Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 069c474e authored by David S. Miller's avatar David S. Miller
Browse files

xfrm: Revert false event eliding commits. 



As reported by Alexey Dobriyan:

--------------------
setkey now takes several seconds to run this simple script
and it spits "recv: Resource temporarily unavailable" messages.

#!/usr/sbin/setkey -f
flush;
spdflush;

add A B ipcomp 44 -m tunnel -C deflate;
add B A ipcomp 45 -m tunnel -C deflate;

spdadd A B any -P in ipsec
        ipcomp/tunnel/192.168.1.2-192.168.1.3/use;
spdadd B A any -P out ipsec
        ipcomp/tunnel/192.168.1.3-192.168.1.2/use;
--------------------

Obviously applications want the events even when the table
is empty.  So we cannot make this behavioral change.

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 08326dbe

net/key/af_key.c

+2 −2
Original line number Diff line number Diff line
@@ -1751,7 +1751,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd 
	audit_info.secid = 0;

	err = xfrm_state_flush(net, proto, &audit_info);

	if (err)

		return 0;

		return err;

	c.data.proto = proto;

	c.seq = hdr->sadb_msg_seq;

	c.pid = hdr->sadb_msg_pid;
@@ -2713,7 +2713,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg 
	audit_info.secid = 0;

	err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);

	if (err)

		return 0;

		return err;

	c.data.type = XFRM_POLICY_TYPE_MAIN;

	c.event = XFRM_MSG_FLUSHPOLICY;

	c.pid = hdr->sadb_msg_pid;

net/xfrm/xfrm_policy.c

+3 −10
Original line number Diff line number Diff line
@@ -771,8 +771,7 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi 


int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)

{

	int dir, err = 0, cnt = 0;

	struct xfrm_policy *dp;

	int dir, err = 0;



	write_lock_bh(&xfrm_policy_lock);
@@ -790,10 +789,8 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) 
				     &net->xfrm.policy_inexact[dir], bydst) {

			if (pol->type != type)

				continue;

			dp = __xfrm_policy_unlink(pol, dir);

			__xfrm_policy_unlink(pol, dir);

			write_unlock_bh(&xfrm_policy_lock);

			if (dp)

				cnt++;



			xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,

						 audit_info->sessionid,
@@ -812,10 +809,8 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) 
					     bydst) {

				if (pol->type != type)

					continue;

				dp = __xfrm_policy_unlink(pol, dir);

				__xfrm_policy_unlink(pol, dir);

				write_unlock_bh(&xfrm_policy_lock);

				if (dp)

					cnt++;



				xfrm_audit_policy_delete(pol, 1,

							 audit_info->loginuid,
@@ -829,8 +824,6 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info) 
		}



	}

	if (!cnt)

		err = -ESRCH;

	atomic_inc(&flow_cache_genid);

out:

	write_unlock_bh(&xfrm_policy_lock);

net/xfrm/xfrm_state.c

+2 −6
Original line number Diff line number Diff line
@@ -603,14 +603,13 @@ xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audi 


int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info)

{

	int i, err = 0, cnt = 0;

	int i, err = 0;



	spin_lock_bh(&xfrm_state_lock);

	err = xfrm_state_flush_secctx_check(net, proto, audit_info);

	if (err)

		goto out;



	err = -ESRCH;

	for (i = 0; i <= net->xfrm.state_hmask; i++) {

		struct hlist_node *entry;

		struct xfrm_state *x;
@@ -627,15 +626,12 @@ int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info) 
							audit_info->sessionid,

							audit_info->secid);

				xfrm_state_put(x);

				if (!err)

					cnt++;



				spin_lock_bh(&xfrm_state_lock);

				goto restart;

			}

		}

	}

	if (cnt)

	err = 0;



out:

net/xfrm/xfrm_user.c

+2 −2
Original line number Diff line number Diff line
@@ -1525,7 +1525,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 
	audit_info.secid = NETLINK_CB(skb).sid;

	err = xfrm_state_flush(net, p->proto, &audit_info);

	if (err)

		return 0;

		return err;

	c.data.proto = p->proto;

	c.event = nlh->nlmsg_type;

	c.seq = nlh->nlmsg_seq;
@@ -1677,7 +1677,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 
	audit_info.secid = NETLINK_CB(skb).sid;

	err = xfrm_policy_flush(net, type, &audit_info);

	if (err)

		return 0;

		return err;

	c.data.type = type;

	c.event = nlh->nlmsg_type;

	c.seq = nlh->nlmsg_seq;