netns xfrm: state flush in netns
Alexey Dobriyan [Wed, 26 Nov 2008 01:30:18 +0000 (17:30 -0800)]
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/xfrm.h
net/key/af_key.c
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c

index 8699620..e4bb672 100644 (file)
@@ -1363,7 +1363,7 @@ struct xfrmk_spdinfo {
 
 extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq);
 extern int xfrm_state_delete(struct xfrm_state *x);
-extern int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info);
+extern int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info);
 extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si);
 extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si);
 extern int xfrm_replay_check(struct xfrm_state *x,
index 036315d..e5d595a 100644 (file)
@@ -1732,7 +1732,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
        audit_info.loginuid = audit_get_loginuid(current);
        audit_info.sessionid = audit_get_sessionid(current);
        audit_info.secid = 0;
-       err = xfrm_state_flush(proto, &audit_info);
+       err = xfrm_state_flush(&init_net, proto, &audit_info);
        if (err)
                return err;
        c.data.proto = proto;
index f3f635d..5f4c534 100644 (file)
@@ -576,15 +576,15 @@ EXPORT_SYMBOL(xfrm_state_delete);
 
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 static inline int
-xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
+xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
 {
        int i, err = 0;
 
-       for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
+       for (i = 0; i <= net->xfrm.state_hmask; i++) {
                struct hlist_node *entry;
                struct xfrm_state *x;
 
-               hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
+               hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
                        if (xfrm_id_proto_match(x->id.proto, proto) &&
                           (err = security_xfrm_state_delete(x)) != 0) {
                                xfrm_audit_state_delete(x, 0,
@@ -600,26 +600,26 @@ xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
 }
 #else
 static inline int
-xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
+xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
 {
        return 0;
 }
 #endif
 
-int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
+int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info)
 {
        int i, err = 0;
 
        spin_lock_bh(&xfrm_state_lock);
-       err = xfrm_state_flush_secctx_check(proto, audit_info);
+       err = xfrm_state_flush_secctx_check(net, proto, audit_info);
        if (err)
                goto out;
 
-       for (i = 0; i <= init_net.xfrm.state_hmask; i++) {
+       for (i = 0; i <= net->xfrm.state_hmask; i++) {
                struct hlist_node *entry;
                struct xfrm_state *x;
 restart:
-               hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+i, bydst) {
+               hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
                        if (!xfrm_state_kern(x) &&
                            xfrm_id_proto_match(x->id.proto, proto)) {
                                xfrm_state_hold(x);
@@ -641,7 +641,7 @@ restart:
 
 out:
        spin_unlock_bh(&xfrm_state_lock);
-       wake_up(&init_net.xfrm.km_waitq);
+       wake_up(&net->xfrm.km_waitq);
        return err;
 }
 EXPORT_SYMBOL(xfrm_state_flush);
index 765c01e..49a7e89 100644 (file)
@@ -1398,7 +1398,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
        audit_info.loginuid = NETLINK_CB(skb).loginuid;
        audit_info.sessionid = NETLINK_CB(skb).sessionid;
        audit_info.secid = NETLINK_CB(skb).sid;
-       err = xfrm_state_flush(p->proto, &audit_info);
+       err = xfrm_state_flush(&init_net, p->proto, &audit_info);
        if (err)
                return err;
        c.data.proto = p->proto;