xref: /openbmc/linux/net/xfrm/xfrm_policy.c (revision e868d61272caa648214046a096e5a6bfc068dc8c)
1 /*
2  * xfrm_policy.c
3  *
4  * Changes:
5  *	Mitsuru KANDA @USAGI
6  * 	Kazunori MIYAZAWA @USAGI
7  * 	Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8  * 		IPv6 support
9  * 	Kazunori MIYAZAWA @USAGI
10  * 	YOSHIFUJI Hideaki
11  * 		Split up af-specific portion
12  *	Derek Atkins <derek@ihtfp.com>		Add the post_input processor
13  *
14  */
15 
16 #include <linux/slab.h>
17 #include <linux/kmod.h>
18 #include <linux/list.h>
19 #include <linux/spinlock.h>
20 #include <linux/workqueue.h>
21 #include <linux/notifier.h>
22 #include <linux/netdevice.h>
23 #include <linux/netfilter.h>
24 #include <linux/module.h>
25 #include <linux/cache.h>
26 #include <net/xfrm.h>
27 #include <net/ip.h>
28 #include <linux/audit.h>
29 
30 #include "xfrm_hash.h"
31 
32 DEFINE_MUTEX(xfrm_cfg_mutex);
33 EXPORT_SYMBOL(xfrm_cfg_mutex);
34 
35 static DEFINE_RWLOCK(xfrm_policy_lock);
36 
37 unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2];
38 EXPORT_SYMBOL(xfrm_policy_count);
39 
40 static DEFINE_RWLOCK(xfrm_policy_afinfo_lock);
41 static struct xfrm_policy_afinfo *xfrm_policy_afinfo[NPROTO];
42 
43 static struct kmem_cache *xfrm_dst_cache __read_mostly;
44 
45 static struct work_struct xfrm_policy_gc_work;
46 static HLIST_HEAD(xfrm_policy_gc_list);
47 static DEFINE_SPINLOCK(xfrm_policy_gc_lock);
48 
49 static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family);
50 static void xfrm_policy_put_afinfo(struct xfrm_policy_afinfo *afinfo);
51 static struct xfrm_policy_afinfo *xfrm_policy_lock_afinfo(unsigned int family);
52 static void xfrm_policy_unlock_afinfo(struct xfrm_policy_afinfo *afinfo);
53 
54 static inline int
55 __xfrm4_selector_match(struct xfrm_selector *sel, struct flowi *fl)
56 {
57 	return  addr_match(&fl->fl4_dst, &sel->daddr, sel->prefixlen_d) &&
58 		addr_match(&fl->fl4_src, &sel->saddr, sel->prefixlen_s) &&
59 		!((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) &&
60 		!((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) &&
61 		(fl->proto == sel->proto || !sel->proto) &&
62 		(fl->oif == sel->ifindex || !sel->ifindex);
63 }
64 
65 static inline int
66 __xfrm6_selector_match(struct xfrm_selector *sel, struct flowi *fl)
67 {
68 	return  addr_match(&fl->fl6_dst, &sel->daddr, sel->prefixlen_d) &&
69 		addr_match(&fl->fl6_src, &sel->saddr, sel->prefixlen_s) &&
70 		!((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) &&
71 		!((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) &&
72 		(fl->proto == sel->proto || !sel->proto) &&
73 		(fl->oif == sel->ifindex || !sel->ifindex);
74 }
75 
76 int xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl,
77 		    unsigned short family)
78 {
79 	switch (family) {
80 	case AF_INET:
81 		return __xfrm4_selector_match(sel, fl);
82 	case AF_INET6:
83 		return __xfrm6_selector_match(sel, fl);
84 	}
85 	return 0;
86 }
87 
88 int xfrm_register_type(struct xfrm_type *type, unsigned short family)
89 {
90 	struct xfrm_policy_afinfo *afinfo = xfrm_policy_lock_afinfo(family);
91 	struct xfrm_type **typemap;
92 	int err = 0;
93 
94 	if (unlikely(afinfo == NULL))
95 		return -EAFNOSUPPORT;
96 	typemap = afinfo->type_map;
97 
98 	if (likely(typemap[type->proto] == NULL))
99 		typemap[type->proto] = type;
100 	else
101 		err = -EEXIST;
102 	xfrm_policy_unlock_afinfo(afinfo);
103 	return err;
104 }
105 EXPORT_SYMBOL(xfrm_register_type);
106 
107 int xfrm_unregister_type(struct xfrm_type *type, unsigned short family)
108 {
109 	struct xfrm_policy_afinfo *afinfo = xfrm_policy_lock_afinfo(family);
110 	struct xfrm_type **typemap;
111 	int err = 0;
112 
113 	if (unlikely(afinfo == NULL))
114 		return -EAFNOSUPPORT;
115 	typemap = afinfo->type_map;
116 
117 	if (unlikely(typemap[type->proto] != type))
118 		err = -ENOENT;
119 	else
120 		typemap[type->proto] = NULL;
121 	xfrm_policy_unlock_afinfo(afinfo);
122 	return err;
123 }
124 EXPORT_SYMBOL(xfrm_unregister_type);
125 
126 struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
127 {
128 	struct xfrm_policy_afinfo *afinfo;
129 	struct xfrm_type **typemap;
130 	struct xfrm_type *type;
131 	int modload_attempted = 0;
132 
133 retry:
134 	afinfo = xfrm_policy_get_afinfo(family);
135 	if (unlikely(afinfo == NULL))
136 		return NULL;
137 	typemap = afinfo->type_map;
138 
139 	type = typemap[proto];
140 	if (unlikely(type && !try_module_get(type->owner)))
141 		type = NULL;
142 	if (!type && !modload_attempted) {
143 		xfrm_policy_put_afinfo(afinfo);
144 		request_module("xfrm-type-%d-%d",
145 			       (int) family, (int) proto);
146 		modload_attempted = 1;
147 		goto retry;
148 	}
149 
150 	xfrm_policy_put_afinfo(afinfo);
151 	return type;
152 }
153 
154 int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl,
155 		    unsigned short family)
156 {
157 	struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
158 	int err = 0;
159 
160 	if (unlikely(afinfo == NULL))
161 		return -EAFNOSUPPORT;
162 
163 	if (likely(afinfo->dst_lookup != NULL))
164 		err = afinfo->dst_lookup(dst, fl);
165 	else
166 		err = -EINVAL;
167 	xfrm_policy_put_afinfo(afinfo);
168 	return err;
169 }
170 EXPORT_SYMBOL(xfrm_dst_lookup);
171 
172 void xfrm_put_type(struct xfrm_type *type)
173 {
174 	module_put(type->owner);
175 }
176 
177 int xfrm_register_mode(struct xfrm_mode *mode, int family)
178 {
179 	struct xfrm_policy_afinfo *afinfo;
180 	struct xfrm_mode **modemap;
181 	int err;
182 
183 	if (unlikely(mode->encap >= XFRM_MODE_MAX))
184 		return -EINVAL;
185 
186 	afinfo = xfrm_policy_lock_afinfo(family);
187 	if (unlikely(afinfo == NULL))
188 		return -EAFNOSUPPORT;
189 
190 	err = -EEXIST;
191 	modemap = afinfo->mode_map;
192 	if (likely(modemap[mode->encap] == NULL)) {
193 		modemap[mode->encap] = mode;
194 		err = 0;
195 	}
196 
197 	xfrm_policy_unlock_afinfo(afinfo);
198 	return err;
199 }
200 EXPORT_SYMBOL(xfrm_register_mode);
201 
202 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
203 {
204 	struct xfrm_policy_afinfo *afinfo;
205 	struct xfrm_mode **modemap;
206 	int err;
207 
208 	if (unlikely(mode->encap >= XFRM_MODE_MAX))
209 		return -EINVAL;
210 
211 	afinfo = xfrm_policy_lock_afinfo(family);
212 	if (unlikely(afinfo == NULL))
213 		return -EAFNOSUPPORT;
214 
215 	err = -ENOENT;
216 	modemap = afinfo->mode_map;
217 	if (likely(modemap[mode->encap] == mode)) {
218 		modemap[mode->encap] = NULL;
219 		err = 0;
220 	}
221 
222 	xfrm_policy_unlock_afinfo(afinfo);
223 	return err;
224 }
225 EXPORT_SYMBOL(xfrm_unregister_mode);
226 
227 struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
228 {
229 	struct xfrm_policy_afinfo *afinfo;
230 	struct xfrm_mode *mode;
231 	int modload_attempted = 0;
232 
233 	if (unlikely(encap >= XFRM_MODE_MAX))
234 		return NULL;
235 
236 retry:
237 	afinfo = xfrm_policy_get_afinfo(family);
238 	if (unlikely(afinfo == NULL))
239 		return NULL;
240 
241 	mode = afinfo->mode_map[encap];
242 	if (unlikely(mode && !try_module_get(mode->owner)))
243 		mode = NULL;
244 	if (!mode && !modload_attempted) {
245 		xfrm_policy_put_afinfo(afinfo);
246 		request_module("xfrm-mode-%d-%d", family, encap);
247 		modload_attempted = 1;
248 		goto retry;
249 	}
250 
251 	xfrm_policy_put_afinfo(afinfo);
252 	return mode;
253 }
254 
255 void xfrm_put_mode(struct xfrm_mode *mode)
256 {
257 	module_put(mode->owner);
258 }
259 
260 static inline unsigned long make_jiffies(long secs)
261 {
262 	if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
263 		return MAX_SCHEDULE_TIMEOUT-1;
264 	else
265 		return secs*HZ;
266 }
267 
268 static void xfrm_policy_timer(unsigned long data)
269 {
270 	struct xfrm_policy *xp = (struct xfrm_policy*)data;
271 	unsigned long now = get_seconds();
272 	long next = LONG_MAX;
273 	int warn = 0;
274 	int dir;
275 
276 	read_lock(&xp->lock);
277 
278 	if (xp->dead)
279 		goto out;
280 
281 	dir = xfrm_policy_id2dir(xp->index);
282 
283 	if (xp->lft.hard_add_expires_seconds) {
284 		long tmo = xp->lft.hard_add_expires_seconds +
285 			xp->curlft.add_time - now;
286 		if (tmo <= 0)
287 			goto expired;
288 		if (tmo < next)
289 			next = tmo;
290 	}
291 	if (xp->lft.hard_use_expires_seconds) {
292 		long tmo = xp->lft.hard_use_expires_seconds +
293 			(xp->curlft.use_time ? : xp->curlft.add_time) - now;
294 		if (tmo <= 0)
295 			goto expired;
296 		if (tmo < next)
297 			next = tmo;
298 	}
299 	if (xp->lft.soft_add_expires_seconds) {
300 		long tmo = xp->lft.soft_add_expires_seconds +
301 			xp->curlft.add_time - now;
302 		if (tmo <= 0) {
303 			warn = 1;
304 			tmo = XFRM_KM_TIMEOUT;
305 		}
306 		if (tmo < next)
307 			next = tmo;
308 	}
309 	if (xp->lft.soft_use_expires_seconds) {
310 		long tmo = xp->lft.soft_use_expires_seconds +
311 			(xp->curlft.use_time ? : xp->curlft.add_time) - now;
312 		if (tmo <= 0) {
313 			warn = 1;
314 			tmo = XFRM_KM_TIMEOUT;
315 		}
316 		if (tmo < next)
317 			next = tmo;
318 	}
319 
320 	if (warn)
321 		km_policy_expired(xp, dir, 0, 0);
322 	if (next != LONG_MAX &&
323 	    !mod_timer(&xp->timer, jiffies + make_jiffies(next)))
324 		xfrm_pol_hold(xp);
325 
326 out:
327 	read_unlock(&xp->lock);
328 	xfrm_pol_put(xp);
329 	return;
330 
331 expired:
332 	read_unlock(&xp->lock);
333 	if (!xfrm_policy_delete(xp, dir))
334 		km_policy_expired(xp, dir, 1, 0);
335 	xfrm_pol_put(xp);
336 }
337 
338 
339 /* Allocate xfrm_policy. Not used here, it is supposed to be used by pfkeyv2
340  * SPD calls.
