Commit | Line | Data |
---|---|---|
1ccea77e | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
d15c345f PM |
2 | /* |
3 | * NetLabel Domain Hash Table | |
4 | * | |
5 | * This file manages the domain hash table that NetLabel uses to determine | |
6 | * which network labeling protocol to use for a given domain. The NetLabel | |
7 | * system manages static and dynamic label mappings for network protocols such | |
8 | * as CIPSO and RIPSO. | |
9 | * | |
82c21bfa | 10 | * Author: Paul Moore <paul@paul-moore.com> |
d15c345f PM |
11 | */ |
12 | ||
13 | /* | |
63c41688 | 14 | * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2008 |
d15c345f PM |
15 | */ |
16 | ||
17 | #include <linux/types.h> | |
82524746 | 18 | #include <linux/rculist.h> |
d15c345f PM |
19 | #include <linux/skbuff.h> |
20 | #include <linux/spinlock.h> | |
21 | #include <linux/string.h> | |
32f50cde | 22 | #include <linux/audit.h> |
5a0e3ad6 | 23 | #include <linux/slab.h> |
d15c345f PM |
24 | #include <net/netlabel.h> |
25 | #include <net/cipso_ipv4.h> | |
dc7de73f | 26 | #include <net/calipso.h> |
d15c345f PM |
27 | #include <asm/bug.h> |
28 | ||
29 | #include "netlabel_mgmt.h" | |
63c41688 | 30 | #include "netlabel_addrlist.h" |
dc7de73f | 31 | #include "netlabel_calipso.h" |
d15c345f | 32 | #include "netlabel_domainhash.h" |
32f50cde | 33 | #include "netlabel_user.h" |
d15c345f PM |
34 | |
35 | struct netlbl_domhsh_tbl { | |
36 | struct list_head *tbl; | |
37 | u32 size; | |
38 | }; | |
39 | ||
40 | /* Domain hash table */ | |
b914f3a2 PM |
41 | /* updates should be so rare that having one spinlock for the entire hash table |
42 | * should be okay */ | |
8ce11e6a | 43 | static DEFINE_SPINLOCK(netlbl_domhsh_lock); |
b914f3a2 | 44 | #define netlbl_domhsh_rcu_deref(p) \ |
d8bf4ca9 | 45 | rcu_dereference_check(p, lockdep_is_held(&netlbl_domhsh_lock)) |
96a8f7f8 | 46 | static struct netlbl_domhsh_tbl __rcu *netlbl_domhsh; |
8f18e675 HD |
47 | static struct netlbl_dom_map __rcu *netlbl_domhsh_def_ipv4; |
48 | static struct netlbl_dom_map __rcu *netlbl_domhsh_def_ipv6; | |
d15c345f PM |
49 | |
50 | /* | |
51 | * Domain Hash Table Helper Functions | |
52 | */ | |
53 | ||
54 | /** | |
55 | * netlbl_domhsh_free_entry - Frees a domain hash table entry | |
56 | * @entry: the entry's RCU field | |
57 | * | |
58 | * Description: | |
59 | * This function is designed to be used as a callback to the call_rcu() | |
60 | * function so that the memory allocated to a hash table entry can be released | |
61 | * safely. | |
62 | * | |
63 | */ | |
64 | static void netlbl_domhsh_free_entry(struct rcu_head *entry) | |
65 | { | |
66 | struct netlbl_dom_map *ptr; | |
63c41688 PM |
67 | struct netlbl_af4list *iter4; |
68 | struct netlbl_af4list *tmp4; | |
dfd56b8b | 69 | #if IS_ENABLED(CONFIG_IPV6) |
63c41688 PM |
70 | struct netlbl_af6list *iter6; |
71 | struct netlbl_af6list *tmp6; | |
72 | #endif /* IPv6 */ | |
d15c345f PM |
73 | |
74 | ptr = container_of(entry, struct netlbl_dom_map, rcu); | |
6a8b7f0c | 75 | if (ptr->def.type == NETLBL_NLTYPE_ADDRSELECT) { |
63c41688 | 76 | netlbl_af4list_foreach_safe(iter4, tmp4, |
6a8b7f0c | 77 | &ptr->def.addrsel->list4) { |
63c41688 PM |
78 | netlbl_af4list_remove_entry(iter4); |
79 | kfree(netlbl_domhsh_addr4_entry(iter4)); | |
80 | } | |
dfd56b8b | 81 | #if IS_ENABLED(CONFIG_IPV6) |
63c41688 | 82 | netlbl_af6list_foreach_safe(iter6, tmp6, |
6a8b7f0c | 83 | &ptr->def.addrsel->list6) { |
63c41688 PM |
84 | netlbl_af6list_remove_entry(iter6); |
85 | kfree(netlbl_domhsh_addr6_entry(iter6)); | |
86 | } | |
87 | #endif /* IPv6 */ | |
88 | } | |
d15c345f PM |
89 | kfree(ptr->domain); |
90 | kfree(ptr); | |
91 | } | |
92 | ||
93 | /** | |
94 | * netlbl_domhsh_hash - Hashing function for the domain hash table | |
95 | * @domain: the domain name to hash | |
96 | * | |
97 | * Description: | |
98 | * This is the hashing function for the domain hash table, it returns the | |
25985edc | 99 | * correct bucket number for the domain. The caller is responsible for |
b914f3a2 PM |
100 | * ensuring that the hash table is protected with either a RCU read lock or the |
101 | * hash table lock. | |
d15c345f PM |
102 | * |
103 | */ | |
104 | static u32 netlbl_domhsh_hash(const char *key) | |
105 | { | |
106 | u32 iter; | |
107 | u32 val; | |
108 | u32 len; | |
109 | ||
110 | /* This is taken (with slight modification) from | |
111 | * security/selinux/ss/symtab.c:symhash() */ | |
112 | ||
113 | for (iter = 0, val = 0, len = strlen(key); iter < len; iter++) | |
114 | val = (val << 4 | (val >> (8 * sizeof(u32) - 4))) ^ key[iter]; | |
b914f3a2 | 115 | return val & (netlbl_domhsh_rcu_deref(netlbl_domhsh)->size - 1); |
d15c345f PM |
116 | } |
117 | ||
8f18e675 HD |
118 | static bool netlbl_family_match(u16 f1, u16 f2) |
119 | { | |
120 | return (f1 == f2) || (f1 == AF_UNSPEC) || (f2 == AF_UNSPEC); | |
121 | } | |
122 | ||
d15c345f PM |
123 | /** |
124 | * netlbl_domhsh_search - Search for a domain entry | |
125 | * @domain: the domain | |
8f18e675 | 126 | * @family: the address family |
d15c345f PM |
127 | * |
128 | * Description: | |
129 | * Searches the domain hash table and returns a pointer to the hash table | |
8f18e675 HD |
130 | * entry if found, otherwise NULL is returned. @family may be %AF_UNSPEC |
131 | * which matches any address family entries. The caller is responsible for | |
b914f3a2 PM |
132 | * ensuring that the hash table is protected with either a RCU read lock or the |
133 | * hash table lock. | |
d15c345f PM |
134 | * |
135 | */ | |
8f18e675 HD |
136 | static struct netlbl_dom_map *netlbl_domhsh_search(const char *domain, |
137 | u16 family) | |
d15c345f PM |
138 | { |
139 | u32 bkt; | |
56196701 | 140 | struct list_head *bkt_list; |
d15c345f PM |
141 | struct netlbl_dom_map *iter; |
142 | ||
143 | if (domain != NULL) { | |
144 | bkt = netlbl_domhsh_hash(domain); | |
b914f3a2 | 145 | bkt_list = &netlbl_domhsh_rcu_deref(netlbl_domhsh)->tbl[bkt]; |
56196701 | 146 | list_for_each_entry_rcu(iter, bkt_list, list) |
8f18e675 HD |
147 | if (iter->valid && |
148 | netlbl_family_match(iter->family, family) && | |
149 | strcmp(iter->domain, domain) == 0) | |
d15c345f PM |
150 | return iter; |
151 | } | |
152 | ||
b64397e0 PM |
153 | return NULL; |
154 | } | |
155 | ||
156 | /** | |
157 | * netlbl_domhsh_search_def - Search for a domain entry | |
158 | * @domain: the domain | |
8f18e675 | 159 | * @family: the address family |
b64397e0 PM |
160 | * |
161 | * Description: | |
162 | * Searches the domain hash table and returns a pointer to the hash table | |
163 | * entry if an exact match is found, if an exact match is not present in the | |
164 | * hash table then the default entry is returned if valid otherwise NULL is | |
8f18e675 HD |
165 | * returned. @family may be %AF_UNSPEC which matches any address family |
166 | * entries. The caller is responsible ensuring that the hash table is | |
b914f3a2 | 167 | * protected with either a RCU read lock or the hash table lock. |
b64397e0 PM |
168 | * |
169 | */ | |
8f18e675 HD |
170 | static struct netlbl_dom_map *netlbl_domhsh_search_def(const char *domain, |
171 | u16 family) | |
b64397e0 PM |
172 | { |
173 | struct netlbl_dom_map *entry; | |
174 | ||
8f18e675 HD |
175 | entry = netlbl_domhsh_search(domain, family); |
176 | if (entry != NULL) | |
177 | return entry; | |
178 | if (family == AF_INET || family == AF_UNSPEC) { | |
179 | entry = netlbl_domhsh_rcu_deref(netlbl_domhsh_def_ipv4); | |
180 | if (entry != NULL && entry->valid) | |
181 | return entry; | |
182 | } | |
183 | if (family == AF_INET6 || family == AF_UNSPEC) { | |
184 | entry = netlbl_domhsh_rcu_deref(netlbl_domhsh_def_ipv6); | |
185 | if (entry != NULL && entry->valid) | |
186 | return entry; | |
d15c345f PM |
187 | } |
188 | ||
8f18e675 | 189 | return NULL; |
d15c345f PM |
190 | } |
191 | ||
63c41688 PM |
192 | /** |
193 | * netlbl_domhsh_audit_add - Generate an audit entry for an add event | |
194 | * @entry: the entry being added | |
195 | * @addr4: the IPv4 address information | |
196 | * @addr6: the IPv6 address information | |
197 | * @result: the result code | |
198 | * @audit_info: NetLabel audit information | |
199 | * | |
200 | * Description: | |
201 | * Generate an audit record for adding a new NetLabel/LSM mapping entry with | |
25985edc | 202 | * the given information. Caller is responsible for holding the necessary |
63c41688 PM |
203 | * locks. |
204 | * | |
205 | */ | |
206 | static void netlbl_domhsh_audit_add(struct netlbl_dom_map *entry, | |
207 | struct netlbl_af4list *addr4, | |
208 | struct netlbl_af6list *addr6, | |
209 | int result, | |
210 | struct netlbl_audit *audit_info) | |
211 | { | |
212 | struct audit_buffer *audit_buf; | |
213 | struct cipso_v4_doi *cipsov4 = NULL; | |
dc7de73f | 214 | struct calipso_doi *calipso = NULL; |
63c41688 PM |
215 | u32 type; |
216 | ||
217 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD, audit_info); | |
218 | if (audit_buf != NULL) { | |
219 | audit_log_format(audit_buf, " nlbl_domain=%s", | |
220 | entry->domain ? entry->domain : "(default)"); | |
221 | if (addr4 != NULL) { | |
222 | struct netlbl_domaddr4_map *map4; | |
223 | map4 = netlbl_domhsh_addr4_entry(addr4); | |
6a8b7f0c PM |
224 | type = map4->def.type; |
225 | cipsov4 = map4->def.cipso; | |
63c41688 PM |
226 | netlbl_af4list_audit_addr(audit_buf, 0, NULL, |
227 | addr4->addr, addr4->mask); | |
dfd56b8b | 228 | #if IS_ENABLED(CONFIG_IPV6) |
63c41688 PM |
229 | } else if (addr6 != NULL) { |
230 | struct netlbl_domaddr6_map *map6; | |
231 | map6 = netlbl_domhsh_addr6_entry(addr6); | |
6a8b7f0c | 232 | type = map6->def.type; |
dc7de73f | 233 | calipso = map6->def.calipso; |
63c41688 PM |
234 | netlbl_af6list_audit_addr(audit_buf, 0, NULL, |
