1 /* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support 10 * 11 */ 12 13 #include <linux/crypto.h> 14 #include <linux/module.h> 15 #include <linux/kernel.h> 16 #include <linux/types.h> 17 #include <linux/slab.h> 18 #include <linux/socket.h> 19 #include <linux/string.h> 20 #include <linux/net.h> 21 #include <linux/skbuff.h> 22 #include <linux/pfkeyv2.h> 23 #include <linux/ipsec.h> 24 #include <linux/init.h> 25 #include <linux/security.h> 26 #include <net/sock.h> 27 #include <net/xfrm.h> 28 #include <net/netlink.h> 29 #include <asm/uaccess.h> 30 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 31 #include <linux/in6.h> 32 #endif 33 34 #define DUMMY_MARK 0 35 static struct xfrm_mark dummy_mark = {0, 0}; 36 37 static inline int aead_len(struct xfrm_algo_aead *alg) 38 { 39 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); 40 } 41 42 static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) 43 { 44 struct nlattr *rt = attrs[type]; 45 struct xfrm_algo *algp; 46 47 if (!rt) 48 return 0; 49 50 algp = nla_data(rt); 51 if (nla_len(rt) < xfrm_alg_len(algp)) 52 return -EINVAL; 53 54 switch (type) { 55 case XFRMA_ALG_AUTH: 56 case XFRMA_ALG_CRYPT: 57 case XFRMA_ALG_COMP: 58 break; 59 60 default: 61 return -EINVAL; 62 } 63 64 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 65 return 0; 66 } 67 68 static int verify_auth_trunc(struct nlattr **attrs) 69 { 70 struct nlattr *rt = attrs[XFRMA_ALG_AUTH_TRUNC]; 71 struct xfrm_algo_auth *algp; 72 73 if (!rt) 74 return 0; 75 76 algp = nla_data(rt); 77 if (nla_len(rt) < xfrm_alg_auth_len(algp)) 78 return -EINVAL; 79 80 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 81 return 0; 82 } 83 84 static int verify_aead(struct nlattr **attrs) 85 { 86 struct nlattr *rt = attrs[XFRMA_ALG_AEAD]; 87 struct xfrm_algo_aead *algp; 88 89 if (!rt) 90 return 0; 91 92 algp = nla_data(rt); 93 if (nla_len(rt) < aead_len(algp)) 94 return -EINVAL; 95 96 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 97 return 0; 98 } 99 100 static void verify_one_addr(struct nlattr **attrs, enum xfrm_attr_type_t type, 101 xfrm_address_t **addrp) 102 { 103 struct nlattr *rt = attrs[type]; 104 105 if (rt && addrp) 106 *addrp = nla_data(rt); 107 } 108 109 static inline int verify_sec_ctx_len(struct nlattr **attrs) 110 { 111 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 112 struct xfrm_user_sec_ctx *uctx; 113 114 if (!rt) 115 return 0; 116 117 uctx = nla_data(rt); 118 if (uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len)) 119 return -EINVAL; 120 121 return 0; 122 } 123 124 125 static int verify_newsa_info(struct xfrm_usersa_info *p, 126 struct nlattr **attrs) 127 { 128 int err; 129 130 err = -EINVAL; 131 switch (p->family) { 132 case AF_INET: 133 break; 134 135 case AF_INET6: 136 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 137 break; 138 #else 139 err = -EAFNOSUPPORT; 140 goto out; 141 #endif 142 143 default: 144 goto out; 145 } 146 147 err = -EINVAL; 148 switch (p->id.proto) { 149 case IPPROTO_AH: 150 if ((!attrs[XFRMA_ALG_AUTH] && 151 !attrs[XFRMA_ALG_AUTH_TRUNC]) || 152 attrs[XFRMA_ALG_AEAD] || 153 attrs[XFRMA_ALG_CRYPT] || 154 attrs[XFRMA_ALG_COMP]) 155 goto out; 156 break; 157 158 case IPPROTO_ESP: 159 if (attrs[XFRMA_ALG_COMP]) 160 goto out; 161 if (!attrs[XFRMA_ALG_AUTH] && 162 !attrs[XFRMA_ALG_AUTH_TRUNC] && 163 !attrs[XFRMA_ALG_CRYPT] && 164 !attrs[XFRMA_ALG_AEAD]) 165 goto out; 166 if ((attrs[XFRMA_ALG_AUTH] || 167 attrs[XFRMA_ALG_AUTH_TRUNC] || 168 attrs[XFRMA_ALG_CRYPT]) && 169 attrs[XFRMA_ALG_AEAD]) 170 goto out; 171 break; 172 173 case IPPROTO_COMP: 174 if (!attrs[XFRMA_ALG_COMP] || 175 attrs[XFRMA_ALG_AEAD] || 176 attrs[XFRMA_ALG_AUTH] || 177 attrs[XFRMA_ALG_AUTH_TRUNC] || 178 attrs[XFRMA_ALG_CRYPT]) 179 goto out; 180 break; 181 182 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 183 case IPPROTO_DSTOPTS: 184 case IPPROTO_ROUTING: 185 if (attrs[XFRMA_ALG_COMP] || 186 attrs[XFRMA_ALG_AUTH] || 187 attrs[XFRMA_ALG_AUTH_TRUNC] || 188 attrs[XFRMA_ALG_AEAD] || 189 attrs[XFRMA_ALG_CRYPT] || 190 attrs[XFRMA_ENCAP] || 191 attrs[XFRMA_SEC_CTX] || 192 !attrs[XFRMA_COADDR]) 193 goto out; 194 break; 195 #endif 196 197 default: 198 goto out; 199 } 200 201 if ((err = verify_aead(attrs))) 202 goto out; 203 if ((err = verify_auth_trunc(attrs))) 204 goto out; 205 if ((err = verify_one_alg(attrs, XFRMA_ALG_AUTH))) 206 goto out; 207 if ((err = verify_one_alg(attrs, XFRMA_ALG_CRYPT))) 208 goto out; 209 if ((err = verify_one_alg(attrs, XFRMA_ALG_COMP))) 210 goto out; 211 if ((err = verify_sec_ctx_len(attrs))) 212 goto out; 213 214 err = -EINVAL; 215 switch (p->mode) { 216 case XFRM_MODE_TRANSPORT: 217 case XFRM_MODE_TUNNEL: 218 case XFRM_MODE_ROUTEOPTIMIZATION: 219 case XFRM_MODE_BEET: 220 break; 221 222 default: 223 goto out; 224 } 225 226 err = 0; 227 228 out: 229 return err; 230 } 231 232 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 233 struct xfrm_algo_desc *(*get_byname)(char *, int), 234 struct nlattr *rta) 235 { 236 struct xfrm_algo *p, *ualg; 237 struct xfrm_algo_desc *algo; 238 239 if (!rta) 240 return 0; 241 242 ualg = nla_data(rta); 243 244 algo = get_byname(ualg->alg_name, 1); 245 if (!algo) 246 return -ENOSYS; 247 *props = algo->desc.sadb_alg_id; 248 249 p = kmemdup(ualg, xfrm_alg_len(ualg), GFP_KERNEL); 250 if (!p) 251 return -ENOMEM; 252 253 strcpy(p->alg_name, algo->name); 254 *algpp = p; 255 return 0; 256 } 257 258 static int attach_auth(struct xfrm_algo_auth **algpp, u8 *props, 259 struct nlattr *rta) 260 { 261 struct xfrm_algo *ualg; 262 struct xfrm_algo_auth *p; 263 struct xfrm_algo_desc *algo; 264 265 if (!rta) 266 return 0; 267 268 ualg = nla_data(rta); 269 270 algo = xfrm_aalg_get_byname(ualg->alg_name, 1); 271 if (!algo) 272 return -ENOSYS; 273 *props = algo->desc.sadb_alg_id; 274 275 p = kmalloc(sizeof(*p) + (ualg->alg_key_len + 7) / 8, GFP_KERNEL); 276 if (!p) 277 return -ENOMEM; 278 279 strcpy(p->alg_name, algo->name); 280 p->alg_key_len = ualg->alg_key_len; 281 p->alg_trunc_len = algo->uinfo.auth.icv_truncbits; 282 memcpy(p->alg_key, ualg->alg_key, (ualg->alg_key_len + 7) / 8); 283 284 *algpp = p; 285 return 0; 286 } 287 288 static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props, 289 struct nlattr *rta) 290 { 291 struct xfrm_algo_auth *p, *ualg; 292 struct xfrm_algo_desc *algo; 293 294 if (!rta) 295 return 0; 296 297 ualg = nla_data(rta); 298 299 algo = xfrm_aalg_get_byname(ualg->alg_name, 1); 300 if (!algo) 301 return -ENOSYS; 302 if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) 303 return -EINVAL; 304 *props = algo->desc.sadb_alg_id; 305 306 p = kmemdup(ualg, xfrm_alg_auth_len(ualg), GFP_KERNEL); 307 if (!p) 308 return -ENOMEM; 309 310 strcpy(p->alg_name, algo->name); 311 if (!p->alg_trunc_len) 312 p->alg_trunc_len = algo->uinfo.auth.icv_truncbits; 313 314 *algpp = p; 315 return 0; 316 } 317 318 static int attach_aead(struct xfrm_algo_aead **algpp, u8 *props, 319 struct nlattr *rta) 320 { 321 struct xfrm_algo_aead *p, *ualg; 322 struct xfrm_algo_desc *algo; 323 324 if (!rta) 325 return 0; 326 327 ualg = nla_data(rta); 328 329 algo = xfrm_aead_get_byname(ualg->alg_name, ualg->alg_icv_len, 1); 330 if (!algo) 331 return -ENOSYS; 332 *props = algo->desc.sadb_alg_id; 333 334 p = kmemdup(ualg, aead_len(ualg), GFP_KERNEL); 335 if (!p) 336 return -ENOMEM; 337 338 strcpy(p->alg_name, algo->name); 339 *algpp = p; 340 return 0; 341 } 342 343 static inline int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx) 344 { 345 int len = 0; 346 347 if (xfrm_ctx) { 348 len += sizeof(struct xfrm_user_sec_ctx); 349 len += xfrm_ctx->ctx_len; 350 } 351 return len; 352 } 353 354 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 355 { 356 memcpy(&x->id, &p->id, sizeof(x->id)); 357 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 358 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 359 x->props.mode = p->mode; 360 x->props.replay_window = p->replay_window; 361 x->props.reqid = p->reqid; 362 x->props.family = p->family; 363 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 364 x->props.flags = p->flags; 365 366 if (!x->sel.family && !(p->flags & XFRM_STATE_AF_UNSPEC)) 367 x->sel.family = p->family; 368 } 369 370 /* 371 * someday when pfkey also has support, we could have the code 372 * somehow made shareable and move it to xfrm_state.c - JHS 373 * 374 */ 375 static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) 376 { 377 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 378 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 379 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; 380 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; 381 382 if (rp) { 383 struct xfrm_replay_state *replay; 384 replay = nla_data(rp); 385 memcpy(&x->replay, replay, sizeof(*replay)); 386 memcpy(&x->preplay, replay, sizeof(*replay)); 387 } 388 389 if (lt) { 390 struct xfrm_lifetime_cur *ltime; 391 ltime = nla_data(lt); 392 x->curlft.bytes = ltime->bytes; 393 x->curlft.packets = ltime->packets; 394 x->curlft.add_time = ltime->add_time; 395 x->curlft.use_time = ltime->use_time; 396 } 397 398 if (et) 399 x->replay_maxage = nla_get_u32(et); 400 401 if (rt) 402 x->replay_maxdiff = nla_get_u32(rt); 403 } 404 405 static struct xfrm_state *xfrm_state_construct(struct net *net, 406 struct xfrm_usersa_info *p, 407 struct nlattr **attrs, 408 int *errp) 409 { 410 struct xfrm_state *x = xfrm_state_alloc(net); 411 int err = -ENOMEM; 412 413 if (!x) 414 goto error_no_put; 415 416 copy_from_user_state(x, p); 417 418 if ((err = attach_aead(&x->aead, &x->props.ealgo, 419 attrs[XFRMA_ALG_AEAD]))) 420 goto error; 421 if ((err = attach_auth_trunc(&x->aalg, &x->props.aalgo, 422 attrs[XFRMA_ALG_AUTH_TRUNC]))) 423 goto error; 424 if (!x->props.aalgo) { 425 if ((err = attach_auth(&x->aalg, &x->props.aalgo, 426 attrs[XFRMA_ALG_AUTH]))) 427 goto error; 428 } 429 if ((err = attach_one_algo(&x->ealg, &x->props.ealgo, 430 xfrm_ealg_get_byname, 431 attrs[XFRMA_ALG_CRYPT]))) 432 goto error; 433 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 434 xfrm_calg_get_byname, 435 attrs[XFRMA_ALG_COMP]))) 436 goto error; 437 438 if (attrs[XFRMA_ENCAP]) { 439 x->encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]), 440 sizeof(*x->encap), GFP_KERNEL); 441 if (x->encap == NULL) 442 goto error; 443 } 444 445 if (attrs[XFRMA_COADDR]) { 446 x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]), 447 sizeof(*x->coaddr), GFP_KERNEL); 448 if (x->coaddr == NULL) 449 goto error; 450 } 451 452 err = xfrm_init_state(x); 453 if (err) 454 goto error; 455 456 if (attrs[XFRMA_SEC_CTX] && 457 security_xfrm_state_alloc(x, nla_data(attrs[XFRMA_SEC_CTX]))) 458 goto error; 459 460 x->km.seq = p->seq; 461 x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth; 462 /* sysctl_xfrm_aevent_etime is in 100ms units */ 463 x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M; 464 x->preplay.bitmap = 0; 465 x->preplay.seq = x->replay.seq+x->replay_maxdiff; 466 x->preplay.oseq = x->replay.oseq +x->replay_maxdiff; 467 468 /* override default values from above */ 469 470 xfrm_update_ae_params(x, attrs); 471 472 return x; 473 474 error: 475 x->km.state = XFRM_STATE_DEAD; 476 xfrm_state_put(x); 477 error_no_put: 478 *errp = err; 479 return NULL; 480 } 481 482 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 483 struct nlattr **attrs) 484 { 485 struct net *net = sock_net(skb->sk); 486 struct xfrm_usersa_info *p = nlmsg_data(nlh); 487 struct xfrm_state *x; 488 int err; 489 struct km_event c; 490 uid_t loginuid = NETLINK_CB(skb).loginuid; 491 u32 sessionid = NETLINK_CB(skb).sessionid; 492 u32 sid = NETLINK_CB(skb).sid; 493 494 err = verify_newsa_info(p, attrs); 495 if (err) 496 return err; 497 498 x = xfrm_state_construct(net, p, attrs, &err); 499 if (!x) 500 return err; 501 502 xfrm_state_hold(x); 503 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 504 err = xfrm_state_add(x); 505 else 506 err = xfrm_state_update(x); 507 508 xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid); 509 510 if (err < 0) { 511 x->km.state = XFRM_STATE_DEAD; 512 __xfrm_state_put(x); 513 goto out; 514 } 515 516 c.seq = nlh->nlmsg_seq; 517 c.pid = nlh->nlmsg_pid; 518 c.event = nlh->nlmsg_type; 519 520 km_state_notify(x, &c); 521 out: 522 xfrm_state_put(x); 523 return err; 524 } 525 526 static struct xfrm_state *xfrm_user_state_lookup(struct net *net, 527 struct xfrm_usersa_id *p, 528 struct nlattr **attrs, 529 int *errp) 530 { 531 struct xfrm_state *x = NULL; 532 int err; 533 534 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { 535 err = -ESRCH; 536 x = xfrm_state_lookup(net, DUMMY_MARK, &p->daddr, p->spi, p->proto, p->family); 537 } else { 538 xfrm_address_t *saddr = NULL; 539 540 verify_one_addr(attrs, XFRMA_SRCADDR, &saddr); 541 if (!saddr) { 542 err = -EINVAL; 543 goto out; 544 } 545 546 err = -ESRCH; 547 x = xfrm_state_lookup_byaddr(net, DUMMY_MARK, &p->daddr, saddr, 548 p->proto, p->family); 549 } 550 551 out: 552 if (!x && errp) 553 *errp = err; 554 return x; 555 } 556 557 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 558 struct nlattr **attrs) 559 { 560 struct net *net = sock_net(skb->sk); 561 struct xfrm_state *x; 562 int err = -ESRCH; 563 struct km_event c; 564 struct xfrm_usersa_id *p = nlmsg_data(nlh); 565 uid_t loginuid = NETLINK_CB(skb).loginuid; 566 u32 sessionid = NETLINK_CB(skb).sessionid; 567 u32 sid = NETLINK_CB(skb).sid; 568 569 x = xfrm_user_state_lookup(net, p, attrs, &err); 570 if (x == NULL) 571 return err; 572 573 if ((err = security_xfrm_state_delete(x)) != 0) 574 goto out; 575 576 if (xfrm_state_kern(x)) { 577 err = -EPERM; 578 goto out; 579 } 580 581 err = xfrm_state_delete(x); 582 583 if (err < 0) 584 goto out; 585 586 c.seq = nlh->nlmsg_seq; 587 c.pid = nlh->nlmsg_pid; 588 c.event = nlh->nlmsg_type; 589 km_state_notify(x, &c); 590 591 out: 592 xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid); 593 xfrm_state_put(x); 594 return err; 595 } 596 597 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 598 { 599 memcpy(&p->id, &x->id, sizeof(p->id)); 600 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 601 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 602 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 603 memcpy(&p->stats, &x->stats, sizeof(p->stats)); 604 memcpy(&p->saddr, &x->props.saddr, sizeof(p->saddr)); 605 p->mode = x->props.mode; 606 p->replay_window = x->props.replay_window; 607 p->reqid = x->props.reqid; 608 p->family = x->props.family; 609 p->flags = x->props.flags; 610 p->seq = x->km.seq; 611 } 612 613 struct xfrm_dump_info { 614 struct sk_buff *in_skb; 615 struct sk_buff *out_skb; 616 u32 nlmsg_seq; 617 u16 nlmsg_flags; 618 }; 619 620 static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb) 621 { 622 struct xfrm_user_sec_ctx *uctx; 623 struct nlattr *attr; 624 int ctx_size = sizeof(*uctx) + s->ctx_len; 625 626 attr = nla_reserve(skb, XFRMA_SEC_CTX, ctx_size); 627 if (attr == NULL) 628 return -EMSGSIZE; 629 630 uctx = nla_data(attr); 631 uctx->exttype = XFRMA_SEC_CTX; 632 uctx->len = ctx_size; 633 uctx->ctx_doi = s->ctx_doi; 634 uctx->ctx_alg = s->ctx_alg; 635 uctx->ctx_len = s->ctx_len; 636 memcpy(uctx + 1, s->ctx_str, s->ctx_len); 637 638 return 0; 639 } 640 641 static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb) 642 { 643 struct xfrm_algo *algo; 644 struct nlattr *nla; 645 646 nla = nla_reserve(skb, XFRMA_ALG_AUTH, 647 sizeof(*algo) + (auth->alg_key_len + 7) / 8); 648 if (!nla) 649 return -EMSGSIZE; 650 651 algo = nla_data(nla); 652 strcpy(algo->alg_name, auth->alg_name); 653 memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8); 654 algo->alg_key_len = auth->alg_key_len; 655 656 return 0; 657 } 658 659 /* Don't change this without updating xfrm_sa_len! */ 660 static int copy_to_user_state_extra(struct xfrm_state *x, 661 struct xfrm_usersa_info *p, 662 struct sk_buff *skb) 663 { 664 copy_to_user_state(x, p); 665 666 if (x->coaddr) 667 NLA_PUT(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr); 668 669 if (x->lastused) 670 NLA_PUT_U64(skb, XFRMA_LASTUSED, x->lastused); 671 672 if (x->aead) 673 NLA_PUT(skb, XFRMA_ALG_AEAD, aead_len(x->aead), x->aead); 674 if (x->aalg) { 675 if (copy_to_user_auth(x->aalg, skb)) 676 goto nla_put_failure; 677 678 NLA_PUT(skb, XFRMA_ALG_AUTH_TRUNC, 679 xfrm_alg_auth_len(x->aalg), x->aalg); 680 } 681 if (x->ealg) 682 NLA_PUT(skb, XFRMA_ALG_CRYPT, xfrm_alg_len(x->ealg), x->ealg); 683 if (x->calg) 684 NLA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 685 686 if (x->encap) 687 NLA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 688 689 if (x->security && copy_sec_ctx(x->security, skb) < 0) 690 goto nla_put_failure; 691 692 return 0; 693 694 nla_put_failure: 695 return -EMSGSIZE; 696 } 697 698 static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 699 { 700 struct xfrm_dump_info *sp = ptr; 701 struct sk_buff *in_skb = sp->in_skb; 702 struct sk_buff *skb = sp->out_skb; 703 struct xfrm_usersa_info *p; 704 struct nlmsghdr *nlh; 705 int err; 706 707 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).pid, sp->nlmsg_seq, 708 XFRM_MSG_NEWSA, sizeof(*p), sp->nlmsg_flags); 709 if (nlh == NULL) 710 return -EMSGSIZE; 711 712 p = nlmsg_data(nlh); 713 714 err = copy_to_user_state_extra(x, p, skb); 715 if (err) 716 goto nla_put_failure; 717 718 nlmsg_end(skb, nlh); 719 return 0; 720 721 nla_put_failure: 722 nlmsg_cancel(skb, nlh); 723 return err; 724 } 725 726 