341  */
342 
343 struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp)
344 {
345 	struct xfrm_policy *policy;
346 
347 	policy = kzalloc(sizeof(struct xfrm_policy), gfp);
348 
349 	if (policy) {
350 		INIT_HLIST_NODE(&policy->bydst);
351 		INIT_HLIST_NODE(&policy->byidx);
352 		rwlock_init(&policy->lock);
353 		atomic_set(&policy->refcnt, 1);
354 		init_timer(&policy->timer);
355 		policy->timer.data = (unsigned long)policy;
356 		policy->timer.function = xfrm_policy_timer;
357 	}
358 	return policy;
359 }
360 EXPORT_SYMBOL(xfrm_policy_alloc);
361 
362 /* Destroy xfrm_policy: descendant resources must be released to this moment. */
363 
364 void __xfrm_policy_destroy(struct xfrm_policy *policy)
365 {
366 	BUG_ON(!policy->dead);
367 
368 	BUG_ON(policy->bundles);
369 
370 	if (del_timer(&policy->timer))
371 		BUG();
372 
373 	security_xfrm_policy_free(policy);
374 	kfree(policy);
375 }
376 EXPORT_SYMBOL(__xfrm_policy_destroy);
377 
378 static void xfrm_policy_gc_kill(struct xfrm_policy *policy)
379 {
380 	struct dst_entry *dst;
381 
382 	while ((dst = policy->bundles) != NULL) {
383 		policy->bundles = dst->next;
384 		dst_free(dst);
385 	}
386 
387 	if (del_timer(&policy->timer))
388 		atomic_dec(&policy->refcnt);
389 
390 	if (atomic_read(&policy->refcnt) > 1)
391 		flow_cache_flush();
392 
393 	xfrm_pol_put(policy);
394 }
395 
396 static void xfrm_policy_gc_task(struct work_struct *work)
397 {
398 	struct xfrm_policy *policy;
399 	struct hlist_node *entry, *tmp;
400 	struct hlist_head gc_list;
401 
402 	spin_lock_bh(&xfrm_policy_gc_lock);
403 	gc_list.first = xfrm_policy_gc_list.first;
404 	INIT_HLIST_HEAD(&xfrm_policy_gc_list);
405 	spin_unlock_bh(&xfrm_policy_gc_lock);
406 
407 	hlist_for_each_entry_safe(policy, entry, tmp, &gc_list, bydst)
408 		xfrm_policy_gc_kill(policy);
409 }
410 
411 /* Rule must be locked. Release descentant resources, announce
412  * entry dead. The rule must be unlinked from lists to the moment.
413  */
414 
415 static void xfrm_policy_kill(struct xfrm_policy *policy)
416 {
417 	int dead;
418 
419 	write_lock_bh(&policy->lock);
420 	dead = policy->dead;
421 	policy->dead = 1;
422 	write_unlock_bh(&policy->lock);
423 
424 	if (unlikely(dead)) {
425 		WARN_ON(1);
426 		return;
427 	}
428 
429 	spin_lock(&xfrm_policy_gc_lock);
430 	hlist_add_head(&policy->bydst, &xfrm_policy_gc_list);
431 	spin_unlock(&xfrm_policy_gc_lock);
432 
433 	schedule_work(&xfrm_policy_gc_work);
434 }
435 
436 struct xfrm_policy_hash {
437 	struct hlist_head	*table;
438 	unsigned int		hmask;
439 };
440 
441 static struct hlist_head xfrm_policy_inexact[XFRM_POLICY_MAX*2];
442 static struct xfrm_policy_hash xfrm_policy_bydst[XFRM_POLICY_MAX*2] __read_mostly;
443 static struct hlist_head *xfrm_policy_byidx __read_mostly;
444 static unsigned int xfrm_idx_hmask __read_mostly;
445 static unsigned int xfrm_policy_hashmax __read_mostly = 1 * 1024 * 1024;
446 
447 static inline unsigned int idx_hash(u32 index)
448 {
449 	return __idx_hash(index, xfrm_idx_hmask);
450 }
451 
452 static struct hlist_head *policy_hash_bysel(struct xfrm_selector *sel, unsigned short family, int dir)
453 {
454 	unsigned int hmask = xfrm_policy_bydst[dir].hmask;
455 	unsigned int hash = __sel_hash(sel, family, hmask);
456 
457 	return (hash == hmask + 1 ?
458 		&xfrm_policy_inexact[dir] :
459 		xfrm_policy_bydst[dir].table + hash);
460 }
461 
462 static struct hlist_head *policy_hash_direct(xfrm_address_t *daddr, xfrm_address_t *saddr, unsigned short family, int dir)
463 {
464 	unsigned int hmask = xfrm_policy_bydst[dir].hmask;
465 	unsigned int hash = __addr_hash(daddr, saddr, family, hmask);
466 
467 	return xfrm_policy_bydst[dir].table + hash;
468 }
469 
470 static void xfrm_dst_hash_transfer(struct hlist_head *list,
471 				   struct hlist_head *ndsttable,
472 				   unsigned int nhashmask)
473 {
474 	struct hlist_node *entry, *tmp;
475 	struct xfrm_policy *pol;
476 
477 	hlist_for_each_entry_safe(pol, entry, tmp, list, bydst) {
478 		unsigned int h;
479 
480 		h = __addr_hash(&pol->selector.daddr, &pol->selector.saddr,
481 				pol->family, nhashmask);
482 		hlist_add_head(&pol->bydst, ndsttable+h);
483 	}
484 }
485 
486 static void xfrm_idx_hash_transfer(struct hlist_head *list,
487 				   struct hlist_head *nidxtable,
488 				   unsigned int nhashmask)
489 {
490 	struct hlist_node *entry, *tmp;
491 	struct xfrm_policy *pol;
492 
493 	hlist_for_each_entry_safe(pol, entry, tmp, list, byidx) {
494 		unsigned int h;
495 
496 		h = __idx_hash(pol->index, nhashmask);
497 		hlist_add_head(&pol->byidx, nidxtable+h);
498 	}
499 }
500 
501 static unsigned long xfrm_new_hash_mask(unsigned int old_hmask)
502 {
503 	return ((old_hmask + 1) << 1) - 1;
504 }
505 
506 static void xfrm_bydst_resize(int dir)
507 {
508 	unsigned int hmask = xfrm_policy_bydst[dir].hmask;
509 	unsigned int nhashmask = xfrm_new_hash_mask(hmask);
510 	unsigned int nsize = (nhashmask + 1) * sizeof(struct hlist_head);
511 	struct hlist_head *odst = xfrm_policy_bydst[dir].table;
512 	struct hlist_head *ndst = xfrm_hash_alloc(nsize);
513 	int i;
514 
515 	if (!ndst)
516 		return;
517 
518 	write_lock_bh(&xfrm_policy_lock);
519 
520 	for (i = hmask; i >= 0; i--)
521 		xfrm_dst_hash_transfer(odst + i, ndst, nhashmask);
522 
523 	xfrm_policy_bydst[dir].table = ndst;
524 	xfrm_policy_bydst[dir].hmask = nhashmask;
525 
526 	write_unlock_bh(&xfrm_policy_lock);
527 
528 	xfrm_hash_free(odst, (hmask + 1) * sizeof(struct hlist_head));
529 }
530 
531 static void xfrm_byidx_resize(int total)
532 {
533 	unsigned int hmask = xfrm_idx_hmask;
534 	unsigned int nhashmask = xfrm_new_hash_mask(hmask);
535 	unsigned int nsize = (nhashmask + 1) * sizeof(struct hlist_head);
536 	struct hlist_head *oidx = xfrm_policy_byidx;
537 	struct hlist_head *nidx = xfrm_hash_alloc(nsize);
538 	int i;
539 
540 	if (!nidx)
541 		return;
542 
543 	write_lock_bh(&xfrm_policy_lock);
544 
545 	for (i = hmask; i >= 0; i--)
546 		xfrm_idx_hash_transfer(oidx + i, nidx, nhashmask);
547 
548 	xfrm_policy_byidx = nidx;
549 	xfrm_idx_hmask = nhashmask;
550 
551 	write_unlock_bh(&xfrm_policy_lock);
552 
553 	xfrm_hash_free(oidx, (hmask + 1) * sizeof(struct hlist_head));
554 }
555 
556 static inline int xfrm_bydst_should_resize(int dir, int *total)
557 {
558 	unsigned int cnt = xfrm_policy_count[dir];
559 	unsigned int hmask = xfrm_policy_bydst[dir].hmask;
560 
561 	if (total)
562 		*total += cnt;
563 
564 	if ((hmask + 1) < xfrm_policy_hashmax &&
565 	    cnt > hmask)
566 		return 1;
567 
568 	return 0;
569 }
570 
571 static inline int xfrm_byidx_should_resize(int total)
572 {
573 	unsigned int hmask = xfrm_idx_hmask;
574 
575 	if ((hmask + 1) < xfrm_policy_hashmax &&
576 	    total > hmask)
577 		return 1;
578 
579 	return 0;
580 }
581 
582 void xfrm_spd_getinfo(struct xfrmk_spdinfo *si)
583 {
584 	read_lock_bh(&xfrm_policy_lock);
585 	si->incnt = xfrm_policy_count[XFRM_POLICY_IN];
586 	si->outcnt = xfrm_policy_count[XFRM_POLICY_OUT];
587 	si->fwdcnt = xfrm_policy_count[XFRM_POLICY_FWD];
588 	si->inscnt = xfrm_policy_count[XFRM_POLICY_IN+XFRM_POLICY_MAX];
589 	si->outscnt = xfrm_policy_count[XFRM_POLICY_OUT+XFRM_POLICY_MAX];
590 	si->fwdscnt = xfrm_policy_count[XFRM_POLICY_FWD+XFRM_POLICY_MAX];
591 	si->spdhcnt = xfrm_idx_hmask;
592 	si->spdhmcnt = xfrm_policy_hashmax;
593 	read_unlock_bh(&xfrm_policy_lock);
594 }
595 EXPORT_SYMBOL(xfrm_spd_getinfo);
596 
597 static DEFINE_MUTEX(hash_resize_mutex);
598 static void xfrm_hash_resize(struct work_struct *__unused)
599 {
600 	int dir, total;
601 
602 	mutex_lock(&hash_resize_mutex);
603 
604 	total = 0;
605 	for (dir = 0; dir < XFRM_POLICY_MAX * 2; dir++) {
606 		if (xfrm_bydst_should_resize(dir, &total))
607 			xfrm_bydst_resize(dir);
608 	}
609 	if (xfrm_byidx_should_resize(total))
610 		xfrm_byidx_resize(total);
611 
612 	mutex_unlock(&hash_resize_mutex);
613 }
614 
615 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
616 
617 /* Generate new index... KAME seems to generate them ordered by cost
618  * of an absolute inpredictability of ordering of rules. This will not pass. */
619 static u32 xfrm_gen_index(u8 type, int dir)
620 {
621 	static u32 idx_generator;
622 
623 	for (;;) {
624 		struct hlist_node *entry;
625 		struct hlist_head *list;
626 		struct xfrm_policy *p;
627 		u32 idx;
628 		int found;
629 
630 		idx = (idx_generator | dir);
631 		idx_generator += 8;
632 		if (idx == 0)
633 			idx = 8;
634 		list = xfrm_policy_byidx + idx_hash(idx);
635 		found = 0;
636 		hlist_for_each_entry(p, entry, list, byidx) {
637 			if (p->index == idx) {
638 				found = 1;
639 				break;
640 			}
641 		}
642 		if (!found)
643 			return idx;
644 	}
645 }
646 
647 static inline int selector_cmp(struct xfrm_selector *s1, struct xfrm_selector *s2)
648 {
649 	u32 *p1 = (u32 *) s1;
650 	u32 *p2 = (u32 *) s2;
651 	int len = sizeof(struct xfrm_selector) / sizeof(u32);
652 	int i;
653 
654 	for (i = 0; i < len; i++) {
655 		if (p1[i] != p2[i])
656 			return 1;
657 	}
658 
659 	return 0;
660 }
661 
662 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
663 {
664 	struct xfrm_policy *pol;
665 	struct xfrm_policy *delpol;
666 	struct hlist_head *chain;
667 	struct hlist_node *entry, *newpos;
668 	struct dst_entry *gc_list;
669 
670 	write_lock_bh(&xfrm_policy_lock);
671 	chain = policy_hash_bysel(&policy->selector, policy->family, dir);
672 	delpol = NULL;
673 	newpos = NULL;
674 	hlist_for_each_entry(pol, entry, chain, bydst) {
675 		if (pol->type == policy->type &&
676 		    !selector_cmp(&pol->selector, &policy->selector) &&
677 		    xfrm_sec_ctx_match(pol->security, policy->security) &&
678 		    !WARN_ON(delpol)) {
679 			if (excl) {
680 				write_unlock_bh(&xfrm_policy_lock);
681 				return -EEXIST;
682 			}
683 			delpol = pol;
684 			if (policy->priority > pol->priority)
685 				continue;
686 		} else if (policy->priority >= pol->priority) {
687 			newpos = &pol->bydst;
688 			continue;
689 		}
690 		if (delpol)
691 			break;
692 	}
693 	if (newpos)
694 		hlist_add_after(newpos, &policy->bydst);
695 	else
696 		hlist_add_head(&policy->bydst, chain);
697 	xfrm_pol_hold(policy);
698 	xfrm_policy_count[dir]++;
699 	atomic_inc(&flow_cache_genid);
700 	if (delpol) {
701 		hlist_del(&delpol->bydst);
702 		hlist_del(&delpol->byidx);
703 		xfrm_policy_count[dir]--;
704 	}
705 	policy->index = delpol ? delpol->index : xfrm_gen_index(policy->type, dir);
706 	hlist_add_head(&policy->byidx, xfrm_policy_byidx+idx_hash(policy->index));
707 	policy->curlft.add_time = get_seconds();
708 	policy->curlft.use_time = 0;
709 	if (!mod_timer(&policy->timer, jiffies + HZ))
710 		xfrm_pol_hold(policy);
711 	write_unlock_bh(&xfrm_policy_lock);
712 
713 	if (delpol)
714 		xfrm_policy_kill(delpol);
715 	else if (xfrm_bydst_should_resize(dir, NULL))
716 		schedule_work(&xfrm_hash_work);
717 
718 	read_lock_bh(&xfrm_policy_lock);
719 	gc_list = NULL;
720 	entry = &policy->bydst;
721 	hlist_for_each_entry_continue(policy, entry, bydst) {
722 		struct dst_entry *dst;
723 
724 		write_lock(&policy->lock);
725 		dst = policy->bundles;
726 		if (dst) {
727 			struct dst_entry *tail = dst;
728 			while (tail->next)
729 				tail = tail->next;
730 			tail->next = gc_list;
731 			gc_list = dst;
732 
733 			policy->bundles = NULL;
734 		}
735 		write_unlock(&policy->lock);
736 	}
737 	read_unlock_bh(&xfrm_policy_lock);
738 
739 	while (gc_list) {
740 		struct dst_entry *dst = gc_list;
741 
742 		gc_list = dst->next;
743 		dst_free(dst);
744 	}
745 
746 	return 0;
747 }
748 EXPORT_SYMBOL(xfrm_policy_insert);
749 
750 struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
751 					  struct xfrm_selector *sel,
752 					  struct xfrm_sec_ctx *ctx, int delete,
753 					  int *err)
754 {
755 	struct xfrm_policy *pol, *ret;
756 	struct hlist_head *chain;
757 	struct hlist_node *entry;
758 
759 	*err = 0;
760 	write_lock_bh(&xfrm_policy_lock);
761 	chain = policy_hash_bysel(sel, sel->family, dir);
762 	ret = NULL;
763 	hlist_for_each_entry(pol, entry, chain, bydst) {
764 		if (pol->type == type &&
765 		    !selector_cmp(sel, &pol->selector) &&
766 		    xfrm_sec_ctx_match(ctx, pol->security)) {
767 			xfrm_pol_hold(pol);
768 			if (delete) {
769 				*err = security_xfrm_policy_delete(pol);
770 				if (*err) {
771 					write_unlock_bh(&xfrm_policy_lock);
772 					return pol;
773 				}
774 				hlist_del(&pol->bydst);
775 				hlist_del(&pol->byidx);
776 				xfrm_policy_count[dir]--;
777 			}
778 			ret = pol;
779 			break;
780 		}
781 	}
782 	write_unlock_bh(&xfrm_policy_lock);
783 
784 	if (ret && delete) {
785 		atomic_inc(&flow_cache_genid);
786 		xfrm_policy_kill(ret);
787 	}
788 	return ret;
789 }
790 EXPORT_SYMBOL(xfrm_policy_bysel_ctx);
791 
792 struct xfrm_policy *xfrm_policy_byid(u8 type, int dir, u32 id, int delete,
793 				     int *err)
794 {
795 	struct xfrm_policy *pol, *ret;
796 	struct hlist_head *chain;
797 	struct hlist_node *entry;
798 
799 	*err = 0;
800 	write_lock_bh(&xfrm_policy_lock);
801 	chain = xfrm_policy_byidx + idx_hash(id);
802 	ret = NULL;
803 	hlist_for_each_entry(pol, entry, chain, byidx) {
804 		if (pol->type == type && pol->index == id) {
805 			xfrm_pol_hold(pol);
806 			if (delete) {
807 				*err = security_xfrm_policy_delete(pol);
808 				if (*err) {
809 					write_unlock_bh(&xfrm_policy_lock);
810 					return pol;
811 				}
812 				hlist_del(&pol->bydst);
813 				hlist_del(&pol->byidx);
814 				xfrm_policy_count[dir]--;
815 			}
816 			ret = pol;
817 			break;
818 		}
819 	}
820 	write_unlock_bh(&xfrm_policy_lock);
821 
822 	if (ret && delete) {
823 		atomic_inc(&flow_cache_genid);
824 		xfrm_policy_kill(ret);
825 	}
826 	return ret;
827 }
828 EXPORT_SYMBOL(xfrm_policy_byid);
829 
830 void xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
831 {
832 	int dir;
833 
834 	write_lock_bh(&xfrm_policy_lock);
835 	for (dir = 0; dir < XFRM_POLICY_MAX; dir++) {
836 		struct xfrm_policy *pol;
837 		struct hlist_node *entry;
838 		int i, killed;
839 
840 		killed = 0;
841 	again1:
842 		hlist_for_each_entry(pol, entry,
843 				     &xfrm_policy_inexact[dir], bydst) {
844 			if (pol->type != type)
845 				continue;
846 			hlist_del(&pol->bydst);
847 			hlist_del(&pol->byidx);
848 			write_unlock_bh(&xfrm_policy_lock);
849 
850 			xfrm_audit_log(audit_info->loginuid, audit_info->secid,
851 				       AUDIT_MAC_IPSEC_DELSPD, 1, pol, NULL);
852 
853 			xfrm_policy_kill(pol);
854 			killed++;
855 
856 			write_lock_bh(&xfrm_policy_lock);
857 			goto again1;
858 		}
859 
860 		for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) {
861 	again2:
862 			hlist_for_each_entry(pol, entry,
863 					     xfrm_policy_bydst[dir].table + i,
864 					     bydst) {
865 				if (pol->type != type)
866 					continue;
867 				hlist_del(&pol->bydst);
868 				hlist_del(&pol->byidx);
869 				write_unlock_bh(&xfrm_policy_lock);
870 
871 				xfrm_audit_log(audit_info->loginuid,
872 					       audit_info->secid,
873 					       AUDIT_MAC_IPSEC_DELSPD, 1,
874 					       pol, NULL);
875 
876 				xfrm_policy_kill(pol);
877 				killed++;
878 
879 				write_lock_bh(&xfrm_policy_lock);
880 				goto again2;
881 			}
882 		}
883 
884 		xfrm_policy_count[dir] -= killed;
885 	}
886 	atomic_inc(&flow_cache_genid);
887 	write_unlock_bh(&xfrm_policy_lock);
888 }
889 EXPORT_SYMBOL(xfrm_policy_flush);
890 
891 int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*),
892 		     void *data)
893 {
894 	struct xfrm_policy *pol, *last = NULL;
895 	struct hlist_node *entry;
896 	int dir, last_dir = 0, count, error;
897 
898 	read_lock_bh(&xfrm_policy_lock);
899 	count = 0;
900 
901 	for (dir = 0; dir < 2*XFRM_POLICY_MAX; dir++) {
902 		struct hlist_head *table = xfrm_policy_bydst[dir].table;
903 		int i;
904 
905 		hlist_for_each_entry(pol, entry,
906 				     &xfrm_policy_inexact[dir], bydst) {
907 			if (pol->type != type)
908 				continue;
909 			if (last) {
910 				error = func(last, last_dir % XFRM_POLICY_MAX,
911 					     count, data);
912 				if (error)
913 					goto out;
914 			}
915 			last = pol;
916 			last_dir = dir;
917 			count++;
918 		}
919 		for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) {
920 			hlist_for_each_entry(pol, entry, table + i, bydst) {
921 				if (pol->type != type)
922 					continue;
923 				if (last) {
924 					error = func(last, last_dir % XFRM_POLICY_MAX,
925 						     count, data);
926 					if (error)
927 						goto out;
928 				}
929 				last = pol;
930 				last_dir = dir;
931 				count++;
932 			}
933 		}
934 	}
935 	if (count == 0) {
936 		error = -ENOENT;
937 		goto out;
938 	}
939 	error = func(last, last_dir % XFRM_POLICY_MAX, 0, data);
940 out:
941 	read_unlock_bh(&xfrm_policy_lock);
942 	return error;
943 }
944 EXPORT_SYMBOL(xfrm_policy_walk);
945 
946 /*
947  * Find policy to apply to this flow.
948  *
949  * Returns 0 if policy found, else an -errno.
950  */
951 static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl,
952 			     u8 type, u16 family, int dir)
953 {
954 	struct xfrm_selector *sel = &pol->selector;
955 	int match, ret = -ESRCH;
956 
957 	if (pol->family != family ||
958 	    pol->type != type)
959 		return ret;
960 
961 	match = xfrm_selector_match(sel, fl, family);
962 	if (match)
963 		ret = security_xfrm_policy_lookup(pol, fl->secid, dir);
964 
965 	return ret;
966 }
967 
968 static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
969 						     u16 family, u8 dir)
970 {
971 	int err;
972 	struct xfrm_policy *pol, *ret;
973 	xfrm_address_t *daddr, *saddr;
974 	struct hlist_node *entry;
975 	struct hlist_head *chain;
976 	u32 priority = ~0U;
977 
978 	daddr = xfrm_flowi_daddr(fl, family);
979 	saddr = xfrm_flowi_saddr(fl, family);
980 	if (unlikely(!daddr || !saddr))
981 		return NULL;
982 
983 	read_lock_bh(&xfrm_policy_lock);
984 	chain = policy_hash_direct(daddr, saddr, family, dir);
985 	ret = NULL;
986 	hlist_for_each_entry(pol, entry, chain, bydst) {
987 		err = xfrm_policy_match(pol, fl, type, family, dir);
988 		if (err) {
989 			if (err == -ESRCH)
990 				continue;
991 			else {
992 				ret = ERR_PTR(err);
993 				goto fail;
994 			}
995 		} else {
996 			ret = pol;
997 			priority = ret->priority;
998 			break;
999 		}
1000 	}
1001 	chain = &xfrm_policy_inexact[dir];
1002 	hlist_for_each_entry(pol, entry, chain, bydst) {
1003 		err = xfrm_policy_match(pol, fl, type, family, dir);
1004 		if (err) {
1005 			if (err == -ESRCH)
1006 				continue;
1007 			else {
1008 				ret = ERR_PTR(err);
1009 				goto fail;
1010 			}
1011 		} else if (pol->priority < priority) {
1012 			ret = pol;
1013 			break;
1014 		}
1015 	}
1016 	if (ret)
1017 		xfrm_pol_hold(ret);
1018 fail:
1019 	read_unlock_bh(&xfrm_policy_lock);
1020 
1021 	return ret;
1022 }
1023 
1024 static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir,
1025 			       void **objp, atomic_t **obj_refp)
1026 {
1027 	struct xfrm_policy *pol;
1028 	int err = 0;
1029 
1030 #ifdef CONFIG_XFRM_SUB_POLICY
1031 	pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB, fl, family, dir);
1032 	if (IS_ERR(pol)) {
1033 		err = PTR_ERR(pol);
1034 		pol = NULL;
1035 	}
1036 	if (pol || err)
1037 		goto end;
1038 #endif
1039 	pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, fl, family, dir);
1040 	if (IS_ERR(pol)) {
1041 		err = PTR_ERR(pol);
1042 		pol = NULL;
1043 	}
1044 #ifdef CONFIG_XFRM_SUB_POLICY
1045 end:
1046 #endif
1047 	if ((*objp = (void *) pol) != NULL)
1048 		*obj_refp = &pol->refcnt;
1049 	return err;
1050 }
1051 
1052 static inline int policy_to_flow_dir(int dir)
1053 {
1054 	if (XFRM_POLICY_IN == FLOW_DIR_IN &&
1055 	    XFRM_POLICY_OUT == FLOW_DIR_OUT &&
1056 	    XFRM_POLICY_FWD == FLOW_DIR_FWD)
1057 		return dir;
1058 	switch (dir) {
1059 	default:
1060 	case XFRM_POLICY_IN:
1061 		return FLOW_DIR_IN;
1062 	case XFRM_POLICY_OUT:
1063 		return FLOW_DIR_OUT;
1064 	case XFRM_POLICY_FWD:
1065 		return FLOW_DIR_FWD;
1066 	}
1067 }
1068 
1069 static struct xfrm_policy *xfrm_sk_policy_lookup(struct sock *sk, int dir, struct flowi *fl)
1070 {
1071 	struct xfrm_policy *pol;
1072 
1073 	read_lock_bh(&xfrm_policy_lock);
1074 	if ((pol = sk->sk_policy[dir]) != NULL) {
1075 		int match = xfrm_selector_match(&pol->selector, fl,
1076 						sk->sk_family);
1077 		int err = 0;
1078 
1079 		if (match) {
1080 			err = security_xfrm_policy_lookup(pol, fl->secid,
1081 					policy_to_flow_dir(dir));
1082 			if (!err)
1083 				xfrm_pol_hold(pol);
1084 			else if (err == -ESRCH)
1085 				pol = NULL;
1086 			else
1087 				pol = ERR_PTR(err);
1088 		} else
1089 			pol = NULL;
1090 	}
1091 	read_unlock_bh(&xfrm_policy_lock);
1092 	return pol;
1093 }
1094 
1095 static void __xfrm_policy_link(struct xfrm_policy *pol, int dir)
1096 {
1097 	struct hlist_head *chain = policy_hash_bysel(&pol->selector,
1098 						     pol->family, dir);
1099 
1100 	hlist_add_head(&pol->bydst, chain);
1101 	hlist_add_head(&pol->byidx, xfrm_policy_byidx+idx_hash(pol->index));
1102 	xfrm_policy_count[dir]++;
1103 	xfrm_pol_hold(pol);
1104 
1105 	if (xfrm_bydst_should_resize(dir, NULL))
1106 		schedule_work(&xfrm_hash_work);
1107 }
1108 
1109 static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol,
1110 						int dir)
1111 {
1112 	if (hlist_unhashed(&pol->bydst))
1113 		return NULL;
1114 
1115 	hlist_del(&pol->bydst);
1116 	hlist_del(&pol->byidx);
1117 	xfrm_policy_count[dir]--;
1118 
1119 	return pol;
1120 }
1121 
1122 int xfrm_policy_delete(struct xfrm_policy *pol, int dir)
1123 {
1124 	write_lock_bh(&xfrm_policy_lock);
1125 	pol = __xfrm_policy_unlink(pol, dir);
1126 	write_unlock_bh(&xfrm_policy_lock);
1127 	if (pol) {
1128 		if (dir < XFRM_POLICY_MAX)
1129 			atomic_inc(&flow_cache_genid);
1130 		xfrm_policy_kill(pol);
1131 		return 0;
1132 	}
1133 	return -ENOENT;
1134 }
1135 EXPORT_SYMBOL(xfrm_policy_delete);
1136 
1137 int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol)
1138 {
1139 	struct xfrm_policy *old_pol;
1140 
1141 #ifdef CONFIG_XFRM_SUB_POLICY
1142 	if (pol && pol->type != XFRM_POLICY_TYPE_MAIN)
1143 		return -EINVAL;
1144 #endif
1145 
1146 	write_lock_bh(&xfrm_policy_lock);
1147 	old_pol = sk->sk_policy[dir];
1148 	sk->sk_policy[dir] = pol;
1149 	if (pol) {
1150 		pol->curlft.add_time = get_seconds();
1151 		pol->index = xfrm_gen_index(pol->type, XFRM_POLICY_MAX+dir);
1152 		__xfrm_policy_link(pol, XFRM_POLICY_MAX+dir);
1153 	}
1154 	if (old_pol)
1155 		__xfrm_policy_unlink(old_pol, XFRM_POLICY_MAX+dir);
1156 	write_unlock_bh(&xfrm_policy_lock);
1157 
1158 	if (old_pol) {
1159 		xfrm_policy_kill(old_pol);
1160 	}
1161 	return 0;
1162 }
1163 
1164 static struct xfrm_policy *clone_policy(struct xfrm_policy *old, int dir)
1165 {
1166 	struct xfrm_policy *newp = xfrm_policy_alloc(GFP_ATOMIC);
1167 
1168 	if (newp) {
1169 		newp->selector = old->selector;
1170 		if (security_xfrm_policy_clone(old, newp)) {
1171 			kfree(newp);
1172 			return NULL;  /* ENOMEM */
1173 		}
1174 		newp->lft = old->lft;
1175 		newp->curlft = old->curlft;
1176 		newp->action = old->action;
1177 		newp->flags = old->flags;
1178 		newp->xfrm_nr = old->xfrm_nr;
1179 		newp->index = old->index;
1180 		newp->type = old->type;
1181 		memcpy(newp->xfrm_vec, old->xfrm_vec,
1182 		       newp->xfrm_nr*sizeof(struct xfrm_tmpl));
1183 		write_lock_bh(&xfrm_policy_lock);
1184 		__xfrm_policy_link(newp, XFRM_POLICY_MAX+dir);
1185 		write_unlock_bh(&xfrm_policy_lock);
1186 		xfrm_pol_put(newp);
1187 	}
1188 	return newp;
1189 }
1190 
1191 int __xfrm_sk_clone_policy(struct sock *sk)
1192 {
1193 	struct xfrm_policy *p0 = sk->sk_policy[0],
1194 			   *p1 = sk->sk_policy[1];
1195 
1196 	sk->sk_policy[0] = sk->sk_policy[1] = NULL;
1197 	if (p0 && (sk->sk_policy[0] = clone_policy(p0, 0)) == NULL)
1198 		return -ENOMEM;
1199 	if (p1 && (sk->sk_policy[1] = clone_policy(p1, 1)) == NULL)
1200 		return -ENOMEM;
1201 	return 0;
1202 }
1203 
1204 static int
1205 xfrm_get_saddr(xfrm_address_t *local, xfrm_address_t *remote,
1206 	       unsigned short family)
1207 {
1208 	int err;
1209 	struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
1210 
1211 	if (unlikely(afinfo == NULL))
1212 		return -EINVAL;
1213 	err = afinfo->get_saddr(local, remote);
1214 	xfrm_policy_put_afinfo(afinfo);
1215 	return err;
1216 }
1217 
1218 /* Resolve list of templates for the flow, given policy. */
1219 
1220 static int
1221 xfrm_tmpl_resolve_one(struct xfrm_policy *policy, struct flowi *fl,
1222 		      struct xfrm_state **xfrm,
1223 		      unsigned short family)
1224 {
1225 	int nx;
1226 	int i, error;
1227 	xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family);
1228 	xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family);
1229 	xfrm_address_t tmp;
1230 
1231 	for (nx=0, i = 0; i < policy->xfrm_nr; i++) {
1232 		struct xfrm_state *x;
1233 		xfrm_address_t *remote = daddr;
1234 		xfrm_address_t *local  = saddr;
1235 		struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i];
1236 
1237 		if (tmpl->mode == XFRM_MODE_TUNNEL) {
1238 			remote = &tmpl->id.daddr;
1239 			local = &tmpl->saddr;
1240 			family = tmpl->encap_family;
1241 			if (xfrm_addr_any(local, family)) {
1242 				error = xfrm_get_saddr(&tmp, remote, family);
1243 				if (error)
1244 					goto fail;
1245 				local = &tmp;
1246 			}
1247 		}
1248 
1249 		x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);
1250 
1251 		if (x && x->km.state == XFRM_STATE_VALID) {
1252 			xfrm[nx++] = x;
1253 			daddr = remote;
1254 			saddr = local;
1255 			continue;
1256 		}
1257 		if (x) {
1258 			error = (x->km.state == XFRM_STATE_ERROR ?
1259 				 -EINVAL : -EAGAIN);
1260 			xfrm_state_put(x);
1261 		}
1262 
1263 		if (!tmpl->optional)
1264 			goto fail;
1265 	}
1266 	return nx;
1267 
1268 fail:
1269 	for (nx--; nx>=0; nx--)
1270 		xfrm_state_put(xfrm[nx]);
1271 	return error;
1272 }
1273 
1274 static int
1275 xfrm_tmpl_resolve(struct xfrm_policy **pols, int npols, struct flowi *fl,
1276 		  struct xfrm_state **xfrm,
1277 		  unsigned short family)
1278 {
1279 	struct xfrm_state *tp[XFRM_MAX_DEPTH];
1280 	struct xfrm_state **tpp = (npols > 1) ? tp : xfrm;
1281 	int cnx = 0;
1282 	int error;
1283 	int ret;
1284 	int i;
1285 
1286 	for (i = 0; i < npols; i++) {
1287 		if (cnx + pols[i]->xfrm_nr >= XFRM_MAX_DEPTH) {
1288 			error = -ENOBUFS;
1289 			goto fail;
1290 		}
1291 
1292 		ret = xfrm_tmpl_resolve_one(pols[i], fl, &tpp[cnx], family);
1293 		if (ret < 0) {
1294 			error = ret;
1295 			goto fail;
1296 		} else
1297 			cnx += ret;
1298 	}
1299 
1300 	/* found states are sorted for outbound processing */
1301 	if (npols > 1)
1302 		xfrm_state_sort(xfrm, tpp, cnx, family);
1303 
1304 	return cnx;
1305 
1306  fail:
1307 	for (cnx--; cnx>=0; cnx--)
1308 		xfrm_state_put(tpp[cnx]);
1309 	return error;
1310 
1311 }
1312 
1313 /* Check that the bundle accepts the flow and its components are
1314  * still valid.
