From patchwork Fri Oct 19 19:22:29 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Benjamin LaHaise X-Patchwork-Id: 192794 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 7816B2C0090 for ; Sat, 20 Oct 2012 06:22:32 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757971Ab2JSTWb (ORCPT ); Fri, 19 Oct 2012 15:22:31 -0400 Received: from kanga.kvack.org ([205.233.56.17]:43187 "EHLO kanga.kvack.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757715Ab2JSTW3 (ORCPT ); Fri, 19 Oct 2012 15:22:29 -0400 Received: by kanga.kvack.org (Postfix, from userid 63042) id 2A7B96B0069; Fri, 19 Oct 2012 15:22:29 -0400 (EDT) Date: Fri, 19 Oct 2012 15:22:29 -0400 From: Benjamin LaHaise To: Willy Tarreau Cc: David Miller , stable@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH 6/6] xfrm: invalidate dst on policy insertion/deletion Message-ID: <20121019192229.GF8315@kvack.org> References: <20121019191347.GD13515@kvack.org> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <20121019191347.GD13515@kvack.org> User-Agent: Mutt/1.4.2.2i Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org commit ee8372dd1989287c5eedb69d44bac43f69e496f1 Author: Nicolas Dichtel Date: Mon Sep 10 22:09:45 2012 +0000 xfrm: invalidate dst on policy insertion/deletion When a policy is inserted or deleted, all dst should be recalculated. Signed-off-by: Nicolas Dichtel Signed-off-by: David S. Miller Signed-off-by: Benjamin LaHaise --- net/xfrm/xfrm_policy.c | 1 + security/selinux/include/xfrm.h | 1 + 2 files changed, 2 insertions(+), 0 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 1ae61bd..3aa00e1 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -587,6 +587,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) xfrm_pol_hold(policy); net->xfrm.policy_count[dir]++; atomic_inc(&flow_cache_genid); + rt_genid_bump(net); if (delpol) __xfrm_policy_unlink(delpol, dir); policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir); diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h index 13128f9..9acf6fa 100644 --- a/security/selinux/include/xfrm.h +++ b/security/selinux/include/xfrm.h @@ -49,6 +49,7 @@ int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall); static inline void selinux_xfrm_notify_policyload(void) { atomic_inc(&flow_cache_genid); + rt_genid_bump(&init_net); } #else static inline int selinux_xfrm_enabled(void)