* Derek Atkins <derek@ihtfp.com>
*/
-#include <linux/config.h>
#include <linux/capability.h>
#include <linux/module.h>
#include <linux/kernel.h>
if (x == NULL)
return -ESRCH;
+ if ((err = security_xfrm_state_delete(x)))
+ goto out;
+
if (xfrm_state_kern(x)) {
- xfrm_state_put(x);
- return -EPERM;
+ err = -EPERM;
+ goto out;
}
err = xfrm_state_delete(x);
- if (err < 0) {
- xfrm_state_put(x);
- return err;
- }
+ if (err < 0)
+ goto out;
c.seq = hdr->sadb_msg_seq;
c.pid = hdr->sadb_msg_pid;
c.event = XFRM_MSG_DELSA;
km_state_notify(x, &c);
+out:
xfrm_state_put(x);
return err;
err = 0;
+ if ((err = security_xfrm_policy_delete(xp)))
+ goto out;
c.seq = hdr->sadb_msg_seq;
c.pid = hdr->sadb_msg_pid;
c.event = XFRM_MSG_DELPOLICY;
km_policy_notify(xp, pol->sadb_x_policy_dir-1, &c);
+out:
xfrm_pol_put(xp);
return err;
}
return key_notify_sa(x, c);
case XFRM_MSG_FLUSHSA:
return key_notify_sa_flush(c);
+ case XFRM_MSG_NEWAE: /* not yet supported */
+ break;
default:
printk("pfkey: Unknown SA event %d\n", c->event);
break;
if (!hdr)
goto out;
- down(&xfrm_cfg_sem);
+ mutex_lock(&xfrm_cfg_mutex);
err = pfkey_process(sk, skb, hdr);
- up(&xfrm_cfg_sem);
+ mutex_unlock(&xfrm_cfg_mutex);
out:
if (err && hdr && pfkey_error(hdr, err, sk) == 0)