static int xfrm_dump_sa_done(struct netlink_callback *cb) 727 { 728 struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; 729 xfrm_state_walk_done(walk); 730 return 0; 731 } 732 733 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 734 { 735 struct net *net = sock_net(skb->sk); 736 struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; 737 struct xfrm_dump_info info; 738 739 BUILD_BUG_ON(sizeof(struct xfrm_state_walk) > 740 sizeof(cb->args) - sizeof(cb->args[0])); 741 742 info.in_skb = cb->skb; 743 info.out_skb = skb; 744 info.nlmsg_seq = cb->nlh->nlmsg_seq; 745 info.nlmsg_flags = NLM_F_MULTI; 746 747 if (!cb->args[0]) { 748 cb->args[0] = 1; 749 xfrm_state_walk_init(walk, 0); 750 } 751 752 (void) xfrm_state_walk(net, walk, dump_one_state, &info); 753 754 return skb->len; 755 } 756 757 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 758 struct xfrm_state *x, u32 seq) 759 { 760 struct xfrm_dump_info info; 761 struct sk_buff *skb; 762 763 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 764 if (!skb) 765 return ERR_PTR(-ENOMEM); 766 767 info.in_skb = in_skb; 768 info.out_skb = skb; 769 info.nlmsg_seq = seq; 770 info.nlmsg_flags = 0; 771 772 if (dump_one_state(x, 0, &info)) { 773 kfree_skb(skb); 774 return NULL; 775 } 776 777 return skb; 778 } 779 780 static inline size_t xfrm_spdinfo_msgsize(void) 781 { 782 return NLMSG_ALIGN(4) 783 + nla_total_size(sizeof(struct xfrmu_spdinfo)) 784 + nla_total_size(sizeof(struct xfrmu_spdhinfo)); 785 } 786 787 static int build_spdinfo(struct sk_buff *skb, struct net *net, 788 u32 pid, u32 seq, u32 flags) 789 { 790 struct xfrmk_spdinfo si; 791 struct xfrmu_spdinfo spc; 792 struct xfrmu_spdhinfo sph; 793 struct nlmsghdr *nlh; 794 u32 *f; 795 796 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0); 797 if (nlh == NULL) /* shouldnt really happen ... */ 798 return -EMSGSIZE; 799 800 f = nlmsg_data(nlh); 801 *f = flags; 802 xfrm_spd_getinfo(net, &si); 803 spc.incnt = si.incnt; 804 spc.outcnt = si.outcnt; 805 spc.fwdcnt = si.fwdcnt; 806 spc.inscnt = si.inscnt; 807 spc.outscnt = si.outscnt; 808 spc.fwdscnt = si.fwdscnt; 809 sph.spdhcnt = si.spdhcnt; 810 sph.spdhmcnt = si.spdhmcnt; 811 812 NLA_PUT(skb, XFRMA_SPD_INFO, sizeof(spc), &spc); 813 NLA_PUT(skb, XFRMA_SPD_HINFO, sizeof(sph), &sph); 814 815 return nlmsg_end(skb, nlh); 816 817 nla_put_failure: 818 nlmsg_cancel(skb, nlh); 819 return -EMSGSIZE; 820 } 821 822 static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 823 struct nlattr **attrs) 824 { 825 struct net *net = sock_net(skb->sk); 826 struct sk_buff *r_skb; 827 u32 *flags = nlmsg_data(nlh); 828 u32 spid = NETLINK_CB(skb).pid; 829 u32 seq = nlh->nlmsg_seq; 830 831 r_skb = nlmsg_new(xfrm_spdinfo_msgsize(), GFP_ATOMIC); 832 if (r_skb == NULL) 833 return -ENOMEM; 834 835 if (build_spdinfo(r_skb, net, spid, seq, *flags) < 0) 836 BUG(); 837 838 return nlmsg_unicast(net->xfrm.nlsk, r_skb, spid); 839 } 840 841 static inline size_t xfrm_sadinfo_msgsize(void) 842 { 843 return NLMSG_ALIGN(4) 844 + nla_total_size(sizeof(struct xfrmu_sadhinfo)) 845 + nla_total_size(4); /* XFRMA_SAD_CNT */ 846 } 847 848 static int build_sadinfo(struct sk_buff *skb, struct net *net, 849 u32 pid, u32 seq, u32 flags) 850 { 851 struct xfrmk_sadinfo si; 852 struct xfrmu_sadhinfo sh; 853 struct nlmsghdr *nlh; 854 u32 *f; 855 856 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0); 857 if (nlh == NULL) /* shouldnt really happen ... */ 858 return -EMSGSIZE; 859 860 f = nlmsg_data(nlh); 861 *f = flags; 862 xfrm_sad_getinfo(net, &si); 863 864 sh.sadhmcnt = si.sadhmcnt; 865 sh.sadhcnt = si.sadhcnt; 866 867 NLA_PUT_U32(skb, XFRMA_SAD_CNT, si.sadcnt); 868 NLA_PUT(skb, XFRMA_SAD_HINFO, sizeof(sh), &sh); 869 870 return nlmsg_end(skb, nlh); 871 872 nla_put_failure: 873 nlmsg_cancel(skb, nlh); 874 return -EMSGSIZE; 875 } 876 877 static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 878 struct nlattr **attrs) 879 { 880 struct net *net = sock_net(skb->sk); 881 struct sk_buff *r_skb; 882 u32 *flags = nlmsg_data(nlh); 883 u32 spid = NETLINK_CB(skb).pid; 884 u32 seq = nlh->nlmsg_seq; 885 886 r_skb = nlmsg_new(xfrm_sadinfo_msgsize(), GFP_ATOMIC); 887 if (r_skb == NULL) 888 return -ENOMEM; 889 890 if (build_sadinfo(r_skb, net, spid, seq, *flags) < 0) 891 BUG(); 892 893 return nlmsg_unicast(net->xfrm.nlsk, r_skb, spid); 894 } 895 896 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 897 struct nlattr **attrs) 898 { 899 struct net *net = sock_net(skb->sk); 900 struct xfrm_usersa_id *p = nlmsg_data(nlh); 901 struct xfrm_state *x; 902 struct sk_buff *resp_skb; 903 int err = -ESRCH; 904 905 x = xfrm_user_state_lookup(net, p, attrs, &err); 906 if (x == NULL) 907 goto out_noput; 908 909 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 910 if (IS_ERR(resp_skb)) { 911 err = PTR_ERR(resp_skb); 912 } else { 913 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).pid); 914 } 915 xfrm_state_put(x); 916 out_noput: 917 return err; 918 } 919 920 static int verify_userspi_info(struct xfrm_userspi_info *p) 921 { 922 switch (p->info.id.proto) { 923 case IPPROTO_AH: 924 case IPPROTO_ESP: 925 break; 926 927 case IPPROTO_COMP: 928 /* IPCOMP spi is 16-bits. */ 929 if (p->max >= 0x10000) 930 return -EINVAL; 931 break; 932 933 default: 934 return -EINVAL; 935 } 936 937 if (p->min > p->max) 938 return -EINVAL; 939 940 return 0; 941 } 942 943 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, 944 struct nlattr **attrs) 945 { 946 struct net *net = sock_net(skb->sk); 947 struct xfrm_state *x; 948 struct xfrm_userspi_info *p; 949 struct sk_buff *resp_skb; 950 xfrm_address_t *daddr; 951 int family; 952 int err; 953 954 p = nlmsg_data(nlh); 955 err = verify_userspi_info(p); 956 if (err) 957 goto out_noput; 958 959 family = p->info.family; 960 daddr = &p->info.id.daddr; 961 962 x = NULL; 963 if (p->info.seq) { 964 x = xfrm_find_acq_byseq(net, DUMMY_MARK, p->info.seq); 965 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) { 966 xfrm_state_put(x); 967 x = NULL; 968 } 969 } 970 971 if (!x) 972 x = xfrm_find_acq(net, &dummy_mark, p->info.mode, p->info.reqid, 973 p->info.id.proto, daddr, 974 &p->info.saddr, 1, 975 family); 976 err = -ENOENT; 977 if (x == NULL) 978 goto out_noput; 979 980 err = xfrm_alloc_spi(x, p->min, p->max); 981 if (err) 982 goto out; 983 984 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 985 if (IS_ERR(resp_skb)) { 986 err = PTR_ERR(resp_skb); 987 goto out; 988 } 989 990 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).pid); 991 992 out: 993 xfrm_state_put(x); 994 out_noput: 995 return err; 996 } 997 998 static int verify_policy_dir(u8 dir) 999 { 1000 switch (dir) { 1001 case XFRM_POLICY_IN: 1002 case XFRM_POLICY_OUT: 1003 case XFRM_POLICY_FWD: 1004 break; 1005 1006 default: 1007 return -EINVAL; 1008 } 1009 1010 return 0; 1011 } 1012 1013 static int verify_policy_type(u8 type) 1014 { 1015 switch (type) { 1016 case XFRM_POLICY_TYPE_MAIN: 1017 #ifdef CONFIG_XFRM_SUB_POLICY 1018 case XFRM_POLICY_TYPE_SUB: 1019 #endif 1020 break; 1021 1022 default: 1023 return -EINVAL; 1024 } 1025 1026 return 0; 1027 } 1028 1029 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 1030 { 1031 switch (p->share) { 1032 case XFRM_SHARE_ANY: 1033 case XFRM_SHARE_SESSION: 1034 case XFRM_SHARE_USER: 1035 case XFRM_SHARE_UNIQUE: 1036 break; 1037 1038 default: 1039 return -EINVAL; 1040 } 1041 1042 switch (p->action) { 1043 case XFRM_POLICY_ALLOW: 1044 case XFRM_POLICY_BLOCK: 1045 break; 1046 1047 default: 1048 return -EINVAL; 1049 } 1050 1051 switch (p->sel.family) { 1052 case AF_INET: 1053 break; 1054 1055 case AF_INET6: 1056 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1057 break; 1058 #else 1059 return -EAFNOSUPPORT; 1060 #endif 1061 1062 default: 1063 return -EINVAL; 1064 } 1065 1066 return verify_policy_dir(p->dir); 1067 } 1068 1069 static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct nlattr **attrs) 1070 { 1071 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1072 struct xfrm_user_sec_ctx *uctx; 1073 1074 if (!rt) 1075 return 0; 1076 1077 uctx = nla_data(rt); 1078 return security_xfrm_policy_alloc(&pol->security, uctx); 1079 } 1080 1081 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 1082 int nr) 1083 { 1084 int i; 1085 1086 xp->xfrm_nr = nr; 1087 for (i = 0; i < nr; i++, ut++) { 1088 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 1089 1090 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 1091 memcpy(&t->saddr, &ut->saddr, 1092 sizeof(xfrm_address_t)); 1093 t->reqid = ut->reqid; 1094 t->mode = ut->mode; 1095 t->share = ut->share; 1096 t->optional = ut->optional; 1097 t->aalgos = ut->aalgos; 1098 t->ealgos = ut->ealgos; 1099 t->calgos = ut->calgos; 1100 /* If all masks are ~0, then we allow all algorithms. */ 1101 t->allalgs = !