {
struct xfrm_user_sec_ctx *uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
if (!uctx)
return -ENOMEM;
- err = security_xfrm_policy_alloc(&tmp, uctx);
+ err = security_xfrm_policy_alloc(&pol_ctx, uctx);
kfree(uctx);
-
if (err)
return err;
- }
+ } else
+ pol_ctx = NULL;
- xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN, pol->sadb_x_policy_dir-1,
- &sel, tmp.security, 1, &err);
- security_xfrm_policy_free(&tmp);
-
+ xp = xfrm_policy_bysel_ctx(XFRM_POLICY_TYPE_MAIN,
+ pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
+ 1, &err);
+ security_xfrm_policy_free(pol_ctx);
if (xp == NULL)
return -ENOENT;
@@ -3298,7 +3297,7 @@
if ((*dir = verify_sec_ctx_len(p)))
goto out;
uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
- *dir = security_xfrm_policy_alloc(xp, uctx);
+ *dir = security_xfrm_policy_alloc(&xp->security, uctx);
kfree(uctx);
if (*dir)
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index 422c98a..b4cd2b7 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -718,12 +718,11 @@
const union sctp_addr *address)
{
struct sctp_transport *t;
- struct list_head *pos;
/* Cycle through all transports searching for a peer address. */
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- t = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(t, &asoc->peer.transport_addr_list,
+ transports) {
if (sctp_cmp_addr_exact(address, &t->ipaddr))
return t;
}
@@ -762,7 +761,6 @@
struct sctp_transport *second;
struct sctp_ulpevent *event;
struct sockaddr_storage addr;
- struct list_head *pos;
int spc_state = 0;
/* Record the transition on the transport. */
@@ -814,8 +812,8 @@
*/
first = NULL; second = NULL;
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- t = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(t, &asoc->peer.transport_addr_list,
+ transports) {
if ((t->state == SCTP_INACTIVE) ||
(t->state == SCTP_UNCONFIRMED))
@@ -932,7 +930,6 @@
{
struct sctp_transport *active;
struct sctp_transport *match;
- struct list_head *entry, *pos;
struct sctp_transport *transport;
struct sctp_chunk *chunk;
__be32 key = htonl(tsn);
@@ -956,8 +953,8 @@
active = asoc->peer.active_path;
- list_for_each(entry, &active->transmitted) {
- chunk = list_entry(entry, struct sctp_chunk, transmitted_list);
+ list_for_each_entry(chunk, &active->transmitted,
+ transmitted_list) {
if (key == chunk->subh.data_hdr->tsn) {
match = active;
@@ -966,14 +963,13 @@
}
/* If not found, go search all the other transports. */
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- transport = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(transport, &asoc->peer.transport_addr_list,
+ transports) {
if (transport == active)
break;
- list_for_each(entry, &transport->transmitted) {
- chunk = list_entry(entry, struct sctp_chunk,
- transmitted_list);
+ list_for_each_entry(chunk, &transport->transmitted,
+ transmitted_list) {
if (key == chunk->subh.data_hdr->tsn) {
match = transport;
goto out;
@@ -1154,9 +1150,8 @@
} else {
/* Add any peer addresses from the new association. */
- list_for_each(pos, &new->peer.transport_addr_list) {
- trans = list_entry(pos, struct sctp_transport,
- transports);
+ list_for_each_entry(trans, &new->peer.transport_addr_list,
+ transports) {
if (!sctp_assoc_lookup_paddr(asoc, &trans->ipaddr))
sctp_assoc_add_peer(asoc, &trans->ipaddr,
GFP_ATOMIC, trans->state);
@@ -1306,15 +1301,14 @@
void sctp_assoc_sync_pmtu(struct sctp_association *asoc)
{
struct sctp_transport *t;
- struct list_head *pos;
__u32 pmtu = 0;
if (!asoc)
return;
/* Get the lowest pmtu of all the transports. */
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- t = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(t, &asoc->peer.transport_addr_list,
+ transports) {
if (t->pmtu_pending && t->dst) {
sctp_transport_update_pmtu(t, dst_mtu(t->dst));
t->pmtu_pending = 0;
diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
index ceefda0..80e6df0 100644
--- a/net/sctp/bind_addr.c
+++ b/net/sctp/bind_addr.c
@@ -67,15 +67,13 @@
int flags)
{
struct sctp_sockaddr_entry *addr;
- struct list_head *pos;
int error = 0;
/* All addresses share the same port. */
dest->port = src->port;
/* Extract the addresses which are relevant for this scope. */
- list_for_each(pos, &src->address_list) {
- addr = list_entry(pos, struct sctp_sockaddr_entry, list);
+ list_for_each_entry(addr, &src->address_list, list) {
error = sctp_copy_one_addr(dest, &addr->a, scope,
gfp, flags);
if (error < 0)
@@ -87,9 +85,7 @@
* the assumption that we must be sitting behind a NAT.
*/
if (list_empty(&dest->address_list) && (SCTP_SCOPE_GLOBAL == scope)) {
- list_for_each(pos, &src->address_list) {
- addr = list_entry(pos, struct sctp_sockaddr_entry,
- list);
+ list_for_each_entry(addr, &src->address_list, list) {
error = sctp_copy_one_addr(dest, &addr->a,
SCTP_SCOPE_LINK, gfp,
flags);
@@ -115,14 +111,12 @@
gfp_t gfp)
{
struct sctp_sockaddr_entry *addr;
- struct list_head *pos;
int error = 0;
/* All addresses share the same port. */
dest->port = src->port;
- list_for_each(pos, &src->address_list) {
- addr = list_entry(pos, struct sctp_sockaddr_entry, list);
+ list_for_each_entry(addr, &src->address_list, list) {
error = sctp_add_bind_addr(dest, &addr->a, 1, gfp);
if (error < 0)
break;
@@ -273,8 +267,7 @@
addrparms = retval;
- list_for_each(pos, &bp->address_list) {
- addr = list_entry(pos, struct sctp_sockaddr_entry, list);
+ list_for_each_entry(addr, &bp->address_list, list) {
af = sctp_get_af_specific(addr->a.v4.sin_family);
len = af->to_addr_param(&addr->a, &rawaddr);
memcpy(addrparms.v, &rawaddr, len);
diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
index 392012f..213c2e2 100644
--- a/net/sctp/outqueue.c
+++ b/net/sctp/outqueue.c
@@ -221,12 +221,12 @@
void sctp_outq_teardown(struct sctp_outq *q)
{
struct sctp_transport *transport;
- struct list_head *lchunk, *pos, *temp;
+ struct list_head *lchunk, *temp;
struct sctp_chunk *chunk, *tmp;
/* Throw away unacknowledged chunks. */
- list_for_each(pos, &q->asoc->peer.transport_addr_list) {
- transport = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(transport, &q->asoc->peer.transport_addr_list,
+ transports) {
while ((lchunk = sctp_list_dequeue(&transport->transmitted)) != NULL) {
chunk = list_entry(lchunk, struct sctp_chunk,
transmitted_list);
@@ -538,7 +538,7 @@
int rtx_timeout, int *start_timer)
{
struct list_head *lqueue;
- struct list_head *lchunk, *lchunk1;
+ struct list_head *lchunk;
struct sctp_transport *transport = pkt->transport;
sctp_xmit_t status;
struct sctp_chunk *chunk, *chunk1;
@@ -649,9 +649,7 @@
* to be marked as ineligible for a subsequent fast retransmit.
*/
if (rtx_timeout && !lchunk) {
- list_for_each(lchunk1, lqueue) {
- chunk1 = list_entry(lchunk1, struct sctp_chunk,
- transmitted_list);
+ list_for_each_entry(chunk1, lqueue, transmitted_list) {
if (chunk1->fast_retransmit > 0)
chunk1->fast_retransmit = -1;
}
@@ -1037,7 +1035,6 @@
static __u32 sctp_highest_new_tsn(struct sctp_sackhdr *sack,
struct sctp_association *asoc)
{
- struct list_head *ltransport, *lchunk;
struct sctp_transport *transport;
struct sctp_chunk *chunk;
__u32 highest_new_tsn, tsn;
@@ -1045,12 +1042,9 @@
highest_new_tsn = ntohl(sack->cum_tsn_ack);
- list_for_each(ltransport, transport_list) {
- transport = list_entry(ltransport, struct sctp_transport,
- transports);
- list_for_each(lchunk, &transport->transmitted) {
- chunk = list_entry(lchunk, struct sctp_chunk,
- transmitted_list);
+ list_for_each_entry(transport, transport_list, transports) {
+ list_for_each_entry(chunk, &transport->transmitted,
+ transmitted_list) {
tsn = ntohl(chunk->subh.data_hdr->tsn);
if (!chunk->tsn_gap_acked &&
@@ -1073,7 +1067,7 @@
struct sctp_association *asoc = q->asoc;
struct sctp_transport *transport;
struct sctp_chunk *tchunk = NULL;
- struct list_head *lchunk, *transport_list, *pos, *temp;
+ struct list_head *lchunk, *transport_list, *temp;
sctp_sack_variable_t *frags = sack->variable;
__u32 sack_ctsn, ctsn, tsn;
__u32 highest_tsn, highest_new_tsn;
@@ -1099,9 +1093,8 @@
*/
if (TSN_lte(primary->cacc.next_tsn_at_change, sack_ctsn)) {
primary->cacc.changeover_active = 0;
- list_for_each(pos, transport_list) {
- transport = list_entry(pos, struct sctp_transport,
- transports);
+ list_for_each_entry(transport, transport_list,
+ transports) {
transport->cacc.cycling_changeover = 0;
}
}
@@ -1116,9 +1109,7 @@
*/
if (sack->num_gap_ack_blocks &&
primary->cacc.changeover_active) {
- list_for_each(pos, transport_list) {
- transport = list_entry(pos, struct sctp_transport,
- transports);
+ list_for_each_entry(transport, transport_list, transports) {
transport->cacc.cacc_saw_newack = 0;
}
}
@@ -1147,9 +1138,7 @@
*
* This is a MASSIVE candidate for optimization.
*/
- list_for_each(pos, transport_list) {
- transport = list_entry(pos, struct sctp_transport,
- transports);
+ list_for_each_entry(transport, transport_list, transports) {
sctp_check_transmitted(q, &transport->transmitted,
transport, sack, highest_new_tsn);
/*
@@ -1161,9 +1150,7 @@
count_of_newacks ++;
}
- list_for_each(pos, transport_list) {
- transport = list_entry(pos, struct sctp_transport,
- transports);
+ list_for_each_entry(transport, transport_list, transports) {
sctp_mark_missing(q, &transport->transmitted, transport,
highest_new_tsn, count_of_newacks);
}
@@ -1220,9 +1207,7 @@
if (!q->empty)
goto finish;
- list_for_each(pos, transport_list) {
- transport = list_entry(pos, struct sctp_transport,
- transports);
+ list_for_each_entry(transport, transport_list, transports) {
q->empty = q->empty && list_empty(&transport->transmitted);
if (!q->empty)
goto finish;
@@ -1596,14 +1581,12 @@
int count_of_newacks)
{
struct sctp_chunk *chunk;
- struct list_head *pos;
__u32 tsn;
char do_fast_retransmit = 0;
struct sctp_transport *primary = q->asoc->peer.primary_path;
- list_for_each(pos, transmitted_queue) {
+ list_for_each_entry(chunk, transmitted_queue, transmitted_list) {
- chunk = list_entry(pos, struct sctp_chunk, transmitted_list);
tsn = ntohl(chunk->subh.data_hdr->tsn);
/* RFC 2960 7.2.4, sctpimpguide-05 2.8.2 M3) Examine all
diff --git a/net/sctp/proc.c b/net/sctp/proc.c
index ddca90e..0aba759 100644
--- a/net/sctp/proc.c
+++ b/net/sctp/proc.c
@@ -124,7 +124,6 @@
/* Dump local addresses of an association/endpoint. */
static void sctp_seq_dump_local_addrs(struct seq_file *seq, struct sctp_ep_common *epb)
{
- struct list_head *pos;
struct sctp_association *asoc;
struct sctp_sockaddr_entry *laddr;
struct sctp_transport *peer;
@@ -137,8 +136,7 @@
primary = &peer->saddr;
}
- list_for_each(pos, &epb->bind_addr.address_list) {
- laddr = list_entry(pos, struct sctp_sockaddr_entry, list);
+ list_for_each_entry(laddr, &epb->bind_addr.address_list, list) {
addr = &laddr->a;
af = sctp_get_af_specific(addr->sa.sa_family);
if (primary && af->cmp_addr(addr, primary)) {
@@ -151,14 +149,13 @@
/* Dump remote addresses of an association. */
static void sctp_seq_dump_remote_addrs(struct seq_file *seq, struct sctp_association *assoc)
{
- struct list_head *pos;
struct sctp_transport *transport;
union sctp_addr *addr, *primary;
struct sctp_af *af;
primary = &assoc->peer.primary_addr;
- list_for_each(pos, &assoc->peer.transport_addr_list) {
- transport = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(transport, &assoc->peer.transport_addr_list,
+ transports) {
addr = &transport->ipaddr;
af = sctp_get_af_specific(addr->sa.sa_family);
if (af->cmp_addr(addr, primary)) {
@@ -322,8 +319,7 @@
sk = epb->sk;
seq_printf(seq,
"%8p %8p %-3d %-3d %-2d %-4d "
- "%4d %8d %8d %7d %5lu %-5d %5d "
- "%8lu %5d %5d %4d %4d %4d %8d ",
+ "%4d %8d %8d %7d %5lu %-5d %5d ",
assoc, sk, sctp_sk(sk)->type, sk->sk_state,
assoc->state, hash,
assoc->assoc_id,
@@ -331,15 +327,16 @@
atomic_read(&assoc->rmem_alloc),
sock_i_uid(sk), sock_i_ino(sk),
epb->bind_addr.port,
- assoc->peer.port,
- assoc->hbinterval, assoc->c.sinit_max_instreams,
- assoc->c.sinit_num_ostreams, assoc->max_retrans,
- assoc->init_retries, assoc->shutdown_retries,
- assoc->rtx_data_chunks);
+ assoc->peer.port);
seq_printf(seq, " ");
sctp_seq_dump_local_addrs(seq, epb);
seq_printf(seq, "<-> ");
sctp_seq_dump_remote_addrs(seq, assoc);
+ seq_printf(seq, "\t%8lu %5d %5d %4d %4d %4d %8d ",
+ assoc->hbinterval, assoc->c.sinit_max_instreams,
+ assoc->c.sinit_num_ostreams, assoc->max_retrans,
+ assoc->init_retries, assoc->shutdown_retries,
+ assoc->rtx_data_chunks);
seq_printf(seq, "\n");
}
read_unlock(&head->lock);
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index c898245..0679bdd 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -2246,8 +2246,8 @@
* high (for example, implementations MAY use the size of the receiver
* advertised window).