1315  */
1316 
1317 static struct dst_entry *
1318 xfrm_find_bundle(struct flowi *fl, struct xfrm_policy *policy, unsigned short family)
1319 {
1320 	struct dst_entry *x;
1321 	struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
1322 	if (unlikely(afinfo == NULL))
1323 		return ERR_PTR(-EINVAL);
1324 	x = afinfo->find_bundle(fl, policy);
1325 	xfrm_policy_put_afinfo(afinfo);
1326 	return x;
1327 }
1328 
1329 /* Allocate chain of dst_entry's, attach known xfrm's, calculate
1330  * all the metrics... Shortly, bundle a bundle.
1331  */
1332 
1333 static int
1334 xfrm_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int nx,
1335 		   struct flowi *fl, struct dst_entry **dst_p,
1336 		   unsigned short family)
1337 {
1338 	int err;
1339 	struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
1340 	if (unlikely(afinfo == NULL))
1341 		return -EINVAL;
1342 	err = afinfo->bundle_create(policy, xfrm, nx, fl, dst_p);
1343 	xfrm_policy_put_afinfo(afinfo);
1344 	return err;
1345 }
1346 
1347 static int inline
1348 xfrm_dst_alloc_copy(void **target, void *src, int size)
1349 {
1350 	if (!*target) {
1351 		*target = kmalloc(size, GFP_ATOMIC);
1352 		if (!*target)
1353 			return -ENOMEM;
1354 	}
1355 	memcpy(*target, src, size);
1356 	return 0;
1357 }
1358 
1359 static int inline
1360 xfrm_dst_update_parent(struct dst_entry *dst, struct xfrm_selector *sel)
1361 {
1362 #ifdef CONFIG_XFRM_SUB_POLICY
1363 	struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
1364 	return xfrm_dst_alloc_copy((void **)&(xdst->partner),
1365 				   sel, sizeof(*sel));
1366 #else
1367 	return 0;
1368 #endif
1369 }
1370 
1371 static int inline
1372 xfrm_dst_update_origin(struct dst_entry *dst, struct flowi *fl)
1373 {
1374 #ifdef CONFIG_XFRM_SUB_POLICY
1375 	struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
1376 	return xfrm_dst_alloc_copy((void **)&(xdst->origin), fl, sizeof(*fl));
1377 #else
1378 	return 0;
1379 #endif
1380 }
1381 
1382 static int stale_bundle(struct dst_entry *dst);
1383 
1384 /* Main function: finds/creates a bundle for given flow.
1385  *
1386  * At the moment we eat a raw IP route. Mostly to speed up lookups
1387  * on interfaces with disabled IPsec.
1388  */
1389 int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
1390 		struct sock *sk, int flags)
1391 {
1392 	struct xfrm_policy *policy;
1393 	struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
1394 	int npols;
1395 	int pol_dead;
1396 	int xfrm_nr;
1397 	int pi;
1398 	struct xfrm_state *xfrm[XFRM_MAX_DEPTH];
1399 	struct dst_entry *dst, *dst_orig = *dst_p;
1400 	int nx = 0;
1401 	int err;
1402 	u32 genid;
1403 	u16 family;
1404 	u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);
1405 
1406 restart:
1407 	genid = atomic_read(&flow_cache_genid);
1408 	policy = NULL;
1409 	for (pi = 0; pi < ARRAY_SIZE(pols); pi++)
1410 		pols[pi] = NULL;
1411 	npols = 0;
1412 	pol_dead = 0;
1413 	xfrm_nr = 0;
1414 
1415 	if (sk && sk->sk_policy[1]) {
1416 		policy = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl);
1417 		if (IS_ERR(policy))
1418 			return PTR_ERR(policy);
1419 	}
1420 
1421 	if (!policy) {
1422 		/* To accelerate a bit...  */
1423 		if ((dst_orig->flags & DST_NOXFRM) ||
1424 		    !xfrm_policy_count[XFRM_POLICY_OUT])
1425 			return 0;
1426 
1427 		policy = flow_cache_lookup(fl, dst_orig->ops->family,
1428 					   dir, xfrm_policy_lookup);
1429 		if (IS_ERR(policy))
1430 			return PTR_ERR(policy);
1431 	}
1432 
1433 	if (!policy)
1434 		return 0;
1435 
1436 	family = dst_orig->ops->family;
1437 	policy->curlft.use_time = get_seconds();
1438 	pols[0] = policy;
1439 	npols ++;
1440 	xfrm_nr += pols[0]->xfrm_nr;
1441 
1442 	switch (policy->action) {
1443 	case XFRM_POLICY_BLOCK:
1444 		/* Prohibit the flow */
1445 		err = -EPERM;
1446 		goto error;
1447 
1448 	case XFRM_POLICY_ALLOW:
1449 #ifndef CONFIG_XFRM_SUB_POLICY
1450 		if (policy->xfrm_nr == 0) {
1451 			/* Flow passes not transformed. */
1452 			xfrm_pol_put(policy);
1453 			return 0;
1454 		}
1455 #endif
1456 
1457 		/* Try to find matching bundle.
1458 		 *
1459 		 * LATER: help from flow cache. It is optional, this
1460 		 * is required only for output policy.
1461 		 */
1462 		dst = xfrm_find_bundle(fl, policy, family);
1463 		if (IS_ERR(dst)) {
1464 			err = PTR_ERR(dst);
1465 			goto error;
1466 		}
1467 
1468 		if (dst)
1469 			break;
1470 
1471 #ifdef CONFIG_XFRM_SUB_POLICY
1472 		if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) {
1473 			pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN,
1474 							    fl, family,
1475 							    XFRM_POLICY_OUT);
1476 			if (pols[1]) {
1477 				if (IS_ERR(pols[1])) {
1478 					err = PTR_ERR(pols[1]);
1479 					goto error;
1480 				}
1481 				if (pols[1]->action == XFRM_POLICY_BLOCK) {
1482 					err = -EPERM;
1483 					goto error;
1484 				}
1485 				npols ++;
1486 				xfrm_nr += pols[1]->xfrm_nr;
1487 			}
1488 		}
1489 
1490 		/*
1491 		 * Because neither flowi nor bundle information knows about
1492 		 * transformation template size. On more than one policy usage
1493 		 * we can realize whether all of them is bypass or not after
1494 		 * they are searched. See above not-transformed bypass
1495 		 * is surrounded by non-sub policy configuration, too.
1496 		 */
1497 		if (xfrm_nr == 0) {
1498 			/* Flow passes not transformed. */
1499 			xfrm_pols_put(pols, npols);
1500 			return 0;
1501 		}
1502 
1503 #endif
1504 		nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family);
1505 
1506 		if (unlikely(nx<0)) {
1507 			err = nx;
1508 			if (err == -EAGAIN && flags) {
1509 				DECLARE_WAITQUEUE(wait, current);
1510 
1511 				add_wait_queue(&km_waitq, &wait);
1512 				set_current_state(TASK_INTERRUPTIBLE);
1513 				schedule();
1514 				set_current_state(TASK_RUNNING);
1515 				remove_wait_queue(&km_waitq, &wait);
1516 
1517 				nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family);
1518 
1519 				if (nx == -EAGAIN && signal_pending(current)) {
1520 					err = -ERESTART;
1521 					goto error;
1522 				}
1523 				if (nx == -EAGAIN ||
1524 				    genid != atomic_read(&flow_cache_genid)) {
1525 					xfrm_pols_put(pols, npols);
1526 					goto restart;
1527 				}
1528 				err = nx;
1529 			}
1530 			if (err < 0)
1531 				goto error;
1532 		}
1533 		if (nx == 0) {
1534 			/* Flow passes not transformed. */
1535 			xfrm_pols_put(pols, npols);
1536 			return 0;
1537 		}
1538 
1539 		dst = dst_orig;
1540 		err = xfrm_bundle_create(policy, xfrm, nx, fl, &dst, family);
1541 
1542 		if (unlikely(err)) {
1543 			int i;
1544 			for (i=0; i<nx; i++)
1545 				xfrm_state_put(xfrm[i]);
1546 			goto error;
1547 		}
1548 
1549 		for (pi = 0; pi < npols; pi++) {
1550 			read_lock_bh(&pols[pi]->lock);
1551 			pol_dead |= pols[pi]->dead;
1552 			read_unlock_bh(&pols[pi]->lock);
1553 		}
1554 
1555 		write_lock_bh(&policy->lock);
1556 		if (unlikely(pol_dead || stale_bundle(dst))) {
1557 			/* Wow! While we worked on resolving, this
1558 			 * policy has gone. Retry. It is not paranoia,
1559 			 * we just cannot enlist new bundle to dead object.
1560 			 * We can't enlist stable bundles either.
1561 			 */
1562 			write_unlock_bh(&policy->lock);
1563 			if (dst)
1564 				dst_free(dst);
1565 
1566 			err = -EHOSTUNREACH;
1567 			goto error;
1568 		}
1569 
1570 		if (npols > 1)
1571 			err = xfrm_dst_update_parent(dst, &pols[1]->selector);
1572 		else
1573 			err = xfrm_dst_update_origin(dst, fl);
1574 		if (unlikely(err)) {
1575 			write_unlock_bh(&policy->lock);
1576 			if (dst)
1577 				dst_free(dst);
1578 			goto error;
1579 		}
1580 
1581 		dst->next = policy->bundles;
1582 		policy->bundles = dst;
1583 		dst_hold(dst);
1584 		write_unlock_bh(&policy->lock);
1585 	}
1586 	*dst_p = dst;
1587 	dst_release(dst_orig);
1588 	xfrm_pols_put(pols, npols);
1589 	return 0;
1590 
1591 error:
1592 	dst_release(dst_orig);
1593 	xfrm_pols_put(pols, npols);
1594 	*dst_p = NULL;
1595 	return err;
1596 }
1597 EXPORT_SYMBOL(xfrm_lookup);
1598 
1599 static inline int
1600 xfrm_secpath_reject(int idx, struct sk_buff *skb, struct flowi *fl)
1601 {
1602 	struct xfrm_state *x;
1603 	int err;
1604 
1605 	if (!skb->sp || idx < 0 || idx >= skb->sp->len)
1606 		return 0;
1607 	x = skb->sp->xvec[idx];
1608 	if (!x->type->reject)
1609 		return 0;
1610 	xfrm_state_hold(x);
1611 	err = x->type->reject(x, skb, fl);
1612 	xfrm_state_put(x);
1613 	return err;
1614 }
1615 
1616 /* When skb is transformed back to its "native" form, we have to
1617  * check policy restrictions. At the moment we make this in maximally
1618  * stupid way. Shame on me. :-) Of course, connected sockets must
1619  * have policy cached at them.
1620  */
1621 
1622 static inline int
1623 xfrm_state_ok(struct xfrm_tmpl *tmpl, struct xfrm_state *x,
1624 	      unsigned short family)
1625 {
1626 	if (xfrm_state_kern(x))
1627 		return tmpl->optional && !xfrm_state_addr_cmp(tmpl, x, tmpl->encap_family);
1628 	return	x->id.proto == tmpl->id.proto &&
1629 		(x->id.spi == tmpl->id.spi || !tmpl->id.spi) &&
1630 		(x->props.reqid == tmpl->reqid || !tmpl->reqid) &&
1631 		x->props.mode == tmpl->mode &&
1632 		((tmpl->aalgos & (1<<x->props.aalgo)) ||
1633 		 !(xfrm_id_proto_match(tmpl->id.proto, IPSEC_PROTO_ANY))) &&
1634 		!(x->props.mode != XFRM_MODE_TRANSPORT &&
1635 		  xfrm_state_addr_cmp(tmpl, x, family));
1636 }
1637 
1638 /*
1639  * 0 or more than 0 is returned when validation is succeeded (either bypass
1640  * because of optional transport mode, or next index of the mathced secpath
1641  * state with the template.
1642  * -1 is returned when no matching template is found.
1643  * Otherwise "-2 - errored_index" is returned.
1644  */
1645 static inline int
1646 xfrm_policy_ok(struct xfrm_tmpl *tmpl, struct sec_path *sp, int start,
1647 	       unsigned short family)
1648 {
1649 	int idx = start;
1650 
1651 	if (tmpl->optional) {
1652 		if (tmpl->mode == XFRM_MODE_TRANSPORT)
1653 			return start;
1654 	} else
1655 		start = -1;
1656 	for (; idx < sp->len; idx++) {
1657 		if (xfrm_state_ok(tmpl, sp->xvec[idx], family))
1658 			return ++idx;
1659 		if (sp->xvec[idx]->props.mode != XFRM_MODE_TRANSPORT) {
1660 			if (start == -1)
1661 				start = -2-idx;
1662 			break;
1663 		}
1664 	}
1665 	return start;
1666 }
1667 
1668 int
1669 xfrm_decode_session(struct sk_buff *skb, struct flowi *fl, unsigned short family)
1670 {
1671 	struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
1672 	int err;
1673 
1674 	if (unlikely(afinfo == NULL))
1675 		return -EAFNOSUPPORT;
1676 
1677 	afinfo->decode_session(skb, fl);
1678 	err = security_xfrm_decode_session(skb, &fl->secid);
1679 	xfrm_policy_put_afinfo(afinfo);
1680 	return err;
1681 }
1682 EXPORT_SYMBOL(xfrm_decode_session);
1683 
1684 static inline int secpath_has_nontransport(struct sec_path *sp, int k, int *idxp)
1685 {
1686 	for (; k < sp->len; k++) {
1687 		if (sp->xvec[k]->props.mode != XFRM_MODE_TRANSPORT) {
1688 			*idxp = k;
1689 			return 1;
1690 		}
1691 	}
1692 
1693 	return 0;
1694 }
1695 
1696 int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
1697 			unsigned short family)
1698 {
1699 	struct xfrm_policy *pol;
1700 	struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
1701 	int npols = 0;
1702 	int xfrm_nr;
1703 	int pi;
1704 	struct flowi fl;
1705 	u8 fl_dir = policy_to_flow_dir(dir);
1706 	int xerr_idx = -1;
1707 
1708 	if (xfrm_decode_session(skb, &fl, family) < 0)
1709 		return 0;
1710 	nf_nat_decode_session(skb, &fl, family);
1711 
1712 	/* First, check used SA against their selectors. */
1713 	if (skb->sp) {
1714 		int i;
1715 
1716 		for (i=skb->sp->len-1; i>=0; i--) {
1717 			struct xfrm_state *x = skb->sp->xvec[i];
1718 			if (!xfrm_selector_match(&x->sel, &fl, family))
1719 				return 0;
1720 		}
1721 	}
1722 
1723 	pol = NULL;
1724 	if (sk && sk->sk_policy[dir]) {
1725 		pol = xfrm_sk_policy_lookup(sk, dir, &fl);
1726 		if (IS_ERR(pol))
1727 			return 0;
1728 	}
1729 
1730 	if (!pol)
1731 		pol = flow_cache_lookup(&fl, family, fl_dir,
1732 					xfrm_policy_lookup);
1733 
1734 	if (IS_ERR(pol))
1735 		return 0;
1736 
1737 	if (!pol) {
1738 		if (skb->sp && secpath_has_nontransport(skb->sp, 0, &xerr_idx)) {
1739 			xfrm_secpath_reject(xerr_idx, skb, &fl);
1740 			return 0;
1741 		}
1742 		return 1;
1743 	}
1744 
1745 	pol->curlft.use_time = get_seconds();
1746 
1747 	pols[0] = pol;
1748 	npols ++;
1749 #ifdef CONFIG_XFRM_SUB_POLICY
1750 	if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) {
1751 		pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN,
1752 						    &fl, family,
1753 						    XFRM_POLICY_IN);
1754 		if (pols[1]) {
1755 			if (IS_ERR(pols[1]))
1756 				return 0;
1757 			pols[1]->curlft.use_time = get_seconds();
1758 			npols ++;
1759 		}
1760 	}
1761 #endif
1762 
1763 	if (pol->action == XFRM_POLICY_ALLOW) {
1764 		struct sec_path *sp;
1765 		static struct sec_path dummy;
1766 		struct xfrm_tmpl *tp[XFRM_MAX_DEPTH];
1767 		struct xfrm_tmpl *stp[XFRM_MAX_DEPTH];
1768 		struct xfrm_tmpl **tpp = tp;
1769 		int ti = 0;
1770 		int i, k;
1771 
1772 		if ((sp = skb->sp) == NULL)
1773 			sp = &dummy;
1774 
1775 		for (pi = 0; pi < npols; pi++) {
1776 			if (pols[pi] != pol &&
1777 			    pols[pi]->action != XFRM_POLICY_ALLOW)
1778 				goto reject;
1779 			if (ti + pols[pi]->xfrm_nr >= XFRM_MAX_DEPTH)
1780 				goto reject_error;
1781 			for (i = 0; i < pols[pi]->xfrm_nr; i++)
1782 				tpp[ti++] = &pols[pi]->xfrm_vec[i];
1783 		}
1784 		xfrm_nr = ti;
1785 		if (npols > 1) {
1786 			xfrm_tmpl_sort(stp, tpp, xfrm_nr, family);
1787 			tpp = stp;
1788 		}
1789 
1790 		/* For each tunnel xfrm, find the first matching tmpl.
1791 		 * For each tmpl before that, find corresponding xfrm.
1792 		 * Order is _important_. Later we will implement
1793 		 * some barriers, but at the moment barriers
1794 		 * are implied between each two transformations.
1795 		 */
1796 		for (i = xfrm_nr-1, k = 0; i >= 0; i--) {
1797 			k = xfrm_policy_ok(tpp[i], sp, k, family);
1798 			if (k < 0) {
1799 				if (k < -1)
1800 					/* "-2 - errored_index" returned */
1801 					xerr_idx = -(2+k);
1802 				goto reject;
1803 			}
1804 		}
1805 
1806 		if (secpath_has_nontransport(sp, k, &xerr_idx))
1807 			goto reject;
1808 
1809 		xfrm_pols_put(pols, npols);
1810 		return 1;
1811 	}
1812 
1813 reject:
1814 	xfrm_secpath_reject(xerr_idx, skb, &fl);
1815 reject_error:
1816 	xfrm_pols_put(pols, npols);
1817 	return 0;
1818 }
1819 EXPORT_SYMBOL(__xfrm_policy_check);
1820 
1821 int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
1822 {
1823 	struct flowi fl;
1824 
1825 	if (xfrm_decode_session(skb, &fl, family) < 0)
1826 		return 0;
1827 
1828 	return xfrm_lookup(&skb->dst, &fl, NULL, 0) == 0;
1829 }
1830 EXPORT_SYMBOL(__xfrm_route_forward);
1831 
1832 /* Optimize later using cookies and generation ids. */
1833 
1834 static struct dst_entry *xfrm_dst_check(struct dst_entry *dst, u32 cookie)
1835 {
1836 	/* Code (such as __xfrm4_bundle_create()) sets dst->obsolete
1837 	 * to "-1" to force all XFRM destinations to get validated by
1838 	 * dst_ops->check on every use.  We do this because when a
1839 	 * normal route referenced by an XFRM dst is obsoleted we do
1840 	 * not go looking around for all parent referencing XFRM dsts
1841 	 * so that we can invalidate them.  It is just too much work.
1842 	 * Instead we make the checks here on every use.  For example:
1843 	 *
1844 	 *	XFRM dst A --> IPv4 dst X
1845 	 *
1846 	 * X is the "xdst->route" of A (X is also the "dst->path" of A
1847 	 * in this example).  If X is marked obsolete, "A" will not
1848 	 * notice.  That's what we are validating here via the
1849 	 * stale_bundle() check.
1850 	 *
1851 	 * When a policy's bundle is pruned, we dst_free() the XFRM
1852 	 * dst which causes it's ->obsolete field to be set to a
1853 	 * positive non-zero integer.  If an XFRM dst has been pruned
1854 	 * like this, we want to force a new route lookup.
1855 	 */
1856 	if (dst->obsolete < 0 && !stale_bundle(dst))
1857 		return dst;
1858 
1859 	return NULL;
1860 }
1861 
1862 static int stale_bundle(struct dst_entry *dst)
1863 {
1864 	return !xfrm_bundle_ok(NULL, (struct xfrm_dst *)dst, NULL, AF_UNSPEC, 0);
1865 }
1866 
1867 void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev)
1868 {
1869 	while ((dst = dst->child) && dst->xfrm && dst->dev == dev) {
1870 		dst->dev = &loopback_dev;
1871 		dev_hold(&loopback_dev);
1872 		dev_put(dev);
1873 	}
1874 }
1875 EXPORT_SYMBOL(xfrm_dst_ifdown);
1876 
1877 static void xfrm_link_failure(struct sk_buff *skb)
1878 {
1879 	/* Impossible. Such dst must be popped before reaches point of failure. */
1880 	return;
1881 }
1882 
1883 static struct dst_entry *xfrm_negative_advice(struct dst_entry *dst)
1884 {
1885 	if (dst) {
1886 		if (dst->obsolete) {
1887 			dst_release(dst);
1888 			dst = NULL;
1889 		}
1890 	}
1891 	return dst;
1892 }
1893 
1894 static void prune_one_bundle(struct xfrm_policy *pol, int (*func)(struct dst_entry *), struct dst_entry **gc_list_p)
1895 {
1896 	struct dst_entry *dst, **dstp;
1897 
1898 	write_lock(&pol->lock);
1899 	dstp = &pol->bundles;
1900 	while ((dst=*dstp) != NULL) {
1901 		if (func(dst)) {
1902 			*dstp = dst->next;
1903 			dst->next = *gc_list_p;
1904 			*gc_list_p = dst;
1905 		} else {
1906 			dstp = &dst->next;
1907 		}
1908 	}
1909 	write_unlock(&pol->lock);
1910 }
1911 
1912 static void xfrm_prune_bundles(int (*func)(struct dst_entry *))
1913 {
1914 	struct dst_entry *gc_list = NULL;
1915 	int dir;
1916 
1917 	read_lock_bh(&xfrm_policy_lock);
1918 	for (dir = 0; dir < XFRM_POLICY_MAX * 2; dir++) {
1919 		struct xfrm_policy *pol;
1920 		struct hlist_node *entry;
1921 		struct hlist_head *table;
1922 		int i;
1923 
1924 		hlist_for_each_entry(pol, entry,
1925 				     &xfrm_policy_inexact[dir], bydst)
1926 			prune_one_bundle(pol, func, &gc_list);
1927 
1928 		table = xfrm_policy_bydst[dir].table;
1929 		for (i = xfrm_policy_bydst[dir].hmask; i >= 0; i--) {
1930 			hlist_for_each_entry(pol, entry, table + i, bydst)
1931 				prune_one_bundle(pol, func, &gc_list);
1932 		}
1933 	}
1934 	read_unlock_bh(&xfrm_policy_lock);
1935 
1936 	while (gc_list) {
1937 		struct dst_entry *dst = gc_list;
1938 		gc_list = dst->next;
1939 		dst_free(dst);
1940 	}
1941 }
1942 
1943 static int unused_bundle(struct dst_entry *dst)
1944 {
1945 	return !atomic_read(&dst->__refcnt);
1946 }
1947 
1948 static void __xfrm_garbage_collect(void)
1949 {
1950 	xfrm_prune_bundles(unused_bundle);
1951 }
1952 
1953 static int xfrm_flush_bundles(void)
1954 {
1955 	xfrm_prune_bundles(stale_bundle);
1956 	return 0;
1957 }
1958 
1959 void xfrm_init_pmtu(struct dst_entry *dst)
1960 {
1961 	do {
1962 		struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
1963 		u32 pmtu, route_mtu_cached;
1964 
1965 		pmtu = dst_mtu(dst->child);
1966 		xdst->child_mtu_cached = pmtu;
1967 
1968 		pmtu = xfrm_state_mtu(dst->xfrm, pmtu);
1969 
1970 		route_mtu_cached = dst_mtu(xdst->route);
1971 		xdst->route_mtu_cached = route_mtu_cached;
1972 
1973 		if (pmtu > route_mtu_cached)
1974 			pmtu = route_mtu_cached;
1975 
1976 		dst->metrics[RTAX_MTU-1] = pmtu;
1977 	} while ((dst = dst->next));
1978 }
1979 
1980 EXPORT_SYMBOL(xfrm_init_pmtu);
1981 
1982 /* Check that the bundle accepts the flow and its components are
1983  * still valid.
