Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

xfrm: invalidate dst on policy insertion/deletion

Browse source 
When a policy is inserted or deleted, all dst should be recalculated.

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Nicolas Dichtel 2012-09-10 22:09:45 +00:00 committed by David S. Miller
parent b42664f898
commit ee8372dd19
2 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
net/xfrm/xfrm_policy.c
View file

@ -585,6 +585,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
xfrm_pol_hold(policy); xfrm_pol_hold(policy);
net->xfrm.policy_count[dir]++; net->xfrm.policy_count[dir]++;
atomic_inc(&flow_cache_genid); atomic_inc(&flow_cache_genid);
rt_genid_bump(net);
if (delpol) if (delpol)
__xfrm_policy_unlink(delpol, dir); __xfrm_policy_unlink(delpol, dir);
policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir); policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir);

1
security/selinux/include/xfrm.h
View file

@ -51,6 +51,7 @@ int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
static inline void selinux_xfrm_notify_policyload(void) static inline void selinux_xfrm_notify_policyload(void)
{ {
atomic_inc(&flow_cache_genid); atomic_inc(&flow_cache_genid);
rt_genid_bump(&init_net);
} }
#else #else
static inline int selinux_xfrm_enabled(void) static inline int selinux_xfrm_enabled(void)