1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * af_alg: User-space algorithm interface 4 * 5 * This file provides the user-space API for algorithms. 6 * 7 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> 8 */ 9 10 #include <linux/atomic.h> 11 #include <crypto/if_alg.h> 12 #include <linux/crypto.h> 13 #include <linux/init.h> 14 #include <linux/kernel.h> 15 #include <linux/list.h> 16 #include <linux/module.h> 17 #include <linux/net.h> 18 #include <linux/rwsem.h> 19 #include <linux/sched.h> 20 #include <linux/sched/signal.h> 21 #include <linux/security.h> 22 23 struct alg_type_list { 24 const struct af_alg_type *type; 25 struct list_head list; 26 }; 27 28 static atomic_long_t alg_memory_allocated; 29 30 static struct proto alg_proto = { 31 .name = "ALG", 32 .owner = THIS_MODULE, 33 .memory_allocated = &alg_memory_allocated, 34 .obj_size = sizeof(struct alg_sock), 35 }; 36 37 static LIST_HEAD(alg_types); 38 static DECLARE_RWSEM(alg_types_sem); 39 40 static const struct af_alg_type *alg_get_type(const char *name) 41 { 42 const struct af_alg_type *type = ERR_PTR(-ENOENT); 43 struct alg_type_list *node; 44 45 down_read(&alg_types_sem); 46 list_for_each_entry(node, &alg_types, list) { 47 if (strcmp(node->type->name, name)) 48 continue; 49 50 if (try_module_get(node->type->owner)) 51 type = node->type; 52 break; 53 } 54 up_read(&alg_types_sem); 55 56 return type; 57 } 58 59 int af_alg_register_type(const struct af_alg_type *type) 60 { 61 struct alg_type_list *node; 62 int err = -EEXIST; 63 64 down_write(&alg_types_sem); 65 list_for_each_entry(node, &alg_types, list) { 66 if (!strcmp(node->type->name, type->name)) 67 goto unlock; 68 } 69 70 node = kmalloc(sizeof(*node), GFP_KERNEL); 71 err = -ENOMEM; 72 if (!node) 73 goto unlock; 74 75 type->ops->owner = THIS_MODULE; 76 if (type->ops_nokey) 77 type->ops_nokey->owner = THIS_MODULE; 78 node->type = type; 79 list_add(&node->list, &alg_types); 80 err = 0; 81 82 unlock: 83 up_write(&alg_types_sem); 84 85 return err; 86 } 87 EXPORT_SYMBOL_GPL(af_alg_register_type); 88 89 int af_alg_unregister_type(const struct af_alg_type *type) 90 { 91 struct alg_type_list *node; 92 int err = -ENOENT; 93 94 down_write(&alg_types_sem); 95 list_for_each_entry(node, &alg_types, list) { 96 if (strcmp(node->type->name, type->name)) 97 continue; 98 99 list_del(&node->list); 100 kfree(node); 101 err = 0; 102 break; 103 } 104 up_write(&alg_types_sem); 105 106 return err; 107 } 108 EXPORT_SYMBOL_GPL(af_alg_unregister_type); 109 110 static void alg_do_release(const struct af_alg_type *type, void *private) 111 { 112 if (!type) 113 return; 114 115 type->release(private); 116 module_put(type->owner); 117 } 118 119 int af_alg_release(struct socket *sock) 120 { 121 if (sock->sk) { 122 sock_put(sock->sk); 123 sock->sk = NULL; 124 } 125 return 0; 126 } 127 EXPORT_SYMBOL_GPL(af_alg_release); 128 129 void af_alg_release_parent(struct sock *sk) 130 { 131 struct alg_sock *ask = alg_sk(sk); 132 unsigned int nokey = atomic_read(&ask->nokey_refcnt); 133 134 sk = ask->parent; 135 ask = alg_sk(sk); 136 137 if (nokey) 138 atomic_dec(&ask->nokey_refcnt); 139 140 if (atomic_dec_and_test(&ask->refcnt)) 141 sock_put(sk); 142 } 143 EXPORT_SYMBOL_GPL(af_alg_release_parent); 144 145 static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 146 { 147 const u32 allowed = CRYPTO_ALG_KERN_DRIVER_ONLY; 148 struct sock *sk = sock->sk; 149 struct alg_sock *ask = alg_sk(sk); 150 struct sockaddr_alg *sa = (void *)uaddr; 151 const struct af_alg_type *type; 152 void *private; 153 int err; 154 155 if (sock->state == SS_CONNECTED) 156 return -EINVAL; 157 158 if (addr_len < sizeof(*sa)) 159 return -EINVAL; 160 161 /* If caller uses non-allowed flag, return error. */ 162 if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed)) 163 return -EINVAL; 164 165 sa->salg_type[sizeof(sa->salg_type) - 1] = 0; 166 sa->salg_name[sizeof(sa->salg_name) + addr_len - sizeof(*sa) - 1] = 0; 167 168 type = alg_get_type(sa->salg_type); 169 if (PTR_ERR(type) == -ENOENT) { 170 request_module("algif-%s", sa->salg_type); 171 type = alg_get_type(sa->salg_type); 172 } 173 174 if (IS_ERR(type)) 175 return PTR_ERR(type); 176 177 private = type->bind(sa->salg_name, sa->salg_feat, sa->salg_mask); 178 if (IS_ERR(private)) { 179 module_put(type->owner); 180 return PTR_ERR(private); 181 } 182 183 err = -EBUSY; 184 lock_sock(sk); 185 if (atomic_read(&ask->refcnt)) 186 goto unlock; 187 188 swap(ask->type, type); 189 swap(ask->private, private); 190 191 err = 0; 192 193 unlock: 194 release_sock(sk); 195 196 alg_do_release(type, private); 197 198 return err; 199 } 200 201 static int alg_setkey(struct sock *sk, sockptr_t ukey, unsigned int keylen) 202 { 203 struct alg_sock *ask = alg_sk(sk); 204 const struct af_alg_type *type = ask->type; 205 u8 *key; 206 int err; 207 208 key = sock_kmalloc(sk, keylen, GFP_KERNEL); 209 if (!key) 210 return -ENOMEM; 211 212 err = -EFAULT; 213 if (copy_from_sockptr(key, ukey, keylen)) 214 goto out; 215 216 err = type->setkey(ask->private, key, keylen); 217 218 out: 219 sock_kzfree_s(sk, key, keylen); 220 221 return err; 222 } 223 224 static int alg_setsockopt(struct socket *sock, int level, int optname, 225 sockptr_t optval, unsigned int optlen) 226 { 227 struct sock *sk = sock->sk; 228 struct alg_sock *ask = alg_sk(sk); 229 const struct af_alg_type *type; 230 int err = -EBUSY; 231 232 lock_sock(sk); 233 if (atomic_read(&ask->refcnt) != atomic_read(&ask->nokey_refcnt)) 234 goto unlock; 235 236 type = ask->type; 237 238 err = -ENOPROTOOPT; 239 if (level != SOL_ALG || !type) 240 goto unlock; 241 242 switch (optname) { 243 case ALG_SET_KEY: 244 if (sock->state == SS_CONNECTED) 245 goto unlock; 246 if (!type->setkey) 247 goto unlock; 248 249 err = alg_setkey(sk, optval, optlen); 250 break; 251 case ALG_SET_AEAD_AUTHSIZE: 252 if (sock->state == SS_CONNECTED) 253 goto unlock; 254 if (!type->setauthsize) 255 goto unlock; 256 err = type->setauthsize(ask->private, optlen); 257 break; 258 case ALG_SET_DRBG_ENTROPY: 259 if (sock->state == SS_CONNECTED) 260 goto unlock; 261 if (!type->setentropy) 262 goto unlock; 263 264 err = type->setentropy(ask->private, optval, optlen); 265 } 266 267 unlock: 268 release_sock(sk); 269 270 return err; 271 } 272 273 int af_alg_accept(struct sock *sk, struct socket *newsock, bool kern) 274 { 275 struct alg_sock *ask = alg_sk(sk); 276 const struct af_alg_type *type; 277 struct sock *sk2; 278 unsigned int nokey; 279 int err; 280 281 lock_sock(sk); 282 type = ask->type; 283 284 err = -EINVAL; 285 if (!type) 286 goto unlock; 287 288 sk2 = sk_alloc(sock_net(sk), PF_ALG, GFP_KERNEL, &alg_proto, kern); 289 err = -ENOMEM; 290 if (!sk2) 291 goto unlock; 292 293 sock_init_data(newsock, sk2); 294 security_sock_graft(sk2, newsock); 295 security_sk_clone(sk, sk2); 296 297 /* 298 * newsock->ops assigned here to allow type->accept call to override 299 * them when required. 300 */ 301 newsock->ops = type->ops; 302 err = type->accept(ask->private, sk2); 303 304 nokey = err == -ENOKEY; 305 if (nokey && type->accept_nokey) 306 err = type->accept_nokey(ask->private, sk2); 307 308 if (err) 309 goto unlock; 310 311 if (atomic_inc_return_relaxed(&ask->refcnt) == 1) 312 sock_hold(sk); 313 if (nokey) { 314 atomic_inc(&ask->nokey_refcnt); 315 atomic_set(&alg_sk(sk2)->nokey_refcnt, 1); 316 } 317 alg_sk(sk2)->parent = sk; 318 alg_sk(sk2)->type = type; 319 320 newsock->state = SS_CONNECTED; 321 322 if (nokey) 323 newsock->ops = type->ops_nokey; 324 325 err = 0; 326 327 unlock: 328 release_sock(sk); 329 330 return err; 331 } 332 EXPORT_SYMBOL_GPL(af_alg_accept); 333 334 static int alg_accept(struct socket *sock, struct socket *newsock, int flags, 335 bool kern) 336 { 337 return af_alg_accept(sock->sk, newsock, kern); 338 } 339 340 static const struct proto_ops alg_proto_ops = { 341 .family = PF_ALG, 342 .owner = THIS_MODULE, 343 344 .connect = sock_no_connect, 345 .socketpair = sock_no_socketpair, 346 .getname = sock_no_getname, 347 .ioctl = sock_no_ioctl, 348 .listen = sock_no_listen, 349 .shutdown = sock_no_shutdown, 350 .mmap = sock_no_mmap, 351 .sendpage = sock_no_sendpage, 352 .sendmsg = sock_no_sendmsg, 353 .recvmsg = sock_no_recvmsg, 354 355 .bind = alg_bind, 356 .release = af_alg_release, 357 .setsockopt = alg_setsockopt, 358 .accept = alg_accept, 359 }; 360 361 static void alg_sock_destruct(struct sock *sk) 362 { 363 struct alg_sock *ask = alg_sk(sk); 364 365 alg_do_release(ask->type, ask->private); 366 } 367 368 static int alg_create(struct net *net, struct socket *sock, int protocol, 369 int kern) 370 { 371 struct sock *sk; 372 int err; 373 374 if (sock->type != SOCK_SEQPACKET) 375 return -ESOCKTNOSUPPORT; 376 if (protocol != 0) 377 return -EPROTONOSUPPORT; 378 379 err = -ENOMEM; 380 sk = sk_alloc(net, PF_ALG, GFP_KERNEL, &alg_proto, kern); 381 if (!sk) 382 goto out; 383 384 sock->ops = &alg_proto_ops; 385 sock_init_data(sock, sk); 386 387 sk->sk_destruct = alg_sock_destruct; 388 389 return 0; 390 out: 391 return err; 392 } 393 394 static const struct net_proto_family alg_family = { 395 .family = PF_ALG, 396 .create = alg_create, 397 .owner = THIS_MODULE, 398 }; 399 400 int af_alg_make_sg(struct af_alg_sgl *sgl, struct iov_iter *iter, int len) 401 { 402 size_t off; 403 ssize_t n; 404 int npages, i; 405 406 n = iov_iter_get_pages(iter, sgl->pages, len, ALG_MAX_PAGES, &off); 407 if (n < 0) 408 return n; 409 410 npages = (off + n + PAGE_SIZE - 1) >> PAGE_SHIFT; 411 if (WARN_ON(npages == 0)) 412 return -EINVAL; 413 /* Add one extra for linking */ 414 sg_init_table(sgl->sg, npages + 1); 415 416 for (i = 0, len = n; i < npages; i++) { 417 int plen = min_t(int, len, PAGE_SIZE - off); 418 419 sg_set_page(sgl->sg + i, sgl->pages[i], plen, off); 420 421 off = 0; 422 len -= plen; 423 } 424 sg_mark_end(sgl->sg + npages - 1); 425 sgl->npages = npages; 426 427 return n; 428 } 429 EXPORT_SYMBOL_GPL(af_alg_make_sg); 430 431 static void af_alg_link_sg(struct af_alg_sgl *sgl_prev, 432 struct af_alg_sgl *sgl_new) 433 { 434 sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1); 435 sg_chain(sgl_prev->sg, sgl_prev->npages + 1, sgl_new->sg); 436 } 437 438 void af_alg_free_sg(struct af_alg_sgl *sgl) 439 { 440 int i; 441 442 for (i = 0; i < sgl->npages; i++) 443 put_page(sgl->pages[i]); 444 } 445 EXPORT_SYMBOL_GPL(af_alg_free_sg); 446 447 static int af_alg_cmsg_send(struct msghdr *msg, struct af_alg_control *con) 448 { 449 struct cmsghdr *cmsg; 450 451 for_each_cmsghdr(cmsg, msg) { 452 if (!CMSG_OK(msg, cmsg)) 453 return -EINVAL; 454 if (cmsg->cmsg_level != SOL_ALG) 455 continue; 456 457 switch (cmsg->cmsg_type) { 458 case ALG_SET_IV: 459 if (cmsg->cmsg_len < CMSG_LEN(sizeof(*con->iv))) 460 return -EINVAL; 461 con->iv = (void *)CMSG_DATA(cmsg); 462 if (cmsg->cmsg_len < CMSG_LEN(con->iv->ivlen + 463 sizeof(*con->iv))) 464 return -EINVAL; 465 break; 466 467 case ALG_SET_OP: 468 if (cmsg->cmsg_len < CMSG_LEN(sizeof(u32))) 469 return -EINVAL; 470 con->op = *(u32 *)CMSG_DATA(cmsg); 471 break; 472 473 case ALG_SET_AEAD_ASSOCLEN: 474 if (cmsg->cmsg_len < CMSG_LEN(sizeof(u32))) 475 return -EINVAL; 476 con->aead_assoclen = *(u32 *)CMSG_DATA(cmsg); 477 break; 478 479 default: 480 return -EINVAL; 481 } 482 } 483 484 return 0; 485 } 486 487 /** 488 * af_alg_alloc_tsgl - allocate the TX SGL 489 * 490 * @sk socket of connection to user space 491 * @return: 0 upon success, < 0 upon error 492 */ 493 static int af_alg_alloc_tsgl(struct sock *sk) 494 { 495 struct alg_sock *ask = alg_sk(sk); 496 struct af_alg_ctx *ctx = ask->private; 497 struct af_alg_tsgl *sgl; 498 struct scatterlist *sg = NULL; 499 500 sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl, list); 501 if (!list_empty(&ctx->tsgl_list)) 502 sg = sgl->sg; 503 504 if (!sg || sgl->cur >= MAX_SGL_ENTS) { 505 sgl = sock_kmalloc(sk, 506 struct_size(sgl, sg, (MAX_SGL_ENTS + 1)), 507 GFP_KERNEL); 508 if (!sgl) 509 return -ENOMEM; 510 511 sg_init_table(sgl->sg, MAX_SGL_ENTS + 1); 512 sgl->cur = 0; 513 514 if (sg) 515 sg_chain(sg, MAX_SGL_ENTS + 1, sgl->sg); 516 517 list_add_tail(&sgl->list, &ctx->tsgl_list); 518 } 519 520 return 0; 521 } 522 523 /** 524 * aead_count_tsgl - Count number of TX SG entries 525 * 526 * The counting starts from the beginning of the SGL to @bytes. If 527 * an offset is provided, the counting of the SG entries starts at the offset. 528 * 529 * @sk socket of connection to user space 530 * @bytes Count the number of SG entries holding given number of bytes. 531 * @offset Start the counting of SG entries from the given offset. 532 * @return Number of TX SG entries found given the constraints 533 */ 534 unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset) 535 { 536 const struct alg_sock *ask = alg_sk(sk); 537 const struct af_alg_ctx *ctx = ask->private; 538 const struct af_alg_tsgl *sgl; 539 unsigned int i; 540 unsigned int sgl_count = 0; 541 542 if (!bytes) 543 return 0; 544 545 list_for_each_entry(sgl, &ctx->tsgl_list, list) { 546 const struct scatterlist *sg = sgl->sg; 547 548 for (i = 0; i < sgl->cur; i++) { 549 size_t bytes_count; 550 551 /* Skip offset */ 552 if (offset >= sg[i].length) { 553 offset -= sg[i].length; 554 bytes -= sg[i].length; 555 continue; 556 } 557 558 bytes_count = sg[i].length - offset; 559 560 offset = 0; 561 sgl_count++; 562 563 /* If we have seen requested number of bytes, stop */ 564 if (bytes_count >= bytes) 565 return sgl_count; 566 567 bytes -= bytes_count; 568 } 569 } 570 571 return sgl_count; 572 } 573 EXPORT_SYMBOL_GPL(af_alg_count_tsgl); 574 575 /** 576 * aead_pull_tsgl - Release the specified buffers from TX SGL 577 * 578 * If @dst is non-null, reassign the pages to dst. The caller must release 579 * the pages. If @dst_offset is given only reassign the pages to @dst starting 580 * at the @dst_offset (byte). The caller must ensure that @dst is large 581 * enough (e.g. by using af_alg_count_tsgl with the same offset). 582 * 583 * @sk socket of connection to user space 584 * @used Number of bytes to pull from TX SGL 585 * @dst If non-NULL, buffer is reassigned to dst SGL instead of releasing. The 586 * caller must release the buffers in dst. 587 * @dst_offset Reassign the TX SGL from given offset. All buffers before 588 * reaching the offset is released. 589 */ 590 void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, 591 size_t dst_offset) 592 { 593 struct alg_sock *ask = alg_sk(sk); 594 struct af_alg_ctx *ctx = ask->private; 595 struct af_alg_tsgl *sgl; 596 struct scatterlist *sg; 597 unsigned int i, j = 0; 598 599 while (!list_empty(&ctx->tsgl_list)) { 600 sgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl, 601 list); 602 sg = sgl->sg; 603 604 for (i = 0; i < sgl->cur; i++) { 605 size_t plen = min_t(size_t, used, sg[i].length); 606 struct page *page = sg_page(sg + i); 607 608 if (!page) 609 continue; 610 611 /* 612 * Assumption: caller created af_alg_count_tsgl(len) 613 * SG entries in dst. 614 */ 615 if (dst) { 616 if (dst_offset >= plen) { 617 /* discard page before offset */ 618 dst_offset -= plen; 619 } else { 620 /* reassign page to dst after offset */ 621 get_page(page); 622 sg_set_page(dst + j, page, 623 plen - dst_offset, 624 sg[i].offset + dst_offset); 625 dst_offset = 0; 626 j++; 627 } 628 } 629 630 sg[i].length -= plen; 631 sg[i].offset += plen; 632 633 used -= plen; 634 ctx->used -= plen; 635 636 if (sg[i].length) 637 return; 638 639 put_page(page); 640 sg_assign_page(sg + i, NULL); 641 } 642 643 list_del(&sgl->list); 644 sock_kfree_s(sk, sgl, struct_size(sgl, sg, MAX_SGL_ENTS + 1)); 645 } 646 647 if (!ctx->used) 648 ctx->merge = 0; 649 ctx->init = ctx->more; 650 } 651 EXPORT_SYMBOL_GPL(af_alg_pull_tsgl); 652 653 /** 654 * af_alg_free_areq_sgls - Release TX and RX SGLs of the request 655 * 656 * @areq Request holding the TX and RX SGL 657 */ 658 static void af_alg_free_areq_sgls(struct af_alg_async_req *areq) 659 { 660 struct sock *sk = areq->sk; 661 struct alg_sock *ask = alg_sk(sk); 662 struct af_alg_ctx *ctx = ask->private; 663 struct af_alg_rsgl *rsgl, *tmp; 664 struct scatterlist *tsgl; 665 struct scatterlist *sg; 666 unsigned int i; 667 668 list_for_each_entry_safe(rsgl, tmp, &areq->rsgl_list, list) { 669 atomic_sub(rsgl->sg_num_bytes, &ctx->rcvused); 670 af_alg_free_sg(&rsgl->sgl); 671 list_del(&rsgl->list); 672 if (rsgl != &areq->first_rsgl) 673 sock_kfree_s(sk, rsgl, sizeof(*rsgl)); 674 } 675 676 tsgl = areq->tsgl; 677 if (tsgl) { 678 for_each_sg(tsgl, sg, areq->tsgl_entries, i) { 679 if (!sg_page(sg)) 680 continue; 681 put_page(sg_page(sg)); 682 } 683 684 sock_kfree_s(sk, tsgl, areq->tsgl_entries * sizeof(*tsgl)); 685 } 686 } 687 688 /** 689 * af_alg_wait_for_wmem - wait for availability of writable memory 690 * 691 * @sk socket of connection to user space 692 * @flags If MSG_DONTWAIT is set, then only report if function would sleep 693 * @return 0 when writable memory is available, < 0 upon error 694 */ 695 static int af_alg_wait_for_wmem(struct sock *sk, unsigned int flags) 696 { 697 DEFINE_WAIT_FUNC(wait, woken_wake_function); 698 int err = -ERESTARTSYS; 699 long timeout; 700 701 if (flags & MSG_DONTWAIT) 702 return -EAGAIN; 703 704 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk); 705 706 add_wait_queue(sk_sleep(sk), &wait); 707 for (;;) { 708 if (signal_pending(current)) 709 break; 710 timeout = MAX_SCHEDULE_TIMEOUT; 711 if (sk_wait_event(sk, &timeout, af_alg_writable(sk), &wait)) { 712 err = 0; 713 break; 714 } 715 } 716 remove_wait_queue(sk_sleep(sk), &wait); 717 718 return err; 719 } 720 721 /** 722 * af_alg_wmem_wakeup - wakeup caller when writable memory is available 723 * 724 * @sk socket of connection to user space 725 */ 726 void af_alg_wmem_wakeup(struct sock *sk) 727 { 728 struct socket_wq *wq; 729 730 if (!af_alg_writable(sk)) 731 return; 732 733 rcu_read_lock(); 734 wq = rcu_dereference(sk->sk_wq); 735 if (skwq_has_sleeper(wq)) 736 wake_up_interruptible_sync_poll(&wq->wait, EPOLLIN | 737 EPOLLRDNORM | 738 EPOLLRDBAND); 739 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN); 740 rcu_read_unlock(); 741 } 742 EXPORT_SYMBOL_GPL(af_alg_wmem_wakeup); 743 744 /** 745 * af_alg_wait_for_data - wait for availability of TX data 746 * 747 * @sk socket of connection to user space 748 * @flags If MSG_DONTWAIT is set, then only report if function would sleep 749 * @min Set to minimum request size if partial requests are allowed. 750 * @return 0 when writable memory is available, < 0 upon error 751 */ 752 int af_alg_wait_for_data(struct sock *sk, unsigned flags, unsigned min) 753 { 754 DEFINE_WAIT_FUNC(wait, woken_wake_function); 755 struct alg_sock *ask = alg_sk(sk); 756 struct af_alg_ctx *ctx = ask->private; 757 long timeout; 758 int err = -ERESTARTSYS; 759 760 if (flags & MSG_DONTWAIT) 761 return -EAGAIN; 762 763 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); 764 765 add_wait_queue(sk_sleep(sk), &wait); 766 for (;;) { 767 if (signal_pending(current)) 768 break; 769 timeout = MAX_SCHEDULE_TIMEOUT; 770 if (sk_wait_event(sk, &timeout, 771 ctx->init && (!ctx->more || 772 (min && ctx->used >= min)), 773 &wait)) { 774 err = 0; 775 break; 776 } 777 } 778 remove_wait_queue(sk_sleep(sk), &wait); 779 780 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); 781 782 return err; 783 } 784 EXPORT_SYMBOL_GPL(af_alg_wait_for_data); 785 786 /** 787 * af_alg_data_wakeup - wakeup caller when new data can be sent to kernel 788 * 789 * @sk socket of connection to user space 790 */ 791 static void af_alg_data_wakeup(struct sock *sk) 792 { 793 struct alg_sock *ask = alg_sk(sk); 794 struct af_alg_ctx *ctx = ask->private; 795 struct socket_wq *wq; 796 797 if (!ctx->used) 798 return; 799 800 rcu_read_lock(); 801 wq = rcu_dereference(sk->sk_wq); 802 if (skwq_has_sleeper(wq)) 803 wake_up_interruptible_sync_poll(&wq->wait, EPOLLOUT | 804 EPOLLRDNORM | 805 EPOLLRDBAND); 806 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 807 rcu_read_unlock(); 808 } 809 810 /** 811 * af_alg_sendmsg - implementation of sendmsg system call handler 812 * 813 * The sendmsg system call handler obtains the user data and stores it 814 * in ctx->tsgl_list. This implies allocation of the required numbers of 815 * struct af_alg_tsgl. 816 * 817 * In addition, the ctx is filled with the information sent via CMSG. 818 * 819 * @sock socket of connection to user space 820 * @msg message from user space 821 * @size size of message from user space 822 * @ivsize the size of the IV for the cipher operation to verify that the 823 * user-space-provided IV has the right size 824 * @return the number of copied data upon success, < 0 upon error 825 */ 826 int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, 827 unsigned int ivsize) 828 { 829 struct sock *sk = sock->sk; 830 struct alg_sock *ask = alg_sk(sk); 831 struct af_alg_ctx *ctx = ask->private; 832 struct af_alg_tsgl *sgl; 833 struct af_alg_control con = {}; 834 long copied = 0; 835 bool enc = false; 836 bool init = false; 837 int err = 0; 838 839 if (msg->msg_controllen) { 840 err = af_alg_cmsg_send(msg, &con); 841 if (err) 842 return err; 843 844 init = true; 845 switch (con.op) { 846 case ALG_OP_ENCRYPT: 847 enc = true; 848 break; 849 case ALG_OP_DECRYPT: 850 enc = false; 851 break; 852 default: 853 return -EINVAL; 854 } 855 856 if (con.iv && con.iv->ivlen != ivsize) 857 return -EINVAL; 858 } 859 860 lock_sock(sk); 861 if (ctx->init && !ctx->more) { 862 if (ctx->used) { 863 err = -EINVAL; 864 goto unlock; 865 } 866 867 pr_info_once( 868 "%s sent an empty control message without MSG_MORE.\n", 869 current->comm); 870 } 871 ctx->init = true; 872 873 if (init) { 874 ctx->enc = enc; 875 if (con.iv) 876 memcpy(ctx->iv, con.iv->iv, ivsize); 877 878 ctx->aead_assoclen = con.aead_assoclen; 879 } 880 881 while (size) { 882 struct scatterlist *sg; 883 size_t len = size; 884 size_t plen; 885 886 /* use the existing memory in an allocated page */ 887 if (ctx->merge) { 888 sgl = list_entry(ctx->tsgl_list.prev, 889 struct af_alg_tsgl, list); 890 sg = sgl->sg + sgl->cur - 1; 891 len = min_t(size_t, len, 892 PAGE_SIZE - sg->offset - sg->length); 893 894 err = memcpy_from_msg(page_address(sg_page(sg)) + 895 sg->offset + sg->length, 896 msg, len); 897 if (err) 898 goto unlock; 899 900 sg->length += len; 901 ctx->merge = (sg->offset + sg->length) & 902 (PAGE_SIZE - 1); 903 904 ctx->used += len; 905 copied += len; 906 size -= len; 907 continue; 908 } 909 910 if (!af_alg_writable(sk)) { 911 err = af_alg_wait_for_wmem(sk, msg->msg_flags); 912 if (err) 913 goto unlock; 914 } 915 916 /* allocate a new page */ 917 len = min_t(unsigned long, len, af_alg_sndbuf(sk)); 918 919 err = af_alg_alloc_tsgl(sk); 920 if (err) 921 goto unlock; 922 923 sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl, 924 list); 925 sg = sgl->sg; 926 if (sgl->cur) 927 sg_unmark_end(sg + sgl->cur - 1); 928 929 do { 930 unsigned int i = sgl->cur; 931 932 plen = min_t(size_t, len, PAGE_SIZE); 933 934 sg_assign_page(sg + i, alloc_page(GFP_KERNEL)); 935 if (!sg_page(sg + i)) { 936 err = -ENOMEM; 937 goto unlock; 938 } 939 940 err = memcpy_from_msg(page_address(sg_page(sg + i)), 941 msg, plen); 942 if (err) { 943 __free_page(sg_page(sg + i)); 944 sg_assign_page(sg + i, NULL); 945 goto unlock; 946 } 947 948 sg[i].length = plen; 949 len -= plen; 950 ctx->used += plen; 951 copied += plen; 952 size -= plen; 953 sgl->cur++; 954 } while (len && sgl->cur < MAX_SGL_ENTS); 955 956 if (!size) 957 sg_mark_end(sg + sgl->cur - 1); 958 959 ctx->merge = plen & (PAGE_SIZE - 1); 960 } 961 962 err = 0; 963 964 ctx->more = msg->msg_flags & MSG_MORE; 965 966 unlock: 967 af_alg_data_wakeup(sk); 968 release_sock(sk); 969 970 return copied ?: err; 971 } 972 EXPORT_SYMBOL_GPL(af_alg_sendmsg); 973 974 /** 975 * af_alg_sendpage - sendpage system call handler 976 * 977 * This is a generic implementation of sendpage to fill ctx->tsgl_list. 978 */ 979 ssize_t af_alg_sendpage(struct socket *sock, struct page *page, 980 int offset, size_t size, int flags) 981 { 982 struct sock *sk = sock->sk; 983 struct alg_sock *ask = alg_sk(sk); 984 struct af_alg_ctx *ctx = ask->private; 985 struct af_alg_tsgl *sgl; 986 int err = -EINVAL; 987 988 if (flags & MSG_SENDPAGE_NOTLAST) 989 flags |= MSG_MORE; 990 991 lock_sock(sk); 992 if (!ctx->more && ctx->used) 993 goto unlock; 994 995 if (!size) 996 goto done; 997 998 if (!af_alg_writable(sk)) { 999 err = af_alg_wait_for_wmem(sk, flags); 1000 if (err) 1001 goto unlock; 1002 } 1003 1004 err = af_alg_alloc_tsgl(sk); 1005 if (err) 1006 goto unlock; 1007 1008 ctx->merge = 0; 1009 sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl, list); 1010 1011 if (sgl->cur) 1012 sg_unmark_end(sgl->sg + sgl->cur - 1); 1013 1014 sg_mark_end(sgl->sg + sgl->cur); 1015 1016 get_page(page); 1017 sg_set_page(sgl->sg + sgl->cur, page, size, offset); 1018 sgl->cur++; 1019 ctx->used += size; 1020 1021 done: 1022 ctx->more = flags & MSG_MORE; 1023 1024 unlock: 1025 af_alg_data_wakeup(sk); 1026 release_sock(sk); 1027 1028 return err ?: size; 1029 } 1030 EXPORT_SYMBOL_GPL(af_alg_sendpage); 1031 1032 /** 1033 * af_alg_free_resources - release resources required for crypto request 1034 */ 1035 void af_alg_free_resources(struct af_alg_async_req *areq) 1036 { 1037 struct sock *sk = areq->sk; 1038 1039 af_alg_free_areq_sgls(areq); 1040 sock_kfree_s(sk, areq, areq->areqlen); 1041 } 1042 EXPORT_SYMBOL_GPL(af_alg_free_resources); 1043 1044 /** 1045 * af_alg_async_cb - AIO callback handler 1046 * 1047 * This handler cleans up the struct af_alg_async_req upon completion of the 1048 * AIO operation. 1049 * 1050 * The number of bytes to be generated with the AIO operation must be set 1051 * in areq->outlen before the AIO callback handler is invoked. 1052 */ 1053 void af_alg_async_cb(struct crypto_async_request *_req, int err) 1054 { 1055 struct af_alg_async_req *areq = _req->data; 1056 struct sock *sk = areq->sk; 1057 struct kiocb *iocb = areq->iocb; 1058 unsigned int resultlen; 1059 1060 /* Buffer size written by crypto operation. */ 1061 resultlen = areq->outlen; 1062 1063 af_alg_free_resources(areq); 1064 sock_put(sk); 1065 1066 iocb->ki_complete(iocb, err ? err : (int)resultlen, 0); 1067 } 1068 EXPORT_SYMBOL_GPL(af_alg_async_cb); 1069 1070 /** 1071 * af_alg_poll - poll system call handler 1072 */ 1073 __poll_t af_alg_poll(struct file *file, struct socket *sock, 1074 poll_table *wait) 1075 { 1076 struct sock *sk = sock->sk; 1077 struct alg_sock *ask = alg_sk(sk); 1078 struct af_alg_ctx *ctx = ask->private; 1079 __poll_t mask; 1080 1081 sock_poll_wait(file, sock, wait); 1082 mask = 0; 1083 1084 if (!ctx->more || ctx->used) 1085 mask |= EPOLLIN | EPOLLRDNORM; 1086 1087 if (af_alg_writable(sk)) 1088 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND; 1089 1090 return mask; 1091 } 1092 EXPORT_SYMBOL_GPL(af_alg_poll); 1093 1094 /** 1095 * af_alg_alloc_areq - allocate struct af_alg_async_req 1096 * 1097 * @sk socket of connection to user space 1098 * @areqlen size of struct af_alg_async_req + crypto_*_reqsize 1099 * @return allocated data structure or ERR_PTR upon error 1100 */ 1101 struct af_alg_async_req *af_alg_alloc_areq(struct sock *sk, 1102 unsigned int areqlen) 1103 { 1104 struct af_alg_async_req *areq = sock_kmalloc(sk, areqlen, GFP_KERNEL); 1105 1106 if (unlikely(!areq)) 1107 return ERR_PTR(-ENOMEM); 1108 1109 areq->areqlen = areqlen; 1110 areq->sk = sk; 1111 areq->last_rsgl = NULL; 1112 INIT_LIST_HEAD(&areq->rsgl_list); 1113 areq->tsgl = NULL; 1114 areq->tsgl_entries = 0; 1115 1116 return areq; 1117 } 1118 EXPORT_SYMBOL_GPL(af_alg_alloc_areq); 1119 1120 /** 1121 * af_alg_get_rsgl - create the RX SGL for the output data from the crypto 1122 * operation 1123 * 1124 * @sk socket of connection to user space 1125 * @msg user space message 1126 * @flags flags used to invoke recvmsg with 1127 * @areq instance of the cryptographic request that will hold the RX SGL 1128 * @maxsize maximum number of bytes to be pulled from user space 1129 * @outlen number of bytes in the RX SGL 1130 * @return 0 on success, < 0 upon error 1131 */ 1132 int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags, 1133 struct af_alg_async_req *areq, size_t maxsize, 1134 size_t *outlen) 1135 { 1136 struct alg_sock *ask = alg_sk(sk); 1137 struct af_alg_ctx *ctx = ask->private; 1138 size_t len = 0; 1139 1140 while (maxsize > len && msg_data_left(msg)) { 1141 struct af_alg_rsgl *rsgl; 1142 size_t seglen; 1143 int err; 1144 1145 /* limit the amount of readable buffers */ 1146 if (!af_alg_readable(sk)) 1147 break; 1148 1149 seglen = min_t(size_t, (maxsize - len), 1150 msg_data_left(msg)); 1151 1152 if (list_empty(&areq->rsgl_list)) { 1153 rsgl = &areq->first_rsgl; 1154 } else { 1155 rsgl = sock_kmalloc(sk, sizeof(*rsgl), GFP_KERNEL); 1156 if (unlikely(!rsgl)) 1157 return -ENOMEM; 1158 } 1159 1160 rsgl->sgl.npages = 0; 1161 list_add_tail(&rsgl->list, &areq->rsgl_list); 1162 1163 /* make one iovec available as scatterlist */ 1164 err = af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, seglen); 1165 if (err < 0) { 1166 rsgl->sg_num_bytes = 0; 1167 return err; 1168 } 1169 1170 /* chain the new scatterlist with previous one */ 1171 if (areq->last_rsgl) 1172 af_alg_link_sg(&areq->last_rsgl->sgl, &rsgl->sgl); 1173 1174 areq->last_rsgl = rsgl; 1175 len += err; 1176 atomic_add(err, &ctx->rcvused); 1177 rsgl->sg_num_bytes = err; 1178 iov_iter_advance(&msg->msg_iter, err); 1179 } 1180 1181 *outlen = len; 1182 return 0; 1183 } 1184 EXPORT_SYMBOL_GPL(af_alg_get_rsgl); 1185 1186 static int __init af_alg_init(void) 1187 { 1188 int err = proto_register(&alg_proto, 0); 1189 1190 if (err) 1191 goto out; 1192 1193 err = sock_register(&alg_family); 1194 if (err != 0) 1195 goto out_unregister_proto; 1196 1197 out: 1198 return err; 1199 1200 out_unregister_proto: 1201 proto_unregister(&alg_proto); 1202 goto out; 1203 } 1204 1205 static void __exit af_alg_exit(void) 1206 { 1207 sock_unregister(PF_ALG); 1208 proto_unregister(&alg_proto); 1209 } 1210 1211 module_init(af_alg_init); 1212 module_exit(af_alg_exit); 1213 MODULE_LICENSE("GPL"); 1214 MODULE_ALIAS_NETPROTO(AF_ALG); 1215