~(t->aalgos & t->ealgos & t->calgos); 1102 t->encap_family = ut->family; 1103 } 1104 } 1105 1106 static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family) 1107 { 1108 int i; 1109 1110 if (nr > XFRM_MAX_DEPTH) 1111 return -EINVAL; 1112 1113 for (i = 0; i < nr; i++) { 1114 /* We never validated the ut->family value, so many 1115 * applications simply leave it at zero. The check was 1116 * never made and ut->family was ignored because all 1117 * templates could be assumed to have the same family as 1118 * the policy itself. Now that we will have ipv4-in-ipv6 1119 * and ipv6-in-ipv4 tunnels, this is no longer true. 1120 */ 1121 if (!ut[i].family) 1122 ut[i].family = family; 1123 1124 switch (ut[i].family) { 1125 case AF_INET: 1126 break; 1127 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 1128 case AF_INET6: 1129 break; 1130 #endif 1131 default: 1132 return -EINVAL; 1133 } 1134 } 1135 1136 return 0; 1137 } 1138 1139 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct nlattr **attrs) 1140 { 1141 struct nlattr *rt = attrs[XFRMA_TMPL]; 1142 1143 if (!rt) { 1144 pol->xfrm_nr = 0; 1145 } else { 1146 struct xfrm_user_tmpl *utmpl = nla_data(rt); 1147 int nr = nla_len(rt) / sizeof(*utmpl); 1148 int err; 1149 1150 err = validate_tmpl(nr, utmpl, pol->family); 1151 if (err) 1152 return err; 1153 1154 copy_templates(pol, utmpl, nr); 1155 } 1156 return 0; 1157 } 1158 1159 static int copy_from_user_policy_type(u8 *tp, struct nlattr **attrs) 1160 { 1161 struct nlattr *rt = attrs[XFRMA_POLICY_TYPE]; 1162 struct xfrm_userpolicy_type *upt; 1163 u8 type = XFRM_POLICY_TYPE_MAIN; 1164 int err; 1165 1166 if (rt) { 1167 upt = nla_data(rt); 1168 type = upt->type; 1169 } 1170 1171 err = verify_policy_type(type); 1172 if (err) 1173 return err; 1174 1175 *tp = type; 1176 return 0; 1177 } 1178 1179 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 1180 { 1181 xp->priority = p->priority; 1182 xp->index = p->index; 1183 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 1184 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 1185 xp->action = p->action; 1186 xp->flags = p->flags; 1187 xp->family = p->sel.family; 1188 /* XXX xp->share = p->share; */ 1189 } 1190 1191 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 1192 { 1193 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 1194 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 1195 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 1196 p->priority = xp->priority; 1197 p->index = xp->index; 1198 p->sel.family = xp->family; 1199 p->dir = dir; 1200 p->action = xp->action; 1201 p->flags = xp->flags; 1202 p->share = XFRM_SHARE_ANY; /* XXX xp->share */ 1203 } 1204 1205 static struct xfrm_policy *xfrm_policy_construct(struct net *net, struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) 1206 { 1207 struct xfrm_policy *xp = xfrm_policy_alloc(net, GFP_KERNEL); 1208 int err; 1209 1210 if (!xp) { 1211 *errp = -ENOMEM; 1212 return NULL; 1213 } 1214 1215 copy_from_user_policy(xp, p); 1216 1217 err = copy_from_user_policy_type(&xp->type, attrs); 1218 if (err) 1219 goto error; 1220 1221 if (!(err = copy_from_user_tmpl(xp, attrs))) 1222 err = copy_from_user_sec_ctx(xp, attrs); 1223 if (err) 1224 goto error; 1225 1226 return xp; 1227 error: 1228 *errp = err; 1229 xp->walk.dead = 1; 1230 xfrm_policy_destroy(xp); 1231 return NULL; 1232 } 1233 1234 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1235 struct nlattr **attrs) 1236 { 1237 struct net *net = sock_net(skb->sk); 1238 struct xfrm_userpolicy_info *p = nlmsg_data(nlh); 1239 struct xfrm_policy *xp; 1240 struct km_event c; 1241 int err; 1242 int excl; 1243 uid_t loginuid = NETLINK_CB(skb).loginuid; 1244 u32 sessionid = NETLINK_CB(skb).sessionid; 1245 u32 sid = NETLINK_CB(skb).sid; 1246 1247 err = verify_newpolicy_info(p); 1248 if (err) 1249 return err; 1250 err = verify_sec_ctx_len(attrs); 1251 if (err) 1252 return err; 1253 1254 xp = xfrm_policy_construct(net, p, attrs, &err); 1255 if (!xp) 1256 return err; 1257 1258 /* shouldnt excl be based on nlh flags?? 1259 * Aha! this is anti-netlink really i.e more pfkey derived 1260 * in netlink excl is a flag and you wouldnt need 1261 * a type XFRM_MSG_UPDPOLICY - JHS */ 1262 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1263 err = xfrm_policy_insert(p->dir, xp, excl); 1264 xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid); 1265 1266 if (err) { 1267 security_xfrm_policy_free(xp->security); 1268 kfree(xp); 1269 return err; 1270 } 1271 1272 c.event = nlh->nlmsg_type; 1273 c.seq = nlh->nlmsg_seq; 1274 c.pid = nlh->nlmsg_pid; 1275 km_policy_notify(xp, p->dir, &c); 1276 1277 xfrm_pol_put(xp); 1278 1279 return 0; 1280 } 1281 1282 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 1283 { 1284 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 1285 int i; 1286 1287 if (xp->xfrm_nr == 0) 1288 return 0; 1289 1290 for (i = 0; i < xp->xfrm_nr; i++) { 1291 struct xfrm_user_tmpl *up = &vec[i]; 1292 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1293 1294 memcpy(&up->id, &kp->id, sizeof(up->id)); 1295 up->family = kp->encap_family; 1296 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1297 up->reqid = kp->reqid; 1298 up->mode = kp->mode; 1299 up->share = kp->share; 1300 up->optional = kp->optional; 1301 up->aalgos = kp->aalgos; 1302 up->ealgos = kp->ealgos; 1303 up->calgos = kp->calgos; 1304 } 1305 1306 return nla_put(skb, XFRMA_TMPL, 1307 sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr, vec); 1308 } 1309 1310 static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb) 1311 { 1312 if (x->security) { 1313 return copy_sec_ctx(x->security, skb); 1314 } 1315 return 0; 1316 } 1317 1318 static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb) 1319 { 1320 if (xp->security) { 1321 return copy_sec_ctx(xp->security, skb); 1322 } 1323 return 0; 1324 } 1325 static inline size_t userpolicy_type_attrsize(void) 1326 { 1327 #ifdef CONFIG_XFRM_SUB_POLICY 1328 return nla_total_size(sizeof(struct xfrm_userpolicy_type)); 1329 #else 1330 return 0; 1331 #endif 1332 } 1333 1334 #ifdef CONFIG_XFRM_SUB_POLICY 1335 static int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1336 { 1337 struct xfrm_userpolicy_type upt = { 1338 .type = type, 1339 }; 1340 1341 return nla_put(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); 1342 } 1343 1344 #else 1345 static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1346 { 1347 return 0; 1348 } 1349 #endif 1350 1351 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 1352 { 1353 struct xfrm_dump_info *sp = ptr; 1354 struct xfrm_userpolicy_info *p; 1355 struct sk_buff *in_skb = sp->in_skb; 1356 struct sk_buff *skb = sp->out_skb; 1357 struct nlmsghdr *nlh; 1358 1359 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).pid, sp->nlmsg_seq, 1360 XFRM_MSG_NEWPOLICY, sizeof(*p), sp->nlmsg_flags); 1361 if (nlh == NULL) 1362 return -EMSGSIZE; 1363 1364 p = nlmsg_data(nlh); 1365 copy_to_user_policy(xp, p, dir); 1366 if (copy_to_user_tmpl(xp, skb) < 0) 1367 goto nlmsg_failure; 1368 if (copy_to_user_sec_ctx(xp, skb)) 1369 goto nlmsg_failure; 1370 if (copy_to_user_policy_type(xp->type, skb) < 0) 1371 goto nlmsg_failure; 1372 1373 nlmsg_end(skb, nlh); 1374 return 0; 1375 1376 nlmsg_failure: 1377 nlmsg_cancel(skb, nlh); 1378 return -EMSGSIZE; 1379 } 1380 1381 static int xfrm_dump_policy_done(struct netlink_callback *cb) 1382 { 1383 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; 1384 1385 xfrm_policy_walk_done(walk); 1386 return 0; 1387 } 1388 1389 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 1390 { 1391 struct net *net = sock_net(skb->sk); 1392 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; 1393 struct xfrm_dump_info info; 1394 1395 BUILD_BUG_ON(sizeof(struct xfrm_policy_walk) > 1396 sizeof(cb->args) - sizeof(cb->args[0])); 1397 1398 info.in_skb = cb->skb; 1399 info.out_skb = skb; 1400 info.nlmsg_seq = cb->nlh->nlmsg_seq; 1401 info.nlmsg_flags = NLM_F_MULTI; 1402 1403 if (!cb->args[0]) { 1404 cb->args[0] = 1; 1405 xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY); 1406 } 1407 1408 (void) xfrm_policy_walk(net, walk, dump_one_policy, &info); 1409 1410 return skb->len; 1411 } 1412 1413 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 1414 struct xfrm_policy *xp, 1415 int dir, u32 seq) 1416 { 1417 struct xfrm_dump_info info; 1418 struct sk_buff *skb; 1419 1420 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1421 if (!skb) 1422 return ERR_PTR(-ENOMEM); 1423 1424 info.in_skb = in_skb; 1425 info.out_skb = skb; 1426 info.nlmsg_seq = seq; 1427 info.nlmsg_flags = 0; 1428 1429 if (dump_one_policy(xp, dir, 0, &info) < 0) { 1430 kfree_skb(skb); 1431 return NULL; 1432 } 1433 1434 return skb; 1435 } 1436 1437 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1438 struct nlattr **attrs) 1439 { 1440 struct net *net = sock_net(skb->sk); 1441 struct xfrm_policy *xp; 1442 struct xfrm_userpolicy_id *p; 1443 u8 type = XFRM_POLICY_TYPE_MAIN; 1444 int err; 1445 struct km_event c; 1446 int delete; 1447 1448 p = nlmsg_data(nlh); 1449 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 1450 1451 err = copy_from_user_policy_type(&type, attrs); 1452 if (err) 1453 return err; 1454 1455 err = verify_policy_dir(p->dir); 1456 if (err) 1457 return err; 1458 1459 if (p->index) 1460 xp = xfrm_policy_byid(net, DUMMY_MARK, type, p->dir, p->index, delete, &err); 1461 else { 1462 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1463 struct xfrm_sec_ctx *ctx; 1464 1465 err = verify_sec_ctx_len(attrs); 1466 if (err) 1467 return err; 1468 1469 ctx = NULL; 1470 if (rt) { 1471 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 1472 1473 err = security_xfrm_policy_alloc(&ctx, uctx); 1474 if (err) 1475 return err; 1476 } 1477 xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir, 1478 &p->sel, ctx, delete, &err); 1479 security_xfrm_policy_free(ctx); 1480 } 1481 if (xp == NULL) 1482 return -ENOENT; 1483 1484 if (!delete) { 1485 struct sk_buff *resp_skb; 1486 1487 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 1488 if (IS_ERR(resp_skb)) { 1489 err = PTR_ERR(resp_skb); 1490 } else { 1491 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, 1492 NETLINK_CB(skb).pid); 1493 } 1494 } else { 1495 uid_t loginuid = NETLINK_CB(skb).loginuid; 1496 u32 sessionid = NETLINK_CB(skb).sessionid; 1497 u32 sid = NETLINK_CB(skb).sid; 1498 1499 xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid, 1500 sid); 1501 1502 if (err != 0) 1503 goto out; 1504 1505 c.data.byid = p->index; 1506 c.event = nlh->nlmsg_type; 1507 c.seq = nlh->nlmsg_seq; 1508 c.pid = nlh->nlmsg_pid; 1509 km_policy_notify(xp, p->dir, &c); 1510 } 1511 1512 out: 1513 xfrm_pol_put(xp); 1514 return err; 1515 } 1516 1517 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 1518 struct nlattr **attrs) 1519 { 1520 struct net *net = sock_net(skb->sk); 1521 struct km_event c; 1522 struct xfrm_usersa_flush *p = nlmsg_data(nlh); 1523 struct xfrm_audit audit_info; 1524 int err; 1525 1526 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1527 audit_info.sessionid = NETLINK_CB(skb).sessionid; 1528 audit_info.secid = NETLINK_CB(skb).sid; 1529 err = xfrm_state_flush(net, p->proto, &audit_info); 1530 if (err) { 1531 if (err == -ESRCH) /* empty table */ 1532 return 0; 1533 return err; 1534 } 1535 c.data.proto = p->proto; 1536 c.event = nlh->nlmsg_type; 1537 c.seq = nlh->nlmsg_seq; 1538 c.pid = nlh->nlmsg_pid; 1539 c.net = net; 1540 km_state_notify(NULL, &c); 1541 1542 return 0; 1543 } 1544 1545 static inline size_t xfrm_aevent_msgsize(void) 1546 { 1547 return NLMSG_ALIGN(sizeof(struct xfrm_aevent_id)) 1548 + nla_total_size(sizeof(struct xfrm_replay_state)) 1549 + nla_total_size(sizeof(struct xfrm_lifetime_cur)) 1550 + nla_total_size(4) /* XFRM_AE_RTHR */ 1551 + nla_total_size(4); /* XFRM_AE_ETHR */ 1552 } 1553 1554 static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 1555 { 1556 struct xfrm_aevent_id *id; 1557 struct nlmsghdr *nlh; 1558 1559 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_NEWAE, sizeof(*id), 0); 1560 if (nlh == NULL) 1561 return -EMSGSIZE; 1562 1563 id = nlmsg_data(nlh); 1564 memcpy(&id->sa_id.daddr, &x->id.daddr,sizeof(x->id.daddr)); 1565 id->sa_id.spi = x->id.spi; 1566 id->sa_id.family = x->props.family; 1567 id->sa_id.proto = x->id.proto; 1568 memcpy(&id->saddr, &x->props.saddr,sizeof(x->props.saddr)); 1569 id->reqid = x->props.reqid; 1570 id->flags = c->data.aevent; 1571 1572 NLA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay); 1573 NLA_PUT(skb, XFRMA_LTIME_VAL, sizeof(x->curlft), &x->curlft); 1574 1575 if (id->flags & XFRM_AE_RTHR) 1576 NLA_PUT_U32(skb, XFRMA_REPLAY_THRESH, x->replay_maxdiff); 1577 1578 if (id->flags & XFRM_AE_ETHR) 1579 NLA_PUT_U32(skb, XFRMA_ETIMER_THRESH, 1580 x->replay_maxage * 10 / HZ); 1581 1582 return nlmsg_end(skb, nlh); 1583 1584 nla_put_failure: 1585 nlmsg_cancel(skb, nlh); 1586 return -EMSGSIZE; 1587 } 1588 1589 static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1590 struct nlattr **attrs) 1591 { 1592 struct net *net = sock_net(skb->sk); 1593 struct xfrm_state *x; 1594 struct sk_buff *r_skb; 1595 int err; 1596 struct km_event c; 1597 struct xfrm_aevent_id *p = nlmsg_data(nlh); 1598 struct xfrm_usersa_id *id = &p->sa_id; 1599 1600 r_skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); 1601 if (r_skb == NULL) 1602 return -ENOMEM; 1603 1604 x = xfrm_state_lookup(net, DUMMY_MARK, &id->daddr, id->spi, id->proto, id->family); 1605 if (x == NULL) { 1606 kfree_skb(r_skb); 1607 return -ESRCH; 1608 } 1609 1610 /* 1611 * XXX: is this lock really needed - none of the other 1612 * gets lock (the concern is things getting updated 1613 * while we are still reading) - jhs 1614 */ 1615 spin_lock_bh(&x->lock); 1616 c.data.aevent = p->flags; 1617 c.seq = nlh->nlmsg_seq; 1618 c.pid = nlh->nlmsg_pid; 1619 1620 if (build_aevent(r_skb, x, &c) < 0) 1621 BUG(); 1622 err = nlmsg_unicast(net->xfrm.nlsk, r_skb, NETLINK_CB(skb).pid); 1623 spin_unlock_bh(&x->lock); 1624 xfrm_state_put(x); 1625 return err; 1626 } 1627 1628 static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1629 struct nlattr **attrs) 1630 { 1631 struct net *net = sock_net(skb->sk); 1632 struct xfrm_state *x; 1633 struct km_event c; 1634 int err = - EINVAL; 1635 struct xfrm_aevent_id *p = nlmsg_data(nlh); 1636 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 1637 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 1638 1639 if (!lt && !rp) 1640 return err; 1641 1642 /* pedantic mode - thou shalt sayeth replaceth */ 1643 if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) 1644 return err; 1645 1646 x = xfrm_state_lookup(net, DUMMY_MARK, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); 1647 if (x == NULL) 1648 return -ESRCH; 1649 1650 if (x->km.state != XFRM_STATE_VALID) 1651 goto out; 1652 1653 spin_lock_bh(&x->lock); 1654 xfrm_update_ae_params(x, attrs); 1655 spin_unlock_bh(&x->lock); 1656 1657 c.event = nlh->nlmsg_type; 1658 c.seq = nlh->nlmsg_seq; 1659 c.pid = nlh->nlmsg_pid; 1660 c.data.aevent = XFRM_AE_CU; 1661 km_state_notify(x, &c); 1662 err = 0; 1663 out: 1664 xfrm_state_put(x); 1665 return err; 1666 } 1667 1668 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1669 struct nlattr **attrs) 1670 { 1671 struct net *net = sock_net(skb->sk); 1672 struct km_event c; 1673 u8 type = XFRM_POLICY_TYPE_MAIN; 1674 int err; 1675 struct xfrm_audit audit_info; 1676 1677 err = copy_from_user_policy_type(&type, attrs); 1678 if (err) 1679 return err; 1680 1681 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1682 audit_info.sessionid = NETLINK_CB(skb).sessionid; 1683 audit_info.secid = NETLINK_CB(skb).sid; 1684 err = xfrm_policy_flush(net, type, &audit_info); 1685 if (err) { 1686 if (err == -ESRCH) /* empty table */ 1687 return 0; 1688 return err; 1689 } 1690 1691 c.data.type = type; 1692 c.event = nlh->nlmsg_type; 1693 c.seq = nlh->nlmsg_seq; 1694 c.pid = nlh->nlmsg_pid; 1695 c.net = net; 1696 km_policy_notify(NULL, 0, &c); 1697 return 0; 1698 } 1699 1700 static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1701 struct nlattr **attrs) 1702 { 1703 struct net *net = sock_net(skb->sk); 1704 struct xfrm_policy *xp; 1705 struct xfrm_user_polexpire *up = nlmsg_data(nlh); 1706 struct xfrm_userpolicy_info *p = &up->pol; 1707 u8 type = XFRM_POLICY_TYPE_MAIN; 1708 int err = -ENOENT; 1709 1710 err = copy_from_user_policy_type(&type, attrs); 1711 if (err) 1712 return err; 1713 1714 if (p->index) 1715 xp = xfrm_policy_byid(net, DUMMY_MARK, type, p->dir, p->index, 0, &err); 1716 else { 1717 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1718 struct xfrm_sec_ctx *ctx; 1719 1720 err = verify_sec_ctx_len(attrs); 1721 if (err) 1722 return err; 1723 1724 ctx = NULL; 1725 if (rt) { 1726 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 1727 1728 err = security_xfrm_policy_alloc(&ctx, uctx); 1729 if (err) 1730 return err; 1731 } 1732 xp = xfrm_policy_bysel_ctx(net, DUMMY_MARK, type, p->dir, &p->sel, ctx, 0, &err); 1733 security_xfrm_policy_free(ctx); 1734 } 1735 if (xp == NULL) 1736 return -ENOENT; 1737 1738 read_lock(&xp->lock); 1739 if (xp->walk.dead) { 1740 read_unlock(&xp->lock); 1741 goto out; 1742 } 1743 1744 read_unlock(&xp->lock); 1745 err = 0; 1746 if (up->hard) { 1747 uid_t loginuid = NETLINK_CB(skb).loginuid; 1748 uid_t sessionid = NETLINK_CB(skb).sessionid; 1749 