net: use skb_sec_path helper in more places

skb_sec_path gains 'const' qualifier to avoid
xt_policy.c: 'skb_sec_path' discards 'const' qualifier from pointer target type

same reasoning as previous conversions: Won't need to touch these
spots anymore when skb->sp is removed.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Florian Westphal 2018-12-18 17:15:20 +01:00 committed by David S. Miller
parent 7af8f4ca31
commit 2294be0f11
13 changed files with 52 additions and 31 deletions

View File

@ -4124,7 +4124,7 @@ static inline bool skb_get_dst_pending_confirm(const struct sk_buff *skb)
return skb->dst_pending_confirm != 0; return skb->dst_pending_confirm != 0;
} }
static inline struct sec_path *skb_sec_path(struct sk_buff *skb) static inline struct sec_path *skb_sec_path(const struct sk_buff *skb)
{ {
#ifdef CONFIG_XFRM #ifdef CONFIG_XFRM
return skb->sp; return skb->sp;

View File

@ -1896,14 +1896,16 @@ static inline void xfrm_states_delete(struct xfrm_state **states, int n)
#ifdef CONFIG_XFRM #ifdef CONFIG_XFRM
static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb) static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
{ {
return skb->sp->xvec[skb->sp->len - 1]; struct sec_path *sp = skb_sec_path(skb);
return sp->xvec[sp->len - 1];
} }
#endif #endif
static inline struct xfrm_offload *xfrm_offload(struct sk_buff *skb) static inline struct xfrm_offload *xfrm_offload(struct sk_buff *skb)
{ {
#ifdef CONFIG_XFRM #ifdef CONFIG_XFRM
struct sec_path *sp = skb->sp; struct sec_path *sp = skb_sec_path(skb);
if (!sp || !sp->olen || sp->len != sp->olen) if (!sp || !sp->olen || sp->len != sp->olen)
return NULL; return NULL;

View File

@ -125,10 +125,13 @@ static void esp_output_done(struct crypto_async_request *base, int err)
void *tmp; void *tmp;
struct xfrm_state *x; struct xfrm_state *x;
if (xo && (xo->flags & XFRM_DEV_RESUME)) if (xo && (xo->flags & XFRM_DEV_RESUME)) {
x = skb->sp->xvec[skb->sp->len - 1]; struct sec_path *sp = skb_sec_path(skb);
else
x = sp->xvec[sp->len - 1];
} else {
x = skb_dst(skb)->xfrm; x = skb_dst(skb)->xfrm;
}
tmp = ESP_SKB_CB(skb)->tmp; tmp = ESP_SKB_CB(skb)->tmp;
esp_ssg_unref(x, tmp); esp_ssg_unref(x, tmp);

View File

@ -115,6 +115,7 @@ static struct sk_buff *esp4_gso_segment(struct sk_buff *skb,
struct crypto_aead *aead; struct crypto_aead *aead;
netdev_features_t esp_features = features; netdev_features_t esp_features = features;
struct xfrm_offload *xo = xfrm_offload(skb); struct xfrm_offload *xo = xfrm_offload(skb);
struct sec_path *sp;
if (!xo) if (!xo)
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
@ -122,7 +123,8 @@ static struct sk_buff *esp4_gso_segment(struct sk_buff *skb,
if (!(skb_shinfo(skb)->gso_type & SKB_GSO_ESP)) if (!(skb_shinfo(skb)->gso_type & SKB_GSO_ESP))
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
x = skb->sp->xvec[skb->sp->len - 1]; sp = skb_sec_path(skb);
x = sp->xvec[sp->len - 1];
aead = x->data; aead = x->data;
esph = ip_esp_hdr(skb); esph = ip_esp_hdr(skb);

View File

@ -145,10 +145,13 @@ static void esp_output_done(struct crypto_async_request *base, int err)
void *tmp; void *tmp;
struct xfrm_state *x; struct xfrm_state *x;
if (xo && (xo->flags & XFRM_DEV_RESUME)) if (xo && (xo->flags & XFRM_DEV_RESUME)) {
x = skb->sp->xvec[skb->sp->len - 1]; struct sec_path *sp = skb_sec_path(skb);
else
x = sp->xvec[sp->len - 1];
} else {
x = skb_dst(skb)->xfrm; x = skb_dst(skb)->xfrm;
}
tmp = ESP_SKB_CB(skb)->tmp; tmp = ESP_SKB_CB(skb)->tmp;
esp_ssg_unref(x, tmp); esp_ssg_unref(x, tmp);

View File

@ -142,6 +142,7 @@ static struct sk_buff *esp6_gso_segment(struct sk_buff *skb,
struct crypto_aead *aead; struct crypto_aead *aead;
netdev_features_t esp_features = features; netdev_features_t esp_features = features;
struct xfrm_offload *xo = xfrm_offload(skb); struct xfrm_offload *xo = xfrm_offload(skb);
struct sec_path *sp;
if (!xo) if (!xo)
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
@ -149,7 +150,8 @@ static struct sk_buff *esp6_gso_segment(struct sk_buff *skb,
if (!(skb_shinfo(skb)->gso_type & SKB_GSO_ESP)) if (!(skb_shinfo(skb)->gso_type & SKB_GSO_ESP))
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
x = skb->sp->xvec[skb->sp->len - 1]; sp = skb_sec_path(skb);
x = sp->xvec[sp->len - 1];
aead = x->data; aead = x->data;
esph = ip_esp_hdr(skb); esph = ip_esp_hdr(skb);

View File

@ -147,7 +147,7 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
goto drop; goto drop;
} }
skb->sp->xvec[skb->sp->len++] = x; sp->xvec[sp->len++] = x;
spin_lock(&x->lock); spin_lock(&x->lock);

View File

@ -161,7 +161,7 @@ static void nft_xfrm_get_eval_in(const struct nft_xfrm *priv,
struct nft_regs *regs, struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct sec_path *sp = pkt->skb->sp; const struct sec_path *sp = skb_sec_path(pkt->skb);
const struct xfrm_state *state; const struct xfrm_state *state;
if (sp == NULL || sp->len <= priv->spnum) { if (sp == NULL || sp->len <= priv->spnum) {

View File

@ -56,7 +56,7 @@ match_policy_in(const struct sk_buff *skb, const struct xt_policy_info *info,
unsigned short family) unsigned short family)
{ {
const struct xt_policy_elem *e; const struct xt_policy_elem *e;
const struct sec_path *sp = skb->sp; const struct sec_path *sp = skb_sec_path(skb);
int strict = info->flags & XT_POLICY_MATCH_STRICT; int strict = info->flags & XT_POLICY_MATCH_STRICT;
int i, pos; int i, pos;

View File

@ -32,6 +32,7 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur
struct softnet_data *sd; struct softnet_data *sd;
netdev_features_t esp_features = features; netdev_features_t esp_features = features;
struct xfrm_offload *xo = xfrm_offload(skb); struct xfrm_offload *xo = xfrm_offload(skb);
struct sec_path *sp;
if (!xo) if (!xo)
return skb; return skb;
@ -39,7 +40,8 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur
if (!(features & NETIF_F_HW_ESP)) if (!(features & NETIF_F_HW_ESP))
esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK); esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK);
x = skb->sp->xvec[skb->sp->len - 1]; sp = skb_sec_path(skb);
x = sp->xvec[sp->len - 1];
if (xo->flags & XFRM_GRO || x->xso.flags & XFRM_OFFLOAD_INBOUND) if (xo->flags & XFRM_GRO || x->xso.flags & XFRM_OFFLOAD_INBOUND)
return skb; return skb;

View File

@ -330,7 +330,9 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
daddr = (xfrm_address_t *)(skb_network_header(skb) + daddr = (xfrm_address_t *)(skb_network_header(skb) +
XFRM_SPI_SKB_CB(skb)->daddroff); XFRM_SPI_SKB_CB(skb)->daddroff);
do { do {
if (skb->sp->len == XFRM_MAX_DEPTH) { sp = skb_sec_path(skb);
if (sp->len == XFRM_MAX_DEPTH) {
secpath_reset(skb); secpath_reset(skb);
XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR); XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);
goto drop; goto drop;
@ -346,7 +348,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
skb->mark = xfrm_smark_get(skb->mark, x); skb->mark = xfrm_smark_get(skb->mark, x);
skb->sp->xvec[skb->sp->len++] = x; sp->xvec[sp->len++] = x;
lock: lock:
spin_lock(&x->lock); spin_lock(&x->lock);
@ -470,8 +472,9 @@ resume:
nf_reset(skb); nf_reset(skb);
if (decaps) { if (decaps) {
if (skb->sp) sp = skb_sec_path(skb);
skb->sp->olen = 0; if (sp)
sp->olen = 0;
skb_dst_drop(skb); skb_dst_drop(skb);
gro_cells_receive(&gro_cells, skb); gro_cells_receive(&gro_cells, skb);
return 0; return 0;
@ -482,8 +485,9 @@ resume:
err = x->inner_mode->afinfo->transport_finish(skb, xfrm_gro || async); err = x->inner_mode->afinfo->transport_finish(skb, xfrm_gro || async);
if (xfrm_gro) { if (xfrm_gro) {
if (skb->sp) sp = skb_sec_path(skb);
skb->sp->olen = 0; if (sp)
sp->olen = 0;
skb_dst_drop(skb); skb_dst_drop(skb);
gro_cells_receive(&gro_cells, skb); gro_cells_receive(&gro_cells, skb);
return err; return err;

View File

@ -3200,11 +3200,12 @@ EXPORT_SYMBOL(xfrm_lookup_route);
static inline int static inline int
xfrm_secpath_reject(int idx, struct sk_buff *skb, const struct flowi *fl) xfrm_secpath_reject(int idx, struct sk_buff *skb, const struct flowi *fl)
{ {
struct sec_path *sp = skb_sec_path(skb);
struct xfrm_state *x; struct xfrm_state *x;
if (!skb->sp || idx < 0 || idx >= skb->sp->len) if (!sp || idx < 0 || idx >= sp->len)
return 0; return 0;
x = skb->sp->xvec[idx]; x = sp->xvec[idx];
if (!x->type->reject) if (!x->type->reject)
return 0; return 0;
return x->type->reject(x, skb, fl); return x->type->reject(x, skb, fl);
@ -3304,6 +3305,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
struct flowi fl; struct flowi fl;
int xerr_idx = -1; int xerr_idx = -1;
const struct xfrm_if_cb *ifcb; const struct xfrm_if_cb *ifcb;
struct sec_path *sp;
struct xfrm_if *xi; struct xfrm_if *xi;
u32 if_id = 0; u32 if_id = 0;
@ -3328,11 +3330,12 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
nf_nat_decode_session(skb, &fl, family); nf_nat_decode_session(skb, &fl, family);
/* First, check used SA against their selectors. */ /* First, check used SA against their selectors. */
if (skb->sp) { sp = skb_sec_path(skb);
if (sp) {
int i; int i;
for (i = skb->sp->len-1; i >= 0; i--) { for (i = sp->len - 1; i >= 0; i--) {
struct xfrm_state *x = skb->sp->xvec[i]; struct xfrm_state *x = sp->xvec[i];
if (!xfrm_selector_match(&x->sel, &fl, family)) { if (!xfrm_selector_match(&x->sel, &fl, family)) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH); XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH);
return 0; return 0;
@ -3359,7 +3362,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
} }
if (!pol) { if (!pol) {
if (skb->sp && secpath_has_nontransport(skb->sp, 0, &xerr_idx)) { if (sp && secpath_has_nontransport(sp, 0, &xerr_idx)) {
xfrm_secpath_reject(xerr_idx, skb, &fl); xfrm_secpath_reject(xerr_idx, skb, &fl);
XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOPOLS); XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOPOLS);
return 0; return 0;
@ -3388,7 +3391,6 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
#endif #endif
if (pol->action == XFRM_POLICY_ALLOW) { if (pol->action == XFRM_POLICY_ALLOW) {
struct sec_path *sp;
static struct sec_path dummy; static struct sec_path dummy;
struct xfrm_tmpl *tp[XFRM_MAX_DEPTH]; struct xfrm_tmpl *tp[XFRM_MAX_DEPTH];
struct xfrm_tmpl *stp[XFRM_MAX_DEPTH]; struct xfrm_tmpl *stp[XFRM_MAX_DEPTH];
@ -3396,7 +3398,8 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
int ti = 0; int ti = 0;
int i, k; int i, k;
if ((sp = skb->sp) == NULL) sp = skb_sec_path(skb);
if (!sp)
sp = &dummy; sp = &dummy;
for (pi = 0; pi < npols; pi++) { for (pi = 0; pi < npols; pi++) {

View File

@ -230,7 +230,7 @@ static int selinux_xfrm_skb_sid_ingress(struct sk_buff *skb,
u32 *sid, int ckall) u32 *sid, int ckall)
{ {
u32 sid_session = SECSID_NULL; u32 sid_session = SECSID_NULL;
struct sec_path *sp = skb->sp; struct sec_path *sp = skb_sec_path(skb);
if (sp) { if (sp) {
int i; int i;
@ -408,7 +408,7 @@ int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb,
struct common_audit_data *ad) struct common_audit_data *ad)
{ {
int i; int i;
struct sec_path *sp = skb->sp; struct sec_path *sp = skb_sec_path(skb);
u32 peer_sid = SECINITSID_UNLABELED; u32 peer_sid = SECINITSID_UNLABELED;
if (sp) { if (sp) {