1 /* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support 10 * 11 */ 12 13 #include <linux/crypto.h> 14 #include <linux/module.h> 15 #include <linux/kernel.h> 16 #include <linux/types.h> 17 #include <linux/slab.h> 18 #include <linux/socket.h> 19 #include <linux/string.h> 20 #include <linux/net.h> 21 #include <linux/skbuff.h> 22 #include <linux/pfkeyv2.h> 23 #include <linux/ipsec.h> 24 #include <linux/init.h> 25 #include <linux/security.h> 26 #include <net/sock.h> 27 #include <net/xfrm.h> 28 #include <net/netlink.h> 29 #include <asm/uaccess.h> 30 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 31 #include <linux/in6.h> 32 #endif 33 34 static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) 35 { 36 struct nlattr *rt = attrs[type]; 37 struct xfrm_algo *algp; 38 39 if (!rt) 40 return 0; 41 42 algp = nla_data(rt); 43 if (nla_len(rt) < xfrm_alg_len(algp)) 44 return -EINVAL; 45 46 switch (type) { 47 case XFRMA_ALG_AUTH: 48 if (!algp->alg_key_len && 49 strcmp(algp->alg_name, "digest_null") != 0) 50 return -EINVAL; 51 break; 52 53 case XFRMA_ALG_CRYPT: 54 if (!algp->alg_key_len && 55 strcmp(algp->alg_name, "cipher_null") != 0) 56 return -EINVAL; 57 break; 58 59 case XFRMA_ALG_COMP: 60 /* Zero length keys are legal. */ 61 break; 62 63 default: 64 return -EINVAL; 65 } 66 67 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 68 return 0; 69 } 70 71 static void verify_one_addr(struct nlattr **attrs, enum xfrm_attr_type_t type, 72 xfrm_address_t **addrp) 73 { 74 struct nlattr *rt = attrs[type]; 75 76 if (rt && addrp) 77 *addrp = nla_data(rt); 78 } 79 80 static inline int verify_sec_ctx_len(struct nlattr **attrs) 81 { 82 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 83 struct xfrm_user_sec_ctx *uctx; 84 85 if (!rt) 86 return 0; 87 88 uctx = nla_data(rt); 89 if (uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len)) 90 return -EINVAL; 91 92 return 0; 93 } 94 95 96 static int verify_newsa_info(struct xfrm_usersa_info *p, 97 struct nlattr **attrs) 98 { 99 int err; 100 101 err = -EINVAL; 102 switch (p->family) { 103 case AF_INET: 104 break; 105 106 case AF_INET6: 107 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 108 break; 109 #else 110 err = -EAFNOSUPPORT; 111 goto out; 112 #endif 113 114 default: 115 goto out; 116 } 117 118 err = -EINVAL; 119 switch (p->id.proto) { 120 case IPPROTO_AH: 121 if (!attrs[XFRMA_ALG_AUTH] || 122 attrs[XFRMA_ALG_CRYPT] || 123 attrs[XFRMA_ALG_COMP]) 124 goto out; 125 break; 126 127 case IPPROTO_ESP: 128 if ((!attrs[XFRMA_ALG_AUTH] && 129 !attrs[XFRMA_ALG_CRYPT]) || 130 attrs[XFRMA_ALG_COMP]) 131 goto out; 132 break; 133 134 case IPPROTO_COMP: 135 if (!attrs[XFRMA_ALG_COMP] || 136 attrs[XFRMA_ALG_AUTH] || 137 attrs[XFRMA_ALG_CRYPT]) 138 goto out; 139 break; 140 141 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 142 case IPPROTO_DSTOPTS: 143 case IPPROTO_ROUTING: 144 if (attrs[XFRMA_ALG_COMP] || 145 attrs[XFRMA_ALG_AUTH] || 146 attrs[XFRMA_ALG_CRYPT] || 147 attrs[XFRMA_ENCAP] || 148 attrs[XFRMA_SEC_CTX] || 149 !attrs[XFRMA_COADDR]) 150 goto out; 151 break; 152 #endif 153 154 default: 155 goto out; 156 } 157 158 if ((err = verify_one_alg(attrs, XFRMA_ALG_AUTH))) 159 goto out; 160 if ((err = verify_one_alg(attrs, XFRMA_ALG_CRYPT))) 161 goto out; 162 if ((err = verify_one_alg(attrs, XFRMA_ALG_COMP))) 163 goto out; 164 if ((err = verify_sec_ctx_len(attrs))) 165 goto out; 166 167 err = -EINVAL; 168 switch (p->mode) { 169 case XFRM_MODE_TRANSPORT: 170 case XFRM_MODE_TUNNEL: 171 case XFRM_MODE_ROUTEOPTIMIZATION: 172 case XFRM_MODE_BEET: 173 break; 174 175 default: 176 goto out; 177 } 178 179 err = 0; 180 181 out: 182 return err; 183 } 184 185 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 186 struct xfrm_algo_desc *(*get_byname)(char *, int), 187 struct nlattr *rta) 188 { 189 struct xfrm_algo *p, *ualg; 190 struct xfrm_algo_desc *algo; 191 192 if (!rta) 193 return 0; 194 195 ualg = nla_data(rta); 196 197 algo = get_byname(ualg->alg_name, 1); 198 if (!algo) 199 return -ENOSYS; 200 *props = algo->desc.sadb_alg_id; 201 202 p = kmemdup(ualg, xfrm_alg_len(ualg), GFP_KERNEL); 203 if (!p) 204 return -ENOMEM; 205 206 strcpy(p->alg_name, algo->name); 207 *algpp = p; 208 return 0; 209 } 210 211 static inline int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx) 212 { 213 int len = 0; 214 215 if (xfrm_ctx) { 216 len += sizeof(struct xfrm_user_sec_ctx); 217 len += xfrm_ctx->ctx_len; 218 } 219 return len; 220 } 221 222 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 223 { 224 memcpy(&x->id, &p->id, sizeof(x->id)); 225 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 226 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 227 x->props.mode = p->mode; 228 x->props.replay_window = p->replay_window; 229 x->props.reqid = p->reqid; 230 x->props.family = p->family; 231 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 232 x->props.flags = p->flags; 233 234 /* 235 * Set inner address family if the KM left it as zero. 236 * See comment in validate_tmpl. 237 */ 238 if (!x->sel.family) 239 x->sel.family = p->family; 240 } 241 242 /* 243 * someday when pfkey also has support, we could have the code 244 * somehow made shareable and move it to xfrm_state.c - JHS 245 * 246 */ 247 static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) 248 { 249 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 250 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 251 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; 252 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; 253 254 if (rp) { 255 struct xfrm_replay_state *replay; 256 replay = nla_data(rp); 257 memcpy(&x->replay, replay, sizeof(*replay)); 258 memcpy(&x->preplay, replay, sizeof(*replay)); 259 } 260 261 if (lt) { 262 struct xfrm_lifetime_cur *ltime; 263 ltime = nla_data(lt); 264 x->curlft.bytes = ltime->bytes; 265 x->curlft.packets = ltime->packets; 266 x->curlft.add_time = ltime->add_time; 267 x->curlft.use_time = ltime->use_time; 268 } 269 270 if (et) 271 x->replay_maxage = nla_get_u32(et); 272 273 if (rt) 274 x->replay_maxdiff = nla_get_u32(rt); 275 } 276 277 static struct xfrm_state *xfrm_state_construct(struct xfrm_usersa_info *p, 278 struct nlattr **attrs, 279 int *errp) 280 { 281 struct xfrm_state *x = xfrm_state_alloc(); 282 int err = -ENOMEM; 283 284 if (!x) 285 goto error_no_put; 286 287 copy_from_user_state(x, p); 288 289 if ((err = attach_one_algo(&x->aalg, &x->props.aalgo, 290 xfrm_aalg_get_byname, 291 attrs[XFRMA_ALG_AUTH]))) 292 goto error; 293 if ((err = attach_one_algo(&x->ealg, &x->props.ealgo, 294 xfrm_ealg_get_byname, 295 attrs[XFRMA_ALG_CRYPT]))) 296 goto error; 297 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 298 xfrm_calg_get_byname, 299 attrs[XFRMA_ALG_COMP]))) 300 goto error; 301 302 if (attrs[XFRMA_ENCAP]) { 303 x->encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]), 304 sizeof(*x->encap), GFP_KERNEL); 305 if (x->encap == NULL) 306 goto error; 307 } 308 309 if (attrs[XFRMA_COADDR]) { 310 x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]), 311 sizeof(*x->coaddr), GFP_KERNEL); 312 if (x->coaddr == NULL) 313 goto error; 314 } 315 316 err = xfrm_init_state(x); 317 if (err) 318 goto error; 319 320 if (attrs[XFRMA_SEC_CTX] && 321 security_xfrm_state_alloc(x, nla_data(attrs[XFRMA_SEC_CTX]))) 322 goto error; 323 324 x->km.seq = p->seq; 325 x->replay_maxdiff = sysctl_xfrm_aevent_rseqth; 326 /* sysctl_xfrm_aevent_etime is in 100ms units */ 327 x->replay_maxage = (sysctl_xfrm_aevent_etime*HZ)/XFRM_AE_ETH_M; 328 x->preplay.bitmap = 0; 329 x->preplay.seq = x->replay.seq+x->replay_maxdiff; 330 x->preplay.oseq = x->replay.oseq +x->replay_maxdiff; 331 332 /* override default values from above */ 333 334 xfrm_update_ae_params(x, attrs); 335 336 return x; 337 338 error: 339 x->km.state = XFRM_STATE_DEAD; 340 xfrm_state_put(x); 341 error_no_put: 342 *errp = err; 343 return NULL; 344 } 345 346 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 347 struct nlattr **attrs) 348 { 349 struct xfrm_usersa_info *p = nlmsg_data(nlh); 350 struct xfrm_state *x; 351 int err; 352 struct km_event c; 353 354 err = verify_newsa_info(p, attrs); 355 if (err) 356 return err; 357 358 x = xfrm_state_construct(p, attrs, &err); 359 if (!x) 360 return err; 361 362 xfrm_state_hold(x); 363 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 364 err = xfrm_state_add(x); 365 else 366 err = xfrm_state_update(x); 367 368 xfrm_audit_state_add(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, 369 NETLINK_CB(skb).sid); 370 371 if (err < 0) { 372 x->km.state = XFRM_STATE_DEAD; 373 __xfrm_state_put(x); 374 goto out; 375 } 376 377 c.seq = nlh->nlmsg_seq; 378 c.pid = nlh->nlmsg_pid; 379 c.event = nlh->nlmsg_type; 380 381 km_state_notify(x, &c); 382 out: 383 xfrm_state_put(x); 384 return err; 385 } 386 387 static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, 388 struct nlattr **attrs, 389 int *errp) 390 { 391 struct xfrm_state *x = NULL; 392 int err; 393 394 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { 395 err = -ESRCH; 396 x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); 397 } else { 398 xfrm_address_t *saddr = NULL; 399 400 verify_one_addr(attrs, XFRMA_SRCADDR, &saddr); 401 if (!saddr) { 402 err = -EINVAL; 403 goto out; 404 } 405 406 err = -ESRCH; 407 x = xfrm_state_lookup_byaddr(&p->daddr, saddr, p->proto, 408 p->family); 409 } 410 411 out: 412 if (!x && errp) 413 *errp = err; 414 return x; 415 } 416 417 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 418 struct nlattr **attrs) 419 { 420 struct xfrm_state *x; 421 int err = -ESRCH; 422 struct km_event c; 423 struct xfrm_usersa_id *p = nlmsg_data(nlh); 424 425 x = xfrm_user_state_lookup(p, attrs, &err); 426 if (x == NULL) 427 return err; 428 429 if ((err = security_xfrm_state_delete(x)) != 0) 430 goto out; 431 432 if (xfrm_state_kern(x)) { 433 err = -EPERM; 434 goto out; 435 } 436 437 err = xfrm_state_delete(x); 438 439 if (err < 0) 440 goto out; 441 442 c.seq = nlh->nlmsg_seq; 443 c.pid = nlh->nlmsg_pid; 444 c.event = nlh->nlmsg_type; 445 km_state_notify(x, &c); 446 447 out: 448 xfrm_audit_state_delete(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, 449 NETLINK_CB(skb).sid); 450 xfrm_state_put(x); 451 return err; 452 } 453 454 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 455 { 456 memcpy(&p->id, &x->id, sizeof(p->id)); 457 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 458 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 459 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 460 memcpy(&p->stats, &x->stats, sizeof(p->stats)); 461 memcpy(&p->saddr, &x->props.saddr, sizeof(p->saddr)); 462 p->mode = x->props.mode; 463 p->replay_window = x->props.replay_window; 464 p->reqid = x->props.reqid; 465 p->family = x->props.family; 466 p->flags = x->props.flags; 467 p->seq = x->km.seq; 468 } 469 470 struct xfrm_dump_info { 471 struct sk_buff *in_skb; 472 struct sk_buff *out_skb; 473 u32 nlmsg_seq; 474 u16 nlmsg_flags; 475 int start_idx; 476 int this_idx; 477 }; 478 479 static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb) 480 { 481 struct xfrm_user_sec_ctx *uctx; 482 struct nlattr *attr; 483 int ctx_size = sizeof(*uctx) + s->ctx_len; 484 485 attr = nla_reserve(skb, XFRMA_SEC_CTX, ctx_size); 486 if (attr == NULL) 487 return -EMSGSIZE; 488 489 uctx = nla_data(attr); 490 uctx->exttype = XFRMA_SEC_CTX; 491 uctx->len = ctx_size; 492 uctx->ctx_doi = s->ctx_doi; 493 uctx->ctx_alg = s->ctx_alg; 494 uctx->ctx_len = s->ctx_len; 495 memcpy(uctx + 1, s->ctx_str, s->ctx_len); 496 497 return 0; 498 } 499 500 /* Don't change this without updating xfrm_sa_len! */ 501 static int copy_to_user_state_extra(struct xfrm_state *x, 502 struct xfrm_usersa_info *p, 503 struct sk_buff *skb) 504 { 505 copy_to_user_state(x, p); 506 507 if (x->coaddr) 508 NLA_PUT(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr); 509 510 if (x->lastused) 511 NLA_PUT_U64(skb, XFRMA_LASTUSED, x->lastused); 512 513 if (x->aalg) 514 NLA_PUT(skb, XFRMA_ALG_AUTH, xfrm_alg_len(x->aalg), x->aalg); 515 if (x->ealg) 516 NLA_PUT(skb, XFRMA_ALG_CRYPT, xfrm_alg_len(x->ealg), x->ealg); 517 if (x->calg) 518 NLA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 519 520 if (x->encap) 521 NLA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 522 523 if (x->security && copy_sec_ctx(x->security, skb) < 0) 524 goto nla_put_failure; 525 526 return 0; 527 528 nla_put_failure: 529 return -EMSGSIZE; 530 } 531 532 static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 533 { 534 struct xfrm_dump_info *sp = ptr; 535 struct sk_buff *in_skb = sp->in_skb; 536 struct sk_buff *skb = sp->out_skb; 537 struct xfrm_usersa_info *p; 538 struct nlmsghdr *nlh; 539 int err; 540 541 if (sp->this_idx < sp->start_idx) 542 goto out; 543 544 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).pid, sp->nlmsg_seq, 545 XFRM_MSG_NEWSA, sizeof(*p), sp->nlmsg_flags); 546 if (nlh == NULL) 547 return -EMSGSIZE; 548 549 p = nlmsg_data(nlh); 550 551 err = copy_to_user_state_extra(x, p, skb); 552 if (err) 553 goto nla_put_failure; 554 555 nlmsg_end(skb, nlh); 556 out: 557 sp->this_idx++; 558 return 0; 559 560 nla_put_failure: 561 nlmsg_cancel(skb, nlh); 562 return err; 563 } 564 565 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 566 { 567 struct xfrm_dump_info info; 568 569 info.in_skb = cb->skb; 570 info.out_skb = skb; 571 info.nlmsg_seq = cb->nlh->nlmsg_seq; 572 info.nlmsg_flags = NLM_F_MULTI; 573 info.this_idx = 0; 574 info.start_idx = cb->args[0]; 575 (void) xfrm_state_walk(0, dump_one_state, &info); 576 cb->args[0] = info.this_idx; 577 578 return skb->len; 579 } 580 581 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 582 struct xfrm_state *x, u32 seq) 583 { 584 struct xfrm_dump_info info; 585 struct sk_buff *skb; 586 587 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 588 if (!skb) 589 return ERR_PTR(-ENOMEM); 590 591 info.in_skb = in_skb; 592 info.out_skb = skb; 593 info.nlmsg_seq = seq; 594 info.nlmsg_flags = 0; 595 info.this_idx = info.start_idx = 0; 596 597 if (dump_one_state(x, 0, &info)) { 598 kfree_skb(skb); 599 return NULL; 600 } 601 602 return skb; 603 } 604 605 static inline size_t xfrm_spdinfo_msgsize(void) 606 { 607 return NLMSG_ALIGN(4) 608 + nla_total_size(sizeof(struct xfrmu_spdinfo)) 609 + nla_total_size(sizeof(struct xfrmu_spdhinfo)); 610 } 611 612 static int build_spdinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 613 { 614 struct xfrmk_spdinfo si; 615 struct xfrmu_spdinfo spc; 616 struct xfrmu_spdhinfo sph; 617 struct nlmsghdr *nlh; 618 u32 *f; 619 620 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0); 621 if (nlh == NULL) /* shouldnt really happen ... */ 622 return -EMSGSIZE; 623 624 f = nlmsg_data(nlh); 625 *f = flags; 626 xfrm_spd_getinfo(&si); 627 spc.incnt = si.incnt; 628 spc.outcnt = si.outcnt; 629 spc.fwdcnt = si.fwdcnt; 630 spc.inscnt = si.inscnt; 631 spc.outscnt = si.outscnt; 632 spc.fwdscnt = si.fwdscnt; 633 sph.spdhcnt = si.spdhcnt; 634 sph.spdhmcnt = si.spdhmcnt; 635 636 NLA_PUT(skb, XFRMA_SPD_INFO, sizeof(spc), &spc); 637 NLA_PUT(skb, XFRMA_SPD_HINFO, sizeof(sph), &sph); 638 639 return nlmsg_end(skb, nlh); 640 641 nla_put_failure: 642 nlmsg_cancel(skb, nlh); 643 return -EMSGSIZE; 644 } 645 646 static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 647 struct nlattr **attrs) 648 { 649 struct sk_buff *r_skb; 650 u32 *flags = nlmsg_data(nlh); 651 u32 spid = NETLINK_CB(skb).pid; 652 u32 seq = nlh->nlmsg_seq; 653 654 r_skb = nlmsg_new(xfrm_spdinfo_msgsize(), GFP_ATOMIC); 655 if (r_skb == NULL) 656 return -ENOMEM; 657 658 if (build_spdinfo(r_skb, spid, seq, *flags) < 0) 659 BUG(); 660 661 return nlmsg_unicast(xfrm_nl, r_skb, spid); 662 } 663 664 static inline size_t xfrm_sadinfo_msgsize(void) 665 { 666 return NLMSG_ALIGN(4) 667 + nla_total_size(sizeof(struct xfrmu_sadhinfo)) 668 + nla_total_size(4); /* XFRMA_SAD_CNT */ 669 } 670 671 static int build_sadinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 672 { 673 struct xfrmk_sadinfo si; 674 struct xfrmu_sadhinfo sh; 675 struct nlmsghdr *nlh; 676 u32 *f; 677 678 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0); 679 if (nlh == NULL) /* shouldnt really happen ... */ 680 return -EMSGSIZE; 681 682 f = nlmsg_data(nlh); 683 *f = flags; 684 xfrm_sad_getinfo(&si); 685 686 sh.sadhmcnt = si.sadhmcnt; 687 sh.sadhcnt = si.sadhcnt; 688 689 NLA_PUT_U32(skb, XFRMA_SAD_CNT, si.sadcnt); 690 NLA_PUT(skb, XFRMA_SAD_HINFO, sizeof(sh), &sh); 691 692 return nlmsg_end(skb, nlh); 693 694 nla_put_failure: 695 nlmsg_cancel(skb, nlh); 696 return -EMSGSIZE; 697 } 698 699 static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 700 struct nlattr **attrs) 701 { 702 struct sk_buff *r_skb; 703 u32 *flags = nlmsg_data(nlh); 704 u32 spid = NETLINK_CB(skb).pid; 705 u32 seq = nlh->nlmsg_seq; 706 707 r_skb = nlmsg_new(xfrm_sadinfo_msgsize(), GFP_ATOMIC); 708 if (r_skb == NULL) 709 return -ENOMEM; 710 711 if (build_sadinfo(r_skb, spid, seq, *flags) < 0) 712 BUG(); 713 714 return nlmsg_unicast(xfrm_nl, r_skb, spid); 715 } 716 717 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 718 struct nlattr **attrs) 719 { 720 struct xfrm_usersa_id *p = nlmsg_data(nlh); 721 struct xfrm_state *x; 722 struct sk_buff *resp_skb; 723 int err = -ESRCH; 724 725 x = xfrm_user_state_lookup(p, attrs, &err); 726 if (x == NULL) 727 goto out_noput; 728 729 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 730 if (IS_ERR(resp_skb)) { 731 err = PTR_ERR(resp_skb); 732 } else { 733 err = nlmsg_unicast(xfrm_nl, resp_skb, NETLINK_CB(skb).pid); 734 } 735 xfrm_state_put(x); 736 out_noput: 737 return err; 738 } 739 740 static int verify_userspi_info(struct xfrm_userspi_info *p) 741 { 742 switch (p->info.id.proto) { 743 case IPPROTO_AH: 744 case IPPROTO_ESP: 745 break; 746 747 case IPPROTO_COMP: 748 /* IPCOMP spi is 16-bits. */ 749 if (p->max >= 0x10000) 750 return -EINVAL; 751 break; 752 753 default: 754 return -EINVAL; 755 } 756 757 if (p->min > p->max) 758 return -EINVAL; 759 760 return 0; 761 } 762 763 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, 764 struct nlattr **attrs) 765 { 766 struct xfrm_state *x; 767 struct xfrm_userspi_info *p; 768 struct sk_buff *resp_skb; 769 xfrm_address_t *daddr; 770 int family; 771 int err; 772 773 p = nlmsg_data(nlh); 774 err = verify_userspi_info(p); 775 if (err) 776 goto out_noput; 777 778 family = p->info.family; 779 daddr = &p->info.id.daddr; 780 781 x = NULL; 782 if (p->info.seq) { 783 x = xfrm_find_acq_byseq(p->info.seq); 784 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) { 785 xfrm_state_put(x); 786 x = NULL; 787 } 788 } 789 790 if (!x) 791 x = xfrm_find_acq(p->info.mode, p->info.reqid, 792 p->info.id.proto, daddr, 793 &p->info.saddr, 1, 794 family); 795 err = -ENOENT; 796 if (x == NULL) 797 goto out_noput; 798 799 err = xfrm_alloc_spi(x, p->min, p->max); 800 if (err) 801 goto out; 802 803 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 804 if (IS_ERR(resp_skb)) { 805 err = PTR_ERR(resp_skb); 806 goto out; 807 } 808 809 err = nlmsg_unicast(xfrm_nl, resp_skb, NETLINK_CB(skb).pid); 810 811 out: 812 xfrm_state_put(x); 813 out_noput: 814 return err; 815 } 816 817 static int verify_policy_dir(u8 dir) 818 { 819 switch (dir) { 820 case XFRM_POLICY_IN: 821 case XFRM_POLICY_OUT: 822 case XFRM_POLICY_FWD: 823 break; 824 825 default: 826 return -EINVAL; 827 } 828 829 return 0; 830 } 831 832 static int verify_policy_type(u8 type) 833 { 834 switch (type) { 835 case XFRM_POLICY_TYPE_MAIN: 836 #ifdef CONFIG_XFRM_SUB_POLICY 837 case XFRM_POLICY_TYPE_SUB: 838 #endif 839 break; 840 841 default: 842 return -EINVAL; 843 } 844 845 return 0; 846 } 847 848 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 849 { 850 switch (p->share) { 851 case XFRM_SHARE_ANY: 852 case XFRM_SHARE_SESSION: 853 case XFRM_SHARE_USER: 854 case XFRM_SHARE_UNIQUE: 855 break; 856 857 default: 858 return -EINVAL; 859 } 860 861 switch (p->action) { 862 case XFRM_POLICY_ALLOW: 863 case XFRM_POLICY_BLOCK: 864 break; 865 866 default: 867 return -EINVAL; 868 } 869 870 switch (p->sel.family) { 871 case AF_INET: 872 break; 873 874 case AF_INET6: 875 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 876 break; 877 #else 878 return -EAFNOSUPPORT; 879 #endif 880 881 default: 882 return -EINVAL; 883 } 884 885 return verify_policy_dir(p->dir); 886 } 887 888 static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct nlattr **attrs) 889 { 890 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 891 struct xfrm_user_sec_ctx *uctx; 892 893 if (!rt) 894 return 0; 895 896 uctx = nla_data(rt); 897 return security_xfrm_policy_alloc(pol, uctx); 898 } 899 900 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 901 int nr) 902 { 903 int i; 904 905 xp->xfrm_nr = nr; 906 for (i = 0; i < nr; i++, ut++) { 907 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 908 909 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 910 memcpy(&t->saddr, &ut->saddr, 911 sizeof(xfrm_address_t)); 912 t->reqid = ut->reqid; 913 t->mode = ut->mode; 914 t->share = ut->share; 915 t->optional = ut->optional; 916 t->aalgos = ut->aalgos; 917 t->ealgos = ut->ealgos; 918 t->calgos = ut->calgos; 919 t->encap_family = ut->family; 920 } 921 } 922 923 static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family) 924 { 925 int i; 926 927 if (nr > XFRM_MAX_DEPTH) 928 return -EINVAL; 929 930 for (i = 0; i < nr; i++) { 931 /* We never validated the ut->family value, so many 932 * applications simply leave it at zero. The check was 933 * never made and ut->family was ignored because all 934 * templates could be assumed to have the same family as 935 * the policy itself. Now that we will have ipv4-in-ipv6 936 * and ipv6-in-ipv4 tunnels, this is no longer true. 937 */ 938 if (!ut[i].family) 939 ut[i].family = family; 940 941 switch (ut[i].family) { 942 case AF_INET: 943 break; 944 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 945 case AF_INET6: 946 break; 947 #endif 948 default: 949 return -EINVAL; 950 } 951 } 952 953 return 0; 954 } 955 956 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct nlattr **attrs) 957 { 958 struct nlattr *rt = attrs[XFRMA_TMPL]; 959 960 if (!rt) { 961 pol->xfrm_nr = 0; 962 } else { 963 struct xfrm_user_tmpl *utmpl = nla_data(rt); 964 int nr = nla_len(rt) / sizeof(*utmpl); 965 int err; 966 967 err = validate_tmpl(nr, utmpl, pol->family); 968 if (err) 969 return err; 970 971 copy_templates(pol, utmpl, nr); 972 } 973 return 0; 974 } 975 976 static int copy_from_user_policy_type(u8 *tp, struct nlattr **attrs) 977 { 978 struct nlattr *rt = attrs[XFRMA_POLICY_TYPE]; 979 struct xfrm_userpolicy_type *upt; 980 u8 type = XFRM_POLICY_TYPE_MAIN; 981 int err; 982 983 if (rt) { 984 upt = nla_data(rt); 985 type = upt->type; 986 } 987 988 err = verify_policy_type(type); 989 if (err) 990 return err; 991 992 *tp = type; 993 return 0; 994 } 995 996 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 997 { 998 xp->priority = p->priority; 999 xp->index = p->index; 1000 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 1001 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 1002 xp->action = p->action; 1003 xp->flags = p->flags; 1004 xp->family = p->sel.family; 1005 /* XXX xp->share = p->share; */ 1006 } 1007 1008 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 1009 { 1010 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 1011 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 1012 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 1013 p->priority = xp->priority; 1014 p->index = xp->index; 1015 p->sel.family = xp->family; 1016 p->dir = dir; 1017 p->action = xp->action; 1018 p->flags = xp->flags; 1019 p->share = XFRM_SHARE_ANY; /* XXX xp->share */ 1020 } 1021 1022 static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) 1023 { 1024 struct xfrm_policy *xp = xfrm_policy_alloc(GFP_KERNEL); 1025 int err; 1026 1027 if (!xp) { 1028 *errp = -ENOMEM; 1029 return NULL; 1030 } 1031 1032 copy_from_user_policy(xp, p); 1033 1034 err = copy_from_user_policy_type(&xp->type, attrs); 1035 if (err) 1036 goto error; 1037 1038 if (!