xfrm: simplify SA initialization routine

SA replay mode is initialized differently for user-space and
kernel-space users, but the call to xfrm_init_replay() existed in
common path with boolean protection. That caused to situation where
we have two different function orders.

So let's rewrite the SA initialization flow to have same order for
both in-kernel and user-space callers.

Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index e1eed5d47d072592d6cf106b6eaa37247c0fbfd5..15997374a594cb7dc041a1758596245206598d92 100644 (file)
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1769,8 +1769,7 @@ void xfrm_spd_getinfo(struct net *net, struct xfrmk_spdinfo *si);
 u32 xfrm_replay_seqhi(struct xfrm_state *x, __be32 net_seq);
 int xfrm_init_replay(struct xfrm_state *x, struct netlink_ext_ack *extack);
 u32 xfrm_state_mtu(struct xfrm_state *x, int mtu);
-int __xfrm_init_state(struct xfrm_state *x, bool init_replay,
-                     struct netlink_ext_ack *extack);
+int __xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack);
 int xfrm_init_state(struct xfrm_state *x);
 int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type);
 int xfrm_input_resume(struct sk_buff *skb, int nexthdr);

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 69af5964c886c9e7e2d37ce288a069ffc5e6a8c7..7b102867114418b783ed6eae2680acae2c8a82ce 100644 (file)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -3120,8 +3120,7 @@ u32 xfrm_state_mtu(struct xfrm_state *x, int mtu)
 }
 EXPORT_SYMBOL_GPL(xfrm_state_mtu);
 
-int __xfrm_init_state(struct xfrm_state *x, bool init_replay,
-                     struct netlink_ext_ack *extack)
+int __xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
 {
        const struct xfrm_mode *inner_mode;
        const struct xfrm_mode *outer_mode;
@@ -3188,12 +3187,6 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay,
        }
 
        x->outer_mode = *outer_mode;
-       if (init_replay) {
-               err = xfrm_init_replay(x, extack);
-               if (err)
-                       goto error;
-       }
-
        if (x->nat_keepalive_interval) {
                if (x->dir != XFRM_SA_DIR_OUT) {
                        NL_SET_ERR_MSG(extack, "NAT keepalive is only supported for outbound SAs");
@@ -3225,11 +3218,16 @@ int xfrm_init_state(struct xfrm_state *x)
 {
        int err;
 
-       err = __xfrm_init_state(x, true, NULL);
-       if (!err)
-               x->km.state = XFRM_STATE_VALID;
+       err = __xfrm_init_state(x, NULL);
+       if (err)
+               return err;
 
-       return err;
+       err = xfrm_init_replay(x, NULL);
+       if (err)
+               return err;
+
+       x->km.state = XFRM_STATE_VALID;
+       return 0;
 }
 
 EXPORT_SYMBOL(xfrm_init_state);

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index b5266e0848e829358403810963b800f9657306c8..784a2d124749f5b31990a31ee48b916680046fb6 100644 (file)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -919,7 +919,7 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
                        goto error;
        }
 
-       err = __xfrm_init_state(x, false, extack);
+       err = __xfrm_init_state(x, extack);
        if (err)
                goto error;