AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-11-24 16:01:14 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

pfkey: fix SA and SP flush sequence

Browse Source 
RFC 2367 says flushing behavior should be:
1) user space -> kernel: flush
2) kernel: flush
3) kernel -> user space: flush event to ALL listeners

This is not realistic today in the presence of selinux policies
which may reject the flush etc. So we make the sequence become:
1) user space -> kernel: flush
2) kernel: flush
3) kernel -> user space: flush response to originater from #1
4) if there were no errors then:
kernel -> user space: flush event to ALL listeners

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Jamal Hadi Salim 2010-02-19 02:00:40 +00:00 committed by David S. Miller
parent 927606a17e
commit 8be987d734
1 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
net/key/af_key.c
View File

@ -1712,6 +1712,23 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, struct sadb_msg
return 0; return 0;
} }
static int unicast_flush_resp(struct sock *sk, struct sadb_msg *ihdr)
{
struct sk_buff *skb;
struct sadb_msg *hdr;
skb = alloc_skb(sizeof(struct sadb_msg) + 16, GFP_ATOMIC);
if (!skb)
return -ENOBUFS;
hdr = (struct sadb_msg *) skb_put(skb, sizeof(struct sadb_msg));
memcpy(hdr, ihdr, sizeof(struct sadb_msg));
hdr->sadb_msg_errno = (uint8_t) 0;
hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
return pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ONE, sk, sock_net(sk));
}
static int key_notify_sa_flush(struct km_event *c) static int key_notify_sa_flush(struct km_event *c)
{ {
struct sk_buff *skb; struct sk_buff *skb;
@ -1740,7 +1757,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
unsigned proto; unsigned proto;
struct km_event c; struct km_event c;
struct xfrm_audit audit_info; struct xfrm_audit audit_info;
int err; int err, err2;
proto = pfkey_satype2proto(hdr->sadb_msg_satype); proto = pfkey_satype2proto(hdr->sadb_msg_satype);
if (proto == 0) if (proto == 0)
@ -1750,8 +1767,10 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
audit_info.sessionid = audit_get_sessionid(current); audit_info.sessionid = audit_get_sessionid(current);
audit_info.secid = 0; audit_info.secid = 0;
err = xfrm_state_flush(net, proto, &audit_info); err = xfrm_state_flush(net, proto, &audit_info);
if (err) err2 = unicast_flush_resp(sk, hdr);
return err; if (err || err2)
return err ? err : err2;
c.data.proto = proto; c.data.proto = proto;
c.seq = hdr->sadb_msg_seq; c.seq = hdr->sadb_msg_seq;
c.pid = hdr->sadb_msg_pid; c.pid = hdr->sadb_msg_pid;
@ -2706,14 +2725,16 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
struct net *net = sock_net(sk); struct net *net = sock_net(sk);
struct km_event c; struct km_event c;
struct xfrm_audit audit_info; struct xfrm_audit audit_info;
int err; int err, err2;
audit_info.loginuid = audit_get_loginuid(current); audit_info.loginuid = audit_get_loginuid(current);
audit_info.sessionid = audit_get_sessionid(current); audit_info.sessionid = audit_get_sessionid(current);
audit_info.secid = 0; audit_info.secid = 0;
err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info); err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
if (err) err2 = unicast_flush_resp(sk, hdr);
return err; if (err || err2)
return err ? err : err2;
c.data.type = XFRM_POLICY_TYPE_MAIN; c.data.type = XFRM_POLICY_TYPE_MAIN;
c.event = XFRM_MSG_FLUSHPOLICY; c.event = XFRM_MSG_FLUSHPOLICY;
c.pid = hdr->sadb_msg_pid; c.pid = hdr->sadb_msg_pid;