(err = copy_from_user_tmpl(xp, attrs))) 1039 err = copy_from_user_sec_ctx(xp, attrs); 1040 if (err) 1041 goto error; 1042 1043 return xp; 1044 error: 1045 *errp = err; 1046 xfrm_policy_destroy(xp); 1047 return NULL; 1048 } 1049 1050 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1051 struct nlattr **attrs) 1052 { 1053 struct xfrm_userpolicy_info *p = nlmsg_data(nlh); 1054 struct xfrm_policy *xp; 1055 struct km_event c; 1056 int err; 1057 int excl; 1058 1059 err = verify_newpolicy_info(p); 1060 if (err) 1061 return err; 1062 err = verify_sec_ctx_len(attrs); 1063 if (err) 1064 return err; 1065 1066 xp = xfrm_policy_construct(p, attrs, &err); 1067 if (!xp) 1068 return err; 1069 1070 /* shouldnt excl be based on nlh flags?? 1071 * Aha! this is anti-netlink really i.e more pfkey derived 1072 * in netlink excl is a flag and you wouldnt need 1073 * a type XFRM_MSG_UPDPOLICY - JHS */ 1074 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1075 err = xfrm_policy_insert(p->dir, xp, excl); 1076 xfrm_audit_policy_add(xp, err ? 0 : 1, NETLINK_CB(skb).loginuid, 1077 NETLINK_CB(skb).sid); 1078 1079 if (err) { 1080 security_xfrm_policy_free(xp); 1081 kfree(xp); 1082 return err; 1083 } 1084 1085 c.event = nlh->nlmsg_type; 1086 c.seq = nlh->nlmsg_seq; 1087 c.pid = nlh->nlmsg_pid; 1088 km_policy_notify(xp, p->dir, &c); 1089 1090 xfrm_pol_put(xp); 1091 1092 return 0; 1093 } 1094 1095 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 1096 { 1097 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 1098 int i; 1099 1100 if (xp->xfrm_nr == 0) 1101 return 0; 1102 1103 for (i = 0; i < xp->xfrm_nr; i++) { 1104 struct xfrm_user_tmpl *up = &vec[i]; 1105 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1106 1107 memcpy(&up->id, &kp->id, sizeof(up->id)); 1108 up->family = kp->encap_family; 1109 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1110 up->reqid = kp->reqid; 1111 up->mode = kp->mode; 1112 up->share = kp->share; 1113 up->optional = kp->optional; 1114 up->aalgos = kp->aalgos; 1115 up->ealgos = kp->ealgos; 1116 up->calgos = kp->calgos; 1117 } 1118 1119 return nla_put(skb, XFRMA_TMPL, 1120 sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr, vec); 1121 } 1122 1123 static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb) 1124 { 1125 if (x->security) { 1126 return copy_sec_ctx(x->security, skb); 1127 } 1128 return 0; 1129 } 1130 1131 static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb) 1132 { 1133 if (xp->security) { 1134 return copy_sec_ctx(xp->security, skb); 1135 } 1136 return 0; 1137 } 1138 static inline size_t userpolicy_type_attrsize(void) 1139 { 1140 #ifdef CONFIG_XFRM_SUB_POLICY 1141 return nla_total_size(sizeof(struct xfrm_userpolicy_type)); 1142 #else 1143 return 0; 1144 #endif 1145 } 1146 1147 #ifdef CONFIG_XFRM_SUB_POLICY 1148 static int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1149 { 1150 struct xfrm_userpolicy_type upt = { 1151 .type = type, 1152 }; 1153 1154 return nla_put(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); 1155 } 1156 1157 #else 1158 static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1159 { 1160 return 0; 1161 } 1162 #endif 1163 1164 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 1165 { 1166 struct xfrm_dump_info *sp = ptr; 1167 struct xfrm_userpolicy_info *p; 1168 struct sk_buff *in_skb = sp->in_skb; 1169 struct sk_buff *skb = sp->out_skb; 1170 struct nlmsghdr *nlh; 1171 1172 if (sp->this_idx < sp->start_idx) 1173 goto out; 1174 1175 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).pid, sp->nlmsg_seq, 1176 XFRM_MSG_NEWPOLICY, sizeof(*p), sp->nlmsg_flags); 1177 if (nlh == NULL) 1178 return -EMSGSIZE; 1179 1180 p = nlmsg_data(nlh); 1181 copy_to_user_policy(xp, p, dir); 1182 if (copy_to_user_tmpl(xp, skb) < 0) 1183 goto nlmsg_failure; 1184 if (copy_to_user_sec_ctx(xp, skb)) 1185 goto nlmsg_failure; 1186 if (copy_to_user_policy_type(xp->type, skb) < 0) 1187 goto nlmsg_failure; 1188 1189 nlmsg_end(skb, nlh); 1190 out: 1191 sp->this_idx++; 1192 return 0; 1193 1194 nlmsg_failure: 1195 nlmsg_cancel(skb, nlh); 1196 return -EMSGSIZE; 1197 } 1198 1199 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 1200 { 1201 struct xfrm_dump_info info; 1202 1203 info.in_skb = cb->skb; 1204 info.out_skb = skb; 1205 info.nlmsg_seq = cb->nlh->nlmsg_seq; 1206 info.nlmsg_flags = NLM_F_MULTI; 1207 info.this_idx = 0; 1208 info.start_idx = cb->args[0]; 1209 (void) xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, dump_one_policy, &info); 1210 #ifdef CONFIG_XFRM_SUB_POLICY 1211 (void) xfrm_policy_walk(XFRM_POLICY_TYPE_SUB, dump_one_policy, &info); 1212 #endif 1213 cb->args[0] = info.this_idx; 1214 1215 return skb->len; 1216 } 1217 1218 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 1219 struct xfrm_policy *xp, 1220 int dir, u32 seq) 1221 { 1222 struct xfrm_dump_info info; 1223 struct sk_buff *skb; 1224 1225 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1226 if (!skb) 1227 return ERR_PTR(-ENOMEM); 1228 1229 info.in_skb = in_skb; 1230 info.out_skb = skb; 1231 info.nlmsg_seq = seq; 1232 info.nlmsg_flags = 0; 1233 info.this_idx = info.start_idx = 0; 1234 1235 if (dump_one_policy(xp, dir, 0, &info) < 0) { 1236 kfree_skb(skb); 1237 return NULL; 1238 } 1239 1240 return skb; 1241 } 1242 1243 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1244 struct nlattr **attrs) 1245 { 1246 struct xfrm_policy *xp; 1247 struct xfrm_userpolicy_id *p; 1248 u8 type = XFRM_POLICY_TYPE_MAIN; 1249 int err; 1250 struct km_event c; 1251 int delete; 1252 1253 p = nlmsg_data(nlh); 1254 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 1255 1256 err = copy_from_user_policy_type(&type, attrs); 1257 if (err) 1258 return err; 1259 1260 err = verify_policy_dir(p->dir); 1261 if (err) 1262 return err; 1263 1264 if (p->index) 1265 xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err); 1266 else { 1267 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1268 struct xfrm_policy tmp; 1269 1270 err = verify_sec_ctx_len(attrs); 1271 if (err) 1272 return err; 1273 1274 memset(&tmp, 0, sizeof(struct xfrm_policy)); 1275 if (rt) { 1276 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 1277 1278 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1279 return err; 1280 } 1281 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1282 delete, &err); 1283 security_xfrm_policy_free(&tmp); 1284 } 1285 if (xp == NULL) 1286 return -ENOENT; 1287 1288 if (!delete) { 1289 struct sk_buff *resp_skb; 1290 1291 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 1292 if (IS_ERR(resp_skb)) { 1293 err = PTR_ERR(resp_skb); 1294 } else { 1295 err = nlmsg_unicast(xfrm_nl, resp_skb, 1296 NETLINK_CB(skb).pid); 1297 } 1298 } else { 1299 xfrm_audit_policy_delete(xp, err ? 0 : 1, 1300 NETLINK_CB(skb).loginuid, 1301 NETLINK_CB(skb).sid); 1302 1303 if (err != 0) 1304 goto out; 1305 1306 c.data.byid = p->index; 1307 c.event = nlh->nlmsg_type; 1308 c.seq = nlh->nlmsg_seq; 1309 c.pid = nlh->nlmsg_pid; 1310 km_policy_notify(xp, p->dir, &c); 1311 } 1312 1313 out: 1314 xfrm_pol_put(xp); 1315 return err; 1316 } 1317 1318 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 1319 struct nlattr **attrs) 1320 { 1321 struct km_event c; 1322 struct xfrm_usersa_flush *p = nlmsg_data(nlh); 1323 struct xfrm_audit audit_info; 1324 int err; 1325 1326 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1327 audit_info.secid = NETLINK_CB(skb).sid; 1328 err = xfrm_state_flush(p->proto, &audit_info); 1329 if (err) 1330 return err; 1331 c.data.proto = p->proto; 1332 c.event = nlh->nlmsg_type; 1333 c.seq = nlh->nlmsg_seq; 1334 c.pid = nlh->nlmsg_pid; 1335 km_state_notify(NULL, &c); 1336 1337 return 0; 1338 } 1339 1340 static inline size_t xfrm_aevent_msgsize(void) 1341 { 1342 return NLMSG_ALIGN(sizeof(struct xfrm_aevent_id)) 1343 + nla_total_size(sizeof(struct xfrm_replay_state)) 1344 + nla_total_size(sizeof(struct xfrm_lifetime_cur)) 1345 + nla_total_size(4) /* XFRM_AE_RTHR */ 1346 + nla_total_size(4); /* XFRM_AE_ETHR */ 1347 } 1348 1349 static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 1350 { 1351 struct xfrm_aevent_id *id; 1352 struct nlmsghdr *nlh; 1353 1354 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_NEWAE, sizeof(*id), 0); 1355 if (nlh == NULL) 1356 return -EMSGSIZE; 1357 1358 id = nlmsg_data(nlh); 1359 memcpy(&id->sa_id.daddr, &x->id.daddr,sizeof(x->id.daddr)); 1360 id->sa_id.spi = x->id.spi; 1361 id->sa_id.family = x->props.family; 1362 id->sa_id.proto = x->id.proto; 1363 memcpy(&id->saddr, &x->props.saddr,sizeof(x->props.saddr)); 1364 id->reqid = x->props.reqid; 1365 id->flags = c->data.aevent; 1366 1367 NLA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay); 1368 NLA_PUT(skb, XFRMA_LTIME_VAL, sizeof(x->curlft), &x->curlft); 1369 1370 if (id->flags & XFRM_AE_RTHR) 1371 NLA_PUT_U32(skb, XFRMA_REPLAY_THRESH, x->replay_maxdiff); 1372 1373 if (id->flags & XFRM_AE_ETHR) 1374 NLA_PUT_U32(skb, XFRMA_ETIMER_THRESH, 1375 x->replay_maxage * 10 / HZ); 1376 1377 return nlmsg_end(skb, nlh); 1378 1379 nla_put_failure: 1380 nlmsg_cancel(skb, nlh); 1381 return -EMSGSIZE; 1382 } 1383 1384 static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1385 struct nlattr **attrs) 1386 { 1387 struct xfrm_state *x; 1388 struct sk_buff *r_skb; 1389 int err; 1390 struct km_event c; 1391 struct xfrm_aevent_id *p = nlmsg_data(nlh); 1392 struct xfrm_usersa_id *id = &p->sa_id; 1393 1394 r_skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); 1395 if (r_skb == NULL) 1396 return -ENOMEM; 1397 1398 x = xfrm_state_lookup(&id->daddr, id->spi, id->proto, id->family); 1399 if (x == NULL) { 1400 kfree_skb(r_skb); 1401 return -ESRCH; 1402 } 1403 1404 /* 1405 * XXX: is this lock really needed - none of the other 1406 * gets lock (the concern is things getting updated 1407 * while we are still reading) - jhs 1408 */ 1409 spin_lock_bh(&x->lock); 1410 c.data.aevent = p->flags; 1411 c.seq = nlh->nlmsg_seq; 1412 c.pid = nlh->nlmsg_pid; 1413 1414 if (build_aevent(r_skb, x, &c) < 0) 1415 BUG(); 1416 err = nlmsg_unicast(xfrm_nl, r_skb, NETLINK_CB(skb).pid); 1417 spin_unlock_bh(&x->lock); 1418 xfrm_state_put(x); 1419 return err; 1420 } 1421 1422 static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1423 struct nlattr **attrs) 1424 { 1425 struct xfrm_state *x; 1426 struct km_event c; 1427 int err = - EINVAL; 1428 struct xfrm_aevent_id *p = nlmsg_data(nlh); 1429 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 1430 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 1431 1432 if (!lt && !rp) 1433 return err; 1434 1435 /* pedantic mode - thou shalt sayeth replaceth */ 1436 if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) 1437 return err; 1438 1439 x = xfrm_state_lookup(&p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); 1440 if (x == NULL) 1441 return -ESRCH; 1442 1443 if (x->km.state != XFRM_STATE_VALID) 1444 goto out; 1445 1446 spin_lock_bh(&x->lock); 1447 xfrm_update_ae_params(x, attrs); 1448 spin_unlock_bh(&x->lock); 1449 1450 c.event = nlh->nlmsg_type; 1451 c.seq = nlh->nlmsg_seq; 1452 c.pid = nlh->nlmsg_pid; 1453 c.data.aevent = XFRM_AE_CU; 1454 km_state_notify(x, &c); 1455 err = 0; 1456 out: 1457 xfrm_state_put(x); 1458 return err; 1459 } 1460 1461 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1462 struct nlattr **attrs) 1463 { 1464 struct km_event c; 1465 u8 type = XFRM_POLICY_TYPE_MAIN; 1466 int err; 1467 struct xfrm_audit audit_info; 1468 1469 err = copy_from_user_policy_type(&type, attrs); 1470 if (err) 1471 return err; 1472 1473 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1474 audit_info.secid = NETLINK_CB(skb).sid; 1475 err = xfrm_policy_flush(type, &audit_info); 1476 if (err) 1477 return err; 1478 c.data.type = type; 1479 c.event = nlh->nlmsg_type; 1480 c.seq = nlh->nlmsg_seq; 1481 c.pid = nlh->nlmsg_pid; 1482 km_policy_notify(NULL, 0, &c); 1483 return 0; 1484 } 1485 1486 static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1487 struct nlattr **attrs) 1488 { 1489 struct xfrm_policy *xp; 1490 struct xfrm_user_polexpire *up = nlmsg_data(nlh); 1491 struct xfrm_userpolicy_info *p = &up->pol; 1492 u8 type = XFRM_POLICY_TYPE_MAIN; 1493 int err = -ENOENT; 1494 1495 err = copy_from_user_policy_type(&type, attrs); 1496 if (err) 1497 return err; 1498 1499 if (p->index) 1500 xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err); 1501 else { 1502 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1503 struct xfrm_policy tmp; 1504 1505 err = verify_sec_ctx_len(attrs); 1506 if (err) 1507 return err; 1508 1509 memset(&tmp, 0, sizeof(struct xfrm_policy)); 1510 if (rt) { 1511 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 1512 1513 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1514 return err; 1515 } 1516 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1517 0, &err); 1518 security_xfrm_policy_free(&tmp); 1519 } 1520 1521 if (xp == NULL) 1522 return -ENOENT; 1523 read_lock(&xp->lock); 1524 if (xp->dead) { 1525 read_unlock(&xp->lock); 1526 goto out; 1527 } 1528 1529 read_unlock(&xp->lock); 1530 err = 0; 1531 if (up->hard) { 1532 xfrm_policy_delete(xp, p->dir); 1533 xfrm_audit_policy_delete(xp, 1, NETLINK_CB(skb).loginuid, 1534 NETLINK_CB(skb).sid); 1535 1536 } else { 1537 // reset the timers here? 1538 printk("Dont know what to do with soft policy expire\n"); 1539 } 1540 km_policy_expired(xp, p->dir, up->hard, current->pid); 1541 1542 out: 1543 xfrm_pol_put(xp); 1544 return err; 1545 } 1546 1547 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1548 struct nlattr **attrs) 1549 { 1550 struct xfrm_state *x; 1551 int err; 1552 struct xfrm_user_expire *ue = nlmsg_data(nlh); 1553 struct xfrm_usersa_info *p = &ue->state; 1554 1555 x = xfrm_state_lookup(&p->id.daddr, p->id.spi, p->id.proto, p->family); 1556 1557 err = -ENOENT; 1558 if (x == NULL) 1559 return err; 1560 1561 spin_lock_bh(&x->lock); 1562 err = -EINVAL; 1563 if (x->km.state != XFRM_STATE_VALID) 1564 goto out; 1565 km_state_expired(x, ue->hard, current->pid); 1566 1567 if (ue->hard) { 1568 __xfrm_state_delete(x); 1569 xfrm_audit_state_delete(x, 1, NETLINK_CB(skb).loginuid, 1570 NETLINK_CB(skb).sid); 1571 } 1572 err = 0; 1573 out: 1574 spin_unlock_bh(&x->lock); 1575 xfrm_state_put(x); 1576 return err; 1577 } 1578 1579 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, 1580 struct nlattr **attrs) 1581 { 1582 struct xfrm_policy *xp; 1583 struct xfrm_user_tmpl *ut; 1584 int i; 1585 struct nlattr *rt = attrs[XFRMA_TMPL]; 1586 1587 struct xfrm_user_acquire *ua = nlmsg_data(nlh); 1588 struct xfrm_state *x = xfrm_state_alloc(); 1589 int err = -ENOMEM; 1590 1591 if (!x) 1592 return err; 1593 1594 err = verify_newpolicy_info(&ua->policy); 1595 if (err) { 1596 printk("BAD policy passed\n"); 1597 kfree(x); 1598 return err; 1599 } 1600 1601 /* build an XP */ 1602 xp = xfrm_policy_construct(&ua->policy, attrs, &err); 1603 if (!xp) { 1604 kfree(x); 1605 return err; 1606 } 1607 1608 memcpy(&x->id, &ua->id, sizeof(ua->id)); 1609 memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr)); 1610 memcpy(&x->sel, &ua->sel, sizeof(ua->sel)); 1611 1612 ut = nla_data(rt); 1613 /* extract the templates and for each call km_key */ 1614 for (i = 0; i < xp->xfrm_nr; i++, ut++) { 1615 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 