1 /* 2 * xfrm_state.c 3 * 4 * Changes: 5 * Mitsuru KANDA @USAGI 6 * Kazunori MIYAZAWA @USAGI 7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 8 * IPv6 support 9 * YOSHIFUJI Hideaki @USAGI 10 * Split up af-specific functions 11 * Derek Atkins <derek@ihtfp.com> 12 * Add UDP Encapsulation 13 * 14 */ 15 16 #include <linux/workqueue.h> 17 #include <net/xfrm.h> 18 #include <linux/pfkeyv2.h> 19 #include <linux/ipsec.h> 20 #include <linux/module.h> 21 #include <linux/cache.h> 22 #include <linux/audit.h> 23 #include <asm/uaccess.h> 24 #include <linux/ktime.h> 25 #include <linux/slab.h> 26 #include <linux/interrupt.h> 27 #include <linux/kernel.h> 28 29 #include "xfrm_hash.h" 30 31 /* Each xfrm_state may be linked to two tables: 32 33 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl) 34 2. Hash table by (daddr,family,reqid) to find what SAs exist for given 35 destination/tunnel endpoint. (output) 36 */ 37 38 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024; 39 40 static inline unsigned int xfrm_dst_hash(struct net *net, 41 const xfrm_address_t *daddr, 42 const xfrm_address_t *saddr, 43 u32 reqid, 44 unsigned short family) 45 { 46 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask); 47 } 48 49 static inline unsigned int xfrm_src_hash(struct net *net, 50 const xfrm_address_t *daddr, 51 const xfrm_address_t *saddr, 52 unsigned short family) 53 { 54 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask); 55 } 56 57 static inline unsigned int 58 xfrm_spi_hash(struct net *net, const xfrm_address_t *daddr, 59 __be32 spi, u8 proto, unsigned short family) 60 { 61 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask); 62 } 63 64 static void xfrm_hash_transfer(struct hlist_head *list, 65 struct hlist_head *ndsttable, 66 struct hlist_head *nsrctable, 67 struct hlist_head *nspitable, 68 unsigned int nhashmask) 69 { 70 struct hlist_node *tmp; 71 struct xfrm_state *x; 72 73 hlist_for_each_entry_safe(x, tmp, list, bydst) { 74 unsigned int h; 75 76 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr, 77 x->props.reqid, x->props.family, 78 nhashmask); 79 hlist_add_head(&x->bydst, ndsttable+h); 80 81 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr, 82 x->props.family, 83 nhashmask); 84 hlist_add_head(&x->bysrc, nsrctable+h); 85 86 if (x->id.spi) { 87 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi, 88 x->id.proto, x->props.family, 89 nhashmask); 90 hlist_add_head(&x->byspi, nspitable+h); 91 } 92 } 93 } 94 95 static unsigned long xfrm_hash_new_size(unsigned int state_hmask) 96 { 97 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head); 98 } 99 100 static DEFINE_MUTEX(hash_resize_mutex); 101 102 static void xfrm_hash_resize(struct work_struct *work) 103 { 104 struct net *net = container_of(work, struct net, xfrm.state_hash_work); 105 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi; 106 unsigned long nsize, osize; 107 unsigned int nhashmask, ohashmask; 108 int i; 109 110 mutex_lock(&hash_resize_mutex); 111 112 nsize = xfrm_hash_new_size(net->xfrm.state_hmask); 113 ndst = xfrm_hash_alloc(nsize); 114 if (!ndst) 115 goto out_unlock; 116 nsrc = xfrm_hash_alloc(nsize); 117 if (!nsrc) { 118 xfrm_hash_free(ndst, nsize); 119 goto out_unlock; 120 } 121 nspi = xfrm_hash_alloc(nsize); 122 if (!nspi) { 123 xfrm_hash_free(ndst, nsize); 124 xfrm_hash_free(nsrc, nsize); 125 goto out_unlock; 126 } 127 128 spin_lock_bh(&net->xfrm.xfrm_state_lock); 129 130 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U; 131 for (i = net->xfrm.state_hmask; i >= 0; i--) 132 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi, 133 nhashmask); 134 135 odst = net->xfrm.state_bydst; 136 osrc = net->xfrm.state_bysrc; 137 ospi = net->xfrm.state_byspi; 138 ohashmask = net->xfrm.state_hmask; 139 140 net->xfrm.state_bydst = ndst; 141 net->xfrm.state_bysrc = nsrc; 142 net->xfrm.state_byspi = nspi; 143 net->xfrm.state_hmask = nhashmask; 144 145 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 146 147 osize = (ohashmask + 1) * sizeof(struct hlist_head); 148 xfrm_hash_free(odst, osize); 149 xfrm_hash_free(osrc, osize); 150 xfrm_hash_free(ospi, osize); 151 152 out_unlock: 153 mutex_unlock(&hash_resize_mutex); 154 } 155 156 static DEFINE_SPINLOCK(xfrm_state_afinfo_lock); 157 static struct xfrm_state_afinfo __rcu *xfrm_state_afinfo[NPROTO]; 158 159 static DEFINE_SPINLOCK(xfrm_state_gc_lock); 160 161 int __xfrm_state_delete(struct xfrm_state *x); 162 163 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); 164 void km_state_expired(struct xfrm_state *x, int hard, u32 portid); 165 166 static DEFINE_SPINLOCK(xfrm_type_lock); 167 int xfrm_register_type(const struct xfrm_type *type, unsigned short family) 168 { 169 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 170 const struct xfrm_type **typemap; 171 int err = 0; 172 173 if (unlikely(afinfo == NULL)) 174 return -EAFNOSUPPORT; 175 typemap = afinfo->type_map; 176 spin_lock_bh(&xfrm_type_lock); 177 178 if (likely(typemap[type->proto] == NULL)) 179 typemap[type->proto] = type; 180 else 181 err = -EEXIST; 182 spin_unlock_bh(&xfrm_type_lock); 183 xfrm_state_put_afinfo(afinfo); 184 return err; 185 } 186 EXPORT_SYMBOL(xfrm_register_type); 187 188 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family) 189 { 190 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 191 const struct xfrm_type **typemap; 192 int err = 0; 193 194 if (unlikely(afinfo == NULL)) 195 return -EAFNOSUPPORT; 196 typemap = afinfo->type_map; 197 spin_lock_bh(&xfrm_type_lock); 198 199 if (unlikely(typemap[type->proto] != type)) 200 err = -ENOENT; 201 else 202 typemap[type->proto] = NULL; 203 spin_unlock_bh(&xfrm_type_lock); 204 xfrm_state_put_afinfo(afinfo); 205 return err; 206 } 207 EXPORT_SYMBOL(xfrm_unregister_type); 208 209 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family) 210 { 211 struct xfrm_state_afinfo *afinfo; 212 const struct xfrm_type **typemap; 213 const struct xfrm_type *type; 214 int modload_attempted = 0; 215 216 retry: 217 afinfo = xfrm_state_get_afinfo(family); 218 if (unlikely(afinfo == NULL)) 219 return NULL; 220 typemap = afinfo->type_map; 221 222 type = typemap[proto]; 223 if (unlikely(type && !try_module_get(type->owner))) 224 type = NULL; 225 if (!type && !modload_attempted) { 226 xfrm_state_put_afinfo(afinfo); 227 request_module("xfrm-type-%d-%d", family, proto); 228 modload_attempted = 1; 229 goto retry; 230 } 231 232 xfrm_state_put_afinfo(afinfo); 233 return type; 234 } 235 236 static void xfrm_put_type(const struct xfrm_type *type) 237 { 238 module_put(type->owner); 239 } 240 241 static DEFINE_SPINLOCK(xfrm_mode_lock); 242 int xfrm_register_mode(struct xfrm_mode *mode, int family) 243 { 244 struct xfrm_state_afinfo *afinfo; 245 struct xfrm_mode **modemap; 246 int err; 247 248 if (unlikely(mode->encap >= XFRM_MODE_MAX)) 249 return -EINVAL; 250 251 afinfo = xfrm_state_get_afinfo(family); 252 if (unlikely(afinfo == NULL)) 253 return -EAFNOSUPPORT; 254 255 err = -EEXIST; 256 modemap = afinfo->mode_map; 257 spin_lock_bh(&xfrm_mode_lock); 258 if (modemap[mode->encap]) 259 goto out; 260 261 err = -ENOENT; 262 if (!try_module_get(afinfo->owner)) 263 goto out; 264 265 mode->afinfo = afinfo; 266 modemap[mode->encap] = mode; 267 err = 0; 268 269 out: 270 spin_unlock_bh(&xfrm_mode_lock); 271 xfrm_state_put_afinfo(afinfo); 272 return err; 273 } 274 EXPORT_SYMBOL(xfrm_register_mode); 275 276 int xfrm_unregister_mode(struct xfrm_mode *mode, int family) 277 { 278 struct xfrm_state_afinfo *afinfo; 279 struct xfrm_mode **modemap; 280 int err; 281 282 if (unlikely(mode->encap >= XFRM_MODE_MAX)) 283 return -EINVAL; 284 285 afinfo = xfrm_state_get_afinfo(family); 286 if (unlikely(afinfo == NULL)) 287 return -EAFNOSUPPORT; 288 289 err = -ENOENT; 290 modemap = afinfo->mode_map; 291 spin_lock_bh(&xfrm_mode_lock); 292 if (likely(modemap[mode->encap] == mode)) { 293 modemap[mode->encap] = NULL; 294 module_put(mode->afinfo->owner); 295 err = 0; 296 } 297 298 spin_unlock_bh(&xfrm_mode_lock); 299 xfrm_state_put_afinfo(afinfo); 300 return err; 301 } 302 EXPORT_SYMBOL(xfrm_unregister_mode); 303 304 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family) 305 { 306 struct xfrm_state_afinfo *afinfo; 307 struct xfrm_mode *mode; 308 int modload_attempted = 0; 309 310 if (unlikely(encap >= XFRM_MODE_MAX)) 311 return NULL; 312 313 retry: 314 afinfo = xfrm_state_get_afinfo(family); 315 if (unlikely(afinfo == NULL)) 316 return NULL; 317 318 mode = afinfo->mode_map[encap]; 319 if (unlikely(mode && !try_module_get(mode->owner))) 320 mode = NULL; 321 if (!mode && !modload_attempted) { 322 xfrm_state_put_afinfo(afinfo); 323 request_module("xfrm-mode-%d-%d", family, encap); 324 modload_attempted = 1; 325 goto retry; 326 } 327 328 xfrm_state_put_afinfo(afinfo); 329 return mode; 330 } 331 332 static void xfrm_put_mode(struct xfrm_mode *mode) 333 { 334 module_put(mode->owner); 335 } 336 337 static void xfrm_state_gc_destroy(struct xfrm_state *x) 338 { 339 tasklet_hrtimer_cancel(&x->mtimer); 340 del_timer_sync(&x->rtimer); 341 kfree(x->aalg); 342 kfree(x->ealg); 343 kfree(x->calg); 344 kfree(x->encap); 345 kfree(x->coaddr); 346 kfree(x->replay_esn); 347 kfree(x->preplay_esn); 348 if (x->inner_mode) 349 xfrm_put_mode(x->inner_mode); 350 if (x->inner_mode_iaf) 351 xfrm_put_mode(x->inner_mode_iaf); 352 if (x->outer_mode) 353 xfrm_put_mode(x->outer_mode); 354 if (x->type) { 355 x->type->destructor(x); 356 xfrm_put_type(x->type); 357 } 358 security_xfrm_state_free(x); 359 kfree(x); 360 } 361 362 static void xfrm_state_gc_task(struct work_struct *work) 363 { 364 struct net *net = container_of(work, struct net, xfrm.state_gc_work); 365 struct xfrm_state *x; 366 struct hlist_node *tmp; 367 struct hlist_head gc_list; 368 369 spin_lock_bh(&xfrm_state_gc_lock); 370 hlist_move_list(&net->xfrm.state_gc_list, &gc_list); 371 spin_unlock_bh(&xfrm_state_gc_lock); 372 373 hlist_for_each_entry_safe(x, tmp, &gc_list, gclist) 374 xfrm_state_gc_destroy(x); 375 } 376 377 static inline unsigned long make_jiffies(long secs) 378 { 379 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ) 380 return MAX_SCHEDULE_TIMEOUT-1; 381 else 382 return secs*HZ; 383 } 384 385 static enum hrtimer_restart xfrm_timer_handler(struct hrtimer *me) 386 { 387 struct tasklet_hrtimer *thr = container_of(me, struct tasklet_hrtimer, timer); 388 struct xfrm_state *x = container_of(thr, struct xfrm_state, mtimer); 389 unsigned long now = get_seconds(); 390 long next = LONG_MAX; 391 int warn = 0; 392 int err = 0; 393 394 spin_lock(&x->lock); 395 if (x->km.state == XFRM_STATE_DEAD) 396 goto out; 397 if (x->km.state == XFRM_STATE_EXPIRED) 398 goto expired; 399 if (x->lft.hard_add_expires_seconds) { 400 long tmo = x->lft.hard_add_expires_seconds + 401 x->curlft.add_time - now; 402 if (tmo <= 0) { 403 if (x->xflags & XFRM_SOFT_EXPIRE) { 404 /* enter hard expire without soft expire first?! 405 * setting a new date could trigger this. 406 * workarbound: fix x->curflt.add_time by below: 407 */ 408 x->curlft.add_time = now - x->saved_tmo - 1; 409 tmo = x->lft.hard_add_expires_seconds - x->saved_tmo; 410 } else 411 goto expired; 412 } 413 if (tmo < next) 414 next = tmo; 415 } 416 if (x->lft.hard_use_expires_seconds) { 417 long tmo = x->lft.hard_use_expires_seconds + 418 (x->curlft.use_time ? : now) - now; 419 if (tmo <= 0) 420 goto expired; 421 if (tmo < next) 422 next = tmo; 423 } 424 if (x->km.dying) 425 goto resched; 426 if (x->lft.soft_add_expires_seconds) { 427 long tmo = x->lft.soft_add_expires_seconds + 428 x->curlft.add_time - now; 429 if (tmo <= 0) { 430 warn = 1; 431 x->xflags &= ~XFRM_SOFT_EXPIRE; 432 } else if (tmo < next) { 433 next = tmo; 434 x->xflags |= XFRM_SOFT_EXPIRE; 435 x->saved_tmo = tmo; 436 } 437 } 438 if (x->lft.soft_use_expires_seconds) { 439 long tmo = x->lft.soft_use_expires_seconds + 440 (x->curlft.use_time ? : now) - now; 441 if (tmo <= 0) 442 warn = 1; 443 else if (tmo < next) 444 next = tmo; 445 } 446 447 x->km.dying = warn; 448 if (warn) 449 km_state_expired(x, 0, 0); 450 resched: 451 if (next != LONG_MAX) { 452 tasklet_hrtimer_start(&x->mtimer, ktime_set(next, 0), HRTIMER_MODE_REL); 453 } 454 455 goto out; 456 457 expired: 458 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) 459 x->km.state = XFRM_STATE_EXPIRED; 460 461 err = __xfrm_state_delete(x); 462 if (!err) 463 km_state_expired(x, 1, 0); 464 465 xfrm_audit_state_delete(x, err ? 0 : 1, 466 audit_get_loginuid(current), 467 audit_get_sessionid(current), 0); 468 469 out: 470 spin_unlock(&x->lock); 471 return HRTIMER_NORESTART; 472 } 473 474 static void xfrm_replay_timer_handler(unsigned long data); 475 476 struct xfrm_state *xfrm_state_alloc(struct net *net) 477 { 478 struct xfrm_state *x; 479 480 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC); 481 482 if (x) { 483 write_pnet(&x->xs_net, net); 484 atomic_set(&x->refcnt, 1); 485 atomic_set(&x->tunnel_users, 0); 486 INIT_LIST_HEAD(&x->km.all); 487 INIT_HLIST_NODE(&x->bydst); 488 INIT_HLIST_NODE(&x->bysrc); 489 INIT_HLIST_NODE(&x->byspi); 490 tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler, 491 CLOCK_BOOTTIME, HRTIMER_MODE_ABS); 492 setup_timer(&x->rtimer, xfrm_replay_timer_handler, 493 (unsigned long)x); 494 x->curlft.add_time = get_seconds(); 495 x->lft.soft_byte_limit = XFRM_INF; 496 x->lft.soft_packet_limit = XFRM_INF; 497 x->lft.hard_byte_limit = XFRM_INF; 498 x->lft.hard_packet_limit = XFRM_INF; 499 x->replay_maxage = 0; 500 x->replay_maxdiff = 0; 501 x->inner_mode = NULL; 502 x->inner_mode_iaf = NULL; 503 spin_lock_init(&x->lock); 504 } 505 return x; 506 } 507 EXPORT_SYMBOL(xfrm_state_alloc); 508 509 void __xfrm_state_destroy(struct xfrm_state *x) 510 { 511 struct net *net = xs_net(x); 512 513 WARN_ON(x->km.state != XFRM_STATE_DEAD); 514 515 spin_lock_bh(&xfrm_state_gc_lock); 516 hlist_add_head(&x->gclist, &net->xfrm.state_gc_list); 517 spin_unlock_bh(&xfrm_state_gc_lock); 518 schedule_work(&net->xfrm.state_gc_work); 519 } 520 EXPORT_SYMBOL(__xfrm_state_destroy); 521 522 int __xfrm_state_delete(struct xfrm_state *x) 523 { 524 struct net *net = xs_net(x); 525 int err = -ESRCH; 526 527 if (x->km.state != XFRM_STATE_DEAD) { 528 x->km.state = XFRM_STATE_DEAD; 529 spin_lock(&net->xfrm.xfrm_state_lock); 530 list_del(&x->km.all); 531 hlist_del(&x->bydst); 532 hlist_del(&x->bysrc); 533 if (x->id.spi) 534 hlist_del(&x->byspi); 535 net->xfrm.state_num--; 536 spin_unlock(&net->xfrm.xfrm_state_lock); 537 538 /* All xfrm_state objects are created by xfrm_state_alloc. 539 * The xfrm_state_alloc call gives a reference, and that 540 * is what we are dropping here. 541 */ 542 xfrm_state_put(x); 543 err = 0; 544 } 545 546 return err; 547 } 548 EXPORT_SYMBOL(__xfrm_state_delete); 549 550 int xfrm_state_delete(struct xfrm_state *x) 551 { 552 int err; 553 554 spin_lock_bh(&x->lock); 555 err = __xfrm_state_delete(x); 556 spin_unlock_bh(&x->lock); 557 558 return err; 559 } 560 EXPORT_SYMBOL(xfrm_state_delete); 561 562 #ifdef CONFIG_SECURITY_NETWORK_XFRM 563 static inline int 564 xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info) 565 { 566 int i, err = 0; 567 568 for (i = 0; i <= net->xfrm.state_hmask; i++) { 569 struct xfrm_state *x; 570 571 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { 572 if (xfrm_id_proto_match(x->id.proto, proto) && 573 (err = security_xfrm_state_delete(x)) != 0) { 574 xfrm_audit_state_delete(x, 0, 575 audit_info->loginuid, 576 audit_info->sessionid, 577 audit_info->secid); 578 return err; 579 } 580 } 581 } 582 583 return err; 584 } 585 #else 586 static inline int 587 xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info) 588 { 589 return 0; 590 } 591 #endif 592 593 int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info) 594 { 595 int i, err = 0, cnt = 0; 596 597 spin_lock_bh(&net->xfrm.xfrm_state_lock); 598 err = xfrm_state_flush_secctx_check(net, proto, audit_info); 599 if (err) 600 goto out; 601 602 err = -ESRCH; 603 for (i = 0; i <= net->xfrm.state_hmask; i++) { 604 struct xfrm_state *x; 605 restart: 606 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { 607 if (!xfrm_state_kern(x) && 608 xfrm_id_proto_match(x->id.proto, proto)) { 609 xfrm_state_hold(x); 610 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 611 612 err = xfrm_state_delete(x); 613 xfrm_audit_state_delete(x, err ? 