*/
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- transport = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(transport, &asoc->peer.transport_addr_list,
+ transports) {
transport->ssthresh = asoc->peer.i.a_rwnd;
}
@@ -3043,7 +3043,6 @@
union sctp_addr addr;
struct sctp_bind_addr *bp = &asoc->base.bind_addr;
union sctp_addr_param *addr_param;
- struct list_head *pos;
struct sctp_transport *transport;
struct sctp_sockaddr_entry *saddr;
int retval = 0;
@@ -3071,9 +3070,8 @@
local_bh_disable();
retval = sctp_del_bind_addr(bp, &addr);
local_bh_enable();
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- transport = list_entry(pos, struct sctp_transport,
- transports);
+ list_for_each_entry(transport, &asoc->peer.transport_addr_list,
+ transports) {
dst_release(transport->dst);
sctp_transport_route(transport, NULL,
sctp_sk(asoc->base.sk));
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 02bf32c..13beed2 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -545,14 +545,12 @@
struct sctp_association *asoc)
{
struct sctp_transport *t;
- struct list_head *pos;
/* Start a heartbeat timer for each transport on the association.
* hold a reference on the transport to make sure none of
* the needed data structures go away.
*/
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- t = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(t, &asoc->peer.transport_addr_list, transports) {
if (!mod_timer(&t->hb_timer, sctp_transport_timeout(t)))
sctp_transport_hold(t);
@@ -563,12 +561,11 @@
struct sctp_association *asoc)
{
struct sctp_transport *t;
- struct list_head *pos;
/* Stop all heartbeat timers. */
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- t = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(t, &asoc->peer.transport_addr_list,
+ transports) {
if (del_timer(&t->hb_timer))
sctp_transport_put(t);
}
@@ -579,10 +576,9 @@
struct sctp_association *asoc)
{
struct sctp_transport *t;
- struct list_head *pos;
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- t = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(t, &asoc->peer.transport_addr_list,
+ transports) {
if (timer_pending(&t->T3_rtx_timer) &&
del_timer(&t->T3_rtx_timer)) {
sctp_transport_put(t);
@@ -593,7 +589,6 @@
/* Helper function to update the heartbeat timer. */
static void sctp_cmd_hb_timer_update(sctp_cmd_seq_t *cmds,
- struct sctp_association *asoc,
struct sctp_transport *t)
{
/* Update the heartbeat timer. */
@@ -1065,7 +1060,6 @@
struct sctp_chunk *new_obj;
struct sctp_chunk *chunk = NULL;
struct sctp_packet *packet;
- struct list_head *pos;
struct timer_list *timer;
unsigned long timeout;
struct sctp_transport *t;
@@ -1397,9 +1391,8 @@
/* If we've sent any data bundled with
* COOKIE-ECHO we need to resend.
*/
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- t = list_entry(pos, struct sctp_transport,
- transports);
+ list_for_each_entry(t, &asoc->peer.transport_addr_list,
+ transports) {
sctp_retransmit_mark(&asoc->outqueue, t,
SCTP_RTXR_T1_RTX);
}
@@ -1457,7 +1450,7 @@
case SCTP_CMD_HB_TIMER_UPDATE:
t = cmd->obj.transport;
- sctp_cmd_hb_timer_update(commands, asoc, t);
+ sctp_cmd_hb_timer_update(commands, t);
break;
case SCTP_CMD_HB_TIMERS_STOP:
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index b534dbe..6222848 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -1226,7 +1226,6 @@
sctp_cmd_seq_t *commands)
{
struct sctp_transport *new_addr, *addr;
- struct list_head *pos, *pos2;
int found;
/* Implementor's Guide - Sectin 5.2.2
@@ -1243,12 +1242,11 @@
new_addr = NULL;
found = 0;
- list_for_each(pos, &new_asoc->peer.transport_addr_list) {
- new_addr = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(new_addr, &new_asoc->peer.transport_addr_list,
+ transports) {
found = 0;
- list_for_each(pos2, &asoc->peer.transport_addr_list) {
- addr = list_entry(pos2, struct sctp_transport,
- transports);
+ list_for_each_entry(addr, &asoc->peer.transport_addr_list,
+ transports) {
if (sctp_cmp_addr_exact(&new_addr->ipaddr,
&addr->ipaddr)) {
found = 1;
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 025f467..8c90289 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -513,7 +513,6 @@
union sctp_addr saveaddr;
void *addr_buf;
struct sctp_af *af;
- struct list_head *pos;
struct list_head *p;
int i;
int retval = 0;
@@ -527,8 +526,7 @@
SCTP_DEBUG_PRINTK("%s: (sk: %p, addrs: %p, addrcnt: %d)\n",
__func__, sk, addrs, addrcnt);
- list_for_each(pos, &ep->asocs) {
- asoc = list_entry(pos, struct sctp_association, asocs);
+ list_for_each_entry(asoc, &ep->asocs, asocs) {
if (!asoc->peer.asconf_capable)
continue;
@@ -699,7 +697,6 @@
union sctp_addr *laddr;
void *addr_buf;
struct sctp_af *af;
- struct list_head *pos, *pos1;
struct sctp_sockaddr_entry *saddr;
int i;
int retval = 0;
@@ -713,8 +710,7 @@
SCTP_DEBUG_PRINTK("%s: (sk: %p, addrs: %p, addrcnt: %d)\n",
__func__, sk, addrs, addrcnt);
- list_for_each(pos, &ep->asocs) {
- asoc = list_entry(pos, struct sctp_association, asocs);
+ list_for_each_entry(asoc, &ep->asocs, asocs) {
if (!asoc->peer.asconf_capable)
continue;
@@ -787,9 +783,8 @@
* as some of the addresses in the bind address list are
* about to be deleted and cannot be used as source addresses.
