diff options
author | David S. Miller <davem@sunset.davemloft.net> | 2006-10-03 16:00:26 -0700 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-10-04 00:31:02 -0700 |
commit | ae8c05779ac2f286b872db9ebea0c3c0a031ad1e (patch) | |
tree | af273537fa57c67b706b41544bb22bba1dfb9374 /net | |
parent | 667bbcb6c099d1b74f95c6963ddf37a32e7afc29 (diff) | |
download | kernel-crypto-ae8c05779ac2f286b872db9ebea0c3c0a031ad1e.tar.gz kernel-crypto-ae8c05779ac2f286b872db9ebea0c3c0a031ad1e.tar.xz kernel-crypto-ae8c05779ac2f286b872db9ebea0c3c0a031ad1e.zip |
[XFRM]: Clearing xfrm_policy_count[] to zero during flush is incorrect.
When we flush policies, we do a type match so we might not
actually delete all policies matching a certain direction.
So keep track of how many policies we actually kill and
subtract that number from xfrm_policy_count[dir] at the
end.
Based upon a patch by Masahide NAKAMURA.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/xfrm/xfrm_policy.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index b6e2e79d726..2a7861661f1 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -778,8 +778,9 @@ void xfrm_policy_flush(u8 type) for (dir = 0; dir < XFRM_POLICY_MAX; dir++) { struct xfrm_policy *pol; struct hlist_node *entry; - int i; + int i, killed; + killed = 0; again1: hlist_for_each_entry(pol, entry, &xfrm_policy_inexact[dir], bydst) { @@ -790,6 +791,7 @@ void xfrm_policy_flush(u8 type) write_unlock_bh(&xfrm_policy_lock); xfrm_policy_kill(pol); + killed++; write_lock_bh(&xfrm_policy_lock); goto again1; @@ -807,13 +809,14 @@ void xfrm_policy_flush(u8 type) write_unlock_bh(&xfrm_policy_lock); xfrm_policy_kill(pol); + killed++; write_lock_bh(&xfrm_policy_lock); goto again2; } } - xfrm_policy_count[dir] = 0; + xfrm_policy_count[dir] -= killed; } atomic_inc(&flow_cache_genid); write_unlock_bh(&xfrm_policy_lock); |