235 | &addr6->addr, &addr6->mask); | |
236 | #endif /* IPv6 */ | |
237 | } else { | |
6a8b7f0c PM |
238 | type = entry->def.type; |
239 | cipsov4 = entry->def.cipso; | |
dc7de73f | 240 | calipso = entry->def.calipso; |
63c41688 PM |
241 | } |
242 | switch (type) { | |
243 | case NETLBL_NLTYPE_UNLABELED: | |
244 | audit_log_format(audit_buf, " nlbl_protocol=unlbl"); | |
245 | break; | |
246 | case NETLBL_NLTYPE_CIPSOV4: | |
247 | BUG_ON(cipsov4 == NULL); | |
248 | audit_log_format(audit_buf, | |
249 | " nlbl_protocol=cipsov4 cipso_doi=%u", | |
250 | cipsov4->doi); | |
251 | break; | |
dc7de73f HD |
252 | case NETLBL_NLTYPE_CALIPSO: |
253 | BUG_ON(calipso == NULL); | |
254 | audit_log_format(audit_buf, | |
255 | " nlbl_protocol=calipso calipso_doi=%u", | |
256 | calipso->doi); | |
257 | break; | |
63c41688 PM |
258 | } |
259 | audit_log_format(audit_buf, " res=%u", result == 0 ? 1 : 0); | |
260 | audit_log_end(audit_buf); | |
261 | } | |
262 | } | |
263 | ||
6b21e1b7 PM |
264 | /** |
265 | * netlbl_domhsh_validate - Validate a new domain mapping entry | |
266 | * @entry: the entry to validate | |
267 | * | |
268 | * This function validates the new domain mapping entry to ensure that it is | |
269 | * a valid entry. Returns zero on success, negative values on failure. | |
270 | * | |
271 | */ | |
272 | static int netlbl_domhsh_validate(const struct netlbl_dom_map *entry) | |
273 | { | |
274 | struct netlbl_af4list *iter4; | |
275 | struct netlbl_domaddr4_map *map4; | |
276 | #if IS_ENABLED(CONFIG_IPV6) | |
277 | struct netlbl_af6list *iter6; | |
278 | struct netlbl_domaddr6_map *map6; | |
279 | #endif /* IPv6 */ | |
280 | ||
281 | if (entry == NULL) | |
282 | return -EINVAL; | |
283 | ||
8f18e675 HD |
284 | if (entry->family != AF_INET && entry->family != AF_INET6 && |
285 | (entry->family != AF_UNSPEC || | |
286 | entry->def.type != NETLBL_NLTYPE_UNLABELED)) | |
287 | return -EINVAL; | |
288 | ||
6a8b7f0c | 289 | switch (entry->def.type) { |
6b21e1b7 | 290 | case NETLBL_NLTYPE_UNLABELED: |
dc7de73f HD |
291 | if (entry->def.cipso != NULL || entry->def.calipso != NULL || |
292 | entry->def.addrsel != NULL) | |
6b21e1b7 PM |
293 | return -EINVAL; |
294 | break; | |
295 | case NETLBL_NLTYPE_CIPSOV4: | |
8f18e675 HD |
296 | if (entry->family != AF_INET || |
297 | entry->def.cipso == NULL) | |
6b21e1b7 PM |
298 | return -EINVAL; |
299 | break; | |
dc7de73f HD |
300 | case NETLBL_NLTYPE_CALIPSO: |
301 | if (entry->family != AF_INET6 || | |
302 | entry->def.calipso == NULL) | |
303 | return -EINVAL; | |
304 | break; | |
6b21e1b7 | 305 | case NETLBL_NLTYPE_ADDRSELECT: |
6a8b7f0c | 306 | netlbl_af4list_foreach(iter4, &entry->def.addrsel->list4) { |
6b21e1b7 | 307 | map4 = netlbl_domhsh_addr4_entry(iter4); |
6a8b7f0c | 308 | switch (map4->def.type) { |
6b21e1b7 | 309 | case NETLBL_NLTYPE_UNLABELED: |
6a8b7f0c | 310 | if (map4->def.cipso != NULL) |
6b21e1b7 PM |
311 | return -EINVAL; |
312 | break; | |
313 | case NETLBL_NLTYPE_CIPSOV4: | |
6a8b7f0c | 314 | if (map4->def.cipso == NULL) |
6b21e1b7 PM |
315 | return -EINVAL; |
316 | break; | |
317 | default: | |
318 | return -EINVAL; | |
319 | } | |
320 | } | |
321 | #if IS_ENABLED(CONFIG_IPV6) | |
6a8b7f0c | 322 | netlbl_af6list_foreach(iter6, &entry->def.addrsel->list6) { |
6b21e1b7 | 323 | map6 = netlbl_domhsh_addr6_entry(iter6); |
6a8b7f0c | 324 | switch (map6->def.type) { |
6b21e1b7 | 325 | case NETLBL_NLTYPE_UNLABELED: |
dc7de73f HD |
326 | if (map6->def.calipso != NULL) |
327 | return -EINVAL; | |
328 | break; | |
329 | case NETLBL_NLTYPE_CALIPSO: | |
330 | if (map6->def.calipso == NULL) | |
331 | return -EINVAL; | |
6b21e1b7 PM |
332 | break; |
333 | default: | |
334 | return -EINVAL; | |
335 | } | |
336 | } | |
337 | #endif /* IPv6 */ | |
338 | break; | |
339 | default: | |
340 | return -EINVAL; | |
341 | } | |
342 | ||
343 | return 0; | |
344 | } | |
345 | ||
d15c345f PM |
346 | /* |
347 | * Domain Hash Table Functions | |
348 | */ | |
349 | ||
350 | /** | |
351 | * netlbl_domhsh_init - Init for the domain hash | |
352 | * @size: the number of bits to use for the hash buckets | |
353 | * | |
354 | * Description: | |
355 | * Initializes the domain hash table, should be called only by | |
356 | * netlbl_user_init() during initialization. Returns zero on success, non-zero | |
357 | * values on error. | |
358 | * | |
359 | */ | |
05705e4e | 360 | int __init netlbl_domhsh_init(u32 size) |
d15c345f PM |
361 | { |
362 | u32 iter; | |
363 | struct netlbl_domhsh_tbl *hsh_tbl; | |
364 | ||
365 | if (size == 0) | |
366 | return -EINVAL; | |
367 | ||
368 | hsh_tbl = kmalloc(sizeof(*hsh_tbl), GFP_KERNEL); | |
369 | if (hsh_tbl == NULL) | |
370 | return -ENOMEM; | |
371 | hsh_tbl->size = 1 << size; | |
372 | hsh_tbl->tbl = kcalloc(hsh_tbl->size, | |
373 | sizeof(struct list_head), | |
374 | GFP_KERNEL); | |
375 | if (hsh_tbl->tbl == NULL) { | |