0 : 1, 614 audit_info->loginuid, 615 audit_info->sessionid, 616 audit_info->secid); 617 xfrm_state_put(x); 618 if (!err) 619 cnt++; 620 621 spin_lock_bh(&net->xfrm.xfrm_state_lock); 622 goto restart; 623 } 624 } 625 } 626 if (cnt) 627 err = 0; 628 629 out: 630 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 631 return err; 632 } 633 EXPORT_SYMBOL(xfrm_state_flush); 634 635 void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si) 636 { 637 spin_lock_bh(&net->xfrm.xfrm_state_lock); 638 si->sadcnt = net->xfrm.state_num; 639 si->sadhcnt = net->xfrm.state_hmask; 640 si->sadhmcnt = xfrm_state_hashmax; 641 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 642 } 643 EXPORT_SYMBOL(xfrm_sad_getinfo); 644 645 static int 646 xfrm_init_tempstate(struct xfrm_state *x, const struct flowi *fl, 647 const struct xfrm_tmpl *tmpl, 648 const xfrm_address_t *daddr, const xfrm_address_t *saddr, 649 unsigned short family) 650 { 651 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 652 if (!afinfo) 653 return -1; 654 afinfo->init_tempsel(&x->sel, fl); 655 656 if (family != tmpl->encap_family) { 657 xfrm_state_put_afinfo(afinfo); 658 afinfo = xfrm_state_get_afinfo(tmpl->encap_family); 659 if (!afinfo) 660 return -1; 661 } 662 afinfo->init_temprop(x, tmpl, daddr, saddr); 663 xfrm_state_put_afinfo(afinfo); 664 return 0; 665 } 666 667 static struct xfrm_state *__xfrm_state_lookup(struct net *net, u32 mark, 668 const xfrm_address_t *daddr, 669 __be32 spi, u8 proto, 670 unsigned short family) 671 { 672 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family); 673 struct xfrm_state *x; 674 675 hlist_for_each_entry(x, net->xfrm.state_byspi+h, byspi) { 676 if (x->props.family != family || 677 x->id.spi != spi || 678 x->id.proto != proto || 679 !xfrm_addr_equal(&x->id.daddr, daddr, family)) 680 continue; 681 682 if ((mark & x->mark.m) != x->mark.v) 683 continue; 684 xfrm_state_hold(x); 685 return x; 686 } 687 688 return NULL; 689 } 690 691 static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, u32 mark, 692 const xfrm_address_t *daddr, 693 const xfrm_address_t *saddr, 694 u8 proto, unsigned short family) 695 { 696 unsigned int h = xfrm_src_hash(net, daddr, saddr, family); 697 struct xfrm_state *x; 698 699 hlist_for_each_entry(x, net->xfrm.state_bysrc+h, bysrc) { 700 if (x->props.family != family || 701 x->id.proto != proto || 702 !xfrm_addr_equal(&x->id.daddr, daddr, family) || 703 !xfrm_addr_equal(&x->props.saddr, saddr, family)) 704 continue; 705 706 if ((mark & x->mark.m) != x->mark.v) 707 continue; 708 xfrm_state_hold(x); 709 return x; 710 } 711 712 return NULL; 713 } 714 715 static inline struct xfrm_state * 716 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family) 717 { 718 struct net *net = xs_net(x); 719 u32 mark = x->mark.v & x->mark.m; 720 721 if (use_spi) 722 return __xfrm_state_lookup(net, mark, &x->id.daddr, 723 x->id.spi, x->id.proto, family); 724 else 725 return __xfrm_state_lookup_byaddr(net, mark, 726 &x->id.daddr, 727 &x->props.saddr, 728 x->id.proto, family); 729 } 730 731 static void xfrm_hash_grow_check(struct net *net, int have_hash_collision) 732 { 733 if (have_hash_collision && 734 (net->xfrm.state_hmask + 1) < xfrm_state_hashmax && 735 net->xfrm.state_num > net->xfrm.state_hmask) 736 schedule_work(&net->xfrm.state_hash_work); 737 } 738 739 static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x, 740 const struct flowi *fl, unsigned short family, 741 struct xfrm_state **best, int *acq_in_progress, 742 int *error) 743 { 744 /* Resolution logic: 745 * 1. There is a valid state with matching selector. Done. 746 * 2. Valid state with inappropriate selector. Skip. 747 * 748 * Entering area of "sysdeps". 749 * 750 * 3. If state is not valid, selector is temporary, it selects 751 * only session which triggered previous resolution. Key 752 * manager will do something to install a state with proper 753 * selector. 754 */ 755 if (x->km.state == XFRM_STATE_VALID) { 756 if ((x->sel.family && 757 !xfrm_selector_match(&x->sel, fl, x->sel.family)) || 758 !security_xfrm_state_pol_flow_match(x, pol, fl)) 759 return; 760 761 if (!*best || 762 (*best)->km.dying > x->km.dying || 763 ((*best)->km.dying == x->km.dying && 764 (*best)->curlft.add_time < x->curlft.add_time)) 765 *best = x; 766 } else if (x->km.state == XFRM_STATE_ACQ) { 767 *acq_in_progress = 1; 768 } else if (x->km.state == XFRM_STATE_ERROR || 769 x->km.state == XFRM_STATE_EXPIRED) { 770 if (xfrm_selector_match(&x->sel, fl, x->sel.family) && 771 security_xfrm_state_pol_flow_match(x, pol, fl)) 772 *error = -ESRCH; 773 } 774 } 775 776 struct xfrm_state * 777 xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr, 778 const struct flowi *fl, struct xfrm_tmpl *tmpl, 779 struct xfrm_policy *pol, int *err, 780 unsigned short family) 781 { 782 static xfrm_address_t saddr_wildcard = { }; 783 struct net *net = xp_net(pol); 784 unsigned int h, h_wildcard; 785 struct xfrm_state *x, *x0, *to_put; 786 int acquire_in_progress = 0; 787 int error = 0; 788 struct xfrm_state *best = NULL; 789 u32 mark = pol->mark.v & pol->mark.m; 790 unsigned short encap_family = tmpl->encap_family; 791 792 to_put = NULL; 793 794 spin_lock_bh(&net->xfrm.xfrm_state_lock); 795 h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family); 796 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) { 797 if (x->props.family == encap_family && 798 x->props.reqid == tmpl->reqid && 799 (mark & x->mark.m) == x->mark.v && 800 !(x->props.flags & XFRM_STATE_WILDRECV) && 801 xfrm_state_addr_check(x, daddr, saddr, encap_family) && 802 tmpl->mode == x->props.mode && 803 tmpl->id.proto == x->id.proto && 804 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) 805 xfrm_state_look_at(pol, x, fl, encap_family, 806 &best, &acquire_in_progress, &error); 807 } 808 if (best || acquire_in_progress) 809 goto found; 810 811 h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, encap_family); 812 hlist_for_each_entry(x, net->xfrm.state_bydst+h_wildcard, bydst) { 813 if (x->props.family == encap_family && 814 x->props.reqid == tmpl->reqid && 815 (mark & x->mark.m) == x->mark.v && 816 !(x->props.flags & XFRM_STATE_WILDRECV) && 817 xfrm_addr_equal(&x->id.daddr, daddr, encap_family) && 818 tmpl->mode == x->props.mode && 819 tmpl->id.proto == x->id.proto && 820 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) 821 xfrm_state_look_at(pol, x, fl, encap_family, 822 &best, &acquire_in_progress, &error); 823 } 824 825 found: 826 x = best; 827 if (!x && !error && !acquire_in_progress) { 828 if (tmpl->id.spi && 829 (x0 = __xfrm_state_lookup(net, mark, daddr, tmpl->id.spi, 830 tmpl->id.proto, encap_family)) != NULL) { 831 to_put = x0; 832 error = -EEXIST; 833 goto out; 834 } 835 x = xfrm_state_alloc(net); 836 if (x == NULL) { 837 error = -ENOMEM; 838 goto out; 839 } 840 /* Initialize temporary state matching only 841 * to current session. */ 842 xfrm_init_tempstate(x, fl, tmpl, daddr, saddr, family); 843 memcpy(&x->mark, &pol->mark, sizeof(x->mark)); 844 845 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->flowi_secid); 846 if (error) { 847 x->km.state = XFRM_STATE_DEAD; 848 to_put = x; 849 x = NULL; 850 goto out; 851 } 852 853 if (km_query(x, tmpl, pol) == 0) { 854 x->km.state = XFRM_STATE_ACQ; 855 list_add(&x->km.all, &net->xfrm.state_all); 856 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h); 857 h = xfrm_src_hash(net, daddr, saddr, encap_family); 858 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h); 859 if (x->id.spi) { 860 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family); 861 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h); 862 } 863 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires; 864 tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL); 865 net->xfrm.state_num++; 866 xfrm_hash_grow_check(net, x->bydst.next != NULL); 867 } else { 868 x->km.state = XFRM_STATE_DEAD; 869 to_put = x; 870 x = NULL; 871 error = -ESRCH; 872 } 873 } 874 out: 875 if (x) 876 xfrm_state_hold(x); 877 else 878 *err = acquire_in_progress ? -EAGAIN : error; 879 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 880 if (to_put) 881 xfrm_state_put(to_put); 882 return x; 883 } 884 885 struct xfrm_state * 886 xfrm_stateonly_find(struct net *net, u32 mark, 887 xfrm_address_t *daddr, xfrm_address_t *saddr, 888 unsigned short family, u8 mode, u8 proto, u32 reqid) 889 { 890 unsigned int h; 891 struct xfrm_state *rx = NULL, *x = NULL; 892 893 spin_lock_bh(&net->xfrm.xfrm_state_lock); 894 h = xfrm_dst_hash(net, daddr, saddr, reqid, family); 895 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) { 896 if (x->props.family == family && 897 x->props.reqid == reqid && 898 (mark & x->mark.m) == x->mark.v && 899 !(x->props.flags & XFRM_STATE_WILDRECV) && 900 xfrm_state_addr_check(x, daddr, saddr, family) && 901 mode == x->props.mode && 902 proto == x->id.proto && 903 x->km.state == XFRM_STATE_VALID) { 904 rx = x; 905 break; 906 } 907 } 908 909 if (rx) 910 xfrm_state_hold(rx); 911 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 912 913 914 return rx; 915 } 916 EXPORT_SYMBOL(xfrm_stateonly_find); 917 918 struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi, 919 unsigned short family) 920 { 921 struct xfrm_state *x; 922 struct xfrm_state_walk *w; 923 924 spin_lock_bh(&net->xfrm.xfrm_state_lock); 925 list_for_each_entry(w, &net->xfrm.state_all, all) { 926 x = container_of(w, struct xfrm_state, km); 927 if (x->props.family != family || 928 x->id.spi != spi) 929 continue; 930 931 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 932 xfrm_state_hold(x); 933 return x; 934 } 935 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 936 return NULL; 937 } 938 EXPORT_SYMBOL(xfrm_state_lookup_byspi); 939 940 static void __xfrm_state_insert(struct xfrm_state *x) 941 { 942 struct net *net = xs_net(x); 943 unsigned int h; 944 945 list_add(&x->km.all, &net->xfrm.state_all); 946 947 h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr, 948 x->props.reqid, x->props.family); 949 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h); 950 951 h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family); 952 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h); 953 954 if (x->id.spi) { 955 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, 956 x->props.family); 957 958 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h); 959 } 960 961 tasklet_hrtimer_start(&x->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL); 962 if (x->replay_maxage) 963 mod_timer(&x->rtimer, jiffies + x->replay_maxage); 964 965 net->xfrm.state_num++; 966 967 xfrm_hash_grow_check(net, x->bydst.next != NULL); 968 } 969 970 /* net->xfrm.xfrm_state_lock is held */ 971 static void __xfrm_state_bump_genids(struct xfrm_state *xnew) 972 { 973 struct net *net = xs_net(xnew); 974 unsigned short family = xnew->props.family; 975 u32 reqid = xnew->props.reqid; 976 struct xfrm_state *x; 977 unsigned int h; 978 u32 mark = xnew->mark.v & xnew->mark.m; 979 980 h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family); 981 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) { 982 if (x->props.family == family && 983 x->props.reqid == reqid && 984 (mark & x->mark.m) == x->mark.v && 985 xfrm_addr_equal(&x->id.daddr, &xnew->id.daddr, family) && 986 xfrm_addr_equal(&x->props.saddr, &xnew->props.saddr, family)) 987 x->genid++; 988 } 989 } 990 991 void xfrm_state_insert(struct xfrm_state *x) 992 { 993 struct net *net = xs_net(x); 994 995 spin_lock_bh(&net->xfrm.xfrm_state_lock); 996 __xfrm_state_bump_genids(x); 997 __xfrm_state_insert(x); 998 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 999 } 1000 EXPORT_SYMBOL(xfrm_state_insert); 1001 1002 /* net->xfrm.xfrm_state_lock is held */ 1003 static struct xfrm_state *__find_acq_core(struct net *net, 1004 const struct xfrm_mark *m, 1005 unsigned short family, u8 mode, 1006 u32 reqid, u8 proto, 1007 const xfrm_address_t *daddr, 1008 const xfrm_address_t *saddr, 1009 int create) 1010 { 1011 unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family); 1012 struct xfrm_state *x; 1013 u32 mark = m->v & m->m; 1014 1015 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) { 1016 if (x->props.reqid != reqid || 1017 x->props.mode != mode || 1018 x->props.family != family || 1019 x->km.state != XFRM_STATE_ACQ || 1020 x->id.spi != 0 || 1021 x->id.proto != proto || 1022 (mark & x->mark.m) != x->mark.v || 1023 !xfrm_addr_equal(&x->id.daddr, daddr, family) || 1024 !xfrm_addr_equal(&x->props.saddr, saddr, family)) 1025 continue; 1026 1027 xfrm_state_hold(x); 1028 return x; 1029 } 1030 1031 if (!create) 1032 return NULL; 1033 1034 x = xfrm_state_alloc(net); 1035 if (likely(x)) { 1036 switch (family) { 1037 case AF_INET: 1038 x->sel.daddr.a4 = daddr->a4; 1039 x->sel.saddr.a4 = saddr->a4; 1040 x->sel.prefixlen_d = 32; 1041 x->sel.prefixlen_s = 32; 1042 x->props.saddr.a4 = saddr->a4; 1043 x->id.daddr.a4 = daddr->a4; 1044 break; 1045 1046 case AF_INET6: 1047 *(struct in6_addr *)x->sel.daddr.a6 = *(struct in6_addr *)daddr; 1048 *(struct in6_addr *)x->sel.saddr.a6 = *(struct in6_addr *)saddr; 1049 x->sel.prefixlen_d = 128; 1050 x->sel.prefixlen_s = 128; 1051 *(struct in6_addr *)x->props.saddr.a6 = *(struct in6_addr *)saddr; 1052 *(struct in6_addr *)x->id.daddr.a6 = *(struct in6_addr *)daddr; 1053 break; 1054 } 1055 1056 x->km.state = XFRM_STATE_ACQ; 1057 x->id.proto = proto; 1058 x->props.family = family; 1059 x->props.mode = mode; 1060 x->props.reqid = reqid; 1061 x->mark.v = m->v; 1062 x->mark.m = m->m; 1063 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires; 1064 xfrm_state_hold(x); 1065 tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL); 1066 list_add(&x->km.all, &net->xfrm.state_all); 1067 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h); 1068 h = xfrm_src_hash(net, daddr, saddr, family); 1069 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h); 1070 1071 net->xfrm.state_num++; 1072 1073 xfrm_hash_grow_check(net, x->bydst.next != NULL); 1074 } 1075 1076 return x; 1077 } 1078 1079 static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq); 1080 1081 int xfrm_state_add(struct xfrm_state *x) 1082 { 1083 struct net *net = xs_net(x); 1084 struct xfrm_state *x1, *to_put; 1085 int family; 1086 int err; 1087 u32 mark = x->mark.v & x->mark.m; 1088 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY); 1089 1090 family = x->props.family; 1091 1092 to_put = NULL; 1093 1094 spin_lock_bh(&net->xfrm.xfrm_state_lock); 1095 1096 x1 = __xfrm_state_locate(x, use_spi, family); 1097 if (x1) { 1098 to_put = x1; 1099 x1 = NULL; 1100 err = -EEXIST; 1101 goto out; 1102 } 1103 1104 if (use_spi && x->km.seq) { 1105 x1 = __xfrm_find_acq_byseq(net, mark, x->km.seq); 1106 if (x1 && ((x1->id.proto != x->id.proto) || 1107 !xfrm_addr_equal(&x1->id.daddr, &x->id.daddr, family))) { 1108 to_put = x1; 1109 x1 = NULL; 1110 } 1111 } 1112 1113 if (use_spi && !x1) 1114 x1 = __find_acq_core(net, &x->mark, family, x->props.mode, 1115 x->props.reqid, x->id.proto, 1116 &x->id.daddr, &x->props.saddr, 0); 1117 1118 __xfrm_state_bump_genids(x); 1119 __xfrm_state_insert(x); 1120 err = 0; 1121 1122 out: 1123 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 1124 1125 if (x1) { 1126 xfrm_state_delete(x1); 1127 xfrm_state_put(x1); 1128 } 1129 1130 if (to_put) 1131 xfrm_state_put(to_put); 1132 1133 return err; 1134 } 1135 EXPORT_SYMBOL(xfrm_state_add); 1136 1137 #ifdef CONFIG_XFRM_MIGRATE 1138 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp) 1139 { 1140 struct net *net = xs_net(orig); 1141 int err = -ENOMEM; 1142 struct xfrm_state *x = xfrm_state_alloc(net); 1143 if (!x) 1144 goto out; 1145 1146 memcpy(&x->id, &orig->id, sizeof(x->id)); 1147 memcpy(&x->sel, &orig->sel, sizeof(x->sel)); 1148 memcpy(&x->lft, &orig->lft, sizeof(x->lft)); 1149 x->props.mode = orig->props.mode; 1150 x->props.replay_window = orig->props.replay_window; 1151 x->props.reqid = orig->props.reqid; 1152 x->props.family = orig->props.family; 1153 x->props.saddr = orig->props.saddr; 1154 1155 if (orig->aalg) { 1156 x->aalg = xfrm_algo_auth_clone(orig->aalg); 1157 if (!x->aalg) 1158 goto error; 1159 } 1160 x->props.aalgo = orig->props.aalgo; 1161 1162 if (orig->ealg) { 1163 x->ealg = xfrm_algo_clone(orig->ealg); 1164 if (!x->ealg) 1165 goto error; 1166 } 1167 x->props.ealgo = orig->props.ealgo; 1168 1169 if (orig->calg) { 1170 x->calg = xfrm_algo_clone(orig->calg); 1171 if (!x->calg) 1172 goto error; 1173 } 1174 x->props.calgo = orig->props.calgo; 1175 1176 if (orig->encap) { 1177 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL); 1178 if (!x->encap) 1179 goto error; 1180 } 1181 1182 if (orig->coaddr) { 1183 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr), 1184 GFP_KERNEL); 1185 if (!x->coaddr) 1186 goto error; 1187 } 1188 1189 if (orig->replay_esn) { 1190 err = xfrm_replay_clone(x, orig); 1191 if (err) 1192 goto error; 1193 } 1194 1195 memcpy(&x->mark, &orig->mark, sizeof(x->mark)); 1196 1197 err = xfrm_init_state(x); 1198 if (err) 1199 goto error; 1200 1201 x->props.flags = orig->props.flags; 1202 x->props.extra_flags = orig->props.extra_flags; 1203 1204 x->curlft.add_time = orig->curlft.add_time; 1205 x->km.state = orig->km.state; 1206 x->km.seq = orig->km.seq; 1207 1208 return x; 1209 1210 error: 1211 xfrm_state_put(x); 1212 out: 1213 if (errp) 1214 *errp = err; 1215 return NULL; 1216 } 1217 1218 /* net->xfrm.xfrm_state_lock is held */ 1219 struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net) 1220 { 1221 unsigned int h; 1222 struct xfrm_state *x; 1223 1224 if (m->reqid) { 1225 h = xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr, 1226 m->reqid, m->old_family); 1227 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) { 1228 if (x->props.mode != m->mode || 1229 x->id.proto != m->proto) 1230 continue; 1231 if (m->reqid && x->props.reqid != m->reqid) 1232 continue; 1233 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr, 1234 m->old_family) || 1235 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr, 1236 m->old_family)) 1237 continue; 1238 xfrm_state_hold(x); 1239 return x; 1240 } 1241 } else { 1242 h = xfrm_src_hash(net, &m->old_daddr, &m->old_saddr, 1243 m->old_family); 1244 hlist_for_each_entry(x, net->xfrm.state_bysrc+h, bysrc) { 1245 if (x->props.mode != m->mode || 1246 x->id.proto != m->proto) 1247 continue; 1248 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr, 1249 m->old_family) || 1250 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr, 1251 m->old_family)) 1252 continue; 1253 xfrm_state_hold(x); 1254 return x; 1255 } 1256 } 1257 1258 return NULL; 1259 } 1260 EXPORT_SYMBOL(xfrm_migrate_state_find); 1261 1262 struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x, 1263 struct xfrm_migrate *m) 1264 { 1265 struct xfrm_state *xc; 1266 int err; 1267 1268 xc = xfrm_state_clone(x, &err); 1269 if (!xc) 1270 return NULL; 1271 1272 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr)); 1273 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr)); 1274 1275 /* add state */ 1276 if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) { 1277 /* a care is needed when the destination address of the 1278 state is to be updated as it is a part of triplet */ 1279 xfrm_state_insert(xc); 1280 } else { 1281 if ((err = xfrm_state_add(xc)) < 0) 1282 goto error; 1283 } 1284 1285 return xc; 1286 error: 1287 xfrm_state_put(xc); 1288 return NULL; 1289 } 1290 EXPORT_SYMBOL(xfrm_state_migrate); 1291 #endif 1292 1293 int xfrm_state_update(struct xfrm_state *x) 1294 { 1295 struct xfrm_state *x1, *to_put; 1296 int err; 1297 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY); 1298 struct net *net = xs_net(x); 1299 1300 to_put = NULL; 1301 1302 spin_lock_bh(&net->xfrm.xfrm_state_lock); 1303 x1 = __xfrm_state_locate(x, use_spi, x->props.family); 1304 1305 err = -ESRCH; 1306 if (!x1) 1307 goto out; 1308 1309 if (xfrm_state_kern(x1)) { 1310 to_put = x1; 1311 err = -EEXIST; 1312 goto out; 1313 } 1314 1315 if (x1->km.state == XFRM_STATE_ACQ) { 1316 __xfrm_state_insert(x); 1317 x = NULL; 1318 } 1319 err = 0; 1320 1321 out: 1322 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 1323 1324 if (to_put) 1325 xfrm_state_put(to_put); 1326 1327 if (err) 1328 return err; 1329 1330 if (!x) { 1331 xfrm_state_delete(x1); 1332 xfrm_state_put(x1); 1333 return 0; 1334 } 1335 1336 err = -EINVAL; 1337 spin_lock_bh(&x1->lock); 1338 if (likely(x1->km.state == XFRM_STATE_VALID)) { 1339 if (x->encap && x1->encap) 1340 memcpy(x1->encap, x->encap, sizeof(*x1->encap)); 1341 if (x->coaddr && x1->coaddr) { 1342 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr)); 1343 } 1344 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel))) 1345 memcpy(&x1->sel, &x->sel, sizeof(x1->sel)); 1346 memcpy(&x1->lft, &x->lft, sizeof(x1->lft)); 1347 x1->km.dying = 0; 1348 1349 tasklet_hrtimer_start(&x1->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL); 1350 if (x1->curlft.use_time) 1351 xfrm_state_check_expire(x1); 1352 1353 err = 0; 1354 x->km.state = XFRM_STATE_DEAD; 1355 __xfrm_state_put(x); 1356 } 1357 spin_unlock_bh(&x1->lock); 1358 1359 xfrm_state_put(x1); 1360 1361 return err; 1362 } 1363 EXPORT_SYMBOL(xfrm_state_update); 1364 1365 int xfrm_state_check_expire(struct xfrm_state *x) 1366 { 1367 if (!x->curlft.use_time) 1368 x->curlft.use_time = get_seconds(); 1369 1370 if (x->curlft.bytes >= x->lft.hard_byte_limit || 1371 x->curlft.packets >= x->lft.hard_packet_limit) { 1372 x->km.state = XFRM_STATE_EXPIRED; 1373 tasklet_hrtimer_start(&x->mtimer, ktime_set(0, 0), HRTIMER_MODE_REL); 1374 return -EINVAL; 1375 } 1376 1377 if (!x->km.dying && 1378 (x->curlft.bytes >= x->lft.soft_byte_limit || 1379 x->curlft.packets >= x->lft.soft_packet_limit)) { 1380 x->km.dying = 1; 1381 km_state_expired(x, 0, 0); 1382 } 1383 return 0; 1384 } 1385 EXPORT_SYMBOL(xfrm_state_check_expire); 1386 1387 struct xfrm_state * 1388 xfrm_state_lookup(struct net *net, u32 mark, const xfrm_address_t *daddr, __be32 spi, 1389 u8 proto, unsigned short family) 1390 { 1391 struct xfrm_state *x; 1392 1393 spin_lock_bh(&net->xfrm.xfrm_state_lock); 1394 x = __xfrm_state_lookup(net, mark, daddr, spi, proto, family); 1395 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 1396 return x; 1397 } 1398 EXPORT_SYMBOL(xfrm_state_lookup); 1399 1400 struct xfrm_state * 1401 