1984  */
1985 
1986 int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
1987 		struct flowi *fl, int family, int strict)
1988 {
1989 	struct dst_entry *dst = &first->u.dst;
1990 	struct xfrm_dst *last;
1991 	u32 mtu;
1992 
1993 	if (!dst_check(dst->path, ((struct xfrm_dst *)dst)->path_cookie) ||
1994 	    (dst->dev && !netif_running(dst->dev)))
1995 		return 0;
1996 #ifdef CONFIG_XFRM_SUB_POLICY
1997 	if (fl) {
1998 		if (first->origin && !flow_cache_uli_match(first->origin, fl))
1999 			return 0;
2000 		if (first->partner &&
2001 		    !xfrm_selector_match(first->partner, fl, family))
2002 			return 0;
2003 	}
2004 #endif
2005 
2006 	last = NULL;
2007 
2008 	do {
2009 		struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
2010 
2011 		if (fl && !xfrm_selector_match(&dst->xfrm->sel, fl, family))
2012 			return 0;
2013 		if (fl && pol &&
2014 		    !security_xfrm_state_pol_flow_match(dst->xfrm, pol, fl))
2015 			return 0;
2016 		if (dst->xfrm->km.state != XFRM_STATE_VALID)
2017 			return 0;
2018 		if (xdst->genid != dst->xfrm->genid)
2019 			return 0;
2020 
2021 		if (strict && fl && dst->xfrm->props.mode != XFRM_MODE_TUNNEL &&
2022 		    !xfrm_state_addr_flow_check(dst->xfrm, fl, family))
2023 			return 0;
2024 
2025 		mtu = dst_mtu(dst->child);
2026 		if (xdst->child_mtu_cached != mtu) {
2027 			last = xdst;
2028 			xdst->child_mtu_cached = mtu;
2029 		}
2030 
2031 		if (!dst_check(xdst->route, xdst->route_cookie))
2032 			return 0;
2033 		mtu = dst_mtu(xdst->route);
2034 		if (xdst->route_mtu_cached != mtu) {
2035 			last = xdst;
2036 			xdst->route_mtu_cached = mtu;
2037 		}
2038 
2039 		dst = dst->child;
2040 	} while (dst->xfrm);
2041 
2042 	if (likely(!last))
2043 		return 1;
2044 
2045 	mtu = last->child_mtu_cached;
2046 	for (;;) {
2047 		dst = &last->u.dst;
2048 
2049 		mtu = xfrm_state_mtu(dst->xfrm, mtu);
2050 		if (mtu > last->route_mtu_cached)
2051 			mtu = last->route_mtu_cached;
2052 		dst->metrics[RTAX_MTU-1] = mtu;
2053 
2054 		if (last == first)
2055 			break;
2056 
2057 		last = last->u.next;
2058 		last->child_mtu_cached = mtu;
2059 	}
2060 
2061 	return 1;
2062 }
2063 
2064 EXPORT_SYMBOL(xfrm_bundle_ok);
2065 
2066 #ifdef CONFIG_AUDITSYSCALL
2067 /* Audit addition and deletion of SAs and ipsec policy */
2068 
2069 void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
2070 		    struct xfrm_policy *xp, struct xfrm_state *x)
2071 {
2072 
2073 	char *secctx;
2074 	u32 secctx_len;
2075 	struct xfrm_sec_ctx *sctx = NULL;
2076 	struct audit_buffer *audit_buf;
2077 	int family;
2078 	extern int audit_enabled;
2079 
2080 	if (audit_enabled == 0)
2081 		return;
2082 
2083 	BUG_ON((type == AUDIT_MAC_IPSEC_ADDSA ||
2084 		type == AUDIT_MAC_IPSEC_DELSA) && !x);
2085 	BUG_ON((type == AUDIT_MAC_IPSEC_ADDSPD ||
2086 		type == AUDIT_MAC_IPSEC_DELSPD) && !xp);
2087 
2088 	audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type);
2089 	if (audit_buf == NULL)
2090 		return;
2091 
2092 	switch(type) {
2093 	case AUDIT_MAC_IPSEC_ADDSA:
2094 		audit_log_format(audit_buf, "SAD add: auid=%u", auid);
2095 		break;
2096 	case AUDIT_MAC_IPSEC_DELSA:
2097 		audit_log_format(audit_buf, "SAD delete: auid=%u", auid);
2098 		break;
2099 	case AUDIT_MAC_IPSEC_ADDSPD:
2100 		audit_log_format(audit_buf, "SPD add: auid=%u", auid);
2101 		break;
2102 	case AUDIT_MAC_IPSEC_DELSPD:
2103 		audit_log_format(audit_buf, "SPD delete: auid=%u", auid);
2104 		break;
2105 	default:
2106 		return;
2107 	}
2108 
2109 	if (sid != 0 &&
2110 		security_secid_to_secctx(sid, &secctx, &secctx_len) == 0)
2111 		audit_log_format(audit_buf, " subj=%s", secctx);
2112 	else
2113 		audit_log_task_context(audit_buf);
2114 
2115 	if (xp) {
2116 		family = xp->selector.family;
2117 		if (xp->security)
2118 			sctx = xp->security;
2119 	} else {
2120 		family = x->props.family;
2121 		if (x->security)
2122 			sctx = x->security;
2123 	}
2124 
2125 	if (sctx)
2126 		audit_log_format(audit_buf,
2127 				" sec_alg=%u sec_doi=%u sec_obj=%s",
2128 				sctx->ctx_alg, sctx->ctx_doi, sctx->ctx_str);
2129 
2130 	switch(family) {
2131 	case AF_INET:
2132 		{
2133 			struct in_addr saddr, daddr;
2134 			if (xp) {
2135 				saddr.s_addr = xp->selector.saddr.a4;
2136 				daddr.s_addr = xp->selector.daddr.a4;
2137 			} else {
2138 				saddr.s_addr = x->props.saddr.a4;
2139 				daddr.s_addr = x->id.daddr.a4;
2140 			}
2141 			audit_log_format(audit_buf,
2142 					 " src=%u.%u.%u.%u dst=%u.%u.%u.%u",
2143 					 NIPQUAD(saddr), NIPQUAD(daddr));
2144 		}
2145 			break;
2146 	case AF_INET6:
2147 		{
2148 			struct in6_addr saddr6, daddr6;
2149 			if (xp) {
2150 				memcpy(&saddr6, xp->selector.saddr.a6,
2151 					sizeof(struct in6_addr));
2152 				memcpy(&daddr6, xp->selector.daddr.a6,
2153 					sizeof(struct in6_addr));
2154 			} else {
2155 				memcpy(&saddr6, x->props.saddr.a6,
2156 					sizeof(struct in6_addr));
2157 				memcpy(&daddr6, x->id.daddr.a6,
2158 					sizeof(struct in6_addr));
2159 			}
2160 			audit_log_format(audit_buf,
2161 					 " src=" NIP6_FMT " dst=" NIP6_FMT,
2162 					 NIP6(saddr6), NIP6(daddr6));
2163 		}
2164 		break;
2165 	}
2166 
2167 	if (x)
2168 		audit_log_format(audit_buf, " spi=%lu(0x%lx) protocol=%s",
2169 				(unsigned long)ntohl(x->id.spi),
2170 				(unsigned long)ntohl(x->id.spi),
2171 				x->id.proto == IPPROTO_AH ? "AH" :
2172 				(x->id.proto == IPPROTO_ESP ?
2173 				"ESP" : "IPCOMP"));
2174 
2175 	audit_log_format(audit_buf, " res=%u", result);
2176 	audit_log_end(audit_buf);
2177 }
2178 
2179 EXPORT_SYMBOL(xfrm_audit_log);
2180 #endif /* CONFIG_AUDITSYSCALL */
2181 
2182 int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
2183 {
2184 	int err = 0;
2185 	if (unlikely(afinfo == NULL))
2186 		return -EINVAL;
2187 	if (unlikely(afinfo->family >= NPROTO))
2188 		return -EAFNOSUPPORT;
2189 	write_lock_bh(&xfrm_policy_afinfo_lock);
2190 	if (unlikely(xfrm_policy_afinfo[afinfo->family] != NULL))
2191 		err = -ENOBUFS;
2192 	else {
2193 		struct dst_ops *dst_ops = afinfo->dst_ops;
2194 		if (likely(dst_ops->kmem_cachep == NULL))
2195 			dst_ops->kmem_cachep = xfrm_dst_cache;
2196 		if (likely(dst_ops->check == NULL))
2197 			dst_ops->check = xfrm_dst_check;
2198 		if (likely(dst_ops->negative_advice == NULL))
2199 			dst_ops->negative_advice = xfrm_negative_advice;
2200 		if (likely(dst_ops->link_failure == NULL))
2201 			dst_ops->link_failure = xfrm_link_failure;
2202 		if (likely(afinfo->garbage_collect == NULL))
2203 			afinfo->garbage_collect = __xfrm_garbage_collect;
2204 		xfrm_policy_afinfo[afinfo->family] = afinfo;
2205 	}
2206 	write_unlock_bh(&xfrm_policy_afinfo_lock);
2207 	return err;
2208 }
2209 EXPORT_SYMBOL(xfrm_policy_register_afinfo);
2210 
2211 int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
2212 {
2213 	int err = 0;
2214 	if (unlikely(afinfo == NULL))
2215 		return -EINVAL;
2216 	if (unlikely(afinfo->family >= NPROTO))
2217 		return -EAFNOSUPPORT;
2218 	write_lock_bh(&xfrm_policy_afinfo_lock);
2219 	if (likely(xfrm_policy_afinfo[afinfo->family] != NULL)) {
2220 		if (unlikely(xfrm_policy_afinfo[afinfo->family] != afinfo))
2221 			err = -EINVAL;
2222 		else {
2223 			struct dst_ops *dst_ops = afinfo->dst_ops;
2224 			xfrm_policy_afinfo[afinfo->family] = NULL;
2225 			dst_ops->kmem_cachep = NULL;
2226 			dst_ops->check = NULL;
2227 			dst_ops->negative_advice = NULL;
2228 			dst_ops->link_failure = NULL;
2229 			afinfo->garbage_collect = NULL;
2230 		}
2231 	}
2232 	write_unlock_bh(&xfrm_policy_afinfo_lock);
2233 	return err;
2234 }
2235 EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
2236 
2237 static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family)
2238 {
2239 	struct xfrm_policy_afinfo *afinfo;
2240 	if (unlikely(family >= NPROTO))
2241 		return NULL;
2242 	read_lock(&xfrm_policy_afinfo_lock);
2243 	afinfo = xfrm_policy_afinfo[family];
2244 	if (unlikely(!afinfo))
2245 		read_unlock(&xfrm_policy_afinfo_lock);
2246 	return afinfo;
2247 }
2248 
2249 static void xfrm_policy_put_afinfo(struct xfrm_policy_afinfo *afinfo)
2250 {
2251 	read_unlock(&xfrm_policy_afinfo_lock);
2252 }
2253 
2254 static struct xfrm_policy_afinfo *xfrm_policy_lock_afinfo(unsigned int family)
2255 {
2256 	struct xfrm_policy_afinfo *afinfo;
2257 	if (unlikely(family >= NPROTO))
2258 		return NULL;
2259 	write_lock_bh(&xfrm_policy_afinfo_lock);
2260 	afinfo = xfrm_policy_afinfo[family];
2261 	if (unlikely(!afinfo))