376 | kfree(hsh_tbl); | |
377 | return -ENOMEM; | |
378 | } | |
379 | for (iter = 0; iter < hsh_tbl->size; iter++) | |
380 | INIT_LIST_HEAD(&hsh_tbl->tbl[iter]); | |
381 | ||
d15c345f | 382 | spin_lock(&netlbl_domhsh_lock); |
cf778b00 | 383 | rcu_assign_pointer(netlbl_domhsh, hsh_tbl); |
d15c345f | 384 | spin_unlock(&netlbl_domhsh_lock); |
d15c345f PM |
385 | |
386 | return 0; | |
387 | } | |
388 | ||
389 | /** | |
390 | * netlbl_domhsh_add - Adds a entry to the domain hash table | |
391 | * @entry: the entry to add | |
95d4e6be | 392 | * @audit_info: NetLabel audit information |
d15c345f PM |
393 | * |
394 | * Description: | |
395 | * Adds a new entry to the domain hash table and handles any updates to the | |
8f18e675 HD |
396 | * lower level protocol handler (i.e. CIPSO). @entry->family may be set to |
397 | * %AF_UNSPEC which will add an entry that matches all address families. This | |
398 | * is only useful for the unlabelled type and will only succeed if there is no | |
399 | * existing entry for any address family with the same domain. Returns zero | |
400 | * on success, negative on failure. | |
d15c345f PM |
401 | * |
402 | */ | |
95d4e6be PM |
403 | int netlbl_domhsh_add(struct netlbl_dom_map *entry, |
404 | struct netlbl_audit *audit_info) | |
d15c345f | 405 | { |
63c41688 | 406 | int ret_val = 0; |
8f18e675 | 407 | struct netlbl_dom_map *entry_old, *entry_b; |
63c41688 PM |
408 | struct netlbl_af4list *iter4; |
409 | struct netlbl_af4list *tmp4; | |
dfd56b8b | 410 | #if IS_ENABLED(CONFIG_IPV6) |
63c41688 PM |
411 | struct netlbl_af6list *iter6; |
412 | struct netlbl_af6list *tmp6; | |
413 | #endif /* IPv6 */ | |
d15c345f | 414 | |
6b21e1b7 PM |
415 | ret_val = netlbl_domhsh_validate(entry); |
416 | if (ret_val != 0) | |
417 | return ret_val; | |
418 | ||
b914f3a2 PM |
419 | /* XXX - we can remove this RCU read lock as the spinlock protects the |
420 | * entire function, but before we do we need to fixup the | |
421 | * netlbl_af[4,6]list RCU functions to do "the right thing" with | |
422 | * respect to rcu_dereference() when only a spinlock is held. */ | |
d15c345f | 423 | rcu_read_lock(); |
1c3fad93 | 424 | spin_lock(&netlbl_domhsh_lock); |
63c41688 | 425 | if (entry->domain != NULL) |
8f18e675 | 426 | entry_old = netlbl_domhsh_search(entry->domain, entry->family); |
63c41688 | 427 | else |
8f18e675 HD |
428 | entry_old = netlbl_domhsh_search_def(entry->domain, |
429 | entry->family); | |
63c41688 PM |
430 | if (entry_old == NULL) { |
431 | entry->valid = 1; | |
63c41688 PM |
432 | |
433 | if (entry->domain != NULL) { | |
434 | u32 bkt = netlbl_domhsh_hash(entry->domain); | |
d15c345f | 435 | list_add_tail_rcu(&entry->list, |
3482fd90 | 436 | &rcu_dereference(netlbl_domhsh)->tbl[bkt]); |
63c41688 PM |
437 | } else { |
438 | INIT_LIST_HEAD(&entry->list); | |
8f18e675 HD |
439 | switch (entry->family) { |
440 | case AF_INET: | |
441 | rcu_assign_pointer(netlbl_domhsh_def_ipv4, | |
442 | entry); | |
443 | break; | |
444 | case AF_INET6: | |
445 | rcu_assign_pointer(netlbl_domhsh_def_ipv6, | |
446 | entry); | |
447 | break; | |
448 | case AF_UNSPEC: | |
449 | if (entry->def.type != | |
450 | NETLBL_NLTYPE_UNLABELED) { | |
451 | ret_val = -EINVAL; | |
452 | goto add_return; | |
453 | } | |
454 | entry_b = kzalloc(sizeof(*entry_b), GFP_ATOMIC); | |
455 | if (entry_b == NULL) { | |
456 | ret_val = -ENOMEM; | |
457 | goto add_return; | |
458 | } | |
459 | entry_b->family = AF_INET6; | |
460 | entry_b->def.type = NETLBL_NLTYPE_UNLABELED; | |
461 | entry_b->valid = 1; | |
462 | entry->family = AF_INET; | |
463 | rcu_assign_pointer(netlbl_domhsh_def_ipv4, | |
464 | entry); | |
465 | rcu_assign_pointer(netlbl_domhsh_def_ipv6, | |
466 | entry_b); | |
467 | break; | |
468 | default: | |
469 | /* Already checked in | |
470 | * netlbl_domhsh_validate(). */ | |
471 | ret_val = -EINVAL; | |
472 | goto add_return; | |
473 | } | |
de64688f | 474 | } |
d15c345f | 475 | |
6a8b7f0c | 476 | if (entry->def.type == NETLBL_NLTYPE_ADDRSELECT) { |
63c41688 | 477 | netlbl_af4list_foreach_rcu(iter4, |
6a8b7f0c | 478 | &entry->def.addrsel->list4) |
63c41688 PM |
479 | netlbl_domhsh_audit_add(entry, iter4, NULL, |
480 | ret_val, audit_info); | |
dfd56b8b | 481 | #if IS_ENABLED(CONFIG_IPV6) |
63c41688 | 482 | netlbl_af6list_foreach_rcu(iter6, |
6a8b7f0c | 483 | &entry->def.addrsel->list6) |
63c41688 PM |
484 | netlbl_domhsh_audit_add(entry, NULL, iter6, |
485 | ret_val, audit_info); | |
486 | #endif /* IPv6 */ | |
487 | } else | |
488 | netlbl_domhsh_audit_add(entry, NULL, NULL, | |
489 | ret_val, audit_info); | |
6a8b7f0c PM |
490 | } else if (entry_old->def.type == NETLBL_NLTYPE_ADDRSELECT && |
491 | entry->def.type == NETLBL_NLTYPE_ADDRSELECT) { | |
63c41688 PM |
492 | struct list_head *old_list4; |
493 | struct list_head *old_list6; | |
494 | ||
6a8b7f0c PM |
495 | old_list4 = &entry_old->def.addrsel->list4; |
