Commit ee8372dd authored by Nicolas Dichtel's avatar Nicolas Dichtel Committed by David S. Miller

xfrm: invalidate dst on policy insertion/deletion

When a policy is inserted or deleted, all dst should be recalculated.
Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b42664f8
...@@ -585,6 +585,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) ...@@ -585,6 +585,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
xfrm_pol_hold(policy); xfrm_pol_hold(policy);
net->xfrm.policy_count[dir]++; net->xfrm.policy_count[dir]++;
atomic_inc(&flow_cache_genid); atomic_inc(&flow_cache_genid);
rt_genid_bump(net);
if (delpol) if (delpol)
__xfrm_policy_unlink(delpol, dir); __xfrm_policy_unlink(delpol, dir);
policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir); policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir);
......
...@@ -51,6 +51,7 @@ int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall); ...@@ -51,6 +51,7 @@ int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
static inline void selinux_xfrm_notify_policyload(void) static inline void selinux_xfrm_notify_policyload(void)
{ {
atomic_inc(&flow_cache_genid); atomic_inc(&flow_cache_genid);
rt_genid_bump(&init_net);
} }
#else #else
static inline int selinux_xfrm_enabled(void) static inline int selinux_xfrm_enabled(void)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment