1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * af_alg: User-space algorithm interface 4 * 5 * This file provides the user-space API for algorithms. 6 * 7 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au> 8 */ 9 10 #include <linux/atomic.h> 11 #include <crypto/if_alg.h> 12 #include <linux/crypto.h> 13 #include <linux/init.h> 14 #include <linux/kernel.h> 15 #include <linux/list.h> 16 #include <linux/module.h> 17 #include <linux/net.h> 18 #include <linux/rwsem.h> 19 #include <linux/sched/signal.h> 20 #include <linux/security.h> 21 22 struct alg_type_list { 23 const struct af_alg_type *type; 24 struct list_head list; 25 }; 26 27 static atomic_long_t alg_memory_allocated; 28 29 static struct proto alg_proto = { 30 .name = "ALG", 31 .owner = THIS_MODULE, 32 .memory_allocated = &alg_memory_allocated, 33 .obj_size = sizeof(struct alg_sock), 34 }; 35 36 static LIST_HEAD(alg_types); 37 static DECLARE_RWSEM(alg_types_sem); 38 39 static const struct af_alg_type *alg_get_type(const char *name) 40 { 41 const struct af_alg_type *type = ERR_PTR(-ENOENT); 42 struct alg_type_list *node; 43 44 down_read(&alg_types_sem); 45 list_for_each_entry(node, &alg_types, list) { 46 if (strcmp(node->type->name, name)) 47 continue; 48 49 if (try_module_get(node->type->owner)) 50 type = node->type; 51 break; 52 } 53 up_read(&alg_types_sem); 54 55 return type; 56 } 57 58 int af_alg_register_type(const struct af_alg_type *type) 59 { 60 struct alg_type_list *node; 61 int err = -EEXIST; 62 63 down_write(&alg_types_sem); 64 list_for_each_entry(node, &alg_types, list) { 65 if (!strcmp(node->type->name, type->name)) 66 goto unlock; 67 } 68 69 node = kmalloc(sizeof(*node), GFP_KERNEL); 70 err = -ENOMEM; 71 if (!node) 72 goto unlock; 73 74 type->ops->owner = THIS_MODULE; 75 if (type->ops_nokey) 76 type->ops_nokey->owner = THIS_MODULE; 77 node->type = type; 78 list_add(&node->list, &alg_types); 79 err = 0; 80 81 unlock: 82 up_write(&alg_types_sem); 83 84 return err; 85 } 86 EXPORT_SYMBOL_GPL(af_alg_register_type); 87 88 int af_alg_unregister_type(const struct af_alg_type *type) 89 { 90 struct alg_type_list *node; 91 int err = -ENOENT; 92 93 down_write(&alg_types_sem); 94 list_for_each_entry(node, &alg_types, list) { 95 if (strcmp(node->type->name, type->name)) 96 continue; 97 98 list_del(&node->list); 99 kfree(node); 100 err = 0; 101 break; 102 } 103 up_write(&alg_types_sem); 104 105 return err; 106 } 107 EXPORT_SYMBOL_GPL(af_alg_unregister_type); 108 109 static void alg_do_release(const struct af_alg_type *type, void *private) 110 { 111 if (!type) 112 return; 113 114 type->release(private); 115 module_put(type->owner); 116 } 117 118 int af_alg_release(struct socket *sock) 119 { 120 if (sock->sk) { 121 sock_put(sock->sk); 122 sock->sk = NULL; 123 } 124 return 0; 125 } 126 EXPORT_SYMBOL_GPL(af_alg_release); 127 128 void af_alg_release_parent(struct sock *sk) 129 { 130 struct alg_sock *ask = alg_sk(sk); 131 unsigned int nokey = ask->nokey_refcnt; 132 bool last = nokey && !ask->refcnt; 133 134 sk = ask->parent; 135 ask = alg_sk(sk); 136 137 lock_sock(sk); 138 ask->nokey_refcnt -= nokey; 139 if (!last) 140 last = !