1 /* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support 10 * 11 */ 12 13 #include <linux/crypto.h> 14 #include <linux/module.h> 15 #include <linux/kernel.h> 16 #include <linux/types.h> 17 #include <linux/slab.h> 18 #include <linux/socket.h> 19 #include <linux/string.h> 20 #include <linux/net.h> 21 #include <linux/skbuff.h> 22 #include <linux/pfkeyv2.h> 23 #include <linux/ipsec.h> 24 #include <linux/init.h> 25 #include <linux/security.h> 26 #include <net/sock.h> 27 #include <net/xfrm.h> 28 #include <net/netlink.h> 29 #include <asm/uaccess.h> 30 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 31 #include <linux/in6.h> 32 #endif 33 34 static inline int alg_len(struct xfrm_algo *alg) 35 { 36 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); 37 } 38 39 static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) 40 { 41 struct nlattr *rt = attrs[type]; 42 struct xfrm_algo *algp; 43 44 if (!rt) 45 return 0; 46 47 algp = nla_data(rt); 48 if (nla_len(rt) < alg_len(algp)) 49 return -EINVAL; 50 51 switch (type) { 52 case XFRMA_ALG_AUTH: 53 if (!algp->alg_key_len && 54 strcmp(algp->alg_name, "digest_null") != 0) 55 return -EINVAL; 56 break; 57 58 case XFRMA_ALG_CRYPT: 59 if (!algp->alg_key_len && 60 strcmp(algp->alg_name, "cipher_null") != 0) 61 return -EINVAL; 62 break; 63 64 case XFRMA_ALG_COMP: 65 /* Zero length keys are legal. */ 66 break; 67 68 default: 69 return -EINVAL; 70 } 71 72 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 73 return 0; 74 } 75 76 static void verify_one_addr(struct nlattr **attrs, enum xfrm_attr_type_t type, 77 xfrm_address_t **addrp) 78 { 79 struct nlattr *rt = attrs[type]; 80 81 if (rt && addrp) 82 *addrp = nla_data(rt); 83 } 84 85 static inline int verify_sec_ctx_len(struct nlattr **attrs) 86 { 87 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 88 struct xfrm_user_sec_ctx *uctx; 89 90 if (!rt) 91 return 0; 92 93 uctx = nla_data(rt); 94 if (uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len)) 95 return -EINVAL; 96 97 return 0; 98 } 99 100 101 static int verify_newsa_info(struct xfrm_usersa_info *p, 102 struct nlattr **attrs) 103 { 104 int err; 105 106 err = -EINVAL; 107 switch (p->family) { 108 case AF_INET: 109 break; 110 111 case AF_INET6: 112 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 113 break; 114 #else 115 err = -EAFNOSUPPORT; 116 goto out; 117 #endif 118 119 default: 120 goto out; 121 } 122 123 err = -EINVAL; 124 switch (p->id.proto) { 125 case IPPROTO_AH: 126 if (!attrs[XFRMA_ALG_AUTH] || 127 attrs[XFRMA_ALG_CRYPT] || 128 attrs[XFRMA_ALG_COMP]) 129 goto out; 130 break; 131 132 case IPPROTO_ESP: 133 if ((!attrs[XFRMA_ALG_AUTH] && 134 !attrs[XFRMA_ALG_CRYPT]) || 135 attrs[XFRMA_ALG_COMP]) 136 goto out; 137 break; 138 139 case IPPROTO_COMP: 140 if (!attrs[XFRMA_ALG_COMP] || 141 attrs[XFRMA_ALG_AUTH] || 142 attrs[XFRMA_ALG_CRYPT]) 143 goto out; 144 break; 145 146 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 147 case IPPROTO_DSTOPTS: 148 case IPPROTO_ROUTING: 149 if (attrs[XFRMA_ALG_COMP] || 150 attrs[XFRMA_ALG_AUTH] || 151 attrs[XFRMA_ALG_CRYPT] || 152 attrs[XFRMA_ENCAP] || 153 attrs[XFRMA_SEC_CTX] || 154 !attrs[XFRMA_COADDR]) 155 goto out; 156 break; 157 #endif 158 159 default: 160 goto out; 161 } 162 163 if ((err = verify_one_alg(attrs, XFRMA_ALG_AUTH))) 164 goto out; 165 if ((err = verify_one_alg(attrs, XFRMA_ALG_CRYPT))) 166 goto out; 167 if ((err = verify_one_alg(attrs, XFRMA_ALG_COMP))) 168 goto out; 169 if ((err = verify_sec_ctx_len(attrs))) 170 goto out; 171 172 err = -EINVAL; 173 switch (p->mode) { 174 case XFRM_MODE_TRANSPORT: 175 case XFRM_MODE_TUNNEL: 176 case XFRM_MODE_ROUTEOPTIMIZATION: 177 case XFRM_MODE_BEET: 178 break; 179 180 default: 181 goto out; 182 } 183 184 err = 0; 185 186 out: 187 return err; 188 } 189 190 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 191 struct xfrm_algo_desc *(*get_byname)(char *, int), 192 struct nlattr *rta) 193 { 194 struct xfrm_algo *p, *ualg; 195 struct xfrm_algo_desc *algo; 196 197 if (!rta) 198 return 0; 199 200 ualg = nla_data(rta); 201 202 algo = get_byname(ualg->alg_name, 1); 203 if (!algo) 204 return -ENOSYS; 205 *props = algo->desc.sadb_alg_id; 206 207 p = kmemdup(ualg, alg_len(ualg), GFP_KERNEL); 208 if (!p) 209 return -ENOMEM; 210 211 strcpy(p->alg_name, algo->name); 212 *algpp = p; 213 return 0; 214 } 215 216 static inline int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx) 217 { 218 int len = 0; 219 220 if (xfrm_ctx) { 221 len += sizeof(struct xfrm_user_sec_ctx); 222 len += xfrm_ctx->ctx_len; 223 } 224 return len; 225 } 226 227 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 228 { 229 memcpy(&x->id, &p->id, sizeof(x->id)); 230 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 231 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 232 x->props.mode = p->mode; 233 x->props.replay_window = p->replay_window; 234 x->props.reqid = p->reqid; 235 x->props.family = p->family; 236 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 237 x->props.flags = p->flags; 238 239 /* 240 * Set inner address family if the KM left it as zero. 241 * See comment in validate_tmpl. 242 */ 243 if (!x->sel.family) 244 x->sel.family = p->family; 245 } 246 247 /* 248 * someday when pfkey also has support, we could have the code 249 * somehow made shareable and move it to xfrm_state.c - JHS 250 * 251 */ 252 static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) 253 { 254 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 255 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 256 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; 257 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; 258 259 if (rp) { 260 struct xfrm_replay_state *replay; 261 replay = nla_data(rp); 262 memcpy(&x->replay, replay, sizeof(*replay)); 263 memcpy(&x->preplay, replay, sizeof(*replay)); 264 } 265 266 if (lt) { 267 struct xfrm_lifetime_cur *ltime; 268 ltime = nla_data(lt); 269 x->curlft.bytes = ltime->bytes; 270 x->curlft.packets = ltime->packets; 271 x->curlft.add_time = ltime->add_time; 272 x->curlft.use_time = ltime->use_time; 273 } 274 275 if (et) 276 x->replay_maxage = nla_get_u32(et); 277 278 if (rt) 279 x->replay_maxdiff = nla_get_u32(rt); 280 } 281 282 static struct xfrm_state *xfrm_state_construct(struct xfrm_usersa_info *p, 283 struct nlattr **attrs, 284 int *errp) 285 { 286 struct xfrm_state *x = xfrm_state_alloc(); 287 int err = -ENOMEM; 288 289 if (!x) 290 goto error_no_put; 291 292 copy_from_user_state(x, p); 293 294 if ((err = attach_one_algo(&x->aalg, &x->props.aalgo, 295 xfrm_aalg_get_byname, 296 attrs[XFRMA_ALG_AUTH]))) 297 goto error; 298 if ((err = attach_one_algo(&x->ealg, &x->props.ealgo, 299 xfrm_ealg_get_byname, 300 attrs[XFRMA_ALG_CRYPT]))) 301 goto error; 302 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 303 xfrm_calg_get_byname, 304 attrs[XFRMA_ALG_COMP]))) 305 goto error; 306 307 if (attrs[XFRMA_ENCAP]) { 308 x->encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]), 309 sizeof(*x->encap), GFP_KERNEL); 310 if (x->encap == NULL) 311 goto error; 312 } 313 314 if (attrs[XFRMA_COADDR]) { 315 x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]), 316 sizeof(*x->coaddr), GFP_KERNEL); 317 if (x->coaddr == NULL) 318 goto error; 319 } 320 321 err = xfrm_init_state(x); 322 if (err) 323 goto error; 324 325 if (attrs[XFRMA_SEC_CTX] && 326 security_xfrm_state_alloc(x, nla_data(attrs[XFRMA_SEC_CTX]))) 327 goto error; 328 329 x->km.seq = p->seq; 330 x->replay_maxdiff = sysctl_xfrm_aevent_rseqth; 331 /* sysctl_xfrm_aevent_etime is in 100ms units */ 332 x->replay_maxage = (sysctl_xfrm_aevent_etime*HZ)/XFRM_AE_ETH_M; 333 x->preplay.bitmap = 0; 334 x->preplay.seq = x->replay.seq+x->replay_maxdiff; 335 x->preplay.oseq = x->replay.oseq +x->replay_maxdiff; 336 337 /* override default values from above */ 338 339 xfrm_update_ae_params(x, attrs); 340 341 return x; 342 343 error: 344 x->km.state = XFRM_STATE_DEAD; 345 xfrm_state_put(x); 346 error_no_put: 347 *errp = err; 348 return NULL; 349 } 350 351 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 352 struct nlattr **attrs) 353 { 354 struct xfrm_usersa_info *p = nlmsg_data(nlh); 355 struct xfrm_state *x; 356 int err; 357 struct km_event c; 358 359 err = verify_newsa_info(p, attrs); 360 if (err) 361 return err; 362 363 x = xfrm_state_construct(p, attrs, &err); 364 if (!x) 365 return err; 366 367 xfrm_state_hold(x); 368 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 369 err = xfrm_state_add(x); 370 else 371 err = xfrm_state_update(x); 372 373 xfrm_audit_state_add(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, 374 NETLINK_CB(skb).sid); 375 376 if (err < 0) { 377 x->km.state = XFRM_STATE_DEAD; 378 __xfrm_state_put(x); 379 goto out; 380 } 381 382 c.seq = nlh->nlmsg_seq; 383 c.pid = nlh->nlmsg_pid; 384 c.event = nlh->nlmsg_type; 385 386 km_state_notify(x, &c); 387 out: 388 xfrm_state_put(x); 389 return err; 390 } 391 392 static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, 393 struct nlattr **attrs, 394 int *errp) 395 { 396 struct xfrm_state *x = NULL; 397 int err; 398 399 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { 400 err = -ESRCH; 401 x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); 402 } else { 403 xfrm_address_t *saddr = NULL; 404 405 verify_one_addr(attrs, XFRMA_SRCADDR, &saddr); 406 if (!saddr) { 407 err = -EINVAL; 408 goto out; 409 } 410 411 err = -ESRCH; 412 x = xfrm_state_lookup_byaddr(&p->daddr, saddr, p->proto, 413 p->family); 414 } 415 416 out: 417 if (!x && errp) 418 *errp = err; 419 return x; 420 } 421 422 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 423 struct nlattr **attrs) 424 { 425 struct xfrm_state *x; 426 int err = -ESRCH; 427 struct km_event c; 428 struct xfrm_usersa_id *p = nlmsg_data(nlh); 429 430 x = xfrm_user_state_lookup(p, attrs, &err); 431 if (x == NULL) 432 return err; 433 434 if ((err = security_xfrm_state_delete(x)) != 0) 435 goto out; 436 437 if (xfrm_state_kern(x)) { 438 err = -EPERM; 439 goto out; 440 } 441 442 err = xfrm_state_delete(x); 443 444 if (err < 0) 445 goto out; 446 447 c.seq = nlh->nlmsg_seq; 448 c.pid = nlh->nlmsg_pid; 449 c.event = nlh->nlmsg_type; 450 km_state_notify(x, &c); 451 452 out: 453 xfrm_audit_state_delete(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, 454 NETLINK_CB(skb).sid); 455 xfrm_state_put(x); 456 return err; 457 } 458 459 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 460 { 461 memcpy(&p->id, &x->id, sizeof(p->id)); 462 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 463 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 464 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 465 memcpy(&p->stats, &x->stats, sizeof(p->stats)); 466 memcpy(&p->saddr, &x->props.saddr, sizeof(p->saddr)); 467 p->mode = x->props.mode; 468 p->replay_window = x->props.replay_window; 469 p->reqid = x->props.reqid; 470 p->family = x->props.family; 471 p->flags = x->props.flags; 472 p->seq = x->km.seq; 473 } 474 475 struct xfrm_dump_info { 476 struct sk_buff *in_skb; 477 struct sk_buff *out_skb; 478 u32 nlmsg_seq; 479 u16 nlmsg_flags; 480 int start_idx; 481 int this_idx; 482 }; 483 484 static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb) 485 { 486 struct xfrm_user_sec_ctx *uctx; 487 struct nlattr *attr; 488 int ctx_size = sizeof(*uctx) + s->ctx_len; 489 490 attr = nla_reserve(skb, XFRMA_SEC_CTX, ctx_size); 491 if (attr == NULL) 492 return -EMSGSIZE; 493 494 uctx = nla_data(attr); 495 uctx->exttype = XFRMA_SEC_CTX; 496 uctx->len = ctx_size; 497 uctx->ctx_doi = s->ctx_doi; 498 uctx->ctx_alg = s->ctx_alg; 499 uctx->ctx_len = s->ctx_len; 500 memcpy(uctx + 1, s->ctx_str, s->ctx_len); 501 502 return 0; 503 } 504 505 /* Don't change this without updating xfrm_sa_len! */ 506 static int copy_to_user_state_extra(struct xfrm_state *x, 507 struct xfrm_usersa_info *p, 508 struct sk_buff *skb) 509 { 510 copy_to_user_state(x, p); 511 512 if (x->aalg) 513 NLA_PUT(skb, XFRMA_ALG_AUTH, alg_len(x->aalg), x->aalg); 514 if (x->ealg) 515 NLA_PUT(skb, XFRMA_ALG_CRYPT, alg_len(x->ealg), x->ealg); 516 if (x->calg) 517 NLA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 518 519 if (x->encap) 520 NLA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 521 522 if (x->security && copy_sec_ctx(x->security, skb) < 0) 523 goto nla_put_failure; 524 525 if (x->coaddr) 526 NLA_PUT(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr); 527 528 if (x->lastused) 529 NLA_PUT_U64(skb, XFRMA_LASTUSED, x->lastused); 530 531 return 0; 532 533 nla_put_failure: 534 return -EMSGSIZE; 535 } 536 537 static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 538 { 539 struct xfrm_dump_info *sp = ptr; 540 struct sk_buff *in_skb = sp->in_skb; 541 struct sk_buff *skb = sp->out_skb; 542 struct xfrm_usersa_info *p; 543 struct nlmsghdr *nlh; 544 int err; 545 546 if (sp->this_idx < sp->start_idx) 547 goto out; 548 549 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).pid, sp->nlmsg_seq, 550 XFRM_MSG_NEWSA, sizeof(*p), sp->nlmsg_flags); 551 if (nlh == NULL) 552 return -EMSGSIZE; 553 554 p = nlmsg_data(nlh); 555 556 err = copy_to_user_state_extra(x, p, skb); 557 if (err) 558 goto nla_put_failure; 559 560 nlmsg_end(skb, nlh); 561 out: 562 sp->this_idx++; 563 return 0; 564 565 nla_put_failure: 566 nlmsg_cancel(skb, nlh); 567 return err; 568 } 569 570 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 571 { 572 struct xfrm_dump_info info; 573 574 info.in_skb = cb->skb; 575 info.out_skb = skb; 576 info.nlmsg_seq = cb->nlh->nlmsg_seq; 577 info.nlmsg_flags = NLM_F_MULTI; 578 info.this_idx = 0; 579 info.start_idx = cb->args[0]; 580 (void) xfrm_state_walk(0, dump_one_state, &info); 581 cb->args[0] = info.this_idx; 582 583 return skb->len; 584 } 585 586 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 587 struct xfrm_state *x, u32 seq) 588 { 589 struct xfrm_dump_info info; 590 struct sk_buff *skb; 591 592 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 593 if (!skb) 594 return ERR_PTR(-ENOMEM); 595 596 info.in_skb = in_skb; 597 info.out_skb = skb; 598 info.nlmsg_seq = seq; 599 info.nlmsg_flags = 0; 600 info.this_idx = info.start_idx = 0; 601 602 if (dump_one_state(x, 0, &info)) { 603 kfree_skb(skb); 604 return NULL; 605 } 606 607 return skb; 608 } 609 610 static inline size_t xfrm_spdinfo_msgsize(void) 611 { 612 return NLMSG_ALIGN(4) 613 + nla_total_size(sizeof(struct xfrmu_spdinfo)) 614 + nla_total_size(sizeof(struct xfrmu_spdhinfo)); 615 } 616 617 static int build_spdinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 618 { 619 struct xfrmk_spdinfo si; 620 struct xfrmu_spdinfo spc; 621 struct xfrmu_spdhinfo sph; 622 struct nlmsghdr *nlh; 623 u32 *f; 624 625 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0); 626 if (nlh == NULL) /* shouldnt really happen ... */ 627 return -EMSGSIZE; 628 629 f = nlmsg_data(nlh); 630 *f = flags; 631 xfrm_spd_getinfo(&si); 632 spc.incnt = si.incnt; 633 spc.outcnt = si.outcnt; 634 spc.fwdcnt = si.fwdcnt; 635 spc.inscnt = si.inscnt; 636 spc.outscnt = si.outscnt; 637 spc.fwdscnt = si.fwdscnt; 638 sph.spdhcnt = si.spdhcnt; 639 sph.spdhmcnt = si.spdhmcnt; 640 641 NLA_PUT(skb, XFRMA_SPD_INFO, sizeof(spc), &spc); 642 NLA_PUT(skb, XFRMA_SPD_HINFO, sizeof(sph), &sph); 643 644 return nlmsg_end(skb, nlh); 645 646 nla_put_failure: 647 nlmsg_cancel(skb, nlh); 648 return -EMSGSIZE; 649 } 650 651 static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 652 struct nlattr **attrs) 653 { 654 struct sk_buff *r_skb; 655 u32 *flags = nlmsg_data(nlh); 656 u32 spid = NETLINK_CB(skb).pid; 657 u32 seq = nlh->nlmsg_seq; 658 659 r_skb = nlmsg_new(xfrm_spdinfo_msgsize(), GFP_ATOMIC); 660 if (r_skb == NULL) 661 return -ENOMEM; 662 663 if (build_spdinfo(r_skb, spid, seq, *flags) < 0) 664 BUG(); 665 666 return nlmsg_unicast(xfrm_nl, r_skb, spid); 667 } 668 669 static inline size_t xfrm_sadinfo_msgsize(void) 670 { 671 return NLMSG_ALIGN(4) 672 + nla_total_size(sizeof(struct xfrmu_sadhinfo)) 673 + nla_total_size(4); /* XFRMA_SAD_CNT */ 674 } 675 676 static int build_sadinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 677 { 678 struct xfrmk_sadinfo si; 679 struct xfrmu_sadhinfo sh; 680 struct nlmsghdr *nlh; 681 u32 *f; 682 683 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0); 684 if (nlh == NULL) /* shouldnt really happen ... */ 685 return -EMSGSIZE; 686 687 f = nlmsg_data(nlh); 688 *f = flags; 689 xfrm_sad_getinfo(&si); 690 691 sh.sadhmcnt = si.sadhmcnt; 692 sh.sadhcnt = si.sadhcnt; 693 694 NLA_PUT_U32(skb, XFRMA_SAD_CNT, si.sadcnt); 695 NLA_PUT(skb, XFRMA_SAD_HINFO, sizeof(sh), &sh); 696 697 return nlmsg_end(skb, nlh); 698 699 nla_put_failure: 700 nlmsg_cancel(skb, nlh); 701 return -EMSGSIZE; 702 } 703 704 static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 705 struct nlattr **attrs) 706 { 707 struct sk_buff *r_skb; 708 u32 *flags = nlmsg_data(nlh); 709 u32 spid = NETLINK_CB(skb).pid; 710 u32 seq = nlh->nlmsg_seq; 711 712 r_skb = nlmsg_new(xfrm_sadinfo_msgsize(), GFP_ATOMIC); 713 if (r_skb == NULL) 714 return -ENOMEM; 715 716 if (build_sadinfo(r_skb, spid, seq, *flags) < 0) 717 BUG(); 718 719 return nlmsg_unicast(xfrm_nl, r_skb, spid); 720 } 721 722 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 723 struct nlattr **attrs) 724 { 725 struct xfrm_usersa_id *p = nlmsg_data(nlh); 726 struct xfrm_state *x; 727 struct sk_buff *resp_skb; 728 int err = -ESRCH; 729 730 x = xfrm_user_state_lookup(p, attrs, &err); 731 if (x == NULL) 732 goto out_noput; 733 734 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 735 if (IS_ERR(resp_skb)) { 736 err = PTR_ERR(resp_skb); 737 } else { 738 err = nlmsg_unicast(xfrm_nl, resp_skb, NETLINK_CB(skb).pid); 739 } 740 xfrm_state_put(x); 741 out_noput: 742 return err; 743 } 744 745 static int verify_userspi_info(struct xfrm_userspi_info *p) 746 { 747 switch (p->info.id.proto) { 748 case IPPROTO_AH: 749 case IPPROTO_ESP: 750 break; 751 752 case IPPROTO_COMP: 753 /* IPCOMP spi is 16-bits. */ 754 if (p->max >= 0x10000) 755 return -EINVAL; 756 break; 757 758 default: 759 return -EINVAL; 760 } 761 762 if (p->min > p->max) 763 return -EINVAL; 764 765 return 0; 766 } 767 768 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, 769 struct nlattr **attrs) 770 { 771 struct xfrm_state *x; 772 struct xfrm_userspi_info *p; 773 struct sk_buff *resp_skb; 774 xfrm_address_t *daddr; 775 int family; 776 int err; 777 778 p = nlmsg_data(nlh); 779 err = verify_userspi_info(p); 780 if (err) 781 goto out_noput; 782 783 family = p->info.family; 784 daddr = &p->info.id.daddr; 785 786 x = NULL; 787 if (p->info.seq) { 788 x = xfrm_find_acq_byseq(p->info.seq); 789 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) { 790 xfrm_state_put(x); 791 x = NULL; 792 } 793 } 794 795 if (!x) 796 x = xfrm_find_acq(p->info.mode, p->info.reqid, 797 p->info.id.proto, daddr, 798 &p->info.saddr, 1, 799 family); 800 err = -ENOENT; 801 if (x == NULL) 802 goto out_noput; 803 804 err = xfrm_alloc_spi(x, p->min, p->max); 805 if (err) 806 goto out; 807 808 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 809 if (IS_ERR(resp_skb)) { 810 err = PTR_ERR(resp_skb); 811 goto out; 812 } 813 814 err = nlmsg_unicast(xfrm_nl, resp_skb, NETLINK_CB(skb).pid); 815 816 out: 817 xfrm_state_put(x); 818 out_noput: 819 return err; 820 } 821 822 static int verify_policy_dir(u8 dir) 823 { 824 switch (dir) { 825 case XFRM_POLICY_IN: 826 case XFRM_POLICY_OUT: 827 case XFRM_POLICY_FWD: 828 break; 829 830 default: 831 return -EINVAL; 832 } 833 834 return 0; 835 } 836 837 static int verify_policy_type(u8 type) 838 { 839 switch (type) { 840 case XFRM_POLICY_TYPE_MAIN: 841 #ifdef CONFIG_XFRM_SUB_POLICY 842 case XFRM_POLICY_TYPE_SUB: 843 #endif 844 break; 845 846 default: 847 return -EINVAL; 848 } 849 850 return 0; 851 } 852 853 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 854 { 855 switch (p->share) { 856 case XFRM_SHARE_ANY: 857 case XFRM_SHARE_SESSION: 858 case XFRM_SHARE_USER: 859 case XFRM_SHARE_UNIQUE: 860 break; 861 862 default: 863 return -EINVAL; 864 } 865 866 switch (p->action) { 867 case XFRM_POLICY_ALLOW: 868 case XFRM_POLICY_BLOCK: 869 break; 870 871 default: 872 return -EINVAL; 873 } 874 875 switch (p->sel.family) { 876 case AF_INET: 877 break; 878 879 case AF_INET6: 880 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 881 break; 882 #else 883 return -EAFNOSUPPORT; 884 #endif 885 886 default: 887 return -EINVAL; 888 } 889 890 return verify_policy_dir(p->dir); 891 } 892 893 static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct nlattr **attrs) 894 { 895 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 896 struct xfrm_user_sec_ctx *uctx; 897 898 if (!rt) 899 return 0; 900 901 uctx = nla_data(rt); 902 return security_xfrm_policy_alloc(pol, uctx); 903 } 904 905 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 906 int nr) 907 { 908 int i; 909 910 xp->xfrm_nr = nr; 911 for (i = 0; i < nr; i++, ut++) { 912 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 913 914 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 915 memcpy(&t->saddr, &ut->saddr, 916 sizeof(xfrm_address_t)); 917 t->reqid = ut->reqid; 918 t->mode = ut->mode; 919 t->share = ut->share; 920 t->optional = ut->optional; 921 t->aalgos = ut->aalgos; 922 t->ealgos = ut->ealgos; 923 t->calgos = ut->calgos; 924 t->encap_family = ut->family; 925 } 926 } 927 928 static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family) 929 { 930 int i; 931 932 if (nr > XFRM_MAX_DEPTH) 933 return -EINVAL; 934 935 for (i = 0; i < nr; i++) { 936 /* We never validated the ut->family value, so many 937 * applications simply leave it at zero. The check was 938 * never made and ut->family was ignored because all 939 * templates could be assumed to have the same family as 940 * the policy itself. Now that we will have ipv4-in-ipv6 941 * and ipv6-in-ipv4 tunnels, this is no longer true. 942 */ 943 if (!ut[i].family) 944 ut[i].family = family; 945 946 switch (ut[i].family) { 947 case AF_INET: 948 break; 949 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 950 case AF_INET6: 951 break; 952 #endif 953 default: 954 return -EINVAL; 955 } 956 } 957 958 return 0; 959 } 960 961 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct nlattr **attrs) 962 { 963 struct nlattr *rt = attrs[XFRMA_TMPL]; 964 965 if (!rt) { 966 pol->xfrm_nr = 0; 967 } else { 968 struct xfrm_user_tmpl *utmpl = nla_data(rt); 969 int nr = nla_len(rt) / sizeof(*utmpl); 970 int err; 971 972 err = validate_tmpl(nr, utmpl, pol->family); 973 if (err) 974 return err; 975 976 copy_templates(pol, utmpl, nr); 977 } 978 return 0; 979 } 980 981 static int copy_from_user_policy_type(u8 *tp, struct nlattr **attrs) 982 { 983 struct nlattr *rt = attrs[XFRMA_POLICY_TYPE]; 984 struct xfrm_userpolicy_type *upt; 985 u8 type = XFRM_POLICY_TYPE_MAIN; 986 int err; 987 988 if (rt) { 989 upt = nla_data(rt); 990 type = upt->type; 991 } 992 993 err = verify_policy_type(type); 994 if (err) 995 return err; 996 997 *tp = type; 998 return 0; 999 } 1000 1001 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 1002 { 1003 xp->priority = p->priority; 1004 xp->index = p->index; 1005 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 1006 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 1007 xp->action = p->action; 1008 xp->flags = p->flags; 1009 xp->family = p->sel.family; 1010 /* XXX xp->share = p->share; */ 1011 } 1012 1013 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 1014 { 1015 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 1016 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 1017 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 1018 p->priority = xp->priority; 1019 p->index = xp->index; 1020 p->sel.family = xp->family; 1021 p->dir = dir; 1022 p->action = xp->action; 1023 p->flags = xp->flags; 1024 p->share = XFRM_SHARE_ANY; /* XXX xp->share */ 1025 } 1026 1027 static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) 1028 { 1029 struct xfrm_policy *xp = xfrm_policy_alloc(GFP_KERNEL); 1030 int err; 1031 1032 if (!xp) { 1033 *errp = -ENOMEM; 1034 return NULL; 1035 } 1036 1037 copy_from_user_policy(xp, p); 1038 1039 err = copy_from_user_policy_type(&xp->type, attrs); 1040 if (err) 1041 goto error; 1042 1043 if (!(err = copy_from_user_tmpl(xp, attrs))) 1044 err = copy_from_user_sec_ctx(xp, attrs); 1045 if (err) 1046 goto error; 1047 1048 return xp; 1049 error: 1050 *errp = err; 1051 kfree(xp); 1052 return NULL; 1053 } 1054 1055 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1056 struct nlattr **attrs) 1057 { 1058 struct xfrm_userpolicy_info *p = nlmsg_data(nlh); 1059 struct xfrm_policy *xp; 1060 struct km_event c; 1061 int err; 1062 int excl; 1063 1064 err = verify_newpolicy_info(p); 1065 if (err) 1066 return err; 1067 err = verify_sec_ctx_len(attrs); 1068 if (err) 1069 return err; 1070 1071 xp = xfrm_policy_construct(p, attrs, &err); 1072 if (!xp) 1073 return err; 1074 1075 /* shouldnt excl be based on nlh flags?? 1076 * Aha! this is anti-netlink really i.e more pfkey derived 1077 * in netlink excl is a flag and you wouldnt need 1078 * a type XFRM_MSG_UPDPOLICY - JHS */ 1079 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1080 err = xfrm_policy_insert(p->dir, xp, excl); 1081 xfrm_audit_policy_add(xp, err ? 0 : 1, NETLINK_CB(skb).loginuid, 1082 NETLINK_CB(skb).sid); 1083 1084 if (err) { 1085 security_xfrm_policy_free(xp); 1086 kfree(xp); 1087 return err; 1088 } 1089 1090 c.event = nlh->nlmsg_type; 1091 c.seq = nlh->nlmsg_seq; 1092 c.pid = nlh->nlmsg_pid; 1093 km_policy_notify(xp, p->dir, &c); 1094 1095 xfrm_pol_put(xp); 1096 1097 return 0; 1098 } 1099 1100 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 1101 { 1102 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 1103 int i; 1104 1105 if (xp->xfrm_nr == 0) 1106 return 0; 1107 1108 for (i = 0; i < xp->xfrm_nr; i++) { 1109 struct xfrm_user_tmpl *up = &vec[i]; 1110 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1111 1112 memcpy(&up->id, &kp->id, sizeof(up->id)); 1113 up->family = kp->encap_family; 1114 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1115 up->reqid = kp->reqid; 1116 up->mode = kp->mode; 1117 up->share = kp->share; 1118 up->optional = kp->optional; 1119 up->aalgos = kp->aalgos; 1120 up->ealgos = kp->ealgos; 1121 up->calgos = kp->calgos; 1122 } 1123 1124 return nla_put(skb, XFRMA_TMPL, 1125 sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr, vec); 1126 } 1127 1128 static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb) 1129 { 1130 if (x->security) { 1131 return copy_sec_ctx(x->security, skb); 1132 } 1133 return 0; 1134 } 1135 1136 static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb) 1137 { 1138 if (xp->security) { 1139 return copy_sec_ctx(xp->security, skb); 1140 } 1141 return 0; 1142 } 1143 static inline size_t userpolicy_type_attrsize(void) 1144 { 1145 #ifdef CONFIG_XFRM_SUB_POLICY 1146 return nla_total_size(sizeof(struct xfrm_userpolicy_type)); 1147 #else 1148 return 0; 1149 #endif 1150 } 1151 1152 #ifdef CONFIG_XFRM_SUB_POLICY 1153 static int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1154 { 1155 struct xfrm_userpolicy_type upt = { 1156 .type = type, 1157 }; 1158 1159 return nla_put(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); 1160 } 1161 1162 #else 1163 static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1164 { 1165 return 0; 1166 } 1167 #endif 1168 1169 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 1170 { 1171 struct xfrm_dump_info *sp = ptr; 1172 struct xfrm_userpolicy_info *p; 1173 struct sk_buff *in_skb = sp->in_skb; 1174 struct sk_buff *skb = sp->out_skb; 1175 struct nlmsghdr *nlh; 1176 1177 if (sp->this_idx < sp->start_idx) 1178 goto out; 1179 1180 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).pid, sp->nlmsg_seq, 1181 XFRM_MSG_NEWPOLICY, sizeof(*p), sp->nlmsg_flags); 1182 if (nlh == NULL) 1183 return -EMSGSIZE; 1184 1185 p = nlmsg_data(nlh); 1186 copy_to_user_policy(xp, p, dir); 1187 if (copy_to_user_tmpl(xp, skb) < 0) 1188 goto nlmsg_failure; 1189 if (copy_to_user_sec_ctx(xp, skb)) 1190 goto nlmsg_failure; 1191 if (copy_to_user_policy_type(xp->type, skb) < 0) 1192 goto nlmsg_failure; 1193 1194 nlmsg_end(skb, nlh); 1195 out: 1196 sp->this_idx++; 1197 return 0; 1198 1199 nlmsg_failure: 1200 nlmsg_cancel(skb, nlh); 1201 return -EMSGSIZE; 1202 } 1203 1204 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 1205 { 1206 struct xfrm_dump_info info; 1207 1208 info.in_skb = cb->skb; 1209 info.out_skb = skb; 1210 info.nlmsg_seq = cb->nlh->nlmsg_seq; 1211 info.nlmsg_flags = NLM_F_MULTI; 1212 info.this_idx = 0; 1213 info.start_idx = cb->args[0]; 1214 (void) xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, dump_one_policy, &info); 1215 #ifdef CONFIG_XFRM_SUB_POLICY 1216 (void) xfrm_policy_walk(XFRM_POLICY_TYPE_SUB, dump_one_policy, &info); 1217 #endif 1218 cb->args[0] = info.this_idx; 1219 1220 return skb->len; 1221 } 1222 1223 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 1224 struct xfrm_policy *xp, 1225 int dir, u32 seq) 1226 { 1227 struct xfrm_dump_info info; 1228 struct sk_buff *skb; 1229 1230 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1231 if (!skb) 1232 return ERR_PTR(-ENOMEM); 1233 1234 info.in_skb = in_skb; 1235 info.out_skb = skb; 1236 info.nlmsg_seq = seq; 1237 info.nlmsg_flags = 0; 1238 info.this_idx = info.start_idx = 0; 1239 1240 if (dump_one_policy(xp, dir, 0, &info) < 0) { 1241 kfree_skb(skb); 1242 return NULL; 1243 } 1244 1245 return skb; 1246 } 1247 1248 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1249 struct nlattr **attrs) 1250 { 1251 struct xfrm_policy *xp; 1252 struct xfrm_userpolicy_id *p; 1253 u8 type = XFRM_POLICY_TYPE_MAIN; 1254 int err; 1255 struct km_event c; 1256 int delete; 1257 1258 p = nlmsg_data(nlh); 1259 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 1260 1261 err = copy_from_user_policy_type(&type, attrs); 1262 if (err) 1263 return err; 1264 1265 err = verify_policy_dir(p->dir); 1266 if (err) 1267 return err; 1268 1269 if (p->index) 1270 xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err); 1271 else { 1272 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1273 struct xfrm_policy tmp; 1274 1275 err = verify_sec_ctx_len(attrs); 1276 if (err) 1277 return err; 1278 1279 memset(&tmp, 0, sizeof(struct xfrm_policy)); 1280 if (rt) { 1281 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 1282 1283 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1284 return err; 1285 } 1286 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1287 delete, &err); 1288 security_xfrm_policy_free(&tmp); 1289 } 1290 if (xp == NULL) 1291 return -ENOENT; 1292 1293 if (!delete) { 1294 struct sk_buff *resp_skb; 1295 1296 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 1297 if (IS_ERR(resp_skb)) { 1298 err = PTR_ERR(resp_skb); 1299 } else { 1300 err = nlmsg_unicast(xfrm_nl, resp_skb, 1301 NETLINK_CB(skb).pid); 1302 } 1303 } else { 1304 xfrm_audit_policy_delete(xp, err ? 0 : 1, 1305 NETLINK_CB(skb).loginuid, 1306 NETLINK_CB(skb).sid); 1307 1308 if (err != 0) 1309 goto out; 1310 1311 c.data.byid = p->index; 1312 c.event = nlh->nlmsg_type; 1313 c.seq = nlh->nlmsg_seq; 1314 c.pid = nlh->nlmsg_pid; 1315 km_policy_notify(xp, p->dir, &c); 1316 } 1317 1318 out: 1319 xfrm_pol_put(xp); 1320 return err; 1321 } 1322 1323 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 1324 struct nlattr **attrs) 1325 { 1326 struct km_event c; 1327 struct xfrm_usersa_flush *p = nlmsg_data(nlh); 1328 struct xfrm_audit audit_info; 1329 int err; 1330 1331 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1332 audit_info.secid = NETLINK_CB(skb).sid; 1333 err = xfrm_state_flush(p->proto, &audit_info); 1334 if (err) 1335 return err; 1336 c.data.proto = p->proto; 1337 c.event = nlh->nlmsg_type; 1338 c.seq = nlh->nlmsg_seq; 1339 c.pid = nlh->nlmsg_pid; 1340 km_state_notify(NULL, &c); 1341 1342 return 0; 1343 } 1344 1345 static inline size_t xfrm_aevent_msgsize(void) 1346 { 1347 return NLMSG_ALIGN(sizeof(struct xfrm_aevent_id)) 1348 + nla_total_size(sizeof(struct xfrm_replay_state)) 1349 + nla_total_size(sizeof(struct xfrm_lifetime_cur)) 1350 + nla_total_size(4) /* XFRM_AE_RTHR */ 1351 + nla_total_size(4); /* XFRM_AE_ETHR */ 1352 } 1353 1354 static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 1355 { 1356 struct xfrm_aevent_id *id; 1357 struct nlmsghdr *nlh; 1358 1359 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_NEWAE, sizeof(*id), 0); 1360 if (nlh == NULL) 1361 return -EMSGSIZE; 1362 1363 id = nlmsg_data(nlh); 1364 memcpy(&id->sa_id.daddr, &x->id.daddr,sizeof(x->id.daddr)); 1365 id->sa_id.spi = x->id.spi; 1366 id->sa_id.family = x->props.family; 1367 id->sa_id.proto = x->id.proto; 1368 memcpy(&id->saddr, &x->props.saddr,sizeof(x->props.saddr)); 1369 id->reqid = x->props.reqid; 1370 id->flags = c->data.aevent; 1371 1372 NLA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay); 1373 NLA_PUT(skb, XFRMA_LTIME_VAL, sizeof(x->curlft), &x->curlft); 1374 1375 if (id->flags & XFRM_AE_RTHR) 1376 NLA_PUT_U32(skb, XFRMA_REPLAY_THRESH, x->replay_maxdiff); 1377 1378 if (id->flags & XFRM_AE_ETHR) 1379 NLA_PUT_U32(skb, XFRMA_ETIMER_THRESH, 1380 x->replay_maxage * 10 / HZ); 1381 1382 return nlmsg_end(skb, nlh); 1383 1384 nla_put_failure: 1385 nlmsg_cancel(skb, nlh); 1386 return -EMSGSIZE; 1387 } 1388 1389 static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1390 struct nlattr **attrs) 1391 { 1392 struct xfrm_state *x; 1393 struct sk_buff *r_skb; 1394 int err; 1395 struct km_event c; 1396 struct xfrm_aevent_id *p = nlmsg_data(nlh); 1397 struct xfrm_usersa_id *id = &p->sa_id; 1398 1399 r_skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); 1400 if (r_skb == NULL) 1401 return -ENOMEM; 1402 1403 x = xfrm_state_lookup(&id->daddr, id->spi, id->proto, id->family); 1404 if (x == NULL) { 1405 kfree_skb(r_skb); 1406 return -ESRCH; 1407 } 1408 1409 /* 1410 * XXX: is this lock really needed - none of the other 1411 * gets lock (the concern is things getting updated 1412 * while we are still reading) - jhs 1413 */ 1414 spin_lock_bh(&x->lock); 1415 c.data.aevent = p->flags; 1416 c.seq = nlh->nlmsg_seq; 1417 c.pid = nlh->nlmsg_pid; 1418 1419 if (build_aevent(r_skb, x, &c) < 0) 1420 BUG(); 1421 err = nlmsg_unicast(xfrm_nl, r_skb, NETLINK_CB(skb).pid); 1422 spin_unlock_bh(&x->lock); 1423 xfrm_state_put(x); 1424 return err; 1425 } 1426 1427 static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1428 struct nlattr **attrs) 1429 { 1430 struct xfrm_state *x; 1431 struct km_event c; 1432 int err = - EINVAL; 1433 struct xfrm_aevent_id *p = nlmsg_data(nlh); 1434 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 1435 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 1436 1437 if (!lt && !rp) 1438 return err; 1439 1440 /* pedantic mode - thou shalt sayeth replaceth */ 1441 if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) 1442 return err; 1443 1444 x = xfrm_state_lookup(&p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); 1445 if (x == NULL) 1446 return -ESRCH; 1447 1448 if (x->km.state != XFRM_STATE_VALID) 1449 goto out; 1450 1451 spin_lock_bh(&x->lock); 1452 xfrm_update_ae_params(x, attrs); 1453 spin_unlock_bh(&x->lock); 1454 1455 c.event = nlh->nlmsg_type; 1456 c.seq = nlh->nlmsg_seq; 1457 c.pid = nlh->nlmsg_pid; 1458 c.data.aevent = XFRM_AE_CU; 1459 km_state_notify(x, &c); 1460 err = 0; 1461 out: 1462 xfrm_state_put(x); 1463 return err; 1464 } 1465 1466 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1467 struct nlattr **attrs) 1468 { 1469 struct km_event c; 1470 u8 type = XFRM_POLICY_TYPE_MAIN; 1471 int err; 1472 struct xfrm_audit audit_info; 1473 1474 err = copy_from_user_policy_type(&type, attrs); 1475 if (err) 1476 return err; 1477 1478 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1479 audit_info.secid = NETLINK_CB(skb).sid; 1480 err = xfrm_policy_flush(type, &audit_info); 1481 if (err) 1482 return err; 1483 c.data.type = type; 1484 c.event = nlh->nlmsg_type; 1485 c.seq = nlh->nlmsg_seq; 1486 c.pid = nlh->nlmsg_pid; 1487 km_policy_notify(NULL, 0, &c); 1488 return 0; 1489 } 1490 1491 static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1492 struct nlattr **attrs) 1493 { 1494 struct xfrm_policy *xp; 1495 struct xfrm_user_polexpire *up = nlmsg_data(nlh); 1496 struct xfrm_userpolicy_info *p = &up->pol; 1497 u8 type = XFRM_POLICY_TYPE_MAIN; 1498 int err = -ENOENT; 1499 1500 err = copy_from_user_policy_type(&type, attrs); 1501 if (err) 1502 return err; 1503 1504 if (p->index) 1505 xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err); 1506 else { 1507 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1508 struct xfrm_policy tmp; 1509 1510 err = verify_sec_ctx_len(attrs); 1511 if (err) 1512 return err; 1513 1514 memset(&tmp, 0, sizeof(struct xfrm_policy)); 1515 if (rt) { 1516 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 1517 1518 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1519 return err; 1520 } 1521 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1522 0, &err); 1523 security_xfrm_policy_free(&tmp); 1524 } 1525 1526 if (xp == NULL) 1527 return -ENOENT; 1528 read_lock(&xp->lock); 1529 if (xp->dead) { 1530 read_unlock(&xp->lock); 1531 goto out; 1532 } 1533 1534 read_unlock(&xp->lock); 1535 err = 0; 1536 if (up->hard) { 1537 xfrm_policy_delete(xp, p->dir); 1538 xfrm_audit_policy_delete(xp, 1, NETLINK_CB(skb).loginuid, 1539 NETLINK_CB(skb).sid); 1540 1541 } else { 1542 // reset the timers here? 1543 printk("Dont know what to do with soft policy expire\n"); 1544 } 1545 km_policy_expired(xp, p->dir, up->hard, current->pid); 1546 1547 out: 1548 xfrm_pol_put(xp); 1549 return err; 1550 } 1551 1552 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1553 struct nlattr **attrs) 1554 { 1555 struct xfrm_state *x; 1556 int err; 1557 struct xfrm_user_expire *ue = nlmsg_data(nlh); 1558 struct xfrm_usersa_info *p = &ue->state; 1559 1560 x = xfrm_state_lookup(&p->id.daddr, p->id.spi, p->id.proto, p->family); 1561 1562 err = -ENOENT; 1563 if (x == NULL) 1564 return err; 1565 1566 spin_lock_bh(&x->lock); 1567 err = -EINVAL; 1568 if (x->km.state != XFRM_STATE_VALID) 1569 goto out; 1570 km_state_expired(x, ue->hard, current->pid); 1571 1572 if (ue->hard) { 1573 __xfrm_state_delete(x); 1574 xfrm_audit_state_delete(x, 1, NETLINK_CB(skb).loginuid, 1575 NETLINK_CB(skb).sid); 1576 } 1577 err = 0; 1578 out: 1579 spin_unlock_bh(&x->lock); 1580 xfrm_state_put(x); 1581 return err; 1582 } 1583 1584 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, 1585 struct nlattr **attrs) 1586 { 1587 struct xfrm_policy *xp; 1588 struct xfrm_user_tmpl *ut; 1589 int i; 1590 struct nlattr *rt = attrs[XFRMA_TMPL]; 1591 1592 struct xfrm_user_acquire *ua = nlmsg_data(nlh); 1593 struct xfrm_state *x = xfrm_state_alloc(); 1594 int err = -ENOMEM; 1595 1596 if (!x) 1597 return err; 1598 1599 err = verify_newpolicy_info(&ua->policy); 1600 if (err) { 1601 printk("BAD policy passed\n"); 1602 kfree(x); 1603 return err; 1604 } 1605 1606 /* build an XP */ 1607 xp = xfrm_policy_construct(&ua->policy, attrs, &err); 1608 if (!xp) { 1609 kfree(x); 1610 return err; 1611 } 1612 1613 memcpy(&x->id, &ua->id, sizeof(ua->id)); 1614 memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr)); 1615 memcpy(&x->sel, &ua->sel, sizeof(ua->sel)); 1616 1617 ut = nla_data(rt); 1618 /* extract the templates and for each call km_key */ 1619 for (i = 0; i < xp->xfrm_nr; i++, ut++) { 1620 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 1621 