diff options
Diffstat (limited to 'testing/linux-grsec/0007-xfrm-Allow-user-space-manipulation-of-SPD-mark.patch')
| -rw-r--r-- | testing/linux-grsec/0007-xfrm-Allow-user-space-manipulation-of-SPD-mark.patch | 165 |
1 files changed, 0 insertions, 165 deletions
diff --git a/testing/linux-grsec/0007-xfrm-Allow-user-space-manipulation-of-SPD-mark.patch b/testing/linux-grsec/0007-xfrm-Allow-user-space-manipulation-of-SPD-mark.patch deleted file mode 100644 index b1cd1a50d5..0000000000 --- a/testing/linux-grsec/0007-xfrm-Allow-user-space-manipulation-of-SPD-mark.patch +++ /dev/null @@ -1,165 +0,0 @@ -From 40ee52ad2b96e7f5a558fe3aefd71df54411429a Mon Sep 17 00:00:00 2001 -From: Jamal Hadi Salim <hadi@cyberus.ca> -Date: Mon, 22 Feb 2010 11:33:00 +0000 -Subject: [PATCH 7/7] xfrm: Allow user space manipulation of SPD mark - -Add ability for netlink userspace to manipulate the SPD -and manipulate the mark, retrieve it and get events with a defined -mark, etc. - -Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - net/xfrm/xfrm_user.c | 31 +++++++++++++++++++++++++------ - 1 files changed, 25 insertions(+), 6 deletions(-) - -diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c -index 17252b4..da22919 100644 ---- a/net/xfrm/xfrm_user.c -+++ b/net/xfrm/xfrm_user.c -@@ -31,8 +31,6 @@ - #include <linux/in6.h> - #endif - --#define DUMMY_MARK 0 -- - static inline int aead_len(struct xfrm_algo_aead *alg) - { - return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); -@@ -1122,6 +1120,8 @@ static struct xfrm_policy *xfrm_policy_construct(struct net *net, struct xfrm_us - if (err) - goto error; - -+ xfrm_mark_get(attrs, &xp->mark); -+ - return xp; - error: - *errp = err; -@@ -1268,10 +1268,13 @@ static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr - goto nlmsg_failure; - if (copy_to_user_policy_type(xp->type, skb) < 0) - goto nlmsg_failure; -+ if (xfrm_mark_put(skb, &xp->mark)) -+ goto nla_put_failure; - - nlmsg_end(skb, nlh); - return 0; - -+nla_put_failure: - nlmsg_failure: - nlmsg_cancel(skb, nlh); - return -EMSGSIZE; -@@ -1343,6 +1346,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, - int err; - struct km_event c; - int delete; -+ struct xfrm_mark m; -+ u32 mark = xfrm_mark_get(attrs, &m); - - p = nlmsg_data(nlh); - delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; -@@ -1356,7 +1361,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, - return err; - - if (p->index) -- xp = xfrm_policy_byid(net, DUMMY_MARK, type, p->dir, p->index, delete, &err); -+ xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, delete, &err); - else { - struct nlattr *rt = attrs[XFRMA_SEC_CTX]; - struct xfrm_sec_ctx *ctx; -@@ -1373,7 +1378,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, - if (err) - return err; - } -- xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir, &p->sel, -+ xp = xfrm_policy_bysel_ctx(net, mark, type, p->dir, &p->sel, - ctx, delete, &err); - security_xfrm_policy_free(ctx); - } -@@ -1610,13 +1615,15 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, - struct xfrm_userpolicy_info *p = &up->pol; - u8 type = XFRM_POLICY_TYPE_MAIN; - int err = -ENOENT; -+ struct xfrm_mark m; -+ u32 mark = xfrm_mark_get(attrs, &m); - - err = copy_from_user_policy_type(&type, attrs); - if (err) - return err; - - if (p->index) -- xp = xfrm_policy_byid(net, DUMMY_MARK, type, p->dir, p->index, 0, &err); -+ xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, 0, &err); - else { - struct nlattr *rt = attrs[XFRMA_SEC_CTX]; - struct xfrm_sec_ctx *ctx; -@@ -1633,7 +1640,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, - if (err) - return err; - } -- xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir, -+ xp = xfrm_policy_bysel_ctx(net, mark, type, p->dir, - &p->sel, ctx, 0, &err); - security_xfrm_policy_free(ctx); - } -@@ -2298,9 +2305,12 @@ static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, - goto nlmsg_failure; - if (copy_to_user_policy_type(xp->type, skb) < 0) - goto nlmsg_failure; -+ if (xfrm_mark_put(skb, &xp->mark)) -+ goto nla_put_failure; - - return nlmsg_end(skb, nlh); - -+nla_put_failure: - nlmsg_failure: - nlmsg_cancel(skb, nlh); - return -EMSGSIZE; -@@ -2387,6 +2397,7 @@ static inline size_t xfrm_polexpire_msgsize(struct xfrm_policy *xp) - return NLMSG_ALIGN(sizeof(struct xfrm_user_polexpire)) - + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) - + nla_total_size(xfrm_user_sec_ctx_size(xp->security)) -+ + nla_total_size(sizeof(struct xfrm_mark)) - + userpolicy_type_attrsize(); - } - -@@ -2409,10 +2420,13 @@ static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, - goto nlmsg_failure; - if (copy_to_user_policy_type(xp->type, skb) < 0) - goto nlmsg_failure; -+ if (xfrm_mark_put(skb, &xp->mark)) -+ goto nla_put_failure; - upe->hard = !!hard; - - return nlmsg_end(skb, nlh); - -+nla_put_failure: - nlmsg_failure: - nlmsg_cancel(skb, nlh); - return -EMSGSIZE; -@@ -2449,6 +2463,7 @@ static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event * - headlen = sizeof(*id); - } - len += userpolicy_type_attrsize(); -+ len += nla_total_size(sizeof(struct xfrm_mark)); - len += NLMSG_ALIGN(headlen); - - skb = nlmsg_new(len, GFP_ATOMIC); -@@ -2484,10 +2499,14 @@ static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event * - if (copy_to_user_policy_type(xp->type, skb) < 0) - goto nlmsg_failure; - -+ if (xfrm_mark_put(skb, &xp->mark)) -+ goto nla_put_failure; -+ - nlmsg_end(skb, nlh); - - return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); - -+nla_put_failure: - nlmsg_failure: - kfree_skb(skb); - return -1; --- -1.6.3.3 - |