--ask->refcnt; 141 release_sock(sk); 142 143 if (last) 144 sock_put(sk); 145 } 146 EXPORT_SYMBOL_GPL(af_alg_release_parent); 147 148 static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 149 { 150 const u32 allowed = CRYPTO_ALG_KERN_DRIVER_ONLY; 151 struct sock *sk = sock->sk; 152 struct alg_sock *ask = alg_sk(sk); 153 struct sockaddr_alg *sa = (void *)uaddr; 154 const struct af_alg_type *type; 155 void *private; 156 int err; 157 158 if (sock->state == SS_CONNECTED) 159 return -EINVAL; 160 161 if (addr_len < sizeof(*sa)) 162 return -EINVAL; 163 164 /* If caller uses non-allowed flag, return error. */ 165 if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed)) 166 return -EINVAL; 167 168 sa->salg_type[sizeof(sa->salg_type) - 1] = 0; 169 sa->salg_name[sizeof(sa->salg_name) + addr_len - sizeof(*sa) - 1] = 0; 170 171 type = alg_get_type(sa->salg_type); 172 if (IS_ERR(type) && PTR_ERR(type) == -ENOENT) { 173 request_module("algif-%s", sa->salg_type); 174 type = alg_get_type(sa->salg_type); 175 } 176 177 if (IS_ERR(type)) 178 return PTR_ERR(type); 179 180 private = type->bind(sa->salg_name, sa->salg_feat, sa->salg_mask); 181 if (IS_ERR(private)) { 182 module_put(type->owner); 183 return PTR_ERR(private); 184 } 185 186 err = -EBUSY; 187 lock_sock(sk); 188 if (ask->refcnt | ask->nokey_refcnt) 189 goto unlock; 190 191 swap(ask->type, type); 192 swap(ask->private, private); 193 194 err = 0; 195 196 unlock: 197 release_sock(sk); 198 199 alg_do_release(type, private); 200 201 return err; 202 } 203 204 static int alg_setkey(struct sock *sk, char __user *ukey, 205 unsigned int keylen) 206 { 207 struct alg_sock *ask = alg_sk(sk); 208 const struct af_alg_type *type = ask->type; 209 u8 *key; 210 int err; 211 212 key = sock_kmalloc(sk, keylen, GFP_KERNEL); 213 if (!key) 214 return -ENOMEM; 215 216 err = -EFAULT; 217 if (copy_from_user(key, ukey, keylen)) 218 goto out; 219 220 err = type->setkey(ask->private, key, keylen); 221 222 out: 223 sock_kzfree_s(sk, key, keylen); 224 225 return err; 226 } 227 228 static int alg_setsockopt(struct socket *sock, int level, int optname, 229 char __user *optval, unsigned int optlen) 230 { 231 struct sock *sk = sock->sk; 232 struct alg_sock *ask = alg_sk(sk); 233 const struct af_alg_type *type; 234 int err = -EBUSY; 235 236 lock_sock(sk); 237 if (ask->refcnt) 238 goto unlock; 239 240 type = ask->type; 241 242 err = -ENOPROTOOPT; 243 if (level != SOL_ALG || !type) 244 goto unlock; 245 246 switch (optname) { 247 case ALG_SET_KEY: 248 if (sock->state == SS_CONNECTED) 249 goto unlock; 250 if (!type->setkey) 251 goto unlock; 252 253 err = alg_setkey(sk, optval, optlen); 254 break; 255 case ALG_SET_AEAD_AUTHSIZE: 256 if (sock->state == SS_CONNECTED) 257 goto unlock; 258 if (!type->setauthsize) 259 goto unlock; 260 err = type->setauthsize(ask->private, optlen); 261 } 262 263 unlock: 264 release_sock(sk); 265 266 return err; 267 } 268 269 int af_alg_accept(struct sock *sk, struct socket *newsock, bool kern) 270 { 271 struct alg_sock *ask = alg_sk(sk); 272 const struct af_alg_type *type; 273 struct sock *sk2; 274 unsigned int nokey; 275 int err; 276 277 lock_sock(sk); 278 type = ask->type; 279 280 err = -EINVAL; 281 if (!type) 282 goto unlock; 283 284 sk2 = sk_alloc(sock_net(sk), PF_ALG, GFP_KERNEL, &alg_proto, kern); 285 err = -ENOMEM; 286 if (!sk2) 287 goto unlock; 288 289 sock_init_data(newsock, sk2); 290 security_sock_graft(sk2, newsock); 291 security_sk_clone(sk, sk2); 292 293 err = type->accept(ask->private, sk2); 294 295 nokey = err == -ENOKEY; 296 if (nokey && type->accept_nokey) 297 err = type->accept_nokey(ask->private, sk2); 298 299 if (err) 300 goto unlock; 301 302 if (nokey || !ask->refcnt++) 303 sock_hold(sk); 304 ask->nokey_refcnt += nokey; 305 alg_sk(sk2)->parent = sk; 306 alg_sk(sk2)->type = type; 307 alg_sk(sk2)->nokey_refcnt = nokey; 308 309 newsock->ops = type->ops; 310 newsock->state = SS_CONNECTED; 311 312 if (nokey) 313 newsock->ops = type->ops_nokey; 314 315 err = 0; 316 317 unlock: 318 release_sock(sk); 319 320 return err; 321 } 322 EXPORT_SYMBOL_GPL(af_alg_accept); 323 324 static int alg_accept(struct socket *sock, struct socket *newsock, int flags, 325 bool kern) 326 { 327 return af_alg_accept(sock->sk, newsock, kern); 328 } 329 330 static const struct proto_ops alg_proto_ops = { 331 .family = PF_ALG, 332 .owner = THIS_MODULE, 333 334 .connect = sock_no_connect, 335 .socketpair = sock_no_socketpair, 336 .getname = sock_no_getname, 337 .ioctl = sock_no_ioctl, 338 .listen = sock_no_listen, 339 .shutdown = sock_no_shutdown, 340 .getsockopt = sock_no_getsockopt, 341 .mmap = sock_no_mmap, 342 .sendpage = sock_no_sendpage, 343 .sendmsg = sock_no_sendmsg, 344 .recvmsg = sock_no_recvmsg, 345 346 .bind = alg_bind, 347 .release = af_alg_release, 348 .setsockopt = alg_setsockopt, 349 .accept = alg_accept, 350 }; 351 352 static void alg_sock_destruct(struct sock *sk) 353 { 354 struct alg_sock *ask = alg_sk(sk); 355 356 alg_do_release(ask->type, ask->private); 357 } 358 359 static int alg_create(struct net *net, struct socket *sock, int protocol, 360 int kern) 361 { 362 struct sock *sk; 363 int err; 364 365 if (sock->type != SOCK_SEQPACKET) 366 return -ESOCKTNOSUPPORT; 367 if (protocol != 0) 368 return -EPROTONOSUPPORT; 369 370 err = -ENOMEM; 371 sk = sk_alloc(net, PF_ALG, GFP_KERNEL, &alg_proto, kern); 372 if (!sk) 373 goto out; 374 375 sock->ops = &alg_proto_ops; 376 sock_init_data(sock, sk); 377 378 sk->sk_destruct = alg_sock_destruct; 379 380 return 0; 381 out: 382 return err; 383 } 384 385 static const struct net_proto_family alg_family = { 386 .family = PF_ALG, 387 .create = alg_create, 388 .owner = THIS_MODULE, 389 }; 390 391 int af_alg_make_sg(struct af_alg_sgl *sgl, struct iov_iter *iter, int len) 392 { 393 size_t off; 394 ssize_t n; 395 int npages, i; 396 397 n = iov_iter_get_pages(iter, sgl->pages, len, ALG_MAX_PAGES, &off); 398 if (n < 0) 399 return n; 400 401 npages = (off + n + PAGE_SIZE - 1) >> PAGE_SHIFT; 402 if (WARN_ON(npages == 0)) 403 return -EINVAL; 404 /* Add one extra for linking */ 405 sg_init_table(sgl->sg, npages + 1); 406 407 for (i = 0, len = n; i < npages; i++) { 408 int plen = min_t(int, len, PAGE_SIZE - off); 409 410 sg_set_page(sgl->sg + i, sgl->pages[i], plen, off); 411 412 off = 0; 413 len -= plen; 414 } 415 sg_mark_end(sgl->sg + npages - 1); 416 sgl->npages = npages; 417 418 return n; 419 } 420 EXPORT_SYMBOL_GPL(af_alg_make_sg); 421 422 static void af_alg_link_sg(struct af_alg_sgl *sgl_prev, 423 struct af_alg_sgl *sgl_new) 424 { 425 sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1); 426 sg_chain(sgl_prev->sg, sgl_prev->npages + 1, sgl_new->sg); 427 } 428 429 void af_alg_free_sg(struct af_alg_sgl *sgl) 430 { 431 int i; 432 433 for (i = 0; i < sgl->npages; i++) 434 put_page(sgl->pages[i]); 435 } 436 EXPORT_SYMBOL_GPL(af_alg_free_sg); 437 438 static int af_alg_cmsg_send(struct msghdr *msg, struct af_alg_control *con) 439 { 440 struct cmsghdr *cmsg; 441 442 for_each_cmsghdr(cmsg, msg) { 443 if (!CMSG_OK(msg, cmsg)) 444 return -EINVAL; 445 if (cmsg->cmsg_level != SOL_ALG) 446 continue; 447 448 switch (cmsg->cmsg_type) { 449 case ALG_SET_IV: 450 if (cmsg->cmsg_len < CMSG_LEN(sizeof(*con->iv))) 451 return -EINVAL; 452 con->iv = (void *)CMSG_DATA(cmsg); 453 if (cmsg->cmsg_len < CMSG_LEN(con->iv->ivlen + 454 sizeof(*con->iv))) 455 return -EINVAL; 456 break; 457 458 case ALG_SET_OP: 459 if (cmsg->cmsg_len < CMSG_LEN(sizeof(u32))) 460 return -EINVAL; 461 con->op = *(u32 *)CMSG_DATA(cmsg); 462 break; 463 464 case ALG_SET_AEAD_ASSOCLEN: 465 if (cmsg->cmsg_len < CMSG_LEN(sizeof(u32))) 466 return -EINVAL; 467 con->aead_assoclen = *(u32 *)CMSG_DATA(cmsg); 468 break; 469 470 default: 471 return -EINVAL; 472 } 473 } 474 475 return 0; 476 } 477 478 /** 479 * af_alg_alloc_tsgl - allocate the TX SGL 480 * 481 * @sk socket of connection to user space 482 * @return: 0 upon success, < 0 upon error 483 */ 484 static int af_alg_alloc_tsgl(struct sock *sk) 485 { 486 struct alg_sock *ask = alg_sk(sk); 487 struct af_alg_ctx *ctx = ask->private; 488 struct af_alg_tsgl *sgl; 489 struct scatterlist *sg = NULL; 490 491 sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl, list); 492 if (!list_empty(&ctx->tsgl_list)) 493 sg = sgl->sg; 494 495 if (!sg || sgl->cur >= MAX_SGL_ENTS) { 496 sgl = sock_kmalloc(sk, 497 struct_size(sgl, sg, (MAX_SGL_ENTS + 1)), 498 GFP_KERNEL); 499 if (!sgl) 500 return -ENOMEM; 501 502 sg_init_table(sgl->sg, MAX_SGL_ENTS + 1); 503 sgl->cur = 0; 504 505 if (sg) 506 sg_chain(sg, MAX_SGL_ENTS + 1, sgl->sg); 507 508 list_add_tail(&sgl->list, &ctx->tsgl_list); 509 } 510 511 return 0; 512 } 513 514 /** 515 * aead_count_tsgl - Count number of TX SG entries 516 * 517 * The counting starts from the beginning of the SGL to @bytes. If 518 * an offset is provided, the counting of the SG entries starts at the offset. 519 * 520 * @sk socket of connection to user space 521 * @bytes Count the number of SG entries holding given number of bytes. 522 * @offset Start the counting of SG entries from the given offset. 523 * @return Number of TX SG entries found given the constraints 524 */ 525 unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset) 526 { 527 const struct alg_sock *ask = alg_sk(sk); 528 const struct af_alg_ctx *ctx = ask->private; 529 const struct af_alg_tsgl *sgl; 530 unsigned int i; 531 unsigned int sgl_count = 0; 532 533 if (!bytes) 534 return 0; 535 536 list_for_each_entry(sgl, &ctx->tsgl_list, list) { 537 const struct scatterlist *sg = sgl->sg; 538 539 for (i = 0; i < sgl->cur; i++) { 540 size_t bytes_count; 541 542 /* Skip offset */ 543 if (offset >= sg[i].length) { 544 offset -= sg[i].length; 545 bytes -= sg[i].length; 546 continue; 547 } 548 549 bytes_count = sg[i].length - offset; 550 551 offset = 0; 552 sgl_count++; 553 554 /* If we have seen requested number of bytes, stop */ 555 if (bytes_count >= bytes) 556 return sgl_count; 557 558 bytes -= bytes_count; 559 } 560 } 561 562 return sgl_count; 563 } 564 EXPORT_SYMBOL_GPL(af_alg_count_tsgl); 565 566 /** 567 * aead_pull_tsgl - Release the specified buffers from TX SGL 568 * 569 * If @dst is non-null, reassign the pages to dst. The caller must release 570 * the pages. If @dst_offset is given only reassign the pages to @dst starting 571 * at the @dst_offset (byte). The caller must ensure that @dst is large 572 * enough (e.g. by using af_alg_count_tsgl with the same offset). 573 * 574 * @sk socket of connection to user space 575 * @used Number of bytes to pull from TX SGL 576 * @dst If non-NULL, buffer is reassigned to dst SGL instead of releasing. The 577 * caller must release the buffers in dst. 578 * @dst_offset Reassign the TX SGL from given offset. All buffers before 579 * reaching the offset is released. 580 */ 581 void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, 582 size_t dst_offset) 583 { 584 struct alg_sock *ask = alg_sk(sk); 585 struct af_alg_ctx *ctx = ask->private; 586 struct af_alg_tsgl *sgl; 587 struct scatterlist *sg; 588 unsigned int i, j = 0; 589 590 while (!list_empty(&ctx->tsgl_list)) { 591 sgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl, 592 list); 593 sg = sgl->sg; 594 595 for (i = 0; i < sgl->cur; i++) { 596 size_t plen = min_t(size_t, used, sg[i].length); 597 struct page *page = sg_page(sg + i); 598 599 if (!page) 600 continue; 601 602 /* 603 * Assumption: caller created af_alg_count_tsgl(len) 604 * SG entries in dst. 605 */ 606 if (dst) { 607 if (dst_offset >= plen) { 608 /* discard page before offset */ 609 dst_offset -= plen; 610 } else { 611 /* reassign page to dst after offset */ 612 get_page(page); 613 sg_set_page(dst + j, page, 614 plen - dst_offset, 615 sg[i].offset + dst_offset); 616 dst_offset = 0; 617 j++; 618 } 619 } 620 621 sg[i].length -= plen; 622 sg[i].offset += plen; 623 624 used -= plen; 625 ctx->used -= plen; 626 627 if (sg[i].length) 628 return; 629 630 put_page(page); 631 sg_assign_page(sg + i, NULL); 632 } 633 634 list_del(&sgl->list); 635 sock_kfree_s(sk, sgl, struct_size(sgl, sg, MAX_SGL_ENTS + 1)); 636 } 637 638 if (!ctx->used) 639 ctx->merge = 0; 640 } 641 EXPORT_SYMBOL_GPL(af_alg_pull_tsgl); 642 643 /** 644 * af_alg_free_areq_sgls - Release TX and RX SGLs of the request 645 * 646 * @areq Request holding the TX and RX SGL 647 */ 648 static void af_alg_free_areq_sgls(struct af_alg_async_req *areq) 649 { 650 struct sock *sk = areq->sk; 651 struct alg_sock *ask = alg_sk(sk); 652 struct af_alg_ctx *ctx = ask->private; 653 struct af_alg_rsgl *rsgl, *tmp; 654 struct scatterlist *tsgl; 655 struct scatterlist *sg; 656 unsigned int i; 657 658 list_for_each_entry_safe(rsgl, tmp, &areq->rsgl_list, list) { 659 atomic_sub(rsgl->sg_num_bytes, &ctx->rcvused); 660 af_alg_free_sg(&rsgl->sgl); 661 list_del(&rsgl->list); 662 if (rsgl != &areq->first_rsgl) 663 sock_kfree_s(sk, rsgl, sizeof(*rsgl)); 664 } 665 666 tsgl = areq->tsgl; 667 if (tsgl) { 668 for_each_sg(tsgl, sg, areq->tsgl_entries, i) { 669 if (!sg_page(sg)) 670 continue; 671 put_page(sg_page(sg)); 672 } 673 674 sock_kfree_s(sk, tsgl, areq->tsgl_entries * sizeof(*tsgl)); 675 } 676 } 677 678 /** 679 * af_alg_wait_for_wmem - wait for availability of writable memory 680 * 681 * @sk socket of connection to user space 682 * @flags If MSG_DONTWAIT is set, then only report if function would sleep 683 * @return 0 when writable memory is available, < 0 upon error 684 */ 685 static int af_alg_wait_for_wmem(struct sock *sk, unsigned int flags) 686 { 687 DEFINE_WAIT_FUNC(wait, woken_wake_function); 688 int err = -ERESTARTSYS; 689 long timeout; 690 691 if (flags & MSG_DONTWAIT) 692 return -EAGAIN; 693 694 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk); 695 696 add_wait_queue(sk_sleep(sk), &wait); 697 for (;;) { 698 if (signal_pending(current)) 699 break; 700 timeout = MAX_SCHEDULE_TIMEOUT; 701 if (sk_wait_event(sk, &timeout, af_alg_writable(sk), &wait)) { 702 err = 0; 703 break; 704 } 705 } 706 remove_wait_queue(sk_sleep(sk), &wait); 707 708 return err; 709 } 710 711 /** 712 * af_alg_wmem_wakeup - wakeup caller when writable memory is available 713 * 714 * @sk socket of connection to user space 715 */ 716 void af_alg_wmem_wakeup(struct sock *sk) 717 { 718 struct socket_wq *wq; 719 720 if (!af_alg_writable(sk)) 721 return; 722 723 rcu_read_lock(); 724 wq = rcu_dereference(sk->sk_wq); 725 if (skwq_has_sleeper(wq)) 726 wake_up_interruptible_sync_poll(&wq->wait, EPOLLIN | 727 EPOLLRDNORM | 728 EPOLLRDBAND); 729 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN); 730 rcu_read_unlock(); 731 } 732 EXPORT_SYMBOL_GPL(af_alg_wmem_wakeup); 733 734 /** 735 * af_alg_wait_for_data - wait for availability of TX data 736 * 737 * @sk socket of connection to user space 738 * @flags If MSG_DONTWAIT is set, then only report if function would sleep 739 * @return 0 when writable memory is available, < 0 upon error 740 */ 741 int af_alg_wait_for_data(struct sock *sk, unsigned flags) 742 { 743 DEFINE_WAIT_FUNC(wait, woken_wake_function); 744 struct alg_sock *ask = alg_sk(sk); 745 struct af_alg_ctx *ctx = ask->private; 746 long timeout; 747 int err = -ERESTARTSYS; 748 749 if (flags & MSG_DONTWAIT) 750 return -EAGAIN; 751 752 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk); 