xfrm_state_lookup_byaddr(struct net *net, u32 mark, 1402 const xfrm_address_t *daddr, const xfrm_address_t *saddr, 1403 u8 proto, unsigned short family) 1404 { 1405 struct xfrm_state *x; 1406 1407 spin_lock_bh(&net->xfrm.xfrm_state_lock); 1408 x = __xfrm_state_lookup_byaddr(net, mark, daddr, saddr, proto, family); 1409 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 1410 return x; 1411 } 1412 EXPORT_SYMBOL(xfrm_state_lookup_byaddr); 1413 1414 struct xfrm_state * 1415 xfrm_find_acq(struct net *net, const struct xfrm_mark *mark, u8 mode, u32 reqid, 1416 u8 proto, const xfrm_address_t *daddr, 1417 const xfrm_address_t *saddr, int create, unsigned short family) 1418 { 1419 struct xfrm_state *x; 1420 1421 spin_lock_bh(&net->xfrm.xfrm_state_lock); 1422 x = __find_acq_core(net, mark, family, mode, reqid, proto, daddr, saddr, create); 1423 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 1424 1425 return x; 1426 } 1427 EXPORT_SYMBOL(xfrm_find_acq); 1428 1429 #ifdef CONFIG_XFRM_SUB_POLICY 1430 int 1431 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n, 1432 unsigned short family, struct net *net) 1433 { 1434 int err = 0; 1435 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 1436 if (!afinfo) 1437 return -EAFNOSUPPORT; 1438 1439 spin_lock_bh(&net->xfrm.xfrm_state_lock); /*FIXME*/ 1440 if (afinfo->tmpl_sort) 1441 err = afinfo->tmpl_sort(dst, src, n); 1442 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 1443 xfrm_state_put_afinfo(afinfo); 1444 return err; 1445 } 1446 EXPORT_SYMBOL(xfrm_tmpl_sort); 1447 1448 int 1449 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n, 1450 unsigned short family) 1451 { 1452 int err = 0; 1453 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family); 1454 struct net *net = xs_net(*dst); 1455 1456 if (!afinfo) 1457 return -EAFNOSUPPORT; 1458 1459 spin_lock_bh(&net->xfrm.xfrm_state_lock); 1460 if (afinfo->state_sort) 1461 err = afinfo->state_sort(dst, src, n); 1462 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 1463 xfrm_state_put_afinfo(afinfo); 1464 return err; 1465 } 1466 EXPORT_SYMBOL(xfrm_state_sort); 1467 #endif 1468 1469 /* Silly enough, but I'm lazy to build resolution list */ 1470 1471 static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq) 1472 { 1473 int i; 1474 1475 for (i = 0; i <= net->xfrm.state_hmask; i++) { 1476 struct xfrm_state *x; 1477 1478 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) { 1479 if (x->km.seq == seq && 1480 (mark & x->mark.m) == x->mark.v && 1481 x->km.state == XFRM_STATE_ACQ) { 1482 xfrm_state_hold(x); 1483 return x; 1484 } 1485 } 1486 } 1487 return NULL; 1488 } 1489 1490 struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq) 1491 { 1492 struct xfrm_state *x; 1493 1494 spin_lock_bh(&net->xfrm.xfrm_state_lock); 1495 x = __xfrm_find_acq_byseq(net, mark, seq); 1496 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 1497 return x; 1498 } 1499 EXPORT_SYMBOL(xfrm_find_acq_byseq); 1500 1501 u32 xfrm_get_acqseq(void) 1502 { 1503 u32 res; 1504 static atomic_t acqseq; 1505 1506 do { 1507 res = atomic_inc_return(&acqseq); 1508 } while (!res); 1509 1510 return res; 1511 } 1512 EXPORT_SYMBOL(xfrm_get_acqseq); 1513 1514 int verify_spi_info(u8 proto, u32 min, u32 max) 1515 { 1516 switch (proto) { 1517 case IPPROTO_AH: 1518 case IPPROTO_ESP: 1519 break; 1520 1521 case IPPROTO_COMP: 1522 /* IPCOMP spi is 16-bits. */ 1523 if (max >= 0x10000) 1524 return -EINVAL; 1525 break; 1526 1527 default: 1528 return -EINVAL; 1529 } 1530 1531 if (min > max) 1532 return -EINVAL; 1533 1534 return 0; 1535 } 1536 EXPORT_SYMBOL(verify_spi_info); 1537 1538 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high) 1539 { 1540 struct net *net = xs_net(x); 1541 unsigned int h; 1542 struct xfrm_state *x0; 1543 int err = -ENOENT; 1544 __be32 minspi = htonl(low); 1545 __be32 maxspi = htonl(high); 1546 u32 mark = x->mark.v & x->mark.m; 1547 1548 spin_lock_bh(&x->lock); 1549 if (x->km.state == XFRM_STATE_DEAD) 1550 goto unlock; 1551 1552 err = 0; 1553 if (x->id.spi) 1554 goto unlock; 1555 1556 err = -ENOENT; 1557 1558 if (minspi == maxspi) { 1559 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, minspi, x->id.proto, x->props.family); 1560 if (x0) { 1561 xfrm_state_put(x0); 1562 goto unlock; 1563 } 1564 x->id.spi = minspi; 1565 } else { 1566 u32 spi = 0; 1567 for (h = 0; h < high-low+1; h++) { 1568 spi = low + prandom_u32()%(high-low+1); 1569 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, htonl(spi), x->id.proto, x->props.family); 1570 if (x0 == NULL) { 1571 x->id.spi = htonl(spi); 1572 break; 1573 } 1574 xfrm_state_put(x0); 1575 } 1576 } 1577 if (x->id.spi) { 1578 spin_lock_bh(&net->xfrm.xfrm_state_lock); 1579 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family); 1580 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h); 1581 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 1582 1583 err = 0; 1584 } 1585 1586 unlock: 1587 spin_unlock_bh(&x->lock); 1588 1589 return err; 1590 } 1591 EXPORT_SYMBOL(xfrm_alloc_spi); 1592 1593 int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk, 1594 int (*func)(struct xfrm_state *, int, void*), 1595 void *data) 1596 { 1597 struct xfrm_state *state; 1598 struct xfrm_state_walk *x; 1599 int err = 0; 1600 1601 if (walk->seq != 0 && list_empty(&walk->all)) 1602 return 0; 1603 1604 spin_lock_bh(&net->xfrm.xfrm_state_lock); 1605 if (list_empty(&walk->all)) 1606 x = list_first_entry(&net->xfrm.state_all, struct xfrm_state_walk, all); 1607 else 1608 x = list_entry(&walk->all, struct xfrm_state_walk, all); 1609 list_for_each_entry_from(x, &net->xfrm.state_all, all) { 1610 if (x->state == XFRM_STATE_DEAD) 1611 continue; 1612 state = container_of(x, struct xfrm_state, km); 1613 if (!xfrm_id_proto_match(state->id.proto, walk->proto)) 1614 continue; 1615 err = func(state, walk->seq, data); 1616 if (err) { 1617 list_move_tail(&walk->all, &x->all); 1618 goto out; 1619 } 1620 walk->seq++; 1621 } 1622 if (walk->seq == 0) { 1623 err = -ENOENT; 1624 goto out; 1625 } 1626 list_del_init(&walk->all); 1627 out: 1628 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 1629 return err; 1630 } 1631 EXPORT_SYMBOL(xfrm_state_walk); 1632 1633 void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto) 1634 { 1635 INIT_LIST_HEAD(&walk->all); 1636 walk->proto = proto; 1637 walk->state = XFRM_STATE_DEAD; 1638 walk->seq = 0; 1639 } 1640 EXPORT_SYMBOL(xfrm_state_walk_init); 1641 1642 void xfrm_state_walk_done(struct xfrm_state_walk *walk, struct net *net) 1643 { 1644 if (list_empty(&walk->all)) 1645 return; 1646 1647 spin_lock_bh(&net->xfrm.xfrm_state_lock); 1648 list_del(&walk->all); 1649 spin_unlock_bh(&net->xfrm.xfrm_state_lock); 1650 } 1651 EXPORT_SYMBOL(xfrm_state_walk_done); 1652 1653 static void xfrm_replay_timer_handler(unsigned long data) 1654 { 1655 struct xfrm_state *x = (struct xfrm_state *)data; 1656 1657 spin_lock(&x->lock); 1658 1659 if (x->km.state == XFRM_STATE_VALID) { 1660 if (xfrm_aevent_is_on(xs_net(x))) 1661 x->repl->notify(x, XFRM_REPLAY_TIMEOUT); 1662 else 1663 x->xflags |= XFRM_TIME_DEFER; 1664 } 1665 1666 spin_unlock(&x->lock); 1667 } 1668 1669 static LIST_HEAD(xfrm_km_list); 1670 1671 void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c) 1672 { 1673 struct xfrm_mgr *km; 1674 1675 rcu_read_lock(); 1676 list_for_each_entry_rcu(km, &xfrm_km_list, list) 1677 if (km->notify_policy) 1678 km->notify_policy(xp, dir, c); 1679 rcu_read_unlock(); 1680 } 1681 1682 void km_state_notify(struct xfrm_state *x, const struct km_event *c) 1683 { 1684 struct xfrm_mgr *km; 1685 rcu_read_lock(); 1686 list_for_each_entry_rcu(km, &xfrm_km_list, list) 1687 if (km->notify) 1688 km->notify(x, c); 1689 rcu_read_unlock(); 1690 } 1691 1692 EXPORT_SYMBOL(km_policy_notify); 