496 | old_list6 = &entry_old->def.addrsel->list6; | |
63c41688 PM |
497 | |
498 | /* we only allow the addition of address selectors if all of | |
499 | * the selectors do not exist in the existing domain map */ | |
6a8b7f0c | 500 | netlbl_af4list_foreach_rcu(iter4, &entry->def.addrsel->list4) |
63c41688 PM |
501 | if (netlbl_af4list_search_exact(iter4->addr, |
502 | iter4->mask, | |
503 | old_list4)) { | |
504 | ret_val = -EEXIST; | |
505 | goto add_return; | |
506 | } | |
dfd56b8b | 507 | #if IS_ENABLED(CONFIG_IPV6) |
6a8b7f0c | 508 | netlbl_af6list_foreach_rcu(iter6, &entry->def.addrsel->list6) |
63c41688 PM |
509 | if (netlbl_af6list_search_exact(&iter6->addr, |
510 | &iter6->mask, | |
511 | old_list6)) { | |
512 | ret_val = -EEXIST; | |
513 | goto add_return; | |
514 | } | |
515 | #endif /* IPv6 */ | |
516 | ||
517 | netlbl_af4list_foreach_safe(iter4, tmp4, | |
6a8b7f0c | 518 | &entry->def.addrsel->list4) { |
63c41688 PM |
519 | netlbl_af4list_remove_entry(iter4); |
520 | iter4->valid = 1; | |
521 | ret_val = netlbl_af4list_add(iter4, old_list4); | |
522 | netlbl_domhsh_audit_add(entry_old, iter4, NULL, | |
523 | ret_val, audit_info); | |
524 | if (ret_val != 0) | |
525 | goto add_return; | |
526 | } | |
dfd56b8b | 527 | #if IS_ENABLED(CONFIG_IPV6) |
63c41688 | 528 | netlbl_af6list_foreach_safe(iter6, tmp6, |
6a8b7f0c | 529 | &entry->def.addrsel->list6) { |
63c41688 PM |
530 | netlbl_af6list_remove_entry(iter6); |
531 | iter6->valid = 1; | |
532 | ret_val = netlbl_af6list_add(iter6, old_list6); | |
533 | netlbl_domhsh_audit_add(entry_old, NULL, iter6, | |
534 | ret_val, audit_info); | |
535 | if (ret_val != 0) | |
536 | goto add_return; | |
537 | } | |
538 | #endif /* IPv6 */ | |
539 | } else | |
540 | ret_val = -EINVAL; | |
541 | ||
542 | add_return: | |
543 | spin_unlock(&netlbl_domhsh_lock); | |
544 | rcu_read_unlock(); | |
d15c345f PM |
545 | return ret_val; |
546 | } | |
547 | ||
548 | /** | |
549 | * netlbl_domhsh_add_default - Adds the default entry to the domain hash table | |
550 | * @entry: the entry to add | |
95d4e6be | 551 | * @audit_info: NetLabel audit information |
d15c345f PM |
552 | * |
553 | * Description: | |
554 | * Adds a new default entry to the domain hash table and handles any updates | |
555 | * to the lower level protocol handler (i.e. CIPSO). Returns zero on success, | |
556 | * negative on failure. | |
557 | * | |
558 | */ | |
95d4e6be PM |
559 | int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, |
560 | struct netlbl_audit *audit_info) | |
d15c345f | 561 | { |
95d4e6be | 562 | return netlbl_domhsh_add(entry, audit_info); |
d15c345f PM |
563 | } |
564 | ||
565 | /** | |
b1edeb10 PM |
566 | * netlbl_domhsh_remove_entry - Removes a given entry from the domain table |
567 | * @entry: the entry to remove | |
95d4e6be | 568 | * @audit_info: NetLabel audit information |
d15c345f PM |
569 | * |
570 | * Description: | |
571 | * Removes an entry from the domain hash table and handles any updates to the | |
b1edeb10 PM |
572 | * lower level protocol handler (i.e. CIPSO). Caller is responsible for |
573 | * ensuring that the RCU read lock is held. Returns zero on success, negative | |
574 | * on failure. | |
d15c345f PM |
575 | * |
576 | */ | |
b1edeb10 PM |
577 | int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry, |
578 | struct netlbl_audit *audit_info) | |
d15c345f | 579 | { |
b1edeb10 | 580 | int ret_val = 0; |
32f50cde | 581 | struct audit_buffer *audit_buf; |
d15c345f | 582 | |
d15c345f | 583 | if (entry == NULL) |
b1edeb10 PM |
584 | return -ENOENT; |
585 | ||
1c3fad93 PM |
586 | spin_lock(&netlbl_domhsh_lock); |
587 | if (entry->valid) { | |
588 | entry->valid = 0; | |
8f18e675 HD |
589 | if (entry == rcu_dereference(netlbl_domhsh_def_ipv4)) |
590 | RCU_INIT_POINTER(netlbl_domhsh_def_ipv4, NULL); | |
591 | else if (entry == rcu_dereference(netlbl_domhsh_def_ipv6)) | |
592 | RCU_INIT_POINTER(netlbl_domhsh_def_ipv6, NULL); | |
1c3fad93 | 593 | else |
8f18e675 | 594 | list_del_rcu(&entry->list); |
b1edeb10 PM |
595 | } else |
596 | ret_val = -ENOENT; | |
1c3fad93 | 597 | spin_unlock(&netlbl_domhsh_lock); |
32f50cde | 598 | |
95d4e6be | 599 | audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info); |
de64688f PM |
600 | if (audit_buf != NULL) { |
601 | audit_log_format(audit_buf, | |
602 | " nlbl_domain=%s res=%u", | |
603 | entry->domain ? entry->domain : "(default)", | |
604 | ret_val == 0 ? 1 : 0); | |
605 | audit_log_end(audit_buf); | |
606 | } | |
95d4e6be | 607 | |
b1edeb10 | 608 | if (ret_val == 0) { |
63c41688 PM |
609 | struct netlbl_af4list *iter4; |
610 | struct netlbl_domaddr4_map *map4; | |
dc7de73f HD |
611 | #if IS_ENABLED(CONFIG_IPV6) |
612 | struct netlbl_af6list *iter6; | |
613 | struct netlbl_domaddr6_map *map6; | |
614 | #endif /* IPv6 */ | |
63c41688 | 615 | |
6a8b7f0c | 616 | switch (entry->def.type) { |