753 754 add_wait_queue(sk_sleep(sk), &wait); 755 for (;;) { 756 if (signal_pending(current)) 757 break; 758 timeout = MAX_SCHEDULE_TIMEOUT; 759 if (sk_wait_event(sk, &timeout, (ctx->used || !ctx->more), 760 &wait)) { 761 err = 0; 762 break; 763 } 764 } 765 remove_wait_queue(sk_sleep(sk), &wait); 766 767 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk); 768 769 return err; 770 } 771 EXPORT_SYMBOL_GPL(af_alg_wait_for_data); 772 773 /** 774 * af_alg_data_wakeup - wakeup caller when new data can be sent to kernel 775 * 776 * @sk socket of connection to user space 777 */ 778 static void af_alg_data_wakeup(struct sock *sk) 779 { 780 struct alg_sock *ask = alg_sk(sk); 781 struct af_alg_ctx *ctx = ask->private; 782 struct socket_wq *wq; 783 784 if (!ctx->used) 785 return; 786 787 rcu_read_lock(); 788 wq = rcu_dereference(sk->sk_wq); 789 if (skwq_has_sleeper(wq)) 790 wake_up_interruptible_sync_poll(&wq->wait, EPOLLOUT | 791 EPOLLRDNORM | 792 EPOLLRDBAND); 793 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); 794 rcu_read_unlock(); 795 } 796 797 /** 798 * af_alg_sendmsg - implementation of sendmsg system call handler 799 * 800 * The sendmsg system call handler obtains the user data and stores it 801 * in ctx->tsgl_list. This implies allocation of the required numbers of 802 * struct af_alg_tsgl. 803 * 804 * In addition, the ctx is filled with the information sent via CMSG. 805 * 806 * @sock socket of connection to user space 807 * @msg message from user space 808 * @size size of message from user space 809 * @ivsize the size of the IV for the cipher operation to verify that the 810 * user-space-provided IV has the right size 811 * @return the number of copied data upon success, < 0 upon error 812 */ 813 int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, 814 unsigned int ivsize) 815 { 816 struct sock *sk = sock->sk; 817 struct alg_sock *ask = alg_sk(sk); 818 struct af_alg_ctx *ctx = ask->private; 819 struct af_alg_tsgl *sgl; 820 struct af_alg_control con = {}; 821 long copied = 0; 822 bool enc = 0; 823 bool init = 0; 824 int err = 0; 825 826 if (msg->msg_controllen) { 827 err = af_alg_cmsg_send(msg, &con); 828 if (err) 829 return err; 830 831 init = 1; 832 switch (con.op) { 833 case ALG_OP_ENCRYPT: 834 enc = 1; 835 break; 836 case ALG_OP_DECRYPT: 837 enc = 0; 838 break; 839 default: 840 return -EINVAL; 841 } 842 843 if (con.iv && con.iv->ivlen != ivsize) 844 return -EINVAL; 845 } 846 847 lock_sock(sk); 848 if (!ctx->more && ctx->used) { 849 err = -EINVAL; 850 goto unlock; 851 } 852 853 if (init) { 854 ctx->enc = enc; 855 if (con.iv) 856 memcpy(ctx->iv, con.iv->iv, ivsize); 857 858 ctx->aead_assoclen = con.aead_assoclen; 859 } 860 861 while (size) { 862 struct scatterlist *sg; 863 size_t len = size; 864 size_t plen; 865 866 /* use the existing memory in an allocated page */ 867 if (ctx->merge) { 868 sgl = list_entry(ctx->tsgl_list.prev, 869 struct af_alg_tsgl, list); 870 sg = sgl->sg + sgl->cur - 1; 871 len = min_t(size_t, len, 872 PAGE_SIZE - sg->offset - sg->length); 873 874 err = memcpy_from_msg(page_address(sg_page(sg)) + 875 sg->offset + sg->length, 876 msg, len); 877 if (err) 878 goto unlock; 879 880 sg->length += len; 881 ctx->merge = (sg->offset + sg->length) & 882 (PAGE_SIZE - 1); 883 884 ctx->used += len; 885 copied += len; 886 size -= len; 887 continue; 888 } 889 890 if (!af_alg_writable(sk)) { 891 err = af_alg_wait_for_wmem(sk, msg->msg_flags); 892 if (err) 893 goto unlock; 894 } 895 896 /* allocate a new page */ 897 len = min_t(unsigned long, len, af_alg_sndbuf(sk)); 898 899 err = af_alg_alloc_tsgl(sk); 900 if (err) 901 goto unlock; 902 903 sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl, 904 list); 905 sg = sgl->sg; 906 if (sgl->cur) 907 sg_unmark_end(sg + sgl->cur - 1); 908 909 do { 910 unsigned int i = sgl->cur; 911 912 plen = min_t(size_t, len, PAGE_SIZE); 913 914 sg_assign_page(sg + i, alloc_page(GFP_KERNEL)); 915 if (!sg_page(sg + i)) { 916 err = -ENOMEM; 917 goto unlock; 918 } 919 920 err = memcpy_from_msg(page_address(sg_page(sg + i)), 921 msg, plen); 922 if (err) { 923 __free_page(sg_page(sg + i)); 924 sg_assign_page(sg + i, NULL); 925 goto unlock; 926 } 927 928 sg[i].length = plen; 929 len -= plen; 930 ctx->used += plen; 931 copied += plen; 932 size -= plen; 933 sgl->cur++; 934 } while (len && sgl->cur < MAX_SGL_ENTS); 935 936 if (!size) 937 sg_mark_end(sg + sgl->cur - 1); 938 939 ctx->merge = plen & (PAGE_SIZE - 1); 940 } 941 942 err = 0; 943 944 ctx->more = msg->msg_flags & MSG_MORE; 945 946 unlock: 947 af_alg_data_wakeup(sk); 948 release_sock(sk); 949 950 return copied ?: err; 951 } 952 EXPORT_SYMBOL_GPL(af_alg_sendmsg); 953 954 /** 955 * af_alg_sendpage - sendpage system call handler 956 * 957 * This is a generic implementation of sendpage to fill ctx->tsgl_list. 958 */ 959 ssize_t af_alg_sendpage(struct socket *sock, struct page *page, 960 int offset, size_t size, int flags) 961 { 962 struct sock *sk = sock->sk; 963 struct alg_sock *ask = alg_sk(sk); 964 struct af_alg_ctx *ctx = ask->private; 965 struct af_alg_tsgl *sgl; 966 int err = -EINVAL; 967 968 if (flags & MSG_SENDPAGE_NOTLAST) 969 flags |= MSG_MORE; 970 971 lock_sock(sk); 972 if (!ctx->more && ctx->used) 973 goto unlock; 974 975 if (!size) 976 goto done; 977 978 if (!af_alg_writable(sk)) { 979 err = af_alg_wait_for_wmem(sk, flags); 980 if (err) 981 goto unlock; 982 } 983 984 err = af_alg_alloc_tsgl(sk); 985 if (err) 986 goto unlock; 987 988 ctx->merge = 0; 989 sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl, list); 990 991 if (sgl->cur) 992 sg_unmark_end(sgl->sg + sgl->cur - 1); 993 994 sg_mark_end(sgl->sg + sgl->cur); 995 996 get_page(page); 997 sg_set_page(sgl->sg + sgl->cur, page, size, offset); 998 sgl->cur++; 999 ctx->used += size; 1000 1001 done: 1002 ctx->more = flags & MSG_MORE; 1003 1004 unlock: 1005 af_alg_data_wakeup(sk); 1006 release_sock(sk); 1007 1008 return err ?: size; 1009 } 1010 EXPORT_SYMBOL_GPL(af_alg_sendpage); 1011 1012 /** 1013 * af_alg_free_resources - release resources required for crypto request 1014 */ 1015 void af_alg_free_resources(struct af_alg_async_req *areq) 1016 { 1017 struct sock *sk = areq->sk; 1018 1019 af_alg_free_areq_sgls(areq); 1020 sock_kfree_s(sk, areq, areq->areqlen); 1021 } 1022 EXPORT_SYMBOL_GPL(af_alg_free_resources); 1023 1024 /** 1025 * af_alg_async_cb - AIO callback handler 1026 * 1027 * This handler cleans up the struct af_alg_async_req upon completion of the 1028 * AIO operation. 1029 * 1030 * The number of bytes to be generated with the AIO operation must be set 1031 * in areq->outlen before the AIO callback handler is invoked. 1032 */ 1033 void af_alg_async_cb(struct crypto_async_request *_req, int err) 1034 { 1035 struct af_alg_async_req *areq = _req->data; 1036 struct sock *sk = areq->sk; 1037 struct kiocb *iocb = areq->iocb; 1038 unsigned int resultlen; 1039 1040 /* Buffer size written by crypto operation. */ 1041 resultlen = areq->outlen; 1042 1043 af_alg_free_resources(areq); 1044 sock_put(sk); 1045 1046 iocb->ki_complete(iocb, err ? err : resultlen, 0); 1047 } 1048 EXPORT_SYMBOL_GPL(af_alg_async_cb); 1049 1050 /** 1051 * af_alg_poll - poll system call handler 1052 */ 1053 __poll_t af_alg_poll(struct file *file, struct socket *sock, 1054 poll_table *wait) 1055 { 1056 struct sock *sk = sock->sk; 1057 struct alg_sock *ask = alg_sk(sk); 1058 struct af_alg_ctx *ctx = ask->private; 1059 __poll_t mask; 1060 1061 sock_poll_wait(file, sock, wait); 1062 mask = 0; 1063 1064 if (!ctx->more || ctx->used) 1065 mask |= EPOLLIN | EPOLLRDNORM; 1066 1067 if (af_alg_writable(sk)) 1068 mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND; 1069 1070 return mask; 1071 } 1072 EXPORT_SYMBOL_GPL(af_alg_poll); 1073 1074 /** 1075 * af_alg_alloc_areq - allocate struct af_alg_async_req 1076 * 1077 * @sk socket of connection to user space 1078 * @areqlen size of struct af_alg_async_req + crypto_*_reqsize 1079 * @return allocated data structure or ERR_PTR upon error 1080 */ 1081 struct af_alg_async_req *af_alg_alloc_areq(struct sock *sk, 1082 unsigned int areqlen) 1083 { 1084 struct af_alg_async_req *areq = sock_kmalloc(sk, areqlen, GFP_KERNEL); 1085 1086 if (unlikely(!areq)) 1087 return ERR_PTR(-ENOMEM); 1088 1089 areq->areqlen = areqlen; 1090 areq->sk = sk; 1091 areq->last_rsgl = NULL; 1092 INIT_LIST_HEAD(&areq->rsgl_list); 1093 areq->tsgl = NULL; 1094 areq->tsgl_entries = 0; 1095 1096 return areq; 1097 } 1098 EXPORT_SYMBOL_GPL(af_alg_alloc_areq); 1099 1100 /** 1101 * af_alg_get_rsgl - create the RX SGL for the output data from the crypto 1102 * operation 1103 * 1104 * @sk socket of connection to user space 1105 * @msg user space message 1106 * @flags flags used to invoke recvmsg with 1107 * @areq instance of the cryptographic request that will hold the RX SGL 1108 * @maxsize maximum number of bytes to be pulled from user space 1109 * @outlen number of bytes in the RX SGL 1110 * @return 0 on success, < 0 upon error 1111 */ 1112 int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags, 1113 struct af_alg_async_req *areq, size_t maxsize, 1114 size_t *outlen) 1115 { 1116 struct alg_sock *ask = alg_sk(sk); 1117 struct af_alg_ctx *ctx = ask->private; 1118 size_t len = 0; 1119 1120 while (maxsize > len && msg_data_left(msg)) { 1121 struct af_alg_rsgl *rsgl; 1122 size_t seglen; 1123 int err; 1124 1125 /* limit the amount of readable buffers */ 1126 if (!af_alg_readable(sk)) 1127 break; 1128 1129 seglen = min_t(size_t, (maxsize - len), 1130 msg_data_left(msg)); 1131 1132 if (list_empty(&areq->rsgl_list)) { 1133 rsgl = &areq->first_rsgl; 1134 } else { 1135 rsgl = sock_kmalloc(sk, sizeof(*rsgl), GFP_KERNEL); 1136 if (unlikely(!rsgl)) 1137 return -ENOMEM; 1138 } 1139 1140 rsgl->sgl.npages = 0; 1141 list_add_tail(&rsgl->list, &areq->rsgl_list); 1142 1143 /* make one iovec available as scatterlist */ 1144 err = af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, seglen); 1145 if (err < 0) { 1146 rsgl->sg_num_bytes = 0; 1147 return err; 1148 } 1149 1150 /* chain the new scatterlist with previous one */ 1151 if (areq->last_rsgl) 1152 af_alg_link_sg(&areq->last_rsgl->sgl, &rsgl->sgl); 1153 1154 areq->last_rsgl = rsgl; 1155 len += err; 1156 atomic_add(err, &ctx->rcvused); 1157 rsgl->sg_num_bytes = err; 1158 iov_iter_advance(&msg->msg_iter, err); 1159 } 1160 1161 *outlen = len; 1162 return 0; 1163 } 1164 EXPORT_SYMBOL_GPL(af_alg_get_rsgl); 1165 1166 static int __init af_alg_init(void) 1167 { 1168 int err = proto_register(&alg_proto, 0); 1169 1170 if (err) 1171 goto out; 1172 1173 err = sock_register(&alg_family); 1174 if (err != 0) 1175 goto out_unregister_proto; 1176 1177 out: 1178 return err; 1179 1180 out_unregister_proto: 1181 proto_unregister(&alg_proto); 1182 goto out; 1183 } 1184 1185 static void __exit af_alg_exit(void) 1186 { 1187 sock_unregister(PF_ALG); 1188 proto_unregister(&alg_proto); 1189 } 1190 1191 module_init(af_alg_init); 1192 module_exit(af_alg_exit); 1193 MODULE_LICENSE("GPL"); 1194 MODULE_ALIAS_NETPROTO(AF_ALG); 1195