u32 sid = NETLINK_CB(skb).sid; 1750 xfrm_policy_delete(xp, p->dir); 1751 xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid); 1752 1753 } else { 1754 // reset the timers here? 1755 printk("Dont know what to do with soft policy expire\n"); 1756 } 1757 km_policy_expired(xp, p->dir, up->hard, current->pid); 1758 1759 out: 1760 xfrm_pol_put(xp); 1761 return err; 1762 } 1763 1764 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1765 struct nlattr **attrs) 1766 { 1767 struct net *net = sock_net(skb->sk); 1768 struct xfrm_state *x; 1769 int err; 1770 struct xfrm_user_expire *ue = nlmsg_data(nlh); 1771 struct xfrm_usersa_info *p = &ue->state; 1772 1773 x = xfrm_state_lookup(net, DUMMY_MARK, &p->id.daddr, p->id.spi, p->id.proto, p->family); 1774 1775 err = -ENOENT; 1776 if (x == NULL) 1777 return err; 1778 1779 spin_lock_bh(&x->lock); 1780 err = -EINVAL; 1781 if (x->km.state != XFRM_STATE_VALID) 1782 goto out; 1783 km_state_expired(x, ue->hard, current->pid); 1784 1785 if (ue->hard) { 1786 uid_t loginuid = NETLINK_CB(skb).loginuid; 1787 uid_t sessionid = NETLINK_CB(skb).sessionid; 1788 u32 sid = NETLINK_CB(skb).sid; 1789 __xfrm_state_delete(x); 1790 xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid); 1791 } 1792 err = 0; 1793 out: 1794 spin_unlock_bh(&x->lock); 1795 xfrm_state_put(x); 1796 return err; 1797 } 1798 1799 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, 1800 struct nlattr **attrs) 1801 { 1802 struct net *net = sock_net(skb->sk); 1803 struct xfrm_policy *xp; 1804 struct xfrm_user_tmpl *ut; 1805 int i; 1806 struct nlattr *rt = attrs[XFRMA_TMPL]; 1807 1808 struct xfrm_user_acquire *ua = nlmsg_data(nlh); 1809 struct xfrm_state *x = xfrm_state_alloc(net); 1810 int err = -ENOMEM; 1811 1812 if (!x) 1813 goto nomem; 1814 1815 err = verify_newpolicy_info(&ua->policy); 1816 if (err) 1817 goto bad_policy; 1818 1819 /* build an XP */ 1820 xp = xfrm_policy_construct(net, &ua->policy, attrs, &err); 1821 if (!xp) 1822 goto free_state; 1823 1824 memcpy(&x->id, &ua->id, sizeof(ua->id)); 1825 memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr)); 1826 memcpy(&x->sel, &ua->sel, sizeof(ua->sel)); 1827 1828 ut = nla_data(rt); 1829 /* extract the templates and for each call km_key */ 1830 for (i = 0; i < xp->xfrm_nr; i++, ut++) { 1831 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 1832 memcpy(&x->id, &t->id, sizeof(x->id)); 1833 x->props.mode = t->mode; 1834 x->props.reqid = t->reqid; 1835 x->props.family = ut->family; 1836 t->aalgos = ua->aalgos; 1837 t->ealgos = ua->ealgos; 1838 t->calgos = ua->calgos; 1839 err = km_query(x, t, xp); 1840 1841 } 1842 1843 kfree(x); 1844 kfree(xp); 1845 1846 return 0; 1847 1848 bad_policy: 1849 printk("BAD policy passed\n"); 1850 free_state: 1851 kfree(x); 1852 nomem: 1853 return err; 1854 } 1855 1856 #ifdef CONFIG_XFRM_MIGRATE 1857 static int copy_from_user_migrate(struct xfrm_migrate *ma, 1858 struct xfrm_kmaddress *k, 1859 struct nlattr **attrs, int *num) 1860 { 1861 struct nlattr *rt = attrs[XFRMA_MIGRATE]; 1862 struct xfrm_user_migrate *um; 1863 int i, num_migrate; 1864 1865 if (k != NULL) { 1866 struct xfrm_user_kmaddress *uk; 1867 1868 uk = nla_data(attrs[XFRMA_KMADDRESS]); 1869 memcpy(&k->local, &uk->local, sizeof(k->local)); 1870 memcpy(&k->remote, &uk->remote, sizeof(k->remote)); 1871 k->family = uk->family; 1872 k->reserved = uk->reserved; 1873 } 1874 1875 um = nla_data(rt); 1876 num_migrate = nla_len(rt) / sizeof(*um); 1877 1878 if (num_migrate <= 0 || num_migrate > XFRM_MAX_DEPTH) 1879 return -EINVAL; 1880 1881 for (i = 0; i < num_migrate; i++, um++, ma++) { 1882 memcpy(&ma->old_daddr, &um->old_daddr, sizeof(ma->old_daddr)); 1883 memcpy(&ma->old_saddr, &um->old_saddr, sizeof(ma->old_saddr)); 1884 memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); 1885 memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); 1886 1887 ma->proto = um->proto; 1888 ma->mode = um->mode; 1889 ma->reqid = um->reqid; 1890 1891 ma->old_family = um->old_family; 1892 ma->new_family = um->new_family; 1893 } 1894 1895 *num = i; 1896 return 0; 1897 } 1898 1899 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1900 struct nlattr **attrs) 1901 { 1902 struct xfrm_userpolicy_id *pi = nlmsg_data(nlh); 1903 struct xfrm_migrate m[XFRM_MAX_DEPTH]; 1904 struct xfrm_kmaddress km, *kmp; 1905 u8 type; 1906 int err; 1907 int n = 0; 1908 1909 if (attrs[XFRMA_MIGRATE] == NULL) 1910 return -EINVAL; 1911 1912 kmp = attrs[XFRMA_KMADDRESS] ? &km : NULL; 1913 1914 err = copy_from_user_policy_type(&type, attrs); 1915 if (err) 1916 return err; 1917 1918 err = copy_from_user_migrate((struct xfrm_migrate *)m, kmp, attrs, &n); 1919 if (err) 1920 return err; 1921 1922 if (!n) 1923 return 0; 1924 1925 xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp); 1926 1927 return 0; 1928 } 1929 #else 1930 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1931 struct nlattr **attrs) 1932 { 1933 return -ENOPROTOOPT; 1934 } 1935 #endif 1936 1937 #ifdef CONFIG_XFRM_MIGRATE 1938 static int copy_to_user_migrate(struct xfrm_migrate *m, struct sk_buff *skb) 1939 { 1940 struct xfrm_user_migrate um; 1941 1942 memset(&um, 0, sizeof(um)); 1943 um.proto = m->proto; 1944 um.mode = m->mode; 1945 um.reqid = m->reqid; 1946 um.old_family = m->old_family; 1947 memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); 1948 memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); 1949 um.new_family = m->new_family; 1950 memcpy(&um.new_daddr, &m->new_daddr, sizeof(um.new_daddr)); 1951 memcpy(&um.new_saddr, &m->new_saddr, sizeof(um.new_saddr)); 1952 1953 return nla_put(skb, XFRMA_MIGRATE, sizeof(um), &um); 1954 } 1955 1956 static int copy_to_user_kmaddress(struct xfrm_kmaddress *k, struct sk_buff *skb) 1957 { 1958 struct xfrm_user_kmaddress uk; 1959 1960 memset(&uk, 0, sizeof(uk)); 1961 uk.family = k->family; 1962 uk.reserved = k->reserved; 1963 memcpy(&uk.local, &k->local, sizeof(uk.local)); 1964 memcpy(&uk.remote, &k->remote, sizeof(uk.remote)); 1965 1966 return nla_put(skb, XFRMA_KMADDRESS, sizeof(uk), &uk); 1967 } 1968 1969 static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma) 1970 { 1971 return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id)) 1972 + (with_kma ? nla_total_size(sizeof(struct xfrm_kmaddress)) : 0) 1973 + nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate) 1974 + userpolicy_type_attrsize(); 1975 } 1976 1977 static int build_migrate(struct sk_buff *skb, struct xfrm_migrate *m, 1978 int num_migrate, struct xfrm_kmaddress *k, 1979 struct xfrm_selector *sel, u8 dir, u8 type) 1980 { 1981 struct xfrm_migrate *mp; 1982 struct xfrm_userpolicy_id *pol_id; 1983 struct nlmsghdr *nlh; 1984 int i; 1985 1986 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MIGRATE, sizeof(*pol_id), 0); 1987 if (nlh == NULL) 1988 return -EMSGSIZE; 1989 1990 pol_id = nlmsg_data(nlh); 1991 /* copy data from selector, dir, and type to the pol_id */ 1992 memset(pol_id, 0, sizeof(*pol_id)); 1993 memcpy(&pol_id->sel, sel, sizeof(pol_id->sel)); 1994 pol_id->dir = dir; 1995 1996 if (k != NULL && (copy_to_user_kmaddress(k, skb) < 0)) 1997 goto nlmsg_failure; 1998 1999 if (copy_to_user_policy_type(type, skb) < 0) 2000 goto nlmsg_failure; 2001 2002 for (i = 0, mp = m ; i < num_migrate; i++, mp++) { 2003 if (copy_to_user_migrate(mp, skb) < 0) 2004 goto nlmsg_failure; 2005 } 2006 2007 return nlmsg_end(skb, nlh); 2008 nlmsg_failure: 2009 nlmsg_cancel(skb, nlh); 2010 return -EMSGSIZE; 2011 } 2012 2013 static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 2014 struct xfrm_migrate *m, int num_migrate, 2015 struct xfrm_kmaddress *k) 2016 { 2017 struct net *net = &init_net; 2018 struct sk_buff *skb; 2019 2020 skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k), GFP_ATOMIC); 2021 if (skb == NULL) 2022 return -ENOMEM; 2023 2024 /* build migrate */ 2025 if (build_migrate(skb, m, num_migrate, k, sel, dir, type) < 0) 2026 BUG(); 2027 2028 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_MIGRATE, GFP_ATOMIC); 2029 } 2030 #else 2031 static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 2032 struct xfrm_migrate *m, int num_migrate, 2033 struct xfrm_kmaddress *k) 2034 { 2035 return -ENOPROTOOPT; 2036 } 2037 #endif 2038 2039 #define XMSGSIZE(type) sizeof(struct type) 2040 2041 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 2042 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 2043 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 2044 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 2045 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 2046 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 2047 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 2048 