xfrm: Try to honor policy index if it's supplied by user

xfrm code always searches for unused policy index for newly created policy regardless whether or not user space policy index hint supplied. This patch enables such feature so that using "ip xfrm ... index=xxx" can be used by user to set specific policy index. Currently this beahvior is broken, so this patch make it happen as expected. Signed-off-by: Fan Du <fan.du@windriver.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Fan Du <fan.du@windriver.com> 2013-11-07 17:47:48 +0800
committer: Steffen Klassert <steffen.klassert@secunet.com> 2013-12-06 06:45:05 +0100
commit: e682adf021be796940be6cc10c07be7f7398c220 (patch)
tree: 5dbb9c9ddef2e08945d3bcd73d391b0181bfc9eb /net/xfrm/xfrm_user.c
parent: d70f2cf520cf8c86c6b467fc5dcea524ec51dc2f (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index f964d4c00ff..4e0546e9bb0 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1189,6 +1189,8 @@ static int verify_policy_type(u8 type)
 
 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p)
 {
+	int ret;
+
 	switch (p->share) {
 	case XFRM_SHARE_ANY:
 	case XFRM_SHARE_SESSION:
@@ -1224,7 +1226,13 @@ static int verify_newpolicy_info(struct xfrm_userpolicy_info *p)
 		return -EINVAL;
 	}
 
-	return verify_policy_dir(p->dir);
+	ret = verify_policy_dir(p->dir);
+	if (ret)
+		return ret;
+	if (p->index && ((p->index & XFRM_POLICY_MAX) != p->dir))
+		return -EINVAL;
+
+	return 0;
 }
 
 static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct nlattr **attrs)
author	Fan Du <fan.du@windriver.com>	2013-11-07 17:47:48 +0800
committer	Steffen Klassert <steffen.klassert@secunet.com>	2013-12-06 06:45:05 +0100
commit	e682adf021be796940be6cc10c07be7f7398c220 (patch)
tree	5dbb9c9ddef2e08945d3bcd73d391b0181bfc9eb /net/xfrm/xfrm_user.c
parent	d70f2cf520cf8c86c6b467fc5dcea524ec51dc2f (diff)