63c41688 PM |
617 | case NETLBL_NLTYPE_ADDRSELECT: |
618 | netlbl_af4list_foreach_rcu(iter4, | |
6a8b7f0c | 619 | &entry->def.addrsel->list4) { |
63c41688 | 620 | map4 = netlbl_domhsh_addr4_entry(iter4); |
6a8b7f0c | 621 | cipso_v4_doi_putdef(map4->def.cipso); |
63c41688 | 622 | } |
dc7de73f HD |
623 | #if IS_ENABLED(CONFIG_IPV6) |
624 | netlbl_af6list_foreach_rcu(iter6, | |
625 | &entry->def.addrsel->list6) { | |
626 | map6 = netlbl_domhsh_addr6_entry(iter6); | |
627 | calipso_doi_putdef(map6->def.calipso); | |
628 | } | |
629 | #endif /* IPv6 */ | |
63c41688 | 630 | break; |
b1edeb10 | 631 | case NETLBL_NLTYPE_CIPSOV4: |
6a8b7f0c | 632 | cipso_v4_doi_putdef(entry->def.cipso); |
b1edeb10 | 633 | break; |
dc7de73f HD |
634 | #if IS_ENABLED(CONFIG_IPV6) |
635 | case NETLBL_NLTYPE_CALIPSO: | |
636 | calipso_doi_putdef(entry->def.calipso); | |
637 | break; | |
638 | #endif /* IPv6 */ | |
b1edeb10 | 639 | } |
4be2700f | 640 | call_rcu(&entry->rcu, netlbl_domhsh_free_entry); |
b1edeb10 PM |
641 | } |
642 | ||
643 | return ret_val; | |
644 | } | |
645 | ||
6c2e8ac0 PM |
646 | /** |
647 | * netlbl_domhsh_remove_af4 - Removes an address selector entry | |
648 | * @domain: the domain | |
649 | * @addr: IPv4 address | |
650 | * @mask: IPv4 address mask | |
651 | * @audit_info: NetLabel audit information | |
652 | * | |
653 | * Description: | |
654 | * Removes an individual address selector from a domain mapping and potentially | |
655 | * the entire mapping if it is empty. Returns zero on success, negative values | |
656 | * on failure. | |
657 | * | |
658 | */ | |
659 | int netlbl_domhsh_remove_af4(const char *domain, | |
660 | const struct in_addr *addr, | |
661 | const struct in_addr *mask, | |
662 | struct netlbl_audit *audit_info) | |
663 | { | |
664 | struct netlbl_dom_map *entry_map; | |
665 | struct netlbl_af4list *entry_addr; | |
666 | struct netlbl_af4list *iter4; | |
dfd56b8b | 667 | #if IS_ENABLED(CONFIG_IPV6) |
6c2e8ac0 PM |
668 | struct netlbl_af6list *iter6; |
669 | #endif /* IPv6 */ | |
670 | struct netlbl_domaddr4_map *entry; | |
671 | ||
672 | rcu_read_lock(); | |
673 | ||
674 | if (domain) | |
8f18e675 | 675 | entry_map = netlbl_domhsh_search(domain, AF_INET); |
6c2e8ac0 | 676 | else |
8f18e675 | 677 | entry_map = netlbl_domhsh_search_def(domain, AF_INET); |
6a8b7f0c PM |
678 | if (entry_map == NULL || |
679 | entry_map->def.type != NETLBL_NLTYPE_ADDRSELECT) | |
6c2e8ac0 PM |
680 | goto remove_af4_failure; |
681 | ||
682 | spin_lock(&netlbl_domhsh_lock); | |
683 | entry_addr = netlbl_af4list_remove(addr->s_addr, mask->s_addr, | |
6a8b7f0c | 684 | &entry_map->def.addrsel->list4); |
6c2e8ac0 PM |
685 | spin_unlock(&netlbl_domhsh_lock); |
686 | ||
687 | if (entry_addr == NULL) | |
688 | goto remove_af4_failure; | |
6a8b7f0c | 689 | netlbl_af4list_foreach_rcu(iter4, &entry_map->def.addrsel->list4) |
6c2e8ac0 | 690 | goto remove_af4_single_addr; |
dfd56b8b | 691 | #if IS_ENABLED(CONFIG_IPV6) |
6a8b7f0c | 692 | netlbl_af6list_foreach_rcu(iter6, &entry_map->def.addrsel->list6) |
6c2e8ac0 PM |
693 | goto remove_af4_single_addr; |
694 | #endif /* IPv6 */ | |
695 | /* the domain mapping is empty so remove it from the mapping table */ | |
696 | netlbl_domhsh_remove_entry(entry_map, audit_info); | |
697 | ||
698 | remove_af4_single_addr: | |
699 | rcu_read_unlock(); | |
700 | /* yick, we can't use call_rcu here because we don't have a rcu head | |
701 | * pointer but hopefully this should be a rare case so the pause | |
702 | * shouldn't be a problem */ | |
703 | synchronize_rcu(); | |
704 | entry = netlbl_domhsh_addr4_entry(entry_addr); | |
6a8b7f0c | 705 | cipso_v4_doi_putdef(entry->def.cipso); |
6c2e8ac0 PM |
706 | kfree(entry); |
707 | return 0; | |
708 | ||
709 | remove_af4_failure: | |
710 | rcu_read_unlock(); | |
711 | return -ENOENT; | |
712 | } | |
713 | ||
3f09354a HD |
714 | #if IS_ENABLED(CONFIG_IPV6) |
715 | /** | |
716 | * netlbl_domhsh_remove_af6 - Removes an address selector entry | |
717 | * @domain: the domain | |
718 | * @addr: IPv6 address | |
719 | * @mask: IPv6 address mask | |
720 | * @audit_info: NetLabel audit information | |
721 | * | |
722 | * Description: | |
723 | * Removes an individual address selector from a domain mapping and potentially | |
724 | * the entire mapping if it is empty. Returns zero on success, negative values | |
725 | * on failure. | |
726 | * | |
727 | */ | |
728 | int netlbl_domhsh_remove_af6(const char *domain, | |
729 | const struct in6_addr *addr, | |
730 | const struct in6_addr *mask, | |
731 | struct netlbl_audit *audit_info) | |
732 | { | |
733 | struct netlbl_dom_map *entry_map; | |
734 | struct netlbl_af6list *entry_addr; | |
735 | struct netlbl_af4list *iter4; | |
736 | struct netlbl_af6list *iter6; | |
737 | struct netlbl_domaddr6_map *entry; | |
738 | ||
739 | rcu_read_lock(); | |
740 | ||
741 | if (domain) | |
742 | entry_map = netlbl_domhsh_search(domain, AF_INET6); | |
743 | else | |
744 | entry_map = netlbl_domhsh_search_def(domain, AF_INET6); | |
745 | if (entry_map == NULL || | |
746 | entry_map->def.type != NETLBL_NLTYPE_ADDRSELECT) | |
747 | goto remove_af6_failure; | |
748 | ||
749 | spin_lock(&netlbl_domhsh_lock); | |
750 | entry_addr = netlbl_af6list_remove(addr, mask, | |
751 | &entry_map->def.addrsel->list6); | |
752 | spin_unlock(&netlbl_domhsh_lock); | |
753 | ||
754 | if (entry_addr == NULL) | |
755 | goto remove_af6_failure; | |
756 | netlbl_af4list_foreach_rcu(iter4, &entry_map->def.addrsel->list4) | |
757 | goto remove_af6_single_addr; | |
758 | netlbl_af6list_foreach_rcu(iter6, &entry_map->def.addrsel->list6) | |
759 | goto remove_af6_single_addr; | |
760 | /* the domain mapping is empty so remove it from the mapping table */ | |
761 | netlbl_domhsh_remove_entry(entry_map, audit_info); | |
762 | ||
763 | remove_af6_single_addr: | |
764 | rcu_read_unlock(); | |
765 | /* yick, we can't use call_rcu here because we don't have a rcu head | |
766 | * pointer but hopefully this should be a rare case so the pause | |
767 | * shouldn't be a problem */ | |
768 | synchronize_rcu(); | |
769 | entry = netlbl_domhsh_addr6_entry(entry_addr); | |
770 | calipso_doi_putdef(entry->def.calipso); | |
771 | kfree(entry); | |
772 | return 0; | |
773 | ||
774 | remove_af6_failure: | |
775 | rcu_read_unlock(); | |
776 | return -ENOENT; | |
777 | } | |
778 | #endif /* IPv6 */ | |
779 | ||
b1edeb10 PM |
780 | /** |
781 | * netlbl_domhsh_remove - Removes an entry from the domain hash table | |
782 | * @domain: the domain to remove | |
8f18e675 | 783 | * @family: address family |
b1edeb10 PM |
784 | * @audit_info: NetLabel audit information |
785 | * | |
786 | * Description: | |
787 | * Removes an entry from the domain hash table and handles any updates to the | |
8f18e675 HD |
788 | * lower level protocol handler (i.e. CIPSO). @family may be %AF_UNSPEC which |
789 | * removes all address family entries. Returns zero on success, negative on | |
790 | * failure. | |
b1edeb10 PM |
791 | * |
792 | */ | |
8f18e675 HD |
793 | int netlbl_domhsh_remove(const char *domain, u16 family, |
794 | struct netlbl_audit *audit_info) | |
b1edeb10 | 795 | { |
8f18e675 | 796 | int ret_val = -EINVAL; |
b1edeb10 PM |
797 | struct netlbl_dom_map *entry; |
798 | ||
799 | rcu_read_lock(); | |
8f18e675 HD |
800 | |
801 | if (family == AF_INET || family == AF_UNSPEC) { | |
802 | if (domain) | |
803 | entry = netlbl_domhsh_search(domain, AF_INET); | |
804 | else | |
805 | entry = netlbl_domhsh_search_def(domain, AF_INET); | |
806 | ret_val = netlbl_domhsh_remove_entry(entry, audit_info); | |
807 | if (ret_val && ret_val != -ENOENT) | |
808 | goto done; | |
809 | } | |
810 | if (family == AF_INET6 || family == AF_UNSPEC) { | |
811 | int ret_val2; | |
812 | ||
813 | if (domain) | |
814 | entry = netlbl_domhsh_search(domain, AF_INET6); | |
815 | else | |
816 | entry = netlbl_domhsh_search_def(domain, AF_INET6); | |
817 | ret_val2 = netlbl_domhsh_remove_entry(entry, audit_info); | |
818 | if (ret_val2 != -ENOENT) | |
819 | ret_val = ret_val2; | |
820 | } | |
821 | done: | |
b1edeb10 PM |
822 | rcu_read_unlock(); |
823 | ||
d15c345f PM |
824 | return ret_val; |
825 | } | |
826 | ||
827 | /** | |
828 | * netlbl_domhsh_remove_default - Removes the default entry from the table | |
8f18e675 | 829 | * @family: address family |
95d4e6be | 830 | * @audit_info: NetLabel audit information |
d15c345f PM |
831 | * |
832 | * Description: | |
8f18e675 HD |
833 | * Removes/resets the default entry corresponding to @family from the domain |
834 | * hash table and handles any updates to the lower level protocol handler | |
835 | * (i.e. CIPSO). @family may be %AF_UNSPEC which removes all address family | |
836 | * entries. Returns zero on success, negative on failure. | |
d15c345f PM |
837 | * |
838 | */ | |
8f18e675 | 839 | int netlbl_domhsh_remove_default(u16 family, struct netlbl_audit *audit_info) |
d15c345f | 840 | { |
8f18e675 | 841 | return netlbl_domhsh_remove(NULL, family, audit_info); |
d15c345f PM |
842 | } |
843 | ||
844 | /** | |
845 | * netlbl_domhsh_getentry - Get an entry from the domain hash table | |
846 | * @domain: the domain name to search for | |
8f18e675 | 847 | * @family: address family |
d15c345f PM |
848 | * |
849 | * Description: | |
850 | * Look through the domain hash table searching for an entry to match @domain, | |
8f18e675 HD |
851 | * with address family @family, return a pointer to a copy of the entry or |
852 | * NULL. The caller is responsible for ensuring that rcu_read_[un]lock() is | |
853 | * called. | |
d15c345f PM |
854 | * |
855 | */ | |
8f18e675 | 856 | struct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain, u16 family) |
d15c345f | 857 | { |
8f18e675 HD |
858 | if (family == AF_UNSPEC) |
859 | return NULL; | |