1616 memcpy(&x->id, &t->id, sizeof(x->id)); 1617 x->props.mode = t->mode; 1618 x->props.reqid = t->reqid; 1619 x->props.family = ut->family; 1620 t->aalgos = ua->aalgos; 1621 t->ealgos = ua->ealgos; 1622 t->calgos = ua->calgos; 1623 err = km_query(x, t, xp); 1624 1625 } 1626 1627 kfree(x); 1628 kfree(xp); 1629 1630 return 0; 1631 } 1632 1633 #ifdef CONFIG_XFRM_MIGRATE 1634 static int copy_from_user_migrate(struct xfrm_migrate *ma, 1635 struct nlattr **attrs, int *num) 1636 { 1637 struct nlattr *rt = attrs[XFRMA_MIGRATE]; 1638 struct xfrm_user_migrate *um; 1639 int i, num_migrate; 1640 1641 um = nla_data(rt); 1642 num_migrate = nla_len(rt) / sizeof(*um); 1643 1644 if (num_migrate <= 0 || num_migrate > XFRM_MAX_DEPTH) 1645 return -EINVAL; 1646 1647 for (i = 0; i < num_migrate; i++, um++, ma++) { 1648 memcpy(&ma->old_daddr, &um->old_daddr, sizeof(ma->old_daddr)); 1649 memcpy(&ma->old_saddr, &um->old_saddr, sizeof(ma->old_saddr)); 1650 memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); 1651 memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); 1652 1653 ma->proto = um->proto; 1654 ma->mode = um->mode; 1655 ma->reqid = um->reqid; 1656 1657 ma->old_family = um->old_family; 1658 ma->new_family = um->new_family; 1659 } 1660 1661 *num = i; 1662 return 0; 1663 } 1664 1665 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1666 struct nlattr **attrs) 1667 { 1668 struct xfrm_userpolicy_id *pi = nlmsg_data(nlh); 1669 struct xfrm_migrate m[XFRM_MAX_DEPTH]; 1670 u8 type; 1671 int err; 1672 int n = 0; 1673 1674 if (attrs[XFRMA_MIGRATE] == NULL) 1675 return -EINVAL; 1676 1677 err = copy_from_user_policy_type(&type, attrs); 1678 if (err) 1679 return err; 1680 1681 err = copy_from_user_migrate((struct xfrm_migrate *)m, 1682 attrs, &n); 1683 if (err) 1684 return err; 1685 1686 if (!n) 1687 return 0; 1688 1689 xfrm_migrate(&pi->sel, pi->dir, type, m, n); 1690 1691 return 0; 1692 } 1693 #else 1694 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1695 struct nlattr **attrs) 1696 { 1697 return -ENOPROTOOPT; 1698 } 1699 #endif 1700 1701 #ifdef CONFIG_XFRM_MIGRATE 1702 static int copy_to_user_migrate(struct xfrm_migrate *m, struct sk_buff *skb) 1703 { 1704 struct xfrm_user_migrate um; 1705 1706 memset(&um, 0, sizeof(um)); 1707 um.proto = m->proto; 1708 um.mode = m->mode; 1709 um.reqid = m->reqid; 1710 um.old_family = m->old_family; 1711 memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); 1712 memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); 1713 um.new_family = m->new_family; 1714 memcpy(&um.new_daddr, &m->new_daddr, sizeof(um.new_daddr)); 1715 memcpy(&um.new_saddr, &m->new_saddr, sizeof(um.new_saddr)); 1716 1717 return nla_put(skb, XFRMA_MIGRATE, sizeof(um), &um); 1718 } 1719 1720 static inline size_t xfrm_migrate_msgsize(int num_migrate) 1721 { 1722 return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id)) 1723 + nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate) 1724 + userpolicy_type_attrsize(); 1725 } 1726 1727 static int build_migrate(struct sk_buff *skb, struct xfrm_migrate *m, 1728 int num_migrate, struct xfrm_selector *sel, 1729 u8 dir, u8 type) 1730 { 1731 struct xfrm_migrate *mp; 1732 struct xfrm_userpolicy_id *pol_id; 1733 struct nlmsghdr *nlh; 1734 int i; 1735 1736 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MIGRATE, sizeof(*pol_id), 0); 1737 if (nlh == NULL) 1738 return -EMSGSIZE; 1739 1740 pol_id = nlmsg_data(nlh); 1741 /* copy data from selector, dir, and type to the pol_id */ 1742 memset(pol_id, 0, sizeof(*pol_id)); 1743 memcpy(&pol_id->sel, sel, sizeof(pol_id->sel)); 1744 pol_id->dir = dir; 1745 1746 if (copy_to_user_policy_type(type, skb) < 0) 1747 goto nlmsg_failure; 1748 1749 for (i = 0, mp = m ; i < num_migrate; i++, mp++) { 1750 if (copy_to_user_migrate(mp, skb) < 0) 1751 goto nlmsg_failure; 1752 } 1753 1754 return nlmsg_end(skb, nlh); 1755 nlmsg_failure: 1756 nlmsg_cancel(skb, nlh); 1757 return -EMSGSIZE; 1758 } 1759 1760 static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1761 struct xfrm_migrate *m, int num_migrate) 1762 { 1763 struct sk_buff *skb; 1764 1765 skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate), GFP_ATOMIC); 1766 if (skb == NULL) 1767 return -ENOMEM; 1768 1769 /* build migrate */ 1770 if (build_migrate(skb, m, num_migrate, sel, dir, type) < 0) 1771 BUG(); 1772 1773 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_MIGRATE, GFP_ATOMIC); 1774 } 1775 #else 1776 static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1777 struct xfrm_migrate *m, int num_migrate) 1778 { 1779 return -ENOPROTOOPT; 1780 } 1781 #endif 1782 1783 #define XMSGSIZE(type) sizeof(struct type) 1784 1785 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 1786 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1787 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 1788 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 1789 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1790 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1791 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1792 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 1793 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 1794 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 1795 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1796 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1797 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 1798 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 1799 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = 0, 1800 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 1801 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 1802 [XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report), 1803 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1804 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = sizeof(u32), 1805 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = sizeof(u32), 1806 }; 1807 1808 #undef XMSGSIZE 1809 1810 static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = { 1811 [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) }, 1812 [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) }, 1813 [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) }, 1814 [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) }, 1815 [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) }, 1816 [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) }, 1817 [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) }, 1818 [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) }, 1819 [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 }, 1820 [XFRMA_ETIMER_THRESH] = { .type = NLA_U32 }, 1821 [XFRMA_SRCADDR] = { .len = sizeof(xfrm_address_t) }, 1822 [XFRMA_COADDR] = { .len = sizeof(xfrm_address_t) }, 1823 [XFRMA_POLICY_TYPE] = { .len = sizeof(struct xfrm_userpolicy_type)}, 1824 [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) }, 1825 }; 1826 1827 static struct xfrm_link { 1828 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **); 1829 int (*dump)(struct sk_buff *, struct netlink_callback *); 1830 } xfrm_dispatch[XFRM_NR_MSGTYPES] = { 1831 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1832 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 1833 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 1834 .dump = xfrm_dump_sa }, 1835 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1836 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 1837 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 1838 .dump = xfrm_dump_policy }, 1839 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 1840 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, 1841 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, 1842 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1843 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1844 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire}, 1845 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 1846 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 1847 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae }, 1848 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = { .doit = xfrm_get_ae }, 1849 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = { .doit = xfrm_do_migrate }, 1850 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_sadinfo }, 1851 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_spdinfo }, 1852 }; 1853 1854 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 1855 { 1856 struct nlattr *attrs[XFRMA_MAX+1]; 1857 struct xfrm_link *link; 1858 int type, err; 1859 1860 type = nlh->nlmsg_type; 1861 if (type > XFRM_MSG_MAX) 1862 return -EINVAL; 1863 1864 type -= XFRM_MSG_BASE; 1865 link = &xfrm_dispatch[type]; 1866 1867 /* All operations require privileges, even GET */ 1868 if (security_netlink_recv(skb, CAP_NET_ADMIN)) 1869 return -EPERM; 1870 1871 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 1872 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 1873 (nlh->nlmsg_flags & NLM_F_DUMP)) { 1874 if (link->dump == NULL) 1875 return -EINVAL; 1876 1877 return netlink_dump_start(xfrm_nl, skb, nlh, link->dump, NULL); 1878 } 1879 1880 err = nlmsg_parse(nlh, xfrm_msg_min[type], attrs, XFRMA_MAX, 1881 xfrma_policy); 1882 if (err < 0) 1883 return err; 1884 1885 if (link->doit == NULL) 1886 return -EINVAL; 1887 1888 return link->doit(skb, nlh, attrs); 1889 } 1890 1891 static void xfrm_netlink_rcv(struct sk_buff *skb) 1892 { 1893 mutex_lock(&xfrm_cfg_mutex); 1894 netlink_rcv_skb(skb, &xfrm_user_rcv_msg); 1895 mutex_unlock(&xfrm_cfg_mutex); 1896 } 1897 1898 static inline size_t xfrm_expire_msgsize(void) 1899 { 1900 return NLMSG_ALIGN(sizeof(struct xfrm_user_expire)); 1901 } 1902 1903 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 1904 { 1905 struct xfrm_user_expire *ue; 1906 struct nlmsghdr *nlh; 1907 1908 nlh = nlmsg_put(skb, c->pid, 0, XFRM_MSG_EXPIRE, sizeof(*ue), 0); 1909 if (nlh == NULL) 1910 return -EMSGSIZE; 1911 1912 ue = nlmsg_data(nlh); 1913 copy_to_user_state(x, &ue->state); 1914 ue->hard = (c->data.hard != 0) ? 1 : 0; 1915 1916 return nlmsg_end(skb, nlh); 1917 } 1918 1919 static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) 1920 { 1921 struct sk_buff *skb; 1922 1923 skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC); 1924 if (skb == NULL) 1925 return -ENOMEM; 1926 1927 if (build_expire(skb, x, c) < 0) 1928 BUG(); 1929 1930 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 1931 } 1932 1933 static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) 1934 { 1935 struct sk_buff *skb; 1936 1937 skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); 1938 if (skb == NULL) 1939 return -ENOMEM; 1940 1941 if (build_aevent(skb, x, c) < 0) 1942 BUG(); 1943 1944 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_AEVENTS, GFP_ATOMIC); 1945 } 1946 1947 static int xfrm_notify_sa_flush(struct km_event *c) 1948 { 1949 struct xfrm_usersa_flush *p; 1950 struct nlmsghdr *nlh; 1951 struct sk_buff *skb; 1952 int len = NLMSG_ALIGN(sizeof(struct xfrm_usersa_flush)); 1953 1954 skb = nlmsg_new(len, GFP_ATOMIC); 1955 if (skb == NULL) 1956 return -ENOMEM; 1957 1958 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_FLUSHSA, sizeof(*p), 0); 1959 if (nlh == NULL) { 1960 kfree_skb(skb); 1961 return -EMSGSIZE; 1962 } 1963 1964 p = nlmsg_data(nlh); 1965 p->proto = c->data.proto; 1966 1967 nlmsg_end(skb, nlh); 1968 1969 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 1970 } 1971 1972 static inline size_t xfrm_sa_len(struct xfrm_state *x) 1973 { 1974 size_t l = 0; 1975 if (x->aalg) 1976 l += nla_total_size(xfrm_alg_len(x->aalg)); 1977 if (x->ealg) 1978 l += nla_total_size(xfrm_alg_len(x->ealg)); 1979 if (x->calg) 1980 l += nla_total_size(sizeof(*x->calg)); 1981 if (x->encap) 1982 l += nla_total_size(sizeof(*x->encap)); 1983 if (x->security) 1984 l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) + 1985 x->security->ctx_len); 1986 if (x->coaddr) 1987 l += nla_total_size(sizeof(*x->coaddr)); 1988 1989 /* Must count x->lastused as it may become non-zero behind our back. */ 1990 l += nla_total_size(sizeof(u64)); 1991 1992 return l; 1993 } 1994 1995 static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) 1996 { 1997 struct xfrm_usersa_info *p; 1998 struct xfrm_usersa_id *id; 1999 struct nlmsghdr *nlh; 2000 struct sk_buff *skb; 2001 int len = xfrm_sa_len(x); 2002 int headlen; 2003 2004 headlen = sizeof(*p); 2005 if (c->event == XFRM_MSG_DELSA) { 2006 len += nla_total_size(headlen); 2007 headlen = sizeof(*id); 2008 } 2009 len += NLMSG_ALIGN(headlen); 2010 2011 skb = nlmsg_new(len, GFP_ATOMIC); 2012 if (skb == NULL) 2013 return -ENOMEM; 2014 2015 nlh = nlmsg_put(skb, c->pid, c->seq, c->event, headlen, 0); 2016 if (nlh == NULL) 2017 goto nla_put_failure; 2018 2019 p = nlmsg_data(nlh); 2020 if (c->event == XFRM_MSG_DELSA) { 2021 struct nlattr *attr; 2022 2023 id = nlmsg_data(nlh); 2024 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr)); 2025 id->spi = x->id.spi; 2026 id->family = x->props.family; 2027 id->proto = x->id.proto; 2028 2029 attr = nla_reserve(skb, XFRMA_SA, sizeof(*p)); 2030 if (attr == NULL) 2031 goto nla_put_failure; 2032 2033 p = nla_data(attr); 2034 } 2035 2036 if (copy_to_user_state_extra(x, p, skb)) 2037 goto nla_put_failure; 2038 2039 nlmsg_end(skb, nlh); 2040 2041 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 2042 2043 nla_put_failure: 2044 /* Somebody screwed up with xfrm_sa_len! */ 2045 WARN_ON(1); 2046 kfree_skb(skb); 2047 return -1; 2048 } 2049 2050 static int xfrm_send_state_notify(struct xfrm_state *x, struct km_event *c) 2051 { 2052 2053 switch (c->event) { 2054 case XFRM_MSG_EXPIRE: 2055 return xfrm_exp_state_notify(x, c); 2056 case XFRM_MSG_NEWAE: 2057 return xfrm_aevent_state_notify(x, c); 2058 case XFRM_MSG_DELSA: 2059 case XFRM_MSG_UPDSA: 2060 case XFRM_MSG_NEWSA: 2061 return xfrm_notify_sa(x, c); 2062 case XFRM_MSG_FLUSHSA: 2063 return xfrm_notify_sa_flush(c); 2064 default: 2065 printk("xfrm_user: Unknown SA event %d\n", c->event); 2066 break; 2067 } 2068 2069 return 0; 2070 2071 } 2072 2073 static inline size_t xfrm_acquire_msgsize(struct xfrm_state *x, 2074 struct xfrm_policy *xp) 2075 { 2076 return NLMSG_ALIGN(sizeof(struct xfrm_user_acquire)) 2077 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 2078 + nla_total_size(xfrm_user_sec_ctx_size(x->security)) 2079 + userpolicy_type_attrsize(); 2080 } 2081 2082 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 2083 struct xfrm_tmpl *xt, struct xfrm_policy *xp, 2084 int dir) 2085 { 2086 struct xfrm_user_acquire *ua; 2087 struct nlmsghdr *nlh; 2088 __u32 seq = xfrm_get_acqseq(); 2089 2090 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_ACQUIRE, sizeof(*ua), 0); 2091 if (nlh == NULL) 2092 return -EMSGSIZE; 2093 2094 ua = nlmsg_data(nlh); 2095 memcpy(&ua->id, &x->id, sizeof(ua->id)); 2096 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 2097 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 2098 copy_to_user_policy(xp, &ua->policy, dir); 2099 ua->aalgos = xt->aalgos; 2100 ua->ealgos = xt->ealgos; 2101 ua->calgos = xt->calgos; 2102 ua->seq = x->km.seq = seq; 2103 2104 if (copy_to_user_tmpl(xp, skb) < 0) 2105 goto nlmsg_failure; 2106 if (copy_to_user_state_sec_ctx(x, skb)) 2107 goto nlmsg_failure; 2108 if (copy_to_user_policy_type(xp->type, skb) < 0) 2109 goto nlmsg_failure; 2110 2111 return nlmsg_end(skb, nlh); 2112 2113 nlmsg_failure: 2114 nlmsg_cancel(skb, nlh); 2115 return -EMSGSIZE; 2116 } 2117 2118 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 2119 struct xfrm_policy *xp, int dir) 2120 { 2121 struct sk_buff *skb; 2122 2123 skb = nlmsg_new(xfrm_acquire_msgsize(x, xp), GFP_ATOMIC); 2124 if (skb == NULL) 2125 return -ENOMEM; 2126 2127 if (build_acquire(skb, x, xt, xp, dir) < 0) 2128 BUG(); 2129 2130 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_ACQUIRE, GFP_ATOMIC); 2131 } 2132 2133 /* User gives us xfrm_user_policy_info followed by an array of 0 2134 * or more templates. 2135 */ 2136 static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, 2137 u8 *data, int len, int *dir) 2138 { 2139 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 2140 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 2141 struct xfrm_policy *xp; 2142 int nr; 2143 2144 switch (sk->sk_family) { 2145 case AF_INET: 2146 if (opt != IP_XFRM_POLICY) { 2147 *dir = -EOPNOTSUPP; 2148 return NULL; 2149 } 2150 break; 2151 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2152 case AF_INET6: 2153 if (opt != IPV6_XFRM_POLICY) { 2154 *dir = -EOPNOTSUPP; 2155 return NULL; 2156 } 2157 break; 2158 #endif 2159 default: 2160 *dir = -EINVAL; 2161 return NULL; 2162 } 2163 2164 *dir = -EINVAL; 2165 2166 if (len < sizeof(*p) || 2167 verify_newpolicy_info(p)) 2168 return NULL; 2169 2170 nr = ((len - sizeof(*p)) / sizeof(*ut)); 2171 if (validate_tmpl(nr, ut, p->sel.family)) 2172 return NULL; 2173 2174 if (p->dir > XFRM_POLICY_OUT) 2175 return NULL; 2176 2177 xp = xfrm_policy_alloc(GFP_KERNEL); 2178 if (xp == NULL) { 2179 *dir = -ENOBUFS; 2180 return NULL; 2181 } 2182 2183 copy_from_user_policy(xp, p); 2184 xp->type = XFRM_POLICY_TYPE_MAIN; 2185 copy_templates(xp, ut, nr); 2186 2187 *dir = p->dir; 2188 2189 return xp; 2190 } 2191 2192 static inline size_t xfrm_polexpire_msgsize(struct xfrm_policy *xp) 2193 { 2194 return NLMSG_ALIGN(sizeof(struct xfrm_user_polexpire)) 2195 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 2196 + nla_total_size(xfrm_user_sec_ctx_size(xp->security)) 2197 + userpolicy_type_attrsize(); 2198 } 2199 2200 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 2201 int dir, struct km_event *c) 2202 { 2203 struct xfrm_user_polexpire *upe; 2204 struct nlmsghdr *nlh; 2205 int hard = c->data.hard; 2206 2207 nlh = nlmsg_put(skb, c->pid, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe), 0); 2208 if (nlh == NULL) 2209 return -EMSGSIZE; 2210 2211 upe = nlmsg_data(nlh); 2212 copy_to_user_policy(xp, &upe->pol, dir); 2213 if (copy_to_user_tmpl(xp, skb) < 0) 2214 goto nlmsg_failure; 2215 if (copy_to_user_sec_ctx(xp, skb)) 2216 goto nlmsg_failure; 2217 if (copy_to_user_policy_type(xp->type, skb) < 0) 2218 goto nlmsg_failure; 2219 upe->hard = !!hard; 2220 2221 return nlmsg_end(skb, nlh); 2222 2223 nlmsg_failure: 2224 nlmsg_cancel(skb, nlh); 2225 return -EMSGSIZE; 2226 } 2227 2228 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2229 { 2230 struct sk_buff *skb; 2231 2232 skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC); 2233 if (skb == NULL) 2234 return -ENOMEM; 2235 2236 if (build_polexpire(skb, xp, dir, c) < 0) 2237 BUG(); 2238 2239 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 2240 } 2241 2242 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 2243 { 2244 struct xfrm_userpolicy_info *p; 2245 struct xfrm_userpolicy_id *id; 2246 struct nlmsghdr *nlh; 2247 struct sk_buff *skb; 2248 int len = nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2249 int headlen; 2250 2251 headlen = sizeof(*p); 2252 if (c->event == XFRM_MSG_DELPOLICY) { 2253 len += nla_total_size(headlen); 2254 headlen = sizeof(*id); 2255 } 2256 len += userpolicy_type_attrsize(); 2257 len += NLMSG_ALIGN(headlen); 2258 2259 skb = nlmsg_new(len, GFP_ATOMIC); 2260 if (skb == NULL) 2261 return -ENOMEM; 2262 2263 nlh = nlmsg_put(skb, c->pid, c->seq, c->event, headlen, 0); 2264 if (nlh == NULL) 2265 goto nlmsg_failure; 2266 2267 p = nlmsg_data(nlh); 2268 if (c->event == XFRM_MSG_DELPOLICY) { 2269 struct nlattr *attr; 2270 2271 id = nlmsg_data(nlh); 2272 memset(id, 0, sizeof(*id)); 2273 id->dir = dir; 2274 if (c->data.byid) 2275 id->index = xp->index; 2276 else 2277 memcpy(&id->sel, &xp->selector, sizeof(id->sel)); 2278 2279 attr = nla_reserve(skb, XFRMA_POLICY, sizeof(*p)); 2280 if (attr == NULL) 2281 goto nlmsg_failure; 2282 2283 p = nla_data(attr); 2284 } 2285 2286 copy_to_user_policy(xp, p, dir); 2287 if (copy_to_user_tmpl(xp, skb) < 0) 2288 goto nlmsg_failure; 2289 if (copy_to_user_policy_type(xp->type, skb) < 0) 2290 goto nlmsg_failure; 2291 2292 nlmsg_end(skb, nlh); 2293 2294 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2295 2296 nlmsg_failure: 2297 kfree_skb(skb); 2298 return -1; 2299 } 2300 2301 static int xfrm_notify_policy_flush(struct km_event *c) 2302 { 2303 struct nlmsghdr *nlh; 2304 struct sk_buff *skb; 2305 2306 skb = nlmsg_new(userpolicy_type_attrsize(), GFP_ATOMIC); 2307 if (skb == NULL) 2308 return -ENOMEM; 2309 2310 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0, 0); 2311 if (nlh == NULL) 2312 goto nlmsg_failure; 2313 if (copy_to_user_policy_type(c->data.type, skb) < 0) 2314 goto nlmsg_failure; 2315 2316 nlmsg_end(skb, nlh); 2317 2318 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2319 2320 nlmsg_failure: 2321 kfree_skb(skb); 2322 return -1; 2323 } 2324 2325 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2326 { 2327 2328 switch (c->event) { 2329 case XFRM_MSG_NEWPOLICY: 2330 case XFRM_MSG_UPDPOLICY: 2331 case XFRM_MSG_DELPOLICY: 2332 return xfrm_notify_policy(xp, dir, c); 2333 case XFRM_MSG_FLUSHPOLICY: 2334 return xfrm_notify_policy_flush(c); 2335 case XFRM_MSG_POLEXPIRE: 2336 return xfrm_exp_policy_notify(xp, dir, c); 2337 default: 2338 printk("xfrm_user: Unknown Policy event %d\n", c->event); 2339 } 2340 2341 return 0; 2342 2343 } 2344 2345 static inline size_t xfrm_report_msgsize(void) 2346 { 2347 return NLMSG_ALIGN(sizeof(struct xfrm_user_report)); 2348 } 2349 2350 static int build_report(struct sk_buff *skb, u8 proto, 2351 struct xfrm_selector *sel, xfrm_address_t *addr) 2352 { 2353 struct xfrm_user_report *ur; 2354 struct nlmsghdr *nlh; 2355 2356 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_REPORT, sizeof(*ur), 0); 2357 if (nlh == NULL) 2358 return -EMSGSIZE; 2359 2360 ur = nlmsg_data(nlh); 2361 ur->proto = proto; 2362 memcpy(&ur->sel, sel, sizeof(ur->sel)); 2363 2364 if (addr) 2365 NLA_PUT(skb, XFRMA_COADDR, sizeof(*addr), addr); 2366 2367 return nlmsg_end(skb, nlh); 2368 2369 nla_put_failure: 2370 nlmsg_cancel(skb, nlh); 2371 return -EMSGSIZE; 2372 } 2373 2374 static int xfrm_send_report(u8 proto, struct xfrm_selector *sel, 2375 xfrm_address_t *addr) 2376 { 2377 struct sk_buff *skb; 2378 2379 skb = nlmsg_new(xfrm_report_msgsize(), GFP_ATOMIC); 2380 if (skb == NULL) 2381 return -ENOMEM; 2382 2383 if (build_report(skb, proto, sel, addr) < 0) 2384 BUG(); 2385 2386 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_REPORT, GFP_ATOMIC); 2387 } 2388 2389 static struct xfrm_mgr netlink_mgr = { 2390 .id = "netlink", 2391 .notify = xfrm_send_state_notify, 2392 .acquire = xfrm_send_acquire, 2393 .compile_policy = xfrm_compile_policy, 2394 .notify_policy = xfrm_send_policy_notify, 2395 .report = xfrm_send_report, 2396 .migrate = xfrm_send_migrate, 2397 }; 2398 2399 static int __init xfrm_user_init(void) 2400 { 2401 struct sock *nlsk; 2402 2403 printk(KERN_INFO "Initializing XFRM netlink socket\n"); 2404 2405 nlsk = netlink_kernel_create(&init_net, NETLINK_XFRM, XFRMNLGRP_MAX, 2406 xfrm_netlink_rcv, NULL, THIS_MODULE); 2407 if (nlsk == NULL) 2408 return -ENOMEM; 2409 rcu_assign_pointer(xfrm_nl, nlsk); 2410 2411 xfrm_register_km(&netlink_mgr); 2412 2413 return 0; 2414 } 2415 2416 static void __exit xfrm_user_exit(void) 2417 { 2418 struct sock *nlsk = xfrm_nl; 2419 2420 xfrm_unregister_km(&netlink_mgr); 2421 rcu_assign_pointer(xfrm_nl, NULL); 2422 synchronize_rcu(); 2423 netlink_kernel_release(nlsk); 2424 } 2425 2426 module_init(xfrm_user_init); 2427 module_exit(xfrm_user_exit); 2428 MODULE_LICENSE("GPL"); 2429 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM); 2430 2431