*/
- list_for_each(pos1, &asoc->peer.transport_addr_list) {
- transport = list_entry(pos1, struct sctp_transport,
- transports);
+ list_for_each_entry(transport, &asoc->peer.transport_addr_list,
+ transports) {
dst_release(transport->dst);
sctp_transport_route(transport, NULL,
sctp_sk(asoc->base.sk));
@@ -1397,7 +1392,6 @@
long timeo;
__u16 sinfo_flags = 0;
struct sctp_datamsg *datamsg;
- struct list_head *pos;
int msg_flags = msg->msg_flags;
SCTP_DEBUG_PRINTK("sctp_sendmsg(sk: %p, msg: %p, msg_len: %zu)\n",
@@ -1727,8 +1721,7 @@
}
/* Now send the (possibly) fragmented message. */
- list_for_each(pos, &datamsg->chunks) {
- chunk = list_entry(pos, struct sctp_chunk, frag_list);
+ list_for_each_entry(chunk, &datamsg->chunks, frag_list) {
sctp_chunk_hold(chunk);
/* Do accounting for the write space. */
@@ -2301,11 +2294,8 @@
* transport.
*/
if (!trans && asoc) {
- struct list_head *pos;
-
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- trans = list_entry(pos, struct sctp_transport,
- transports);
+ list_for_each_entry(trans, &asoc->peer.transport_addr_list,
+ transports) {
sctp_apply_peer_addr_params(¶ms, trans, asoc, sp,
hb_change, pmtud_change,
sackdelay_change);
@@ -2396,11 +2386,8 @@
/* If change is for association, also apply to each transport. */
if (asoc) {
- struct list_head *pos;
-
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- trans = list_entry(pos, struct sctp_transport,
- transports);
+ list_for_each_entry(trans, &asoc->peer.transport_addr_list,
+ transports) {
if (params.assoc_value) {
trans->sackdelay =
msecs_to_jiffies(params.assoc_value);
@@ -2632,13 +2619,10 @@
if (assocparams.sasoc_asocmaxrxt != 0) {
__u32 path_sum = 0;
int paths = 0;
- struct list_head *pos;
struct sctp_transport *peer_addr;
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- peer_addr = list_entry(pos,
- struct sctp_transport,
- transports);
+ list_for_each_entry(peer_addr, &asoc->peer.transport_addr_list,
+ transports) {
path_sum += peer_addr->pathmaxrxt;
paths++;
}
@@ -2716,7 +2700,6 @@
static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, int optlen)
{
struct sctp_association *asoc;
- struct list_head *pos;
struct sctp_sock *sp = sctp_sk(sk);
int val;
@@ -2729,8 +2712,7 @@
sp->user_frag = val;
/* Update the frag_point of the existing associations. */
- list_for_each(pos, &(sp->ep->asocs)) {
- asoc = list_entry(pos, struct sctp_association, asocs);
+ list_for_each_entry(asoc, &(sp->ep->asocs), asocs) {
asoc->frag_point = sctp_frag_point(sp, asoc->pathmtu);
}
@@ -4151,7 +4133,6 @@
int __user *optlen)
{
struct sctp_association *asoc;
- struct list_head *pos;
int cnt = 0;
struct sctp_getaddrs_old getaddrs;
struct sctp_transport *from;
@@ -4176,8 +4157,8 @@
return -EINVAL;
to = (void __user *)getaddrs.addrs;
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- from = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(from, &asoc->peer.transport_addr_list,
+ transports) {
memcpy(&temp, &from->ipaddr, sizeof(temp));
sctp_get_pf_specific(sk->sk_family)->addr_v4map(sp, &temp);
addrlen = sctp_get_af_specific(sk->sk_family)->sockaddr_len;
@@ -4200,7 +4181,6 @@
char __user *optval, int __user *optlen)
{
struct sctp_association *asoc;
- struct list_head *pos;
int cnt = 0;
struct sctp_getaddrs getaddrs;
struct sctp_transport *from;
@@ -4225,8 +4205,8 @@
to = optval + offsetof(struct sctp_getaddrs,addrs);
space_left = len - offsetof(struct sctp_getaddrs,addrs);
- list_for_each(pos, &asoc->peer.transport_addr_list) {
- from = list_entry(pos, struct sctp_transport, transports);
+ list_for_each_entry(from, &asoc->peer.transport_addr_list,
+ transports) {
memcpy(&temp, &from->ipaddr, sizeof(temp));
sctp_get_pf_specific(sk->sk_family)->addr_v4map(sp, &temp);
addrlen = sctp_get_af_specific(sk->sk_family)->sockaddr_len;
@@ -6193,11 +6173,9 @@
void sctp_write_space(struct sock *sk)
{
struct sctp_association *asoc;
- struct list_head *pos;
/* Wake up the tasks in each wait queue. */
- list_for_each(pos, &((sctp_sk(sk))->ep->asocs)) {
- asoc = list_entry(pos, struct sctp_association, asocs);
+ list_for_each_entry(asoc, &((sctp_sk(sk))->ep->asocs), asocs) {