860 | return netlbl_domhsh_search_def(domain, family); | |
d15c345f PM |
861 | } |
862 | ||
63c41688 PM |
863 | /** |
864 | * netlbl_domhsh_getentry_af4 - Get an entry from the domain hash table | |
865 | * @domain: the domain name to search for | |
866 | * @addr: the IP address to search for | |
867 | * | |
868 | * Description: | |
869 | * Look through the domain hash table searching for an entry to match @domain | |
870 | * and @addr, return a pointer to a copy of the entry or NULL. The caller is | |
871 | * responsible for ensuring that rcu_read_[un]lock() is called. | |
872 | * | |
873 | */ | |
6a8b7f0c PM |
874 | struct netlbl_dommap_def *netlbl_domhsh_getentry_af4(const char *domain, |
875 | __be32 addr) | |
63c41688 PM |
876 | { |
877 | struct netlbl_dom_map *dom_iter; | |
878 | struct netlbl_af4list *addr_iter; | |
879 | ||
8f18e675 | 880 | dom_iter = netlbl_domhsh_search_def(domain, AF_INET); |
63c41688 PM |
881 | if (dom_iter == NULL) |
882 | return NULL; | |
63c41688 | 883 | |
6a8b7f0c PM |
884 | if (dom_iter->def.type != NETLBL_NLTYPE_ADDRSELECT) |
885 | return &dom_iter->def; | |
886 | addr_iter = netlbl_af4list_search(addr, &dom_iter->def.addrsel->list4); | |
63c41688 PM |
887 | if (addr_iter == NULL) |
888 | return NULL; | |
6a8b7f0c | 889 | return &(netlbl_domhsh_addr4_entry(addr_iter)->def); |
63c41688 PM |
890 | } |
891 | ||
dfd56b8b | 892 | #if IS_ENABLED(CONFIG_IPV6) |
63c41688 PM |
893 | /** |
894 | * netlbl_domhsh_getentry_af6 - Get an entry from the domain hash table | |
895 | * @domain: the domain name to search for | |
896 | * @addr: the IP address to search for | |
897 | * | |
898 | * Description: | |
899 | * Look through the domain hash table searching for an entry to match @domain | |
900 | * and @addr, return a pointer to a copy of the entry or NULL. The caller is | |
901 | * responsible for ensuring that rcu_read_[un]lock() is called. | |
902 | * | |
903 | */ | |
6a8b7f0c | 904 | struct netlbl_dommap_def *netlbl_domhsh_getentry_af6(const char *domain, |
63c41688 PM |
905 | const struct in6_addr *addr) |
906 | { | |
907 | struct netlbl_dom_map *dom_iter; | |
908 | struct netlbl_af6list *addr_iter; | |
909 | ||
8f18e675 | 910 | dom_iter = netlbl_domhsh_search_def(domain, AF_INET6); |
63c41688 PM |
911 | if (dom_iter == NULL) |
912 | return NULL; | |
63c41688 | 913 | |
6a8b7f0c PM |
914 | if (dom_iter->def.type != NETLBL_NLTYPE_ADDRSELECT) |
915 | return &dom_iter->def; | |
916 | addr_iter = netlbl_af6list_search(addr, &dom_iter->def.addrsel->list6); | |
63c41688 PM |
917 | if (addr_iter == NULL) |
918 | return NULL; | |
6a8b7f0c | 919 | return &(netlbl_domhsh_addr6_entry(addr_iter)->def); |
63c41688 PM |
920 | } |
921 | #endif /* IPv6 */ | |
922 | ||
d15c345f | 923 | /** |
fcd48280 PM |
924 | * netlbl_domhsh_walk - Iterate through the domain mapping hash table |
925 | * @skip_bkt: the number of buckets to skip at the start | |
926 | * @skip_chain: the number of entries to skip in the first iterated bucket | |
927 | * @callback: callback for each entry | |
928 | * @cb_arg: argument for the callback function | |
d15c345f PM |
929 | * |
930 | * Description: | |
fcd48280 PM |
931 | * Interate over the domain mapping hash table, skipping the first @skip_bkt |
932 | * buckets and @skip_chain entries. For each entry in the table call | |
933 | * @callback, if @callback returns a negative value stop 'walking' through the | |
934 | * table and return. Updates the values in @skip_bkt and @skip_chain on | |
af901ca1 | 935 | * return. Returns zero on success, negative values on failure. |
d15c345f PM |
936 | * |
937 | */ | |
fcd48280 PM |
938 | int netlbl_domhsh_walk(u32 *skip_bkt, |
939 | u32 *skip_chain, | |
940 | int (*callback) (struct netlbl_dom_map *entry, void *arg), | |
941 | void *cb_arg) | |
d15c345f | 942 | { |
fcd48280 PM |
943 | int ret_val = -ENOENT; |
944 | u32 iter_bkt; | |
56196701 | 945 | struct list_head *iter_list; |
fcd48280 PM |
946 | struct netlbl_dom_map *iter_entry; |
947 | u32 chain_cnt = 0; | |
d15c345f | 948 | |
d15c345f | 949 | rcu_read_lock(); |
fcd48280 PM |
950 | for (iter_bkt = *skip_bkt; |
951 | iter_bkt < rcu_dereference(netlbl_domhsh)->size; | |
952 | iter_bkt++, chain_cnt = 0) { | |
56196701 PM |
953 | iter_list = &rcu_dereference(netlbl_domhsh)->tbl[iter_bkt]; |
954 | list_for_each_entry_rcu(iter_entry, iter_list, list) | |
fcd48280 PM |
955 | if (iter_entry->valid) { |
956 | if (chain_cnt++ < *skip_chain) | |
957 | continue; | |
958 | ret_val = callback(iter_entry, cb_arg); | |
959 | if (ret_val < 0) { | |
960 | chain_cnt--; | |
961 | goto walk_return; | |
962 | } | |
d15c345f | 963 | } |
fcd48280 | 964 | } |
d15c345f | 965 | |
fcd48280 | 966 | walk_return: |
d15c345f | 967 | rcu_read_unlock(); |
fcd48280 PM |
968 | *skip_bkt = iter_bkt; |
969 | *skip_chain = chain_cnt; | |
970 | return ret_val; | |
d15c345f | 971 | } |