Commit ee8372dd authored by Nicolas Dichtel's avatar Nicolas Dichtel Committed by David S. Miller
Browse files

xfrm: invalidate dst on policy insertion/deletion 



When a policy is inserted or deleted, all dst should be recalculated.

Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b42664f8

net/xfrm/xfrm_policy.c

+1 −0
Original line number Diff line number Diff line
@@ -585,6 +585,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) 
	xfrm_pol_hold(policy);

	net->xfrm.policy_count[dir]++;

	atomic_inc(&flow_cache_genid);

	rt_genid_bump(net);

	if (delpol)

		__xfrm_policy_unlink(delpol, dir);

	policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir);

security/selinux/include/xfrm.h

+1 −0
Original line number Diff line number Diff line
@@ -51,6 +51,7 @@ int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall); 
static inline void selinux_xfrm_notify_policyload(void)

{

	atomic_inc(&flow_cache_genid);

	rt_genid_bump(&init_net);

}

#else

static inline int selinux_xfrm_enabled(void)

CRA Git | Maintained and supported by SUSTech CRA and CCSE