memcpy(&x->id, &t->id, sizeof(x->id)); 1622 x->props.mode = t->mode; 1623 x->props.reqid = t->reqid; 1624 x->props.family = ut->family; 1625 t->aalgos = ua->aalgos; 1626 t->ealgos = ua->ealgos; 1627 t->calgos = ua->calgos; 1628 err = km_query(x, t, xp); 1629 1630 } 1631 1632 kfree(x); 1633 kfree(xp); 1634 1635 return 0; 1636 } 1637 1638 #ifdef CONFIG_XFRM_MIGRATE 1639 static int copy_from_user_migrate(struct xfrm_migrate *ma, 1640 struct nlattr **attrs, int *num) 1641 { 1642 struct nlattr *rt = attrs[XFRMA_MIGRATE]; 1643 struct xfrm_user_migrate *um; 1644 int i, num_migrate; 1645 1646 um = nla_data(rt); 1647 num_migrate = nla_len(rt) / sizeof(*um); 1648 1649 if (num_migrate <= 0 || num_migrate > XFRM_MAX_DEPTH) 1650 return -EINVAL; 1651 1652 for (i = 0; i < num_migrate; i++, um++, ma++) { 1653 memcpy(&ma->old_daddr, &um->old_daddr, sizeof(ma->old_daddr)); 1654 memcpy(&ma->old_saddr, &um->old_saddr, sizeof(ma->old_saddr)); 1655 memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); 1656 memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); 1657 1658 ma->proto = um->proto; 1659 ma->mode = um->mode; 1660 ma->reqid = um->reqid; 1661 1662 ma->old_family = um->old_family; 1663 ma->new_family = um->new_family; 1664 } 1665 1666 *num = i; 1667 return 0; 1668 } 1669 1670 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1671 struct nlattr **attrs) 1672 { 1673 struct xfrm_userpolicy_id *pi = nlmsg_data(nlh); 1674 struct xfrm_migrate m[XFRM_MAX_DEPTH]; 1675 u8 type; 1676 int err; 1677 int n = 0; 1678 1679 if (attrs[XFRMA_MIGRATE] == NULL) 1680 return -EINVAL; 1681 1682 err = copy_from_user_policy_type(&type, attrs); 1683 if (err) 1684 return err; 1685 1686 err = copy_from_user_migrate((struct xfrm_migrate *)m, 1687 attrs, &n); 1688 if (err) 1689 return err; 1690 1691 if (!n) 1692 return 0; 1693 1694 xfrm_migrate(&pi->sel, pi->dir, type, m, n); 1695 1696 return 0; 1697 } 1698 #else 1699 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1700 struct nlattr **attrs) 1701 { 1702 return -ENOPROTOOPT; 1703 } 1704 #endif 1705 1706 #ifdef CONFIG_XFRM_MIGRATE 1707 static int copy_to_user_migrate(struct xfrm_migrate *m, struct sk_buff *skb) 1708 { 1709 struct xfrm_user_migrate um; 1710 1711 memset(&um, 0, sizeof(um)); 1712 um.proto = m->proto; 1713 um.mode = m->mode; 1714 um.reqid = m->reqid; 1715 um.old_family = m->old_family; 1716 memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); 1717 memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); 1718 um.new_family = m->new_family; 1719 memcpy(&um.new_daddr, &m->new_daddr, sizeof(um.new_daddr)); 1720 memcpy(&um.new_saddr, &m->new_saddr, sizeof(um.new_saddr)); 1721 1722 return nla_put(skb, XFRMA_MIGRATE, sizeof(um), &um); 1723 } 1724 1725 static inline size_t xfrm_migrate_msgsize(int num_migrate) 1726 { 1727 return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id)) 1728 + nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate) 1729 + userpolicy_type_attrsize(); 1730 } 1731 1732 static int build_migrate(struct sk_buff *skb, struct xfrm_migrate *m, 1733 int num_migrate, struct xfrm_selector *sel, 1734 u8 dir, u8 type) 1735 { 1736 struct xfrm_migrate *mp; 1737 struct xfrm_userpolicy_id *pol_id; 1738 struct nlmsghdr *nlh; 1739 int i; 1740 1741 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MIGRATE, sizeof(*pol_id), 0); 1742 if (nlh == NULL) 1743 return -EMSGSIZE; 1744 1745 pol_id = nlmsg_data(nlh); 1746 /* copy data from selector, dir, and type to the pol_id */ 1747 memset(pol_id, 0, sizeof(*pol_id)); 1748 memcpy(&pol_id->sel, sel, sizeof(pol_id->sel)); 1749 pol_id->dir = dir; 1750 1751 if (copy_to_user_policy_type(type, skb) < 0) 1752 goto nlmsg_failure; 1753 1754 for (i = 0, mp = m ; i < num_migrate; i++, mp++) { 1755 if (copy_to_user_migrate(mp, skb) < 0) 1756 goto nlmsg_failure; 1757 } 1758 1759 return nlmsg_end(skb, nlh); 1760 nlmsg_failure: 1761 nlmsg_cancel(skb, nlh); 1762 return -EMSGSIZE; 1763 } 1764 1765 static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1766 struct xfrm_migrate *m, int num_migrate) 1767 { 1768 struct sk_buff *skb; 1769 1770 skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate), GFP_ATOMIC); 1771 if (skb == NULL) 1772 return -ENOMEM; 1773 1774 /* build migrate */ 1775 if (build_migrate(skb, m, num_migrate, sel, dir, type) < 0) 1776 BUG(); 1777 1778 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_MIGRATE, GFP_ATOMIC); 1779 } 1780 #else 1781 static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1782 struct xfrm_migrate *m, int num_migrate) 1783 { 1784 return -ENOPROTOOPT; 1785 } 1786 #endif 1787 1788 #define XMSGSIZE(type) sizeof(struct type) 1789 1790 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 1791 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1792 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 1793 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 1794 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1795 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1796 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1797 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 1798 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 1799 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 1800 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1801 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1802 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 1803 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 1804 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = 0, 1805 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 1806 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 1807 [XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report), 1808 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1809 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = sizeof(u32), 1810 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = sizeof(u32), 1811 }; 1812 1813 #undef XMSGSIZE 1814 1815 static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = { 1816 [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) }, 1817 [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) }, 1818 [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) }, 1819 [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) }, 1820 [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) }, 1821 [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) }, 1822 [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) }, 1823 [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) }, 1824 [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 }, 1825 [XFRMA_ETIMER_THRESH] = { .type = NLA_U32 }, 1826 [XFRMA_SRCADDR] = { .len = sizeof(xfrm_address_t) }, 1827 [XFRMA_COADDR] = { .len = sizeof(xfrm_address_t) }, 1828 [XFRMA_POLICY_TYPE] = { .len = sizeof(struct xfrm_userpolicy_type)}, 1829 [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) }, 1830 }; 1831 1832 static struct xfrm_link { 1833 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **); 1834 int (*dump)(struct sk_buff *, struct netlink_callback *); 1835 } xfrm_dispatch[XFRM_NR_MSGTYPES] = { 1836 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1837 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 1838 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 1839 .dump = xfrm_dump_sa }, 1840 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1841 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 1842 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 1843 .dump = xfrm_dump_policy }, 1844 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 1845 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, 1846 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, 1847 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1848 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1849 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire}, 1850 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 1851 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 1852 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae }, 1853 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = { .doit = xfrm_get_ae }, 1854 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = { .doit = xfrm_do_migrate }, 1855 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_sadinfo }, 1856 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_spdinfo }, 1857 }; 1858 1859 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 1860 { 1861 struct nlattr *attrs[XFRMA_MAX+1]; 1862 struct xfrm_link *link; 1863 int type, err; 1864 1865 type = nlh->nlmsg_type; 1866 if (type > XFRM_MSG_MAX) 1867 return -EINVAL; 1868 1869 type -= XFRM_MSG_BASE; 1870 link = &xfrm_dispatch[type]; 1871 1872 /* All operations require privileges, even GET */ 1873 if (security_netlink_recv(skb, CAP_NET_ADMIN)) 1874 return -EPERM; 1875 1876 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 1877 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 1878 (nlh->nlmsg_flags & NLM_F_DUMP)) { 1879 if (link->dump == NULL) 1880 return -EINVAL; 1881 1882 return netlink_dump_start(xfrm_nl, skb, nlh, link->dump, NULL); 1883 } 1884 1885 err = nlmsg_parse(nlh, xfrm_msg_min[type], attrs, XFRMA_MAX, 1886 xfrma_policy); 1887 if (err < 0) 1888 return err; 1889 1890 if (link->doit == NULL) 1891 return -EINVAL; 1892 1893 return link->doit(skb, nlh, attrs); 1894 } 1895 1896 static void xfrm_netlink_rcv(struct sock *sk, int len) 1897 { 1898 unsigned int qlen = 0; 1899 1900 do { 1901 mutex_lock(&xfrm_cfg_mutex); 1902 qlen = netlink_run_queue(sk, qlen, &xfrm_user_rcv_msg); 1903 mutex_unlock(&xfrm_cfg_mutex); 1904 1905 } while (qlen); 1906 } 1907 1908 static inline size_t xfrm_expire_msgsize(void) 1909 { 1910 return NLMSG_ALIGN(sizeof(struct xfrm_user_expire)); 1911 } 1912 1913 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 1914 { 1915 struct xfrm_user_expire *ue; 1916 struct nlmsghdr *nlh; 1917 1918 nlh = nlmsg_put(skb, c->pid, 0, XFRM_MSG_EXPIRE, sizeof(*ue), 0); 1919 if (nlh == NULL) 1920 return -EMSGSIZE; 1921 1922 ue = nlmsg_data(nlh); 1923 copy_to_user_state(x, &ue->state); 1924 ue->hard = (c->data.hard != 0) ? 1 : 0; 1925 1926 return nlmsg_end(skb, nlh); 1927 } 1928 1929 static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) 1930 { 1931 struct sk_buff *skb; 1932 1933 skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC); 1934 if (skb == NULL) 1935 return -ENOMEM; 1936 1937 if (build_expire(skb, x, c) < 0) 1938 BUG(); 1939 1940 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 1941 } 1942 1943 static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) 1944 { 1945 struct sk_buff *skb; 1946 1947 skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); 1948 if (skb == NULL) 1949 return -ENOMEM; 1950 1951 if (build_aevent(skb, x, c) < 0) 1952 BUG(); 1953 1954 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_AEVENTS, GFP_ATOMIC); 1955 } 1956 1957 static int xfrm_notify_sa_flush(struct km_event *c) 1958 { 1959 struct xfrm_usersa_flush *p; 1960 struct nlmsghdr *nlh; 1961 struct sk_buff *skb; 1962 int len = NLMSG_ALIGN(sizeof(struct xfrm_usersa_flush)); 1963 1964 skb = nlmsg_new(len, GFP_ATOMIC); 1965 if (skb == NULL) 1966 return -ENOMEM; 1967 1968 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_FLUSHSA, sizeof(*p), 0); 1969 if (nlh == NULL) { 1970 kfree_skb(skb); 1971 return -EMSGSIZE; 1972 } 1973 1974 p = nlmsg_data(nlh); 1975 p->proto = c->data.proto; 1976 1977 nlmsg_end(skb, nlh); 1978 1979 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 1980 } 1981 1982 static inline size_t xfrm_sa_len(struct xfrm_state *x) 1983 { 1984 size_t l = 0; 1985 if (x->aalg) 1986 l += nla_total_size(alg_len(x->aalg)); 1987 if (x->ealg) 1988 l += nla_total_size(alg_len(x->ealg)); 1989 if (x->calg) 1990 l += nla_total_size(sizeof(*x->calg)); 1991 if (x->encap) 1992 l += nla_total_size(sizeof(*x->encap)); 1993 if (x->security) 1994 l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) + 1995 x->security->ctx_len); 1996 if (x->coaddr) 1997 l += nla_total_size(sizeof(*x->coaddr)); 1998 1999 /* Must count this as this may become non-zero behind our back. */ 2000 l += nla_total_size(sizeof(x->lastused)); 2001 2002 return l; 2003 } 2004 2005 static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) 2006 { 2007 struct xfrm_usersa_info *p; 2008 struct xfrm_usersa_id *id; 2009 struct nlmsghdr *nlh; 2010 struct sk_buff *skb; 2011 int len = xfrm_sa_len(x); 2012 int headlen; 2013 2014 headlen = sizeof(*p); 2015 if (c->event == XFRM_MSG_DELSA) { 2016 len += nla_total_size(headlen); 2017 headlen = sizeof(*id); 2018 } 2019 len += NLMSG_ALIGN(headlen); 2020 2021 skb = nlmsg_new(len, GFP_ATOMIC); 2022 if (skb == NULL) 2023 return -ENOMEM; 2024 2025 nlh = nlmsg_put(skb, c->pid, c->seq, c->event, headlen, 0); 2026 if (nlh == NULL) 2027 goto nla_put_failure; 2028 2029 p = nlmsg_data(nlh); 2030 if (c->event == XFRM_MSG_DELSA) { 2031 struct nlattr *attr; 2032 2033 id = nlmsg_data(nlh); 2034 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr)); 2035 id->spi = x->id.spi; 2036 id->family = x->props.family; 2037 id->proto = x->id.proto; 2038 2039 attr = nla_reserve(skb, XFRMA_SA, sizeof(*p)); 2040 if (attr == NULL) 2041 goto nla_put_failure; 2042 2043 p = nla_data(attr); 2044 } 2045 2046 if (copy_to_user_state_extra(x, p, skb)) 2047 goto nla_put_failure; 2048 2049 nlmsg_end(skb, nlh); 2050 2051 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 2052 2053 nla_put_failure: 2054 /* Somebody screwed up with xfrm_sa_len! */ 2055 WARN_ON(1); 2056 kfree_skb(skb); 2057 return -1; 2058 } 2059 2060 static int xfrm_send_state_notify(struct xfrm_state *x, struct km_event *c) 2061 { 2062 2063 switch (c->event) { 2064 case XFRM_MSG_EXPIRE: 2065 return xfrm_exp_state_notify(x, c); 2066 case XFRM_MSG_NEWAE: 2067 return xfrm_aevent_state_notify(x, c); 2068 case XFRM_MSG_DELSA: 2069 case XFRM_MSG_UPDSA: 2070 case XFRM_MSG_NEWSA: 2071 return xfrm_notify_sa(x, c); 2072 case XFRM_MSG_FLUSHSA: 2073 return xfrm_notify_sa_flush(c); 2074 default: 2075 printk("xfrm_user: Unknown SA event %d\n", c->event); 2076 break; 2077 } 2078 2079 return 0; 2080 2081 } 2082 2083 static inline size_t xfrm_acquire_msgsize(struct xfrm_state *x, 2084 struct xfrm_policy *xp) 2085 { 2086 return NLMSG_ALIGN(sizeof(struct xfrm_user_acquire)) 2087 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 2088 + nla_total_size(xfrm_user_sec_ctx_size(x->security)) 2089 + userpolicy_type_attrsize(); 2090 } 2091 2092 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 2093 struct xfrm_tmpl *xt, struct xfrm_policy *xp, 2094 int dir) 2095 { 2096 struct xfrm_user_acquire *ua; 2097 struct nlmsghdr *nlh; 2098 __u32 seq = xfrm_get_acqseq(); 2099 2100 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_ACQUIRE, sizeof(*ua), 0); 2101 if (nlh == NULL) 2102 return -EMSGSIZE; 2103 2104 ua = nlmsg_data(nlh); 2105 memcpy(&ua->id, &x->id, sizeof(ua->id)); 2106 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 2107 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 2108 copy_to_user_policy(xp, &ua->policy, dir); 2109 ua->aalgos = xt->aalgos; 2110 ua->ealgos = xt->ealgos; 2111 ua->calgos = xt->calgos; 2112 ua->seq = x->km.seq = seq; 2113 2114 if (copy_to_user_tmpl(xp, skb) < 0) 2115 goto nlmsg_failure; 2116 if (copy_to_user_state_sec_ctx(x, skb)) 2117 goto nlmsg_failure; 2118 if (copy_to_user_policy_type(xp->type, skb) < 0) 2119 goto nlmsg_failure; 2120 2121 return nlmsg_end(skb, nlh); 2122 2123 nlmsg_failure: 2124 nlmsg_cancel(skb, nlh); 2125 return -EMSGSIZE; 2126 } 2127 2128 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 2129 struct xfrm_policy *xp, int dir) 2130 { 2131 struct sk_buff *skb; 2132 2133 skb = nlmsg_new(xfrm_acquire_msgsize(x, xp), GFP_ATOMIC); 2134 if (skb == NULL) 2135 return -ENOMEM; 2136 2137 if (build_acquire(skb, x, xt, xp, dir) < 0) 2138 BUG(); 2139 2140 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_ACQUIRE, GFP_ATOMIC); 2141 } 2142 2143 /* User gives us xfrm_user_policy_info followed by an array of 0 2144 * or more templates. 