__sctp_write_space(asoc);
}
}
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 50bbf6b..2851d0d 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2037,7 +2037,7 @@
__acquires(unix_table_lock)
{
spin_lock(&unix_table_lock);
- return *pos ? unix_seq_idx(seq, *pos - 1) : ((void *) 1);
+ return *pos ? unix_seq_idx(seq, *pos - 1) : SEQ_START_TOKEN;
}
static void *unix_seq_next(struct seq_file *seq, void *v, loff_t *pos)
@@ -2046,7 +2046,7 @@
struct sock *sk = v;
++*pos;
- if (v == (void *)1)
+ if (v == SEQ_START_TOKEN)
sk = first_unix_socket(&iter->i);
else
sk = next_unix_socket(&iter->i, sk);
@@ -2064,7 +2064,7 @@
static int unix_seq_show(struct seq_file *seq, void *v)
{
- if (v == (void *)1)
+ if (v == SEQ_START_TOKEN)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 15d73e4..ab4d0e5 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -263,7 +263,7 @@
list_del(&policy->bytype);
write_unlock_bh(&xfrm_policy_lock);
- security_xfrm_policy_free(policy);
+ security_xfrm_policy_free(policy->security);
kfree(policy);
}
EXPORT_SYMBOL(xfrm_policy_destroy);
@@ -676,7 +676,8 @@
xfrm_sec_ctx_match(ctx, pol->security)) {
xfrm_pol_hold(pol);
if (delete) {
- *err = security_xfrm_policy_delete(pol);
+ *err = security_xfrm_policy_delete(
+ pol->security);
if (*err) {
write_unlock_bh(&xfrm_policy_lock);
return pol;
@@ -718,7 +719,8 @@
if (pol->type == type && pol->index == id) {
xfrm_pol_hold(pol);
if (delete) {
- *err = security_xfrm_policy_delete(pol);
+ *err = security_xfrm_policy_delete(
+ pol->security);
if (*err) {
write_unlock_bh(&xfrm_policy_lock);
return pol;
@@ -756,7 +758,7 @@
&xfrm_policy_inexact[dir], bydst) {
if (pol->type != type)
continue;
- err = security_xfrm_policy_delete(pol);
+ err = security_xfrm_policy_delete(pol->security);
if (err) {
xfrm_audit_policy_delete(pol, 0,
audit_info->loginuid,
@@ -770,7 +772,8 @@
bydst) {
if (pol->type != type)
continue;
- err = security_xfrm_policy_delete(pol);
+ err = security_xfrm_policy_delete(
+ pol->security);
if (err) {
xfrm_audit_policy_delete(pol, 0,
audit_info->loginuid,
@@ -931,7 +934,8 @@
match = xfrm_selector_match(sel, fl, family);
if (match)
- ret = security_xfrm_policy_lookup(pol, fl->secid, dir);
+ ret = security_xfrm_policy_lookup(pol->security, fl->secid,
+ dir);
return ret;
}
@@ -1048,8 +1052,9 @@
int err = 0;
if (match) {
- err = security_xfrm_policy_lookup(pol, fl->secid,
- policy_to_flow_dir(dir));
+ err = security_xfrm_policy_lookup(pol->security,
+ fl->secid,
+ policy_to_flow_dir(dir));
if (!err)
xfrm_pol_hold(pol);
else if (err == -ESRCH)
@@ -1138,7 +1143,8 @@
if (newp) {
newp->selector = old->selector;
- if (security_xfrm_policy_clone(old, newp)) {
+ if (security_xfrm_policy_clone(old->security,
+ &newp->security)) {
kfree(newp);
return NULL; /* ENOMEM */
}
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 5578c90..ecf9d67 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -959,7 +959,7 @@
return 0;
uctx = nla_data(rt);
- return security_xfrm_policy_alloc(pol, uctx);
+ return security_xfrm_policy_alloc(&pol->security, uctx);
}
static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut,
@@ -1143,7 +1143,7 @@
NETLINK_CB(skb).sid);
if (err) {
- security_xfrm_policy_free(xp);
+ security_xfrm_policy_free(xp->security);
kfree(xp);
return err;
}
@@ -1337,22 +1337,23 @@
xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err);
else {
struct nlattr *rt = attrs[XFRMA_SEC_CTX];
- struct xfrm_policy tmp;
+ struct xfrm_sec_ctx *ctx;
err = verify_sec_ctx_len(attrs);
if (err)
return err;
- memset(&tmp, 0, sizeof(struct xfrm_policy));
if (rt) {
struct xfrm_user_sec_ctx *uctx = nla_data(rt);
- if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
+ err = security_xfrm_policy_alloc(&ctx, uctx);
+ if (err)
return err;
- }
- xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security,
+ } else
+ ctx = NULL;
+ xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, ctx,
delete, &err);
- security_xfrm_policy_free(&tmp);
+ security_xfrm_policy_free(ctx);
}
if (xp == NULL)
return -ENOENT;
@@ -1572,26 +1573,26 @@
xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err);
else {
struct nlattr *rt = attrs[XFRMA_SEC_CTX];
- struct xfrm_policy tmp;
+ struct xfrm_sec_ctx *ctx;
err = verify_sec_ctx_len(attrs);
if (err)
return err;
- memset(&tmp, 0, sizeof(struct xfrm_policy));
if (rt) {
struct xfrm_user_sec_ctx *uctx = nla_data(rt);
- if ((err = security_xfrm_policy_alloc(&tmp, uctx)))
+ err = security_xfrm_policy_alloc(&ctx, uctx);
+ if (err)
return err;
- }
- xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security,
- 0, &err);
- security_xfrm_policy_free(&tmp);
+ } else
+ ctx = NULL;
+ xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, ctx, 0, &err);
+ security_xfrm_policy_free(ctx);
}
-
if (xp == NULL)
return -ENOENT;
+
read_lock(&xp->lock);
if (xp->dead) {
read_unlock(&xp->lock);
diff --git a/security/dummy.c b/security/dummy.c
index 78d8f92..480366f 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -876,22 +876,23 @@
#endif /* CONFIG_SECURITY_NETWORK */
#ifdef CONFIG_SECURITY_NETWORK_XFRM
-static int dummy_xfrm_policy_alloc_security(struct xfrm_policy *xp,
- struct xfrm_user_sec_ctx *sec_ctx)
+static int dummy_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp,
+ struct xfrm_user_sec_ctx *sec_ctx)
{
return 0;
}
-static inline int dummy_xfrm_policy_clone_security(struct xfrm_policy *old, struct xfrm_policy *new)
+static inline int dummy_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx,
+ struct xfrm_sec_ctx **new_ctxp)
{
return 0;
}
-static void dummy_xfrm_policy_free_security(struct xfrm_policy *xp)
+static void dummy_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx)
{
}
-static int dummy_xfrm_policy_delete_security(struct xfrm_policy *xp)
+static int dummy_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx)
{
return 0;
}
@@ -911,7 +912,8 @@
return 0;
}
-static int dummy_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir)
+static int dummy_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx,
+ u32 sk_sid, u8 dir)
{
return 0;
}
diff --git a/security/security.c b/security/security.c
index b1387a6..c9ff7d1 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1014,26 +1014,27 @@
#ifdef CONFIG_SECURITY_NETWORK_XFRM
-int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
+int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx)
{
- return security_ops->xfrm_policy_alloc_security(xp, sec_ctx);
+ return security_ops->xfrm_policy_alloc_security(ctxp, sec_ctx);
}
EXPORT_SYMBOL(security_xfrm_policy_alloc);
-int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
+int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
+ struct xfrm_sec_ctx **new_ctxp)
{
- return security_ops->xfrm_policy_clone_security(old, new);
+ return security_ops->xfrm_policy_clone_security(old_ctx, new_ctxp);
}
-void security_xfrm_policy_free(struct xfrm_policy *xp)
+void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
{
- security_ops->xfrm_policy_free_security(xp);
+ security_ops->xfrm_policy_free_security(ctx);
}
EXPORT_SYMBOL(security_xfrm_policy_free);
-int security_xfrm_policy_delete(struct xfrm_policy *xp)
+int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
{
- return security_ops->xfrm_policy_delete_security(xp);
+ return security_ops->xfrm_policy_delete_security(ctx);
}
int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
@@ -1065,9 +1066,9 @@
security_ops->xfrm_state_free_security(x);
}
-int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
+int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
{
- return security_ops->xfrm_policy_lookup(xp, fl_secid, dir);
+ return security_ops->xfrm_policy_lookup(ctx, fl_secid, dir);
}
int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index 36b0510..289e24b 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -7,16 +7,17 @@
#ifndef _SELINUX_XFRM_H_
#define _SELINUX_XFRM_H_
-int selinux_xfrm_policy_alloc(struct xfrm_policy *xp,
- struct xfrm_user_sec_ctx *sec_ctx);
-int selinux_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new);
-void selinux_xfrm_policy_free(struct xfrm_policy *xp);
-int selinux_xfrm_policy_delete(struct xfrm_policy *xp);
+int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
+ struct xfrm_user_sec_ctx *sec_ctx);
+int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
+ struct xfrm_sec_ctx **new_ctxp);
+void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
+int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
int selinux_xfrm_state_alloc(struct xfrm_state *x,
struct xfrm_user_sec_ctx *sec_ctx, u32 secid);
void selinux_xfrm_state_free(struct xfrm_state *x);
int selinux_xfrm_state_delete(struct xfrm_state *x);
-int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
+int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
struct xfrm_policy *xp, struct flowi *fl);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index f374186..47295ac 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2649,7 +2649,7 @@
goto netlbl_sid_to_secattr_failure;
secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],
GFP_ATOMIC);
- secattr->flags |= NETLBL_SECATTR_DOMAIN;
+ secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY;
mls_export_netlbl_lvl(ctx, secattr);
rc = mls_export_netlbl_cat(ctx, secattr);
if (rc != 0)
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 7e15820..874d17c 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -77,20 +77,18 @@
* LSM hook implementation that authorizes that a flow can use
* a xfrm policy rule.
*/
-int selinux_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
+int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
{
int rc;
u32 sel_sid;
- struct xfrm_sec_ctx *ctx;
/* Context sid is either set to label or ANY_ASSOC */
- if ((ctx = xp->security)) {
+ if (ctx) {
if (!selinux_authorizable_ctx(ctx))
return -EINVAL;
sel_sid = ctx->ctx_sid;
- }
- else
+ } else
/*
* All flows should be treated as polmatch'ing an
* otherwise applicable "non-labeled" policy. This
@@ -103,7 +101,7 @@
NULL);
if (rc == -EACCES)
- rc = -ESRCH;
+ return -ESRCH;
return rc;
}
@@ -287,15 +285,14 @@
* LSM hook implementation that allocs and transfers uctx spec to
* xfrm_policy.
*/
-int selinux_xfrm_policy_alloc(struct xfrm_policy *xp,
- struct xfrm_user_sec_ctx *uctx)
+int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
+ struct xfrm_user_sec_ctx *uctx)
{
int err;
- BUG_ON(!xp);
BUG_ON(!uctx);
- err = selinux_xfrm_sec_ctx_alloc(&xp->security, uctx, 0);
+ err = selinux_xfrm_sec_ctx_alloc(ctxp, uctx, 0);
if (err == 0)
atomic_inc(&selinux_xfrm_refcount);
@@ -307,32 +304,29 @@
* LSM hook implementation that copies security data structure from old to
* new for policy cloning.
*/
-int selinux_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
+int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
+ struct xfrm_sec_ctx **new_ctxp)
{
- struct xfrm_sec_ctx *old_ctx, *new_ctx;
-
- old_ctx = old->security;
+ struct xfrm_sec_ctx *new_ctx;
if (old_ctx) {
- new_ctx = new->security = kmalloc(sizeof(*new_ctx) +
- old_ctx->ctx_len,
- GFP_KERNEL);
-
+ new_ctx = kmalloc(sizeof(*old_ctx) + old_ctx->ctx_len,
+ GFP_KERNEL);
if (!new_ctx)
return -ENOMEM;
memcpy(new_ctx, old_ctx, sizeof(*new_ctx));
memcpy(new_ctx->ctx_str, old_ctx->ctx_str, new_ctx->ctx_len);
+ *new_ctxp = new_ctx;
}
return 0;
}
/*
- * LSM hook implementation that frees xfrm_policy security information.
+ * LSM hook implementation that frees xfrm_sec_ctx security information.
*/
-void selinux_xfrm_policy_free(struct xfrm_policy *xp)
+void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
{
- struct xfrm_sec_ctx *ctx = xp->security;
if (ctx)
kfree(ctx);
}
@@ -340,10 +334,9 @@
/*
* LSM hook implementation that authorizes deletion of labeled policies.
*/
-int selinux_xfrm_policy_delete(struct xfrm_policy *xp)
+int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
{
struct task_security_struct *tsec = current->security;
- struct xfrm_sec_ctx *ctx = xp->security;
int rc = 0;
if (ctx) {
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 732ba27..e2d6f7c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1275,7 +1275,7 @@
switch (smack_net_nltype) {
case NETLBL_NLTYPE_CIPSOV4:
- nlsp->domain = kstrdup(smack, GFP_ATOMIC);
+ nlsp->domain = smack;
nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
rc = smack_to_cipso(smack, &cipso);