1693 EXPORT_SYMBOL(km_state_notify); 1694 1695 void km_state_expired(struct xfrm_state *x, int hard, u32 portid) 1696 { 1697 struct km_event c; 1698 1699 c.data.hard = hard; 1700 c.portid = portid; 1701 c.event = XFRM_MSG_EXPIRE; 1702 km_state_notify(x, &c); 1703 } 1704 1705 EXPORT_SYMBOL(km_state_expired); 1706 /* 1707 * We send to all registered managers regardless of failure 1708 * We are happy with one success 1709 */ 1710 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol) 1711 { 1712 int err = -EINVAL, acqret; 1713 struct xfrm_mgr *km; 1714 1715 rcu_read_lock(); 1716 list_for_each_entry_rcu(km, &xfrm_km_list, list) { 1717 acqret = km->acquire(x, t, pol); 1718 if (!acqret) 1719 err = acqret; 1720 } 1721 rcu_read_unlock(); 1722 return err; 1723 } 1724 EXPORT_SYMBOL(km_query); 1725 1726 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport) 1727 { 1728 int err = -EINVAL; 1729 struct xfrm_mgr *km; 1730 1731 rcu_read_lock(); 1732 list_for_each_entry_rcu(km, &xfrm_km_list, list) { 1733 if (km->new_mapping) 1734 err = km->new_mapping(x, ipaddr, sport); 1735 if (!err) 1736 break; 1737 } 1738 rcu_read_unlock(); 1739 return err; 1740 } 1741 EXPORT_SYMBOL(km_new_mapping); 1742 1743 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid) 1744 { 1745 struct km_event c; 1746 1747 c.data.hard = hard; 1748 c.portid = portid; 1749 c.event = XFRM_MSG_POLEXPIRE; 1750 km_policy_notify(pol, dir, &c); 1751 } 1752 EXPORT_SYMBOL(km_policy_expired); 1753 1754 #ifdef CONFIG_XFRM_MIGRATE 1755 int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, 1756 const struct xfrm_migrate *m, int num_migrate, 1757 const struct xfrm_kmaddress *k) 1758 { 1759 int err = -EINVAL; 1760 int ret; 1761 struct xfrm_mgr *km; 1762 1763 rcu_read_lock(); 1764 list_for_each_entry_rcu(km, &xfrm_km_list, list) { 1765 if (km->migrate) { 1766 ret = km->migrate(sel, dir, type, m, num_migrate, k); 1767 if (!ret) 1768 err = ret; 1769 } 1770 } 1771 rcu_read_unlock(); 1772 return err; 1773 } 1774 EXPORT_SYMBOL(km_migrate); 1775 #endif 1776 1777 int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr) 1778 { 1779 int err = -EINVAL; 1780 int ret; 1781 struct xfrm_mgr *km; 1782 1783 rcu_read_lock(); 1784 list_for_each_entry_rcu(km, &xfrm_km_list, list) { 1785 if (km->report) { 1786 ret = km->report(net, proto, sel, addr); 1787 if (!ret) 1788 err = ret; 1789 } 1790 } 1791 rcu_read_unlock(); 1792 return err; 1793 } 1794 EXPORT_SYMBOL(km_report); 1795 1796 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen) 1797 { 1798 int err; 1799 u8 *data; 1800 struct xfrm_mgr *km; 1801 struct xfrm_policy *pol = NULL; 1802 1803 if (optlen <= 0 || optlen > PAGE_SIZE) 1804 return -EMSGSIZE; 1805 1806 data = kmalloc(optlen, GFP_KERNEL); 1807 if (!data) 1808 return -ENOMEM; 1809 1810 err = -EFAULT; 1811 if (copy_from_user(data, optval, optlen)) 1812 goto out; 1813 1814 err = -EINVAL; 1815 rcu_read_lock(); 1816 list_for_each_entry_rcu(km, &xfrm_km_list, list) { 1817 pol = km->compile_policy(sk, optname, data, 1818 optlen, &err); 1819 if (err >= 0) 1820 break; 1821 } 1822 rcu_read_unlock(); 1823 1824 if (err >= 0) { 1825 xfrm_sk_policy_insert(sk, err, pol); 1826 xfrm_pol_put(pol); 1827 err = 0; 1828 } 1829 1830 out: 1831 kfree(data); 1832 return err; 1833 } 1834 EXPORT_SYMBOL(xfrm_user_policy); 1835 1836 static DEFINE_SPINLOCK(xfrm_km_lock); 1837 1838 int xfrm_register_km(struct xfrm_mgr *km) 1839 { 1840 spin_lock_bh(&xfrm_km_lock); 1841 list_add_tail_rcu(&km->list, &xfrm_km_list); 1842 spin_unlock_bh(&xfrm_km_lock); 1843 return 0; 1844 } 1845 EXPORT_SYMBOL(xfrm_register_km); 1846 1847 int xfrm_unregister_km(struct xfrm_mgr *km) 1848 { 1849 spin_lock_bh(&xfrm_km_lock); 1850 list_del_rcu(&km->list); 1851 spin_unlock_bh(&xfrm_km_lock); 1852 synchronize_rcu(); 1853 return 0; 1854 } 1855 EXPORT_SYMBOL(xfrm_unregister_km); 1856 1857 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo) 1858 { 1859 int err = 0; 1860 if (unlikely(afinfo == NULL)) 1861 return -EINVAL; 1862 if (unlikely(afinfo->family >= NPROTO)) 1863 return -EAFNOSUPPORT; 1864 spin_lock_bh(&xfrm_state_afinfo_lock); 1865 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL)) 1866 err = -ENOBUFS; 1867 else 1868 rcu_assign_pointer(xfrm_state_afinfo[afinfo->family], afinfo); 1869 spin_unlock_bh(&xfrm_state_afinfo_lock); 1870 return err; 1871 } 1872 EXPORT_SYMBOL(xfrm_state_register_afinfo); 1873 1874 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo) 1875 { 1876 int err = 0; 1877 if (unlikely(afinfo == NULL)) 1878 return -EINVAL; 1879 if (unlikely(afinfo->family >= NPROTO)) 1880 return -EAFNOSUPPORT; 1881 spin_lock_bh(&xfrm_state_afinfo_lock); 1882 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) { 1883 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo)) 1884 err = -EINVAL; 1885 else 1886 RCU_INIT_POINTER(xfrm_state_afinfo[afinfo->family], NULL); 1887 } 1888 spin_unlock_bh(&xfrm_state_afinfo_lock); 1889 synchronize_rcu(); 1890 return err; 1891 } 1892 EXPORT_SYMBOL(xfrm_state_unregister_afinfo); 1893 1894 struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family) 1895 { 1896 struct xfrm_state_afinfo *afinfo; 1897 if (unlikely(family >= NPROTO)) 1898 return NULL; 1899 rcu_read_lock(); 1900 afinfo = rcu_dereference(xfrm_state_afinfo[family]); 1901 if (unlikely(!afinfo)) 1902 rcu_read_unlock(); 1903 return afinfo; 1904 } 1905 1906 void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo) 1907 { 1908 rcu_read_unlock(); 1909 } 1910 1911 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */ 1912 void xfrm_state_delete_tunnel(struct xfrm_state *x) 1913 { 1914 if (x->tunnel) { 1915 struct xfrm_state *t = x->tunnel; 1916 1917 if (atomic_read(&t->tunnel_users) == 2) 1918 xfrm_state_delete(t); 1919 atomic_dec(&t->tunnel_users); 1920 xfrm_state_put(t); 1921 x->tunnel = NULL; 1922 } 1923 } 1924 EXPORT_SYMBOL(xfrm_state_delete_tunnel); 1925 1926 int xfrm_state_mtu(struct xfrm_state *x, int mtu) 1927 { 1928 int res; 1929 1930 spin_lock_bh(&x->lock); 1931 if (x->km.state == XFRM_STATE_VALID && 1932 x->type && x->type->get_mtu) 1933 res = x->type->get_mtu(x, mtu); 1934 else 1935 res = mtu - x->props.header_len; 1936 spin_unlock_bh(&x->lock); 1937 return res; 1938 } 1939 1940 int __xfrm_init_state(struct xfrm_state *x, bool init_replay) 1941 { 1942 struct xfrm_state_afinfo *afinfo; 1943 struct xfrm_mode *inner_mode; 1944 int family = x->props.family; 1945 int err; 1946 1947 err = -EAFNOSUPPORT; 1948 afinfo = xfrm_state_get_afinfo(family); 1949 if (!afinfo) 1950 goto error; 1951 1952 err = 0; 1953 if (afinfo->init_flags) 1954 err = afinfo->init_flags(x); 1955 1956 xfrm_state_put_afinfo(afinfo); 1957 1958 if (err) 1959 goto error; 1960 1961 err = -EPROTONOSUPPORT; 1962 1963 if (x->sel.family != AF_UNSPEC) { 1964 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family); 1965 if (inner_mode == NULL) 1966 goto error; 1967 1968 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) && 1969 family != x->sel.family) { 1970 xfrm_put_mode(inner_mode); 1971 goto error; 1972 } 1973 1974 x->inner_mode = inner_mode; 1975 } else { 1976 struct xfrm_mode *inner_mode_iaf; 1977 int iafamily = AF_INET; 1978 1979 inner_mode = xfrm_get_mode(x->props.mode, x->props.family); 1980 if (inner_mode == NULL) 1981 goto error; 1982 1983 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) { 1984 xfrm_put_mode(inner_mode); 1985 goto error; 1986 } 1987 x->inner_mode = inner_mode; 1988 1989 if (x->props.family == AF_INET) 1990 iafamily = AF_INET6; 1991 1992 inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily); 1993 if (inner_mode_iaf) { 1994 if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL) 1995 x->inner_mode_iaf = inner_mode_iaf; 1996 else 1997 