lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

xfrm: Revert false event eliding commits.

Browse Source 
As reported by Alexey Dobriyan:

--------------------
setkey now takes several seconds to run this simple script
and it spits "recv: Resource temporarily unavailable" messages.

#!/usr/sbin/setkey -f
flush;
spdflush;

add A B ipcomp 44 -m tunnel -C deflate;
add B A ipcomp 45 -m tunnel -C deflate;

spdadd A B any -P in ipsec
        ipcomp/tunnel/192.168.1.2-192.168.1.3/use;
spdadd B A any -P out ipsec
        ipcomp/tunnel/192.168.1.3-192.168.1.2/use;
--------------------

Obviously applications want the events even when the table
is empty.  So we cannot make this behavioral change.

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
2010-02-17 13:41:40 -08:00
parent 08326dbe7b
commit 069c474e88
4 changed files with 9 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
net/key/af_key.c
View File

@@ -1751,7 +1751,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
audit_info.secid = 0; audit_info.secid = 0;
err = xfrm_state_flush(net, proto, &audit_info); err = xfrm_state_flush(net, proto, &audit_info);
if (err) if (err)
return 0; return err;
c.data.proto = proto; c.data.proto = proto;
c.seq = hdr->sadb_msg_seq; c.seq = hdr->sadb_msg_seq;
c.pid = hdr->sadb_msg_pid; c.pid = hdr->sadb_msg_pid;
@@ -2713,7 +2713,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
audit_info.secid = 0; audit_info.secid = 0;
err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info); err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
if (err) if (err)
return 0; return err;
c.data.type = XFRM_POLICY_TYPE_MAIN; c.data.type = XFRM_POLICY_TYPE_MAIN;
c.event = XFRM_MSG_FLUSHPOLICY; c.event = XFRM_MSG_FLUSHPOLICY;
c.pid = hdr->sadb_msg_pid; c.pid = hdr->sadb_msg_pid;

13
net/xfrm/xfrm_policy.c
View File

@@ -771,8 +771,7 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi
int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
{ {
int dir, err = 0, cnt = 0; int dir, err = 0;
struct xfrm_policy *dp;
write_lock_bh(&xfrm_policy_lock); write_lock_bh(&xfrm_policy_lock);
@@ -790,10 +789,8 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
&net->xfrm.policy_inexact[dir], bydst) { &net->xfrm.policy_inexact[dir], bydst) {
if (pol->type != type) if (pol->type != type)
continue; continue;
dp = __xfrm_policy_unlink(pol, dir); __xfrm_policy_unlink(pol, dir);
write_unlock_bh(&xfrm_policy_lock); write_unlock_bh(&xfrm_policy_lock);
if (dp)
cnt++;
xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,
audit_info->sessionid, audit_info->sessionid,
@@ -812,10 +809,8 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
bydst) { bydst) {
if (pol->type != type) if (pol->type != type)
continue; continue;
dp = __xfrm_policy_unlink(pol, dir); __xfrm_policy_unlink(pol, dir);
write_unlock_bh(&xfrm_policy_lock); write_unlock_bh(&xfrm_policy_lock);
if (dp)
cnt++;
xfrm_audit_policy_delete(pol, 1, xfrm_audit_policy_delete(pol, 1,
audit_info->loginuid, audit_info->loginuid,
@@ -829,8 +824,6 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
} }
} }
if (!cnt)
err = -ESRCH;
atomic_inc(&flow_cache_genid); atomic_inc(&flow_cache_genid);
out: out:
write_unlock_bh(&xfrm_policy_lock); write_unlock_bh(&xfrm_policy_lock);

6
net/xfrm/xfrm_state.c
View File

@@ -603,14 +603,13 @@ xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audi
int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info) int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info)
{ {
int i, err = 0, cnt = 0; int i, err = 0;
spin_lock_bh(&xfrm_state_lock); spin_lock_bh(&xfrm_state_lock);
err = xfrm_state_flush_secctx_check(net, proto, audit_info); err = xfrm_state_flush_secctx_check(net, proto, audit_info);
if (err) if (err)
goto out; goto out;
err = -ESRCH;
for (i = 0; i <= net->xfrm.state_hmask; i++) { for (i = 0; i <= net->xfrm.state_hmask; i++) {
struct hlist_node *entry; struct hlist_node *entry;
struct xfrm_state *x; struct xfrm_state *x;
@@ -627,15 +626,12 @@ restart:
audit_info->sessionid, audit_info->sessionid,
audit_info->secid); audit_info->secid);
xfrm_state_put(x); xfrm_state_put(x);
if (!err)
cnt++;
spin_lock_bh(&xfrm_state_lock); spin_lock_bh(&xfrm_state_lock);
goto restart; goto restart;
} }
} }
} }
if (cnt)
err = 0; err = 0;
out: out:

4
net/xfrm/xfrm_user.c
View File

@@ -1525,7 +1525,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
audit_info.secid = NETLINK_CB(skb).sid; audit_info.secid = NETLINK_CB(skb).sid;
err = xfrm_state_flush(net, p->proto, &audit_info); err = xfrm_state_flush(net, p->proto, &audit_info);
if (err) if (err)
return 0; return err;
c.data.proto = p->proto; c.data.proto = p->proto;
c.event = nlh->nlmsg_type; c.event = nlh->nlmsg_type;
c.seq = nlh->nlmsg_seq; c.seq = nlh->nlmsg_seq;
@@ -1677,7 +1677,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
audit_info.secid = NETLINK_CB(skb).sid; audit_info.secid = NETLINK_CB(skb).sid;
err = xfrm_policy_flush(net, type, &audit_info); err = xfrm_policy_flush(net, type, &audit_info);
if (err) if (err)
return 0; return err;
c.data.type = type; c.data.type = type;
c.event = nlh->nlmsg_type; c.event = nlh->nlmsg_type;
c.seq = nlh->nlmsg_seq; c.seq = nlh->nlmsg_seq;