aboutsummaryrefslogtreecommitdiffstats
path: root/testing/linux-grsec/0004-xfrm-SP-lookups-signature-with-mark.patch
diff options
context:
space:
mode:
Diffstat (limited to 'testing/linux-grsec/0004-xfrm-SP-lookups-signature-with-mark.patch')
-rw-r--r--testing/linux-grsec/0004-xfrm-SP-lookups-signature-with-mark.patch129
1 files changed, 129 insertions, 0 deletions
diff --git a/testing/linux-grsec/0004-xfrm-SP-lookups-signature-with-mark.patch b/testing/linux-grsec/0004-xfrm-SP-lookups-signature-with-mark.patch
new file mode 100644
index 0000000000..6e0f14b21f
--- /dev/null
+++ b/testing/linux-grsec/0004-xfrm-SP-lookups-signature-with-mark.patch
@@ -0,0 +1,129 @@
+From 252611e7ea95985941df9897c1082504b14c698f Mon Sep 17 00:00:00 2001
+From: Jamal Hadi Salim <hadi@cyberus.ca>
+Date: Mon, 22 Feb 2010 11:32:57 +0000
+Subject: [PATCH 4/7] xfrm: SP lookups signature with mark
+
+pass mark to all SP lookups to prepare them for when we add code
+to have them search.
+
+Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ include/net/xfrm.h | 5 +++--
+ net/key/af_key.c | 4 ++--
+ net/xfrm/xfrm_policy.c | 8 ++++----
+ net/xfrm/xfrm_user.c | 10 +++++-----
+ 4 files changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/include/net/xfrm.h b/include/net/xfrm.h
+index 0f3c0f4..e2bdd19 100644
+--- a/include/net/xfrm.h
++++ b/include/net/xfrm.h
+@@ -1456,11 +1456,12 @@ extern int xfrm_policy_walk(struct net *net, struct xfrm_policy_walk *walk,
+ int (*func)(struct xfrm_policy *, int, int, void*), void *);
+ extern void xfrm_policy_walk_done(struct xfrm_policy_walk *walk);
+ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
+-struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u8 type, int dir,
++struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark,
++ u8 type, int dir,
+ struct xfrm_selector *sel,
+ struct xfrm_sec_ctx *ctx, int delete,
+ int *err);
+-struct xfrm_policy *xfrm_policy_byid(struct net *net, u8, int dir, u32 id, int delete, int *err);
++struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir, u32 id, int delete, int *err);
+ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info);
+ u32 xfrm_get_acqseq(void);
+ extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
+diff --git a/net/key/af_key.c b/net/key/af_key.c
+index bcb9ecf..fa0fab6 100644
+--- a/net/key/af_key.c
++++ b/net/key/af_key.c
+@@ -2346,7 +2346,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
+ return err;
+ }
+
+- xp = xfrm_policy_bysel_ctx(net, XFRM_POLICY_TYPE_MAIN,
++ xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
+ pol->sadb_x_policy_dir - 1, &sel, pol_ctx,
+ 1, &err);
+ security_xfrm_policy_free(pol_ctx);
+@@ -2594,7 +2594,7 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
+ return -EINVAL;
+
+ delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
+- xp = xfrm_policy_byid(net, XFRM_POLICY_TYPE_MAIN,
++ xp = xfrm_policy_byid(net, DUMMY_MARK, XFRM_POLICY_TYPE_MAIN,
+ dir, pol->sadb_x_policy_id, delete, &err);
+ if (xp == NULL)
+ return -ENOENT;
+diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
+index cb81ca3..8376d55 100644
+--- a/net/xfrm/xfrm_policy.c
++++ b/net/xfrm/xfrm_policy.c
+@@ -635,8 +635,8 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
+ }
+ EXPORT_SYMBOL(xfrm_policy_insert);
+
+-struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u8 type, int dir,
+- struct xfrm_selector *sel,
++struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark, u8 type,
++ int dir, struct xfrm_selector *sel,
+ struct xfrm_sec_ctx *ctx, int delete,
+ int *err)
+ {
+@@ -676,8 +676,8 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u8 type, int dir,
+ }
+ EXPORT_SYMBOL(xfrm_policy_bysel_ctx);
+
+-struct xfrm_policy *xfrm_policy_byid(struct net *net, u8 type, int dir, u32 id,
+- int delete, int *err)
++struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8 type,
++ int dir, u32 id, int delete, int *err)
+ {
+ struct xfrm_policy *pol, *ret;
+ struct hlist_head *chain;
+diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
+index dec2e0d..837bc09 100644
+--- a/net/xfrm/xfrm_user.c
++++ b/net/xfrm/xfrm_user.c
+@@ -1345,7 +1345,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
+ return err;
+
+ if (p->index)
+- xp = xfrm_policy_byid(net, type, p->dir, p->index, delete, &err);
++ xp = xfrm_policy_byid(net, DUMMY_MARK, type, p->dir, p->index, delete, &err);
+ else {
+ struct nlattr *rt = attrs[XFRMA_SEC_CTX];
+ struct xfrm_sec_ctx *ctx;
+@@ -1362,8 +1362,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
+ if (err)
+ return err;
+ }
+- xp = xfrm_policy_bysel_ctx(net, type, p->dir, &p->sel, ctx,
+- delete, &err);
++ xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir,
++ &p->sel, ctx, delete, &err);
+ security_xfrm_policy_free(ctx);
+ }
+ if (xp == NULL)
+@@ -1593,7 +1593,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
+ return err;
+
+ if (p->index)
+- xp = xfrm_policy_byid(net, type, p->dir, p->index, 0, &err);
++ xp = xfrm_policy_byid(net, DUMMY_MARK, type, p->dir, p->index, 0, &err);
+ else {
+ struct nlattr *rt = attrs[XFRMA_SEC_CTX];
+ struct xfrm_sec_ctx *ctx;
+@@ -1610,7 +1610,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
+ if (err)
+ return err;
+ }
+- xp = xfrm_policy_bysel_ctx(net, type, p->dir, &p->sel, ctx, 0, &err);
++ xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir, &p->sel, ctx, 0, &err);
+ security_xfrm_policy_free(ctx);
+ }
+ if (xp == NULL)
+--
+1.6.3.3
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-16 13:19:03 +0000