xfrm_put_mode(inner_mode_iaf); 1998 } 1999 } 2000 2001 x->type = xfrm_get_type(x->id.proto, family); 2002 if (x->type == NULL) 2003 goto error; 2004 2005 err = x->type->init_state(x); 2006 if (err) 2007 goto error; 2008 2009 x->outer_mode = xfrm_get_mode(x->props.mode, family); 2010 if (x->outer_mode == NULL) { 2011 err = -EPROTONOSUPPORT; 2012 goto error; 2013 } 2014 2015 if (init_replay) { 2016 err = xfrm_init_replay(x); 2017 if (err) 2018 goto error; 2019 } 2020 2021 x->km.state = XFRM_STATE_VALID; 2022 2023 error: 2024 return err; 2025 } 2026 2027 EXPORT_SYMBOL(__xfrm_init_state); 2028 2029 int xfrm_init_state(struct xfrm_state *x) 2030 { 2031 return __xfrm_init_state(x, true); 2032 } 2033 2034 EXPORT_SYMBOL(xfrm_init_state); 2035 2036 int __net_init xfrm_state_init(struct net *net) 2037 { 2038 unsigned int sz; 2039 2040 INIT_LIST_HEAD(&net->xfrm.state_all); 2041 2042 sz = sizeof(struct hlist_head) * 8; 2043 2044 net->xfrm.state_bydst = xfrm_hash_alloc(sz); 2045 if (!net->xfrm.state_bydst) 2046 goto out_bydst; 2047 net->xfrm.state_bysrc = xfrm_hash_alloc(sz); 2048 if (!net->xfrm.state_bysrc) 2049 goto out_bysrc; 2050 net->xfrm.state_byspi = xfrm_hash_alloc(sz); 2051 if (!net->xfrm.state_byspi) 2052 goto out_byspi; 2053 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1); 2054 2055 net->xfrm.state_num = 0; 2056 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize); 2057 INIT_HLIST_HEAD(&net->xfrm.state_gc_list); 2058 INIT_WORK(&net->xfrm.state_gc_work, xfrm_state_gc_task); 2059 spin_lock_init(&net->xfrm.xfrm_state_lock); 2060 return 0; 2061 2062 out_byspi: 2063 xfrm_hash_free(net->xfrm.state_bysrc, sz); 2064 out_bysrc: 2065 xfrm_hash_free(net->xfrm.state_bydst, sz); 2066 out_bydst: 2067 return -ENOMEM; 2068 } 2069 2070 void xfrm_state_fini(struct net *net) 2071 { 2072 struct xfrm_audit audit_info; 2073 unsigned int sz; 2074 2075 flush_work(&net->xfrm.state_hash_work); 2076 audit_info.loginuid = INVALID_UID; 2077 audit_info.sessionid = (unsigned int)-1; 2078 audit_info.secid = 0; 2079 xfrm_state_flush(net, IPSEC_PROTO_ANY, &audit_info); 2080 flush_work(&net->xfrm.state_gc_work); 2081 2082 WARN_ON(!list_empty(&net->xfrm.state_all)); 2083 2084 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head); 2085 WARN_ON(!hlist_empty(net->xfrm.state_byspi)); 2086 xfrm_hash_free(net->xfrm.state_byspi, sz); 2087 WARN_ON(!hlist_empty(net->xfrm.state_bysrc)); 2088 xfrm_hash_free(net->xfrm.state_bysrc, sz); 2089 WARN_ON(!hlist_empty(net->xfrm.state_bydst)); 2090 xfrm_hash_free(net->xfrm.state_bydst, sz); 2091 } 2092 2093 #ifdef CONFIG_AUDITSYSCALL 2094 static void xfrm_audit_helper_sainfo(struct xfrm_state *x, 2095 struct audit_buffer *audit_buf) 2096 { 2097 struct xfrm_sec_ctx *ctx = x->security; 2098 u32 spi = ntohl(x->id.spi); 2099 2100 if (ctx) 2101 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s", 2102 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str); 2103 2104 switch (x->props.family) { 2105 case AF_INET: 2106 audit_log_format(audit_buf, " src=%pI4 dst=%pI4", 2107 &x->props.saddr.a4, &x->id.daddr.a4); 2108 break; 2109 case AF_INET6: 2110 audit_log_format(audit_buf, " src=%pI6 dst=%pI6", 2111 x->props.saddr.a6, x->id.daddr.a6); 2112 break; 2113 } 2114 2115 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi); 2116 } 2117 2118 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family, 2119 struct audit_buffer *audit_buf) 2120 { 2121 const struct iphdr *iph4; 2122 const struct ipv6hdr *iph6; 2123 2124 switch (family) { 2125 case AF_INET: 2126 iph4 = ip_hdr(skb); 2127 audit_log_format(audit_buf, " src=%pI4 dst=%pI4", 2128 &iph4->saddr, &iph4->daddr); 2129 break; 2130 case AF_INET6: 2131 iph6 = ipv6_hdr(skb); 2132 audit_log_format(audit_buf, 2133 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x", 2134 &iph6->saddr, &iph6->daddr, 2135 iph6->flow_lbl[0] & 0x0f, 2136 iph6->flow_lbl[1], 2137 iph6->flow_lbl[2]); 2138 break; 2139 } 2140 } 2141 2142 void xfrm_audit_state_add(struct xfrm_state *x, int result, 2143 kuid_t auid, unsigned int sessionid, u32 secid) 2144 { 2145 struct audit_buffer *audit_buf; 2146 2147 audit_buf = xfrm_audit_start("SAD-add"); 2148 if (audit_buf == NULL) 2149 return; 2150 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); 2151 xfrm_audit_helper_sainfo(x, audit_buf); 2152 audit_log_format(audit_buf, " res=%u", result); 2153 audit_log_end(audit_buf); 2154 } 2155 EXPORT_SYMBOL_GPL(xfrm_audit_state_add); 2156 2157 void xfrm_audit_state_delete(struct xfrm_state *x, int result, 2158 kuid_t auid, unsigned int sessionid, u32 secid) 2159 { 2160 struct audit_buffer *audit_buf; 2161 2162 audit_buf = xfrm_audit_start("SAD-delete"); 2163 if (audit_buf == NULL) 2164 return; 2165 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); 2166 xfrm_audit_helper_sainfo(x, audit_buf); 2167 audit_log_format(audit_buf, " res=%u", result); 2168 audit_log_end(audit_buf); 2169 } 2170 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete); 2171 2172 void xfrm_audit_state_replay_overflow(struct xfrm_state *x, 2173 struct sk_buff *skb) 2174 { 2175 struct audit_buffer *audit_buf; 2176 u32 spi; 2177 2178 audit_buf = xfrm_audit_start("SA-replay-overflow"); 2179 if (audit_buf == NULL) 2180 return; 2181 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); 2182 /* don't record the sequence number because it's inherent in this kind 2183 * of audit message */ 2184 spi = ntohl(x->id.spi); 2185 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi); 2186 audit_log_end(audit_buf); 2187 } 2188 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow); 2189 2190 void xfrm_audit_state_replay(struct xfrm_state *x, 2191 struct sk_buff *skb, __be32 net_seq) 2192 { 2193 struct audit_buffer *audit_buf; 2194 u32 spi; 2195 2196 audit_buf = xfrm_audit_start("SA-replayed-pkt"); 2197 if (audit_buf == NULL) 2198 return; 2199 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); 2200 spi = ntohl(x->id.spi); 2201 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u", 2202 spi, spi, ntohl(net_seq)); 2203 audit_log_end(audit_buf); 2204 } 2205 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay); 2206 2207 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family) 2208 { 2209 struct audit_buffer *audit_buf; 2210 2211 audit_buf = xfrm_audit_start("SA-notfound"); 2212 if (audit_buf == NULL) 2213 return; 2214 xfrm_audit_helper_pktinfo(skb, family, audit_buf); 2215 audit_log_end(audit_buf); 2216 } 2217 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple); 2218 2219 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family, 2220 __be32 net_spi, __be32 net_seq) 2221 { 2222 struct audit_buffer *audit_buf; 2223 u32 spi; 2224 2225 audit_buf = xfrm_audit_start("SA-notfound"); 2226 if (audit_buf == NULL) 2227 return; 2228 xfrm_audit_helper_pktinfo(skb, family, audit_buf); 2229 spi = ntohl(net_spi); 2230 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u", 2231 spi, spi, ntohl(net_seq)); 2232 audit_log_end(audit_buf); 2233 } 2234 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound); 2235 2236 void xfrm_audit_state_icvfail(struct xfrm_state *x, 2237 struct sk_buff *skb, u8 proto) 2238 { 2239 struct audit_buffer *audit_buf; 2240 __be32 net_spi; 2241 __be32 net_seq; 2242 2243 audit_buf = xfrm_audit_start("SA-icv-failure"); 2244 if (audit_buf == NULL) 2245 return; 2246 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf); 2247 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) { 2248 u32 spi = ntohl(net_spi); 2249 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u", 2250 spi, spi, ntohl(net_seq)); 2251 } 2252 audit_log_end(audit_buf); 2253 } 2254 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail); 2255 #endif /* CONFIG_AUDITSYSCALL */ 2256