xfrm: Revert false event eliding commits.
authorDavid S. Miller <davem@davemloft.net>
Wed, 17 Feb 2010 21:41:40 +0000 (13:41 -0800)
committerDavid S. Miller <davem@davemloft.net>
Wed, 17 Feb 2010 21:41:40 +0000 (13:41 -0800)
As reported by Alexey Dobriyan:

--------------------
setkey now takes several seconds to run this simple script
and it spits "recv: Resource temporarily unavailable" messages.

#!/usr/sbin/setkey -f
flush;
spdflush;

add A B ipcomp 44 -m tunnel -C deflate;
add B A ipcomp 45 -m tunnel -C deflate;

spdadd A B any -P in ipsec
        ipcomp/tunnel/192.168.1.2-192.168.1.3/use;
spdadd B A any -P out ipsec
        ipcomp/tunnel/192.168.1.3-192.168.1.2/use;
--------------------

Obviously applications want the events even when the table
is empty.  So we cannot make this behavioral change.

Signed-off-by: David S. Miller <davem@davemloft.net>
net/key/af_key.c
net/xfrm/xfrm_policy.c
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c

index 8b8e26a9e401dbf52086a6118f535106ada9b1cd..79d2c0f3c334e18c49f75c127a2fbedd194ab16a 100644 (file)
@@ -1751,7 +1751,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
        audit_info.secid = 0;
        err = xfrm_state_flush(net, proto, &audit_info);
        if (err)
-               return 0;
+               return err;
        c.data.proto = proto;
        c.seq = hdr->sadb_msg_seq;
        c.pid = hdr->sadb_msg_pid;
@@ -2713,7 +2713,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
        audit_info.secid = 0;
        err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
        if (err)
-               return 0;
+               return err;
        c.data.type = XFRM_POLICY_TYPE_MAIN;
        c.event = XFRM_MSG_FLUSHPOLICY;
        c.pid = hdr->sadb_msg_pid;
index cfceb6616ec1aec0f338aa002190463a91534142..2c5d93181f132e42b97d9fb15301850d13d5deeb 100644 (file)
@@ -771,8 +771,7 @@ xfrm_policy_flush_secctx_check(struct net *net, u8 type, struct xfrm_audit *audi
 
 int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
 {
-       int dir, err = 0, cnt = 0;
-       struct xfrm_policy *dp;
+       int dir, err = 0;
 
        write_lock_bh(&xfrm_policy_lock);
 
@@ -790,10 +789,8 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
                                     &net->xfrm.policy_inexact[dir], bydst) {
                        if (pol->type != type)
                                continue;
-                       dp = __xfrm_policy_unlink(pol, dir);
+                       __xfrm_policy_unlink(pol, dir);
                        write_unlock_bh(&xfrm_policy_lock);
-                       if (dp)
-                               cnt++;
 
                        xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,
                                                 audit_info->sessionid,
@@ -812,10 +809,8 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
                                             bydst) {
                                if (pol->type != type)
                                        continue;
-                               dp = __xfrm_policy_unlink(pol, dir);
+                               __xfrm_policy_unlink(pol, dir);
                                write_unlock_bh(&xfrm_policy_lock);
-                               if (dp)
-                                       cnt++;
 
                                xfrm_audit_policy_delete(pol, 1,
                                                         audit_info->loginuid,
@@ -829,8 +824,6 @@ int xfrm_policy_flush(struct net *net, u8 type, struct xfrm_audit *audit_info)
                }
 
        }
-       if (!cnt)
-               err = -ESRCH;
        atomic_inc(&flow_cache_genid);
 out:
        write_unlock_bh(&xfrm_policy_lock);
index 9fa3322b2a7dda786922f472b6a49a369c40f1ac..c9d6a5f1348d296a396288f233ef314ee76ccff9 100644 (file)
@@ -603,14 +603,13 @@ xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audi
 
 int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info)
 {
-       int i, err = 0, cnt = 0;
+       int i, err = 0;
 
        spin_lock_bh(&xfrm_state_lock);
        err = xfrm_state_flush_secctx_check(net, proto, audit_info);
        if (err)
                goto out;
 
-       err = -ESRCH;
        for (i = 0; i <= net->xfrm.state_hmask; i++) {
                struct hlist_node *entry;
                struct xfrm_state *x;
@@ -627,16 +626,13 @@ restart:
                                                        audit_info->sessionid,
                                                        audit_info->secid);
                                xfrm_state_put(x);
-                               if (!err)
-                                       cnt++;
 
                                spin_lock_bh(&xfrm_state_lock);
                                goto restart;
                        }
                }
        }
-       if (cnt)
-               err = 0;
+       err = 0;
 
 out:
        spin_unlock_bh(&xfrm_state_lock);
index b0fb7d3bc15ec6e078829d8599145bcdc134686c..943c8712bd971c6372d0326c3e428630c0981aa4 100644 (file)
@@ -1525,7 +1525,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
        audit_info.secid = NETLINK_CB(skb).sid;
        err = xfrm_state_flush(net, p->proto, &audit_info);
        if (err)
-               return 0;
+               return err;
        c.data.proto = p->proto;
        c.event = nlh->nlmsg_type;
        c.seq = nlh->nlmsg_seq;
@@ -1677,7 +1677,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
        audit_info.secid = NETLINK_CB(skb).sid;
        err = xfrm_policy_flush(net, type, &audit_info);
        if (err)
-               return 0;
+               return err;
        c.data.type = type;
        c.event = nlh->nlmsg_type;
        c.seq = nlh->nlmsg_seq;