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 2049 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 2050 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 2051 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 2052 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 2053 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 2054 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 2055 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = 0, 2056 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 2057 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 2058 [XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report), 2059 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 2060 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = sizeof(u32), 2061 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = sizeof(u32), 2062 }; 2063 2064 #undef XMSGSIZE 2065 2066 static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = { 2067 [XFRMA_SA] = { .len = sizeof(struct xfrm_usersa_info)}, 2068 [XFRMA_POLICY] = { .len = sizeof(struct xfrm_userpolicy_info)}, 2069 [XFRMA_LASTUSED] = { .type = NLA_U64}, 2070 [XFRMA_ALG_AUTH_TRUNC] = { .len = sizeof(struct xfrm_algo_auth)}, 2071 [XFRMA_ALG_AEAD] = { .len = sizeof(struct xfrm_algo_aead) }, 2072 [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) }, 2073 [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) }, 2074 [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) }, 2075 [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) }, 2076 [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) }, 2077 [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) }, 2078 [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) }, 2079 [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) }, 2080 [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 }, 2081 [XFRMA_ETIMER_THRESH] = { .type = NLA_U32 }, 2082 [XFRMA_SRCADDR] = { .len = sizeof(xfrm_address_t) }, 2083 [XFRMA_COADDR] = { .len = sizeof(xfrm_address_t) }, 2084 [XFRMA_POLICY_TYPE] = { .len = sizeof(struct xfrm_userpolicy_type)}, 2085 [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) }, 2086 [XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) }, 2087 }; 2088 2089 static struct xfrm_link { 2090 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **); 2091 int (*dump)(struct sk_buff *, struct netlink_callback *); 2092 int (*done)(struct netlink_callback *); 2093 } xfrm_dispatch[XFRM_NR_MSGTYPES] = { 2094 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 2095 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 2096 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 2097 .dump = xfrm_dump_sa, 2098 .done = xfrm_dump_sa_done }, 2099 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 2100 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 2101 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 2102 .dump = xfrm_dump_policy, 2103 .done = xfrm_dump_policy_done }, 2104 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 2105 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, 2106 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, 2107 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 2108 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 2109 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire}, 2110 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 2111 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 2112 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae }, 2113 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = { .doit = xfrm_get_ae }, 2114 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = { .doit = xfrm_do_migrate }, 2115 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_sadinfo }, 2116 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_spdinfo }, 2117 }; 2118 2119 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 2120 { 2121 struct net *net = sock_net(skb->sk); 2122 struct nlattr *attrs[XFRMA_MAX+1]; 2123 struct xfrm_link *link; 2124 int type, err; 2125 2126 type = nlh->nlmsg_type; 2127 if (type > XFRM_MSG_MAX) 2128 return -EINVAL; 2129 2130 type -= XFRM_MSG_BASE; 2131 link = &xfrm_dispatch[type]; 2132 2133 /* All operations require privileges, even GET */ 2134 if (security_netlink_recv(skb, CAP_NET_ADMIN)) 2135 return -EPERM; 2136 2137 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 2138 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 2139 (nlh->nlmsg_flags & NLM_F_DUMP)) { 2140 if (link->dump == NULL) 2141 return -EINVAL; 2142 2143 return netlink_dump_start(net->xfrm.nlsk, skb, nlh, link->dump, link->done); 2144 } 2145 2146 err = nlmsg_parse(nlh, xfrm_msg_min[type], attrs, XFRMA_MAX, 2147 xfrma_policy); 2148 if (err < 0) 2149 return err; 2150 2151 if (link->doit == NULL) 2152 return -EINVAL; 2153 2154 return link->doit(skb, nlh, attrs); 2155 } 2156 2157 static void xfrm_netlink_rcv(struct sk_buff *skb) 2158 { 2159 mutex_lock(&xfrm_cfg_mutex); 2160 netlink_rcv_skb(skb, &xfrm_user_rcv_msg); 2161 mutex_unlock(&xfrm_cfg_mutex); 2162 } 2163 2164 static inline size_t xfrm_expire_msgsize(void) 2165 { 2166 return NLMSG_ALIGN(sizeof(struct xfrm_user_expire)); 2167 } 2168 2169 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 2170 { 2171 struct xfrm_user_expire *ue; 2172 struct nlmsghdr *nlh; 2173 2174 nlh = nlmsg_put(skb, c->pid, 0, XFRM_MSG_EXPIRE, sizeof(*ue), 0); 2175 if (nlh == NULL) 2176 return -EMSGSIZE; 2177 2178 ue = nlmsg_data(nlh); 2179 copy_to_user_state(x, &ue->state); 2180 ue->hard = (c->data.hard != 0) ? 1 : 0; 2181 2182 return nlmsg_end(skb, nlh); 2183 } 2184 2185 static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) 2186 { 2187 struct net *net = xs_net(x); 2188 struct sk_buff *skb; 2189 2190 skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC); 2191 if (skb == NULL) 2192 return -ENOMEM; 2193 2194 if (build_expire(skb, x, c) < 0) 2195 BUG(); 2196 2197 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 2198 } 2199 2200 static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) 2201 { 2202 struct net *net = xs_net(x); 2203 struct sk_buff *skb; 2204 2205 skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); 2206 if (skb == NULL) 2207 return -ENOMEM; 2208 2209 if (build_aevent(skb, x, c) < 0) 2210 BUG(); 2211 2212 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_AEVENTS, GFP_ATOMIC); 2213 } 2214 2215 static int xfrm_notify_sa_flush(struct km_event *c) 2216 { 2217 struct net *net = c->net; 2218 struct xfrm_usersa_flush *p; 2219 struct nlmsghdr *nlh; 2220 struct sk_buff *skb; 2221 int len = NLMSG_ALIGN(sizeof(struct xfrm_usersa_flush)); 2222 2223 skb = nlmsg_new(len, GFP_ATOMIC); 2224 if (skb == NULL) 2225 return -ENOMEM; 2226 2227 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_FLUSHSA, sizeof(*p), 0); 2228 if (nlh == NULL) { 2229 kfree_skb(skb); 2230 return -EMSGSIZE; 2231 } 2232 2233 p = nlmsg_data(nlh); 2234 p->proto = c->data.proto; 2235 2236 nlmsg_end(skb, nlh); 2237 2238 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 2239 } 2240 2241 static inline size_t xfrm_sa_len(struct xfrm_state *x) 2242 { 2243 size_t l = 0; 2244 if (x->aead) 2245 l += nla_total_size(aead_len(x->aead)); 2246 if (x->aalg) { 2247 l += nla_total_size(sizeof(struct xfrm_algo) + 2248 (x->aalg->alg_key_len + 7) / 8); 2249 l += nla_total_size(xfrm_alg_auth_len(x->aalg)); 2250 } 2251 if (x->ealg) 2252 l += nla_total_size(xfrm_alg_len(x->ealg)); 2253 if (x->calg) 2254 l += nla_total_size(sizeof(*x->calg)); 2255 if (x->encap) 2256 l += nla_total_size(sizeof(*x->encap)); 2257 if (x->security) 2258 l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) + 2259 x->security->ctx_len); 2260 if (x->coaddr) 2261 l += nla_total_size(sizeof(*x->coaddr)); 2262 2263 /* Must count x->lastused as it may become non-zero behind our back. */ 2264 l += nla_total_size(sizeof(u64)); 2265 2266 return l; 2267 } 2268 2269 static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) 2270 { 2271 struct net *net = xs_net(x); 2272 struct xfrm_usersa_info *p; 2273 struct xfrm_usersa_id *id; 2274 struct nlmsghdr *nlh; 2275 struct sk_buff *skb; 2276 int len = xfrm_sa_len(x); 2277 int headlen; 2278 2279 headlen = sizeof(*p); 2280 if (c->event == XFRM_MSG_DELSA) { 2281 len += nla_total_size(headlen); 2282 headlen = sizeof(*id); 2283 } 2284 len += NLMSG_ALIGN(headlen); 2285 2286 skb = nlmsg_new(len, GFP_ATOMIC); 2287 if (skb == NULL) 2288 return -ENOMEM; 2289 2290 nlh = nlmsg_put(skb, c->pid, c->seq, c->event, headlen, 0); 2291 if (nlh == NULL) 2292 goto nla_put_failure; 2293 2294 p = nlmsg_data(nlh); 2295 if (c->event == XFRM_MSG_DELSA) { 2296 struct nlattr *attr; 2297 2298 id = nlmsg_data(nlh); 2299 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr)); 