2262 		write_unlock_bh(&xfrm_policy_afinfo_lock);
2263 	return afinfo;
2264 }
2265 
2266 static void xfrm_policy_unlock_afinfo(struct xfrm_policy_afinfo *afinfo)
2267 {
2268 	write_unlock_bh(&xfrm_policy_afinfo_lock);
2269 }
2270 
2271 static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
2272 {
2273 	switch (event) {
2274 	case NETDEV_DOWN:
2275 		xfrm_flush_bundles();
2276 	}
2277 	return NOTIFY_DONE;
2278 }
2279 
2280 static struct notifier_block xfrm_dev_notifier = {
2281 	xfrm_dev_event,
2282 	NULL,
2283 	0
2284 };
2285 
2286 static void __init xfrm_policy_init(void)
2287 {
2288 	unsigned int hmask, sz;
2289 	int dir;
2290 
2291 	xfrm_dst_cache = kmem_cache_create("xfrm_dst_cache",
2292 					   sizeof(struct xfrm_dst),
2293 					   0, SLAB_HWCACHE_ALIGN|SLAB_PANIC,
2294 					   NULL, NULL);
2295 
2296 	hmask = 8 - 1;
2297 	sz = (hmask+1) * sizeof(struct hlist_head);
2298 
2299 	xfrm_policy_byidx = xfrm_hash_alloc(sz);
2300 	xfrm_idx_hmask = hmask;
2301 	if (!xfrm_policy_byidx)
2302 		panic("XFRM: failed to allocate byidx hash\n");
2303 
2304 	for (dir = 0; dir < XFRM_POLICY_MAX * 2; dir++) {
2305 		struct xfrm_policy_hash *htab;
2306 
2307 		INIT_HLIST_HEAD(&xfrm_policy_inexact[dir]);
2308 
2309 		htab = &xfrm_policy_bydst[dir];
2310 		htab->table = xfrm_hash_alloc(sz);
2311 		htab->hmask = hmask;
2312 		if (!htab->table)
2313 			panic("XFRM: failed to allocate bydst hash\n");
2314 	}
2315 
2316 	INIT_WORK(&xfrm_policy_gc_work, xfrm_policy_gc_task);
2317 	register_netdevice_notifier(&xfrm_dev_notifier);
2318 }
2319 
2320 void __init xfrm_init(void)
2321 {
2322 	xfrm_state_init();
2323 	xfrm_policy_init();
2324 	xfrm_input_init();
2325 }
2326 
2327 #ifdef CONFIG_XFRM_MIGRATE
2328 static int xfrm_migrate_selector_match(struct xfrm_selector *sel_cmp,
2329 				       struct xfrm_selector *sel_tgt)
2330 {
2331 	if (sel_cmp->proto == IPSEC_ULPROTO_ANY) {
2332 		if (sel_tgt->family == sel_cmp->family &&
2333 		    xfrm_addr_cmp(&sel_tgt->daddr, &sel_cmp->daddr,
2334 				  sel_cmp->family) == 0 &&
2335 		    xfrm_addr_cmp(&sel_tgt->saddr, &sel_cmp->saddr,
2336 				  sel_cmp->family) == 0 &&
2337 		    sel_tgt->prefixlen_d == sel_cmp->prefixlen_d &&
2338 		    sel_tgt->prefixlen_s == sel_cmp->prefixlen_s) {
2339 			return 1;
2340 		}
2341 	} else {
2342 		if (memcmp(sel_tgt, sel_cmp, sizeof(*sel_tgt)) == 0) {
2343 			return 1;
2344 		}
2345 	}
2346 	return 0;
2347 }
2348 
2349 static struct xfrm_policy * xfrm_migrate_policy_find(struct xfrm_selector *sel,
2350 						     u8 dir, u8 type)
2351 {
2352 	struct xfrm_policy *pol, *ret = NULL;
2353 	struct hlist_node *entry;
2354 	struct hlist_head *chain;
2355 	u32 priority = ~0U;
2356 
2357 	read_lock_bh(&xfrm_policy_lock);
2358 	chain = policy_hash_direct(&sel->daddr, &sel->saddr, sel->family, dir);
2359 	hlist_for_each_entry(pol, entry, chain, bydst) {
2360 		if (xfrm_migrate_selector_match(sel, &pol->selector) &&
2361 		    pol->type == type) {
2362 			ret = pol;
2363 			priority = ret->priority;
2364 			break;
2365 		}
2366 	}
2367 	chain = &xfrm_policy_inexact[dir];
2368 	hlist_for_each_entry(pol, entry, chain, bydst) {
2369 		if (xfrm_migrate_selector_match(sel, &pol->selector) &&
2370 		    pol->type == type &&
2371 		    pol->priority < priority) {
2372 			ret = pol;
2373 			break;
2374 		}
2375 	}
2376 
2377 	if (ret)
2378 		xfrm_pol_hold(ret);
2379 
2380 	read_unlock_bh(&xfrm_policy_lock);
2381 
2382 	return ret;
2383 }
2384 
2385 static int migrate_tmpl_match(struct xfrm_migrate *m, struct xfrm_tmpl *t)
2386 {
2387 	int match = 0;
2388 
2389 	if (t->mode == m->mode && t->id.proto == m->proto &&
2390 	    (m->reqid == 0 || t->reqid == m->reqid)) {
2391 		switch (t->mode) {
2392 		case XFRM_MODE_TUNNEL:
2393 		case XFRM_MODE_BEET:
2394 			if (xfrm_addr_cmp(&t->id.daddr, &m->old_daddr,
2395 					  m->old_family) == 0 &&
2396 			    xfrm_addr_cmp(&t->saddr, &m->old_saddr,
2397 					  m->old_family) == 0) {
2398 				match = 1;
2399 			}
2400 			break;
2401 		case XFRM_MODE_TRANSPORT:
2402 			/* in case of transport mode, template does not store
2403 			   any IP addresses, hence we just compare mode and
2404 			   protocol */
2405 			match = 1;
2406 			break;
2407 		default:
2408 			break;
2409 		}
2410 	}
2411 	return match;
2412 }
2413 
2414 /* update endpoint address(es) of template(s) */
2415 static int xfrm_policy_migrate(struct xfrm_policy *pol,
2416 			       struct xfrm_migrate *m, int num_migrate)
2417 {
2418 	struct xfrm_migrate *mp;
2419 	struct dst_entry *dst;
2420 	int i, j, n = 0;
2421 
2422 	write_lock_bh(&pol->lock);
2423 	if (unlikely(pol->dead)) {
2424 		/* target policy has been deleted */
2425 		write_unlock_bh(&pol->lock);
2426 		return -ENOENT;
2427 	}
2428 
2429 	for (i = 0; i < pol->xfrm_nr; i++) {
2430 		for (j = 0, mp = m; j < num_migrate; j++, mp++) {
2431 			if (!migrate_tmpl_match(mp, &pol->xfrm_vec[i]))
2432 				continue;
2433 			n++;
2434 			if (pol->xfrm_vec[i].mode != XFRM_MODE_TUNNEL)
2435 				continue;
2436 			/* update endpoints */
2437 			memcpy(&pol->xfrm_vec[i].id.daddr, &mp->new_daddr,
2438 			       sizeof(pol->xfrm_vec[i].id.daddr));
2439 			memcpy(&pol->xfrm_vec[i].saddr, &mp->new_saddr,
2440 			       sizeof(pol->xfrm_vec[i].saddr));
2441 			pol->xfrm_vec[i].encap_family = mp->new_family;
2442 			/* flush bundles */
2443 			while ((dst = pol->bundles) != NULL) {
2444 				pol->bundles = dst->next;
2445 				dst_free(dst);
2446 			}
2447 		}
2448 	}
2449 
2450 	write_unlock_bh(&pol->lock);
2451 
2452 	if (!n)
2453 		return -ENODATA;
2454 
2455 	return 0;
2456 }
2457 
2458 static int xfrm_migrate_check(struct xfrm_migrate *m, int num_migrate)
2459 {
2460 	int i, j;
2461 
2462 	if (num_migrate < 1 || num_migrate > XFRM_MAX_DEPTH)
2463 		return -EINVAL;
2464 
2465 	for (i = 0; i < num_migrate; i++) {
2466 		if ((xfrm_addr_cmp(&m[i].old_daddr, &m[i].new_daddr,
2467 				   m[i].old_family) == 0) &&
2468 		    (xfrm_addr_cmp(&m[i].old_saddr, &m[i].new_saddr,
2469 				   m[i].old_family) == 0))
2470 			return -EINVAL;
2471 		if (xfrm_addr_any(&m[i].new_daddr, m[i].new_family) ||
2472 		    xfrm_addr_any(&m[i].new_saddr, m[i].new_family))
2473 			return -EINVAL;
2474 
2475 		/* check if there is any duplicated entry */
2476 		for (j = i + 1; j < num_migrate; j++) {
2477 			if (!memcmp(&m[i].old_daddr, &m[j].old_daddr,
2478 				    sizeof(m[i].old_daddr)) &&
2479 			    !memcmp(&m[i].old_saddr, &m[j].old_saddr,
2480 				    sizeof(m[i].old_saddr)) &&
2481 			    m[i].proto == m[j].proto &&
2482 			    m[i].mode == m[j].mode &&
2483 			    m[i].reqid == m[j].reqid &&
2484 			    m[i].old_family == m[j].old_family)
2485 				return -EINVAL;
2486 		}
2487 	}
2488 
2489 	return 0;
2490 }
2491 
2492 int xfrm_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
2493 		 struct xfrm_migrate *m, int num_migrate)
2494 {
2495 	int i, err, nx_cur = 0, nx_new = 0;
2496 	struct xfrm_policy *pol = NULL;
2497 	struct xfrm_state *x, *xc;
2498 	struct xfrm_state *x_cur[XFRM_MAX_DEPTH];
2499 	struct xfrm_state *x_new[XFRM_MAX_DEPTH];
2500 	struct xfrm_migrate *mp;
2501 
2502 	if ((err = xfrm_migrate_check(m, num_migrate)) < 0)
2503 		goto out;
2504 
2505 	/* Stage 1 - find policy */
2506 	if ((pol = xfrm_migrate_policy_find(sel, dir, type)) == NULL) {
2507 		err = -ENOENT;
2508 		goto out;
2509 	}
2510 
2511 	/* Stage 2 - find and update state(s) */
2512 	for (i = 0, mp = m; i < num_migrate; i++, mp++) {
2513 		if ((x = xfrm_migrate_state_find(mp))) {
2514 			x_cur[nx_cur] = x;
2515 			nx_cur++;
2516 			if ((xc = xfrm_state_migrate(x, mp))) {
2517 				x_new[nx_new] = xc;
2518 				nx_new++;
2519 			} else {
2520 				err = -ENODATA;
2521 				goto restore_state;
2522 			}
2523 		}
2524 	}
2525 
2526 	/* Stage 3 - update policy */
2527 	if ((err = xfrm_policy_migrate(pol, m, num_migrate)) < 0)
2528 		goto restore_state;
2529 
2530 	/* Stage 4 - delete old state(s) */
2531 	if (nx_cur) {
2532 		xfrm_states_put(x_cur, nx_cur);
2533 		xfrm_states_delete(x_cur, nx_cur);
2534 	}
2535 
2536 	/* Stage 5 - announce */
2537 	km_migrate(sel, dir, type, m, num_migrate);
2538 
2539 	xfrm_pol_put(pol);
2540 
2541 	return 0;
2542 out:
2543 	return err;
2544 
2545 restore_state:
2546 	if (pol)
2547 		xfrm_pol_put(pol);
2548 	if (nx_cur)
2549 		xfrm_states_put(x_cur, nx_cur);
2550 	if (nx_new)
2551 		xfrm_states_delete(x_new, nx_new);
2552 
2553 	return err;
2554 }
2555 EXPORT_SYMBOL(xfrm_migrate);
2556 #endif
2557 
2558