2145 */ 2146 static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, 2147 u8 *data, int len, int *dir) 2148 { 2149 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 2150 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 2151 struct xfrm_policy *xp; 2152 int nr; 2153 2154 switch (sk->sk_family) { 2155 case AF_INET: 2156 if (opt != IP_XFRM_POLICY) { 2157 *dir = -EOPNOTSUPP; 2158 return NULL; 2159 } 2160 break; 2161 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2162 case AF_INET6: 2163 if (opt != IPV6_XFRM_POLICY) { 2164 *dir = -EOPNOTSUPP; 2165 return NULL; 2166 } 2167 break; 2168 #endif 2169 default: 2170 *dir = -EINVAL; 2171 return NULL; 2172 } 2173 2174 *dir = -EINVAL; 2175 2176 if (len < sizeof(*p) || 2177 verify_newpolicy_info(p)) 2178 return NULL; 2179 2180 nr = ((len - sizeof(*p)) / sizeof(*ut)); 2181 if (validate_tmpl(nr, ut, p->sel.family)) 2182 return NULL; 2183 2184 if (p->dir > XFRM_POLICY_OUT) 2185 return NULL; 2186 2187 xp = xfrm_policy_alloc(GFP_KERNEL); 2188 if (xp == NULL) { 2189 *dir = -ENOBUFS; 2190 return NULL; 2191 } 2192 2193 copy_from_user_policy(xp, p); 2194 xp->type = XFRM_POLICY_TYPE_MAIN; 2195 copy_templates(xp, ut, nr); 2196 2197 *dir = p->dir; 2198 2199 return xp; 2200 } 2201 2202 static inline size_t xfrm_polexpire_msgsize(struct xfrm_policy *xp) 2203 { 2204 return NLMSG_ALIGN(sizeof(struct xfrm_user_polexpire)) 2205 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 2206 + nla_total_size(xfrm_user_sec_ctx_size(xp->security)) 2207 + userpolicy_type_attrsize(); 2208 } 2209 2210 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 2211 int dir, struct km_event *c) 2212 { 2213 struct xfrm_user_polexpire *upe; 2214 struct nlmsghdr *nlh; 2215 int hard = c->data.hard; 2216 2217 nlh = nlmsg_put(skb, c->pid, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe), 0); 2218 if (nlh == NULL) 2219 return -EMSGSIZE; 2220 2221 upe = nlmsg_data(nlh); 2222 copy_to_user_policy(xp, &upe->pol, dir); 2223 if (copy_to_user_tmpl(xp, skb) < 0) 2224 goto nlmsg_failure; 2225 if (copy_to_user_sec_ctx(xp, skb)) 2226 goto nlmsg_failure; 2227 if (copy_to_user_policy_type(xp->type, skb) < 0) 2228 goto nlmsg_failure; 2229 upe->hard = !!hard; 2230 2231 return nlmsg_end(skb, nlh); 2232 2233 nlmsg_failure: 2234 nlmsg_cancel(skb, nlh); 2235 return -EMSGSIZE; 2236 } 2237 2238 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2239 { 2240 struct sk_buff *skb; 2241 2242 skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC); 2243 if (skb == NULL) 2244 return -ENOMEM; 2245 2246 if (build_polexpire(skb, xp, dir, c) < 0) 2247 BUG(); 2248 2249 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 2250 } 2251 2252 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 2253 { 2254 struct xfrm_userpolicy_info *p; 2255 struct xfrm_userpolicy_id *id; 2256 struct nlmsghdr *nlh; 2257 struct sk_buff *skb; 2258 int len = nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2259 int headlen; 2260 2261 headlen = sizeof(*p); 2262 if (c->event == XFRM_MSG_DELPOLICY) { 2263 len += nla_total_size(headlen); 2264 headlen = sizeof(*id); 2265 } 2266 len += userpolicy_type_attrsize(); 2267 len += NLMSG_ALIGN(headlen); 2268 2269 skb = nlmsg_new(len, GFP_ATOMIC); 2270 if (skb == NULL) 2271 return -ENOMEM; 2272 2273 nlh = nlmsg_put(skb, c->pid, c->seq, c->event, headlen, 0); 2274 if (nlh == NULL) 2275 goto nlmsg_failure; 2276 2277 p = nlmsg_data(nlh); 2278 if (c->event == XFRM_MSG_DELPOLICY) { 2279 struct nlattr *attr; 2280 2281 id = nlmsg_data(nlh); 2282 memset(id, 0, sizeof(*id)); 2283 id->dir = dir; 2284 if (c->data.byid) 2285 id->index = xp->index; 2286 else 2287 memcpy(&id->sel, &xp->selector, sizeof(id->sel)); 2288 2289 attr = nla_reserve(skb, XFRMA_POLICY, sizeof(*p)); 2290 if (attr == NULL) 2291 goto nlmsg_failure; 2292 2293 p = nla_data(attr); 2294 } 2295 2296 copy_to_user_policy(xp, p, dir); 2297 if (copy_to_user_tmpl(xp, skb) < 0) 2298 goto nlmsg_failure; 2299 if (copy_to_user_policy_type(xp->type, skb) < 0) 2300 goto nlmsg_failure; 2301 2302 nlmsg_end(skb, nlh); 2303 2304 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2305 2306 nlmsg_failure: 2307 kfree_skb(skb); 2308 return -1; 2309 } 2310 2311 static int xfrm_notify_policy_flush(struct km_event *c) 2312 { 2313 struct nlmsghdr *nlh; 2314 struct sk_buff *skb; 2315 2316 skb = nlmsg_new(userpolicy_type_attrsize(), GFP_ATOMIC); 2317 if (skb == NULL) 2318 return -ENOMEM; 2319 2320 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0, 0); 2321 if (nlh == NULL) 2322 goto nlmsg_failure; 2323 if (copy_to_user_policy_type(c->data.type, skb) < 0) 2324 goto nlmsg_failure; 2325 2326 nlmsg_end(skb, nlh); 2327 2328 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2329 2330 nlmsg_failure: 2331 kfree_skb(skb); 2332 return -1; 2333 } 2334 2335 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2336 { 2337 2338 switch (c->event) { 2339 case XFRM_MSG_NEWPOLICY: 2340 case XFRM_MSG_UPDPOLICY: 2341 case XFRM_MSG_DELPOLICY: 2342 return xfrm_notify_policy(xp, dir, c); 2343 case XFRM_MSG_FLUSHPOLICY: 2344 return xfrm_notify_policy_flush(c); 2345 case XFRM_MSG_POLEXPIRE: 2346 return xfrm_exp_policy_notify(xp, dir, c); 2347 default: 2348 printk("xfrm_user: Unknown Policy event %d\n", c->event); 2349 } 2350 2351 return 0; 2352 2353 } 2354 2355 static inline size_t xfrm_report_msgsize(void) 2356 { 2357 return NLMSG_ALIGN(sizeof(struct xfrm_user_report)); 2358 } 2359 2360 static int build_report(struct sk_buff *skb, u8 proto, 2361 struct xfrm_selector *sel, xfrm_address_t *addr) 2362 { 2363 struct xfrm_user_report *ur; 2364 struct nlmsghdr *nlh; 2365 2366 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_REPORT, sizeof(*ur), 0); 2367 if (nlh == NULL) 2368 return -EMSGSIZE; 2369 2370 ur = nlmsg_data(nlh); 2371 ur->proto = proto; 2372 memcpy(&ur->sel, sel, sizeof(ur->sel)); 2373 2374 if (addr) 2375 NLA_PUT(skb, XFRMA_COADDR, sizeof(*addr), addr); 2376 2377 return nlmsg_end(skb, nlh); 2378 2379 nla_put_failure: 2380 nlmsg_cancel(skb, nlh); 2381 return -EMSGSIZE; 2382 } 2383 2384 static int xfrm_send_report(u8 proto, struct xfrm_selector *sel, 2385 xfrm_address_t *addr) 2386 { 2387 struct sk_buff *skb; 2388 2389 skb = nlmsg_new(xfrm_report_msgsize(), GFP_ATOMIC); 2390 if (skb == NULL) 2391 return -ENOMEM; 2392 2393 if (build_report(skb, proto, sel, addr) < 0) 2394 BUG(); 2395 2396 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_REPORT, GFP_ATOMIC); 2397 } 2398 2399 static struct xfrm_mgr netlink_mgr = { 2400 .id = "netlink", 2401 .notify = xfrm_send_state_notify, 2402 .acquire = xfrm_send_acquire, 2403 .compile_policy = xfrm_compile_policy, 2404 .notify_policy = xfrm_send_policy_notify, 2405 .report = xfrm_send_report, 2406 .migrate = xfrm_send_migrate, 2407 }; 2408 2409 static int __init xfrm_user_init(void) 2410 { 2411 struct sock *nlsk; 2412 2413 printk(KERN_INFO "Initializing XFRM netlink socket\n"); 2414 2415 nlsk = netlink_kernel_create(&init_net, NETLINK_XFRM, XFRMNLGRP_MAX, 2416 xfrm_netlink_rcv, NULL, THIS_MODULE); 2417 if (nlsk == NULL) 2418 return -ENOMEM; 2419 rcu_assign_pointer(xfrm_nl, nlsk); 2420 2421 xfrm_register_km(&netlink_mgr); 2422 2423 return 0; 2424 } 2425 2426 static void __exit xfrm_user_exit(void) 2427 { 2428 struct sock *nlsk = xfrm_nl; 2429 2430 xfrm_unregister_km(&netlink_mgr); 2431 rcu_assign_pointer(xfrm_nl, NULL); 2432 synchronize_rcu(); 2433 sock_release(nlsk->sk_socket); 2434 } 2435 2436 module_init(xfrm_user_init); 2437 module_exit(xfrm_user_exit); 2438 MODULE_LICENSE("GPL"); 2439 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM); 2440 2441