aboutsummaryrefslogtreecommitdiffstats
path: root/net/key/af_key.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2014-04-18 16:23:46 +0900
committerSteffen Klassert <steffen.klassert@secunet.com>2014-04-22 10:47:53 +0200
commitf1370cc4a01e61007ab3020c761cef6b88ae3729 (patch)
treebee103f4c6398b978b47b1b6bba8e097c1e332aa /net/key/af_key.c
parent5a9d19ab76f98b7cdc97ba9724be01deba791bc0 (diff)
xfrm: Remove useless secid field from xfrm_audit.
It seems to me that commit ab5f5e8b "[XFRM]: xfrm audit calls" is doing something strange at xfrm_audit_helper_usrinfo(). If secid != 0 && security_secid_to_secctx(secid) != 0, the caller calls audit_log_task_context() which basically does secid != 0 && security_secid_to_secctx(secid) == 0 case except that secid is obtained from current thread's context. Oh, what happens if secid passed to xfrm_audit_helper_usrinfo() was obtained from other thread's context? It might audit current thread's context rather than other thread's context if security_secid_to_secctx() in xfrm_audit_helper_usrinfo() failed for some reason. Then, are all the caller of xfrm_audit_helper_usrinfo() passing either secid obtained from current thread's context or secid == 0? It seems to me that they are. If I didn't miss something, we don't need to pass secid to xfrm_audit_helper_usrinfo() because audit_log_task_context() will obtain secid from current thread's context. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/key/af_key.c')
-rw-r--r--net/key/af_key.c12
1 files changed, 5 insertions, 7 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c
index f3c83073afc4..d66ff72adefb 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1478,7 +1478,7 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, const struct sadb_msg
xfrm_audit_state_add(x, err ? 0 : 1,
audit_get_loginuid(current),
- audit_get_sessionid(current), 0);
+ audit_get_sessionid(current));
if (err < 0) {
x->km.state = XFRM_STATE_DEAD;
@@ -1534,7 +1534,7 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, const struct sadb_
out:
xfrm_audit_state_delete(x, err ? 0 : 1,
audit_get_loginuid(current),
- audit_get_sessionid(current), 0);
+ audit_get_sessionid(current));
xfrm_state_put(x);
return err;
@@ -1735,7 +1735,6 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, const struct sadb_m
audit_info.loginuid = audit_get_loginuid(current);
audit_info.sessionid = audit_get_sessionid(current);
- audit_info.secid = 0;
err = xfrm_state_flush(net, proto, &audit_info);
err2 = unicast_flush_resp(sk, hdr);
if (err || err2) {
@@ -2290,7 +2289,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, const struct sadb_
xfrm_audit_policy_add(xp, err ? 0 : 1,
audit_get_loginuid(current),
- audit_get_sessionid(current), 0);
+ audit_get_sessionid(current));
if (err)
goto out;
@@ -2374,7 +2373,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, const struct sa
xfrm_audit_policy_delete(xp, err ? 0 : 1,
audit_get_loginuid(current),
- audit_get_sessionid(current), 0);
+ audit_get_sessionid(current));
if (err)
goto out;
@@ -2624,7 +2623,7 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, const struct sadb_
if (delete) {
xfrm_audit_policy_delete(xp, err ? 0 : 1,
audit_get_loginuid(current),
- audit_get_sessionid(current), 0);
+ audit_get_sessionid(current));
if (err)
goto out;
@@ -2738,7 +2737,6 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, const struct sad
audit_info.loginuid = audit_get_loginuid(current);
audit_info.sessionid = audit_get_sessionid(current);
- audit_info.secid = 0;
err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
err2 = unicast_flush_resp(sk, hdr);
if (err || err2) {

Privacy Policy