2300 id->spi = x->id.spi; 2301 id->family = x->props.family; 2302 id->proto = x->id.proto; 2303 2304 attr = nla_reserve(skb, XFRMA_SA, sizeof(*p)); 2305 if (attr == NULL) 2306 goto nla_put_failure; 2307 2308 p = nla_data(attr); 2309 } 2310 2311 if (copy_to_user_state_extra(x, p, skb)) 2312 goto nla_put_failure; 2313 2314 nlmsg_end(skb, nlh); 2315 2316 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 2317 2318 nla_put_failure: 2319 /* Somebody screwed up with xfrm_sa_len! */ 2320 WARN_ON(1); 2321 kfree_skb(skb); 2322 return -1; 2323 } 2324 2325 static int xfrm_send_state_notify(struct xfrm_state *x, struct km_event *c) 2326 { 2327 2328 switch (c->event) { 2329 case XFRM_MSG_EXPIRE: 2330 return xfrm_exp_state_notify(x, c); 2331 case XFRM_MSG_NEWAE: 2332 return xfrm_aevent_state_notify(x, c); 2333 case XFRM_MSG_DELSA: 2334 case XFRM_MSG_UPDSA: 2335 case XFRM_MSG_NEWSA: 2336 return xfrm_notify_sa(x, c); 2337 case XFRM_MSG_FLUSHSA: 2338 return xfrm_notify_sa_flush(c); 2339 default: 2340 printk("xfrm_user: Unknown SA event %d\n", c->event); 2341 break; 2342 } 2343 2344 return 0; 2345 2346 } 2347 2348 static inline size_t xfrm_acquire_msgsize(struct xfrm_state *x, 2349 struct xfrm_policy *xp) 2350 { 2351 return NLMSG_ALIGN(sizeof(struct xfrm_user_acquire)) 2352 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 2353 + nla_total_size(xfrm_user_sec_ctx_size(x->security)) 2354 + userpolicy_type_attrsize(); 2355 } 2356 2357 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 2358 struct xfrm_tmpl *xt, struct xfrm_policy *xp, 2359 int dir) 2360 { 2361 struct xfrm_user_acquire *ua; 2362 struct nlmsghdr *nlh; 2363 __u32 seq = xfrm_get_acqseq(); 2364 2365 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_ACQUIRE, sizeof(*ua), 0); 2366 if (nlh == NULL) 2367 return -EMSGSIZE; 2368 2369 ua = nlmsg_data(nlh); 2370 memcpy(&ua->id, &x->id, sizeof(ua->id)); 2371 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 2372 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 2373 copy_to_user_policy(xp, &ua->policy, dir); 2374 ua->aalgos = xt->aalgos; 2375 ua->ealgos = xt->ealgos; 2376 ua->calgos = xt->calgos; 2377 ua->seq = x->km.seq = seq; 2378 2379 if (copy_to_user_tmpl(xp, skb) < 0) 2380 goto nlmsg_failure; 2381 if (copy_to_user_state_sec_ctx(x, skb)) 2382 goto nlmsg_failure; 2383 if (copy_to_user_policy_type(xp->type, skb) < 0) 2384 goto nlmsg_failure; 2385 2386 return nlmsg_end(skb, nlh); 2387 2388 nlmsg_failure: 2389 nlmsg_cancel(skb, nlh); 2390 return -EMSGSIZE; 2391 } 2392 2393 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 2394 struct xfrm_policy *xp, int dir) 2395 { 2396 struct net *net = xs_net(x); 2397 struct sk_buff *skb; 2398 2399 skb = nlmsg_new(xfrm_acquire_msgsize(x, xp), GFP_ATOMIC); 2400 if (skb == NULL) 2401 return -ENOMEM; 2402 2403 if (build_acquire(skb, x, xt, xp, dir) < 0) 2404 BUG(); 2405 2406 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_ACQUIRE, GFP_ATOMIC); 2407 } 2408 2409 /* User gives us xfrm_user_policy_info followed by an array of 0 2410 * or more templates. 2411 */ 2412 static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, 2413 u8 *data, int len, int *dir) 2414 { 2415 struct net *net = sock_net(sk); 2416 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 2417 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 2418 struct xfrm_policy *xp; 2419 int nr; 2420 2421 switch (sk->sk_family) { 2422 case AF_INET: 2423 if (opt != IP_XFRM_POLICY) { 2424 *dir = -EOPNOTSUPP; 2425 return NULL; 2426 } 2427 break; 2428 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2429 case AF_INET6: 2430 if (opt != IPV6_XFRM_POLICY) { 2431 *dir = -EOPNOTSUPP; 2432 return NULL; 2433 } 2434 break; 2435 #endif 2436 default: 2437 *dir = -EINVAL; 2438 return NULL; 2439 } 2440 2441 *dir = -EINVAL; 2442 2443 if (len < sizeof(*p) || 2444 verify_newpolicy_info(p)) 2445 return NULL; 2446 2447 nr = ((len - sizeof(*p)) / sizeof(*ut)); 2448 if (validate_tmpl(nr, ut, p->sel.family)) 2449 return NULL; 2450 2451 if (p->dir > XFRM_POLICY_OUT) 2452 return NULL; 2453 2454 xp = xfrm_policy_alloc(net, GFP_KERNEL); 2455 if (xp == NULL) { 2456 *dir = -ENOBUFS; 2457 return NULL; 2458 } 2459 2460 copy_from_user_policy(xp, p); 2461 xp->type = XFRM_POLICY_TYPE_MAIN; 2462 copy_templates(xp, ut, nr); 2463 2464 *dir = p->dir; 2465 2466 return xp; 2467 } 2468 2469 static inline size_t xfrm_polexpire_msgsize(struct xfrm_policy *xp) 2470 { 2471 return NLMSG_ALIGN(sizeof(struct xfrm_user_polexpire)) 2472 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 2473 + nla_total_size(xfrm_user_sec_ctx_size(xp->security)) 2474 + userpolicy_type_attrsize(); 2475 } 2476 2477 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 2478 int dir, struct km_event *c) 2479 { 2480 struct xfrm_user_polexpire *upe; 2481 struct nlmsghdr *nlh; 2482 int hard = c->data.hard; 2483 2484 nlh = nlmsg_put(skb, c->pid, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe), 0); 2485 if (nlh == NULL) 2486 return -EMSGSIZE; 2487 2488 upe = nlmsg_data(nlh); 2489 copy_to_user_policy(xp, &upe->pol, dir); 2490 if (copy_to_user_tmpl(xp, skb) < 0) 2491 goto nlmsg_failure; 2492 if (copy_to_user_sec_ctx(xp, skb)) 2493 goto nlmsg_failure; 2494 if (copy_to_user_policy_type(xp->type, skb) < 0) 2495 goto nlmsg_failure; 2496 upe->hard = !!hard; 2497 2498 return nlmsg_end(skb, nlh); 2499 2500 nlmsg_failure: 2501 nlmsg_cancel(skb, nlh); 2502 return -EMSGSIZE; 2503 } 2504 2505 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2506 { 2507 struct net *net = xp_net(xp); 2508 struct sk_buff *skb; 2509 2510 skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC); 2511 if (skb == NULL) 2512 return -ENOMEM; 2513 2514 if (build_polexpire(skb, xp, dir, c) < 0) 2515 BUG(); 2516 2517 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 2518 } 2519 2520 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 2521 { 2522 struct net *net = xp_net(xp); 2523 struct xfrm_userpolicy_info *p; 2524 struct xfrm_userpolicy_id *id; 2525 struct nlmsghdr *nlh; 2526 struct sk_buff *skb; 2527 int len = nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2528 int headlen; 2529 2530 headlen = sizeof(*p); 2531 if (c->event == XFRM_MSG_DELPOLICY) { 2532 len += nla_total_size(headlen); 2533 headlen = sizeof(*id); 2534 } 2535 len += userpolicy_type_attrsize(); 2536 len += NLMSG_ALIGN(headlen); 2537 2538 skb = nlmsg_new(len, GFP_ATOMIC); 2539 if (skb == NULL) 2540 return -ENOMEM; 2541 2542 nlh = nlmsg_put(skb, c->pid, c->seq, c->event, headlen, 0); 2543 if (nlh == NULL) 2544 goto nlmsg_failure; 2545 2546 p = nlmsg_data(nlh); 2547 if (c->event == XFRM_MSG_DELPOLICY) { 2548 struct nlattr *attr; 2549 2550 id = nlmsg_data(nlh); 2551 memset(id, 0, sizeof(*id)); 2552 id->dir = dir; 2553 if (c->data.byid) 2554 id->index = xp->index; 2555 else 2556 memcpy(&id->sel, &xp->selector, sizeof(id->sel)); 2557 2558 attr = nla_reserve(skb, XFRMA_POLICY, sizeof(*p)); 2559 if (attr == NULL) 2560 goto nlmsg_failure; 2561 2562 p = nla_data(attr); 2563 } 2564 2565 copy_to_user_policy(xp, p, dir); 2566 if (copy_to_user_tmpl(xp, skb) < 0) 2567 goto nlmsg_failure; 2568 if (copy_to_user_policy_type(xp->type, skb) < 0) 2569 goto nlmsg_failure; 2570 2571 nlmsg_end(skb, nlh); 2572 2573 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2574 2575 nlmsg_failure: 2576 kfree_skb(skb); 2577 return -1; 2578 } 2579 2580 static int xfrm_notify_policy_flush(struct km_event *c) 2581 { 2582 struct net *net = c->net; 2583 struct nlmsghdr *nlh; 2584 struct sk_buff *skb; 2585 2586 skb = nlmsg_new(userpolicy_type_attrsize(), GFP_ATOMIC); 2587 if (skb == NULL) 2588 return -ENOMEM; 2589 2590 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0, 0); 2591 if (nlh == NULL) 2592 goto nlmsg_failure; 2593 if (copy_to_user_policy_type(c->data.type, skb) < 0) 2594 goto nlmsg_failure; 2595 2596 nlmsg_end(skb, nlh); 2597 2598 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2599 2600 nlmsg_failure: 2601 kfree_skb(skb); 2602 return -1; 2603 } 2604 2605 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2606 { 2607 2608 switch (c->event) { 2609 case XFRM_MSG_NEWPOLICY: 2610 case XFRM_MSG_UPDPOLICY: 2611 case XFRM_MSG_DELPOLICY: 2612 return xfrm_notify_policy(xp, dir, c); 2613 case XFRM_MSG_FLUSHPOLICY: 2614 return xfrm_notify_policy_flush(c); 2615 case XFRM_MSG_POLEXPIRE: 2616 return xfrm_exp_policy_notify(xp, dir, c); 2617 default: 2618 printk("xfrm_user: Unknown Policy event %d\n", c->event); 2619 } 2620 2621 return 0; 2622 2623 } 2624 2625 static inline size_t xfrm_report_msgsize(void) 2626 { 2627 return NLMSG_ALIGN(sizeof(struct xfrm_user_report)); 2628 } 2629 2630 static int build_report(struct sk_buff *skb, u8 proