xfrm: invalidate dst on policy insertion/deletion

author Nicolas Dichtel <nicolas.dichtel@6wind.com>

Mon, 10 Sep 2012 22:09:45 +0000 (22:09 +0000)

committer David S. Miller <davem@davemloft.net>

Tue, 18 Sep 2012 19:57:03 +0000 (15:57 -0400)
author Nicolas Dichtel <nicolas.dichtel@6wind.com>
Mon, 10 Sep 2012 22:09:45 +0000 (22:09 +0000)
committer David S. Miller <davem@davemloft.net>
Tue, 18 Sep 2012 19:57:03 +0000 (15:57 -0400)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c

index 5a2aa17e4d3c4a3667783266ddbb8992a3eff6bd..ab2ce7d5152d02803e81f149a3b496c738715f2d 100644 (file)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -585,6 +585,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
         xfrm_pol_hold(policy);
         net->xfrm.policy_count[dir]++;
         atomic_inc(&flow_cache_genid);
+       rt_genid_bump(net);
         if (delpol)
                 __xfrm_policy_unlink(delpol, dir);
         policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir);
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h

index c220f314709cc1345792e4a4ddab28cd63a23177..65f67cb0aefb22f323d8048c140417555c273c9d 100644 (file)
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -51,6 +51,7 @@ int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
  static inline void selinux_xfrm_notify_policyload(void)
  {
         atomic_inc(&flow_cache_genid);
+       rt_genid_bump(&init_net);
  }
  #else
  static inline int selinux_xfrm_enabled(void)
author	Nicolas Dichtel <nicolas.dichtel@6wind.com>
	Mon, 10 Sep 2012 22:09:45 +0000 (22:09 +0000)
committer	David S. Miller <davem@davemloft.net>
	Tue, 18 Sep 2012 19:57:03 +0000 (15:57 -0400)
net/xfrm/xfrm_policy.c		patch \| blob \| history
security/selinux/include/xfrm.h		patch \| blob \| history