#include <net/netlink.h>
#include <asm/uaccess.h>
-struct sock *xfrm_nl;
-
static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type)
{
struct rtattr *rt = xfrma[type - 1];
uctx = RTA_DATA(rt);
- if (uctx->ctx_len > PAGE_SIZE)
- return -EINVAL;
-
len += sizeof(struct xfrm_user_sec_ctx);
len += uctx->ctx_len;
if (x == NULL)
return -ESRCH;
+ if ((err = security_xfrm_state_delete(x)) != 0)
+ goto out;
+
if (xfrm_state_kern(x)) {
- xfrm_state_put(x);
- return -EPERM;
+ err = -EPERM;
+ goto out;
}
err = xfrm_state_delete(x);
- if (err < 0) {
- xfrm_state_put(x);
- return err;
- }
+ if (err < 0)
+ goto out;
c.seq = nlh->nlmsg_seq;
c.pid = nlh->nlmsg_pid;
c.event = nlh->nlmsg_type;
km_state_notify(x, &c);
- xfrm_state_put(x);
+out:
+ xfrm_state_put(x);
return err;
}
MSG_DONTWAIT);
}
} else {
+ if ((err = security_xfrm_policy_delete(xp)) != 0)
+ goto out;
c.data.byid = p->index;
c.event = nlh->nlmsg_type;
c.seq = nlh->nlmsg_seq;
xfrm_pol_put(xp);
+out:
return err;
}
unsigned int qlen = 0;
do {
- down(&xfrm_cfg_sem);
+ mutex_lock(&xfrm_cfg_mutex);
netlink_run_queue(sk, &qlen, &xfrm_user_rcv_msg);
- up(&xfrm_cfg_sem);
+ mutex_unlock(&xfrm_cfg_mutex);
} while (qlen);
}
static int __init xfrm_user_init(void)
{
+ struct sock *nlsk;
+
printk(KERN_INFO "Initializing IPsec netlink socket\n");
- xfrm_nl = netlink_kernel_create(NETLINK_XFRM, XFRMNLGRP_MAX,
- xfrm_netlink_rcv, THIS_MODULE);
- if (xfrm_nl == NULL)
+ nlsk = netlink_kernel_create(NETLINK_XFRM, XFRMNLGRP_MAX,
+ xfrm_netlink_rcv, THIS_MODULE);
+ if (nlsk == NULL)
return -ENOMEM;
+ rcu_assign_pointer(xfrm_nl, nlsk);
xfrm_register_km(&netlink_mgr);
static void __exit xfrm_user_exit(void)
{
+ struct sock *nlsk = xfrm_nl;
+
xfrm_unregister_km(&netlink_mgr);
- sock_release(xfrm_nl->sk_socket);
+ rcu_assign_pointer(xfrm_nl, NULL);
+ synchronize_rcu();
+ sock_release(nlsk->sk_socket);
}
module_init(xfrm_user_init);
module_exit(xfrm_user_exit);
MODULE_LICENSE("GPL");
MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM);
-EXPORT_SYMBOL(xfrm_nl);