change system file

hc

2024-10-09 244b2c5ca8b14627e4a17755e5922221e121c771

 kernel/net/ipv4/cipso_ipv4.c
..
..
@@ -1,3 +1,4 @@
1
+// SPDX-License-Identifier: GPL-2.0-or-later
1
2
 /*
2
3
  * CIPSO - Commercial IP Security Option
3
4
  *
..
..
@@ -9,30 +10,15 @@
9
10
  *
10
11
  * The CIPSO draft specification can be found in the kernel's Documentation
11
12
  * directory as well as the following URL:
12
- *   http://tools.ietf.org/id/draft-ietf-cipso-ipsecurity-01.txt
13
+ *   https://tools.ietf.org/id/draft-ietf-cipso-ipsecurity-01.txt
13
14
  * The FIPS-188 specification can be found at the following URL:
14
- *   http://www.itl.nist.gov/fipspubs/fip188.htm
15
+ *   https://www.itl.nist.gov/fipspubs/fip188.htm
15
16
  *
16
17
  * Author: Paul Moore <paul.moore@hp.com>
17
- *
18
18
  */
19
19
 
20
20
 /*
21
21
  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2008
22
- *
23
- * This program is free software;  you can redistribute it and/or modify
24
- * it under the terms of the GNU General Public License as published by
25
- * the Free Software Foundation; either version 2 of the License, or
26
- * (at your option) any later version.
27
- *
28
- * This program is distributed in the hope that it will be useful,
29
- * but WITHOUT ANY WARRANTY;  without even the implied warranty of
30
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
31
- * the GNU General Public License for more details.
32
- *
33
- * You should have received a copy of the GNU General Public License
34
- * along with this program;  if not, see <http://www.gnu.org/licenses/>.
35
- *
36
22
  */
37
23
 
38
24
 #include <linux/init.h>
..
..
@@ -254,7 +240,7 @@
254
240
 	struct cipso_v4_map_cache_entry *prev_entry = NULL;
255
241
 	u32 hash;
256
242
 
257
-	if (!cipso_v4_cache_enabled)
243
+	if (!READ_ONCE(cipso_v4_cache_enabled))
258
244
 		return -ENOENT;
259
245
 
260
246
 	hash = cipso_v4_map_cache_hash(key, key_len);
..
..
@@ -297,7 +283,7 @@
297
283
 
298
284
 /**
299
285
  * cipso_v4_cache_add - Add an entry to the CIPSO cache
300
- * @skb: the packet
286
+ * @cipso_ptr: pointer to CIPSO IP option
301
287
  * @secattr: the packet's security attributes
302
288
  *
303
289
  * Description:
..
..
@@ -311,13 +297,14 @@
311
297
 int cipso_v4_cache_add(const unsigned char *cipso_ptr,
312
298
 		       const struct netlbl_lsm_secattr *secattr)
313
299
 {
300
+	int bkt_size = READ_ONCE(cipso_v4_cache_bucketsize);
314
301
 	int ret_val = -EPERM;
315
302
 	u32 bkt;
316
303
 	struct cipso_v4_map_cache_entry *entry = NULL;
317
304
 	struct cipso_v4_map_cache_entry *old_entry = NULL;
318
305
 	u32 cipso_ptr_len;
319
306
 
320
-	if (!cipso_v4_cache_enabled || cipso_v4_cache_bucketsize <= 0)
307
+	if (!READ_ONCE(cipso_v4_cache_enabled) || bkt_size <= 0)
321
308
 		return 0;
322
309
 
323
310
 	cipso_ptr_len = cipso_ptr[1];
..
..
@@ -337,7 +324,7 @@
337
324
 
338
325
 	bkt = entry->hash & (CIPSO_V4_CACHE_BUCKETS - 1);
339
326
 	spin_lock_bh(&cipso_v4_cache[bkt].lock);
340
-	if (cipso_v4_cache[bkt].size < cipso_v4_cache_bucketsize) {
327
+	if (cipso_v4_cache[bkt].size < bkt_size) {
341
328
 		list_add(&entry->list, &cipso_v4_cache[bkt].list);
342
329
 		cipso_v4_cache[bkt].size += 1;
343
330
 	} else {
..
..
@@ -513,7 +500,7 @@
513
500
 /**
514
501
  * cipso_v4_doi_remove - Remove an existing DOI from the CIPSO protocol engine
515
502
  * @doi: the DOI value
516
- * @audit_secid: the LSM secid to use in the audit message
503
+ * @audit_info: NetLabel audit information
517
504
  *
518
505
  * Description:
519
506
  * Removes a DOI definition from the CIPSO engine.  The NetLabel routines will
..
..
@@ -1214,7 +1201,8 @@
1214
1201
 		/* This will send packets using the "optimized" format when
1215
1202
 		 * possible as specified in  section 3.4.2.6 of the
1216
1203
 		 * CIPSO draft. */
1217
-		if (cipso_v4_rbm_optfmt && ret_val > 0 && ret_val <= 10)
1204
+		if (READ_ONCE(cipso_v4_rbm_optfmt) && ret_val > 0 &&
1205
+		    ret_val <= 10)
1218
1206
 			tag_len = 14;
1219
1207
 		else
1220
1208
 			tag_len = 4 + ret_val;
..
..
@@ -1541,6 +1529,7 @@
1541
1529
 
1542
1530
 /**
1543
1531
  * cipso_v4_validate - Validate a CIPSO option
1532
+ * @skb: the packet
1544
1533
  * @option: the start of the option, on error it is set to point to the error
1545
1534
  *
1546
1535
  * Description:
..
..
@@ -1617,7 +1606,7 @@
1617
1606
 			 * all the CIPSO validations here but it doesn't
1618
1607
 			 * really specify _exactly_ what we need to validate
1619
1608
 			 * ... so, just make it a sysctl tunable. */
1620
-			if (cipso_v4_rbm_strictvalid) {
1609
+			if (READ_ONCE(cipso_v4_rbm_strictvalid)) {
1621
1610
 				if (cipso_v4_map_lvl_valid(doi_def,
1622
1611
 							   tag[3]) < 0) {
1623
1612
 					err_offset = opt_iter + 3;
..
..
@@ -2072,7 +2061,7 @@
2072
2061
 
2073
2062
 /**
2074
2063
  * cipso_v4_req_delattr - Delete the CIPSO option from a request socket
2075
- * @reg: the request socket
2064
+ * @req: the request socket
2076
2065
  *
2077
2066
  * Description:
2078
2067
  * Removes the CIPSO option from a request socket, if present.
..
..
@@ -2164,6 +2153,7 @@
2164
2153
 /**
2165
2154
  * cipso_v4_skbuff_setattr - Set the CIPSO option on a packet
2166
2155
  * @skb: the packet
2156
+ * @doi_def: the DOI structure
2167
2157
  * @secattr: the security attributes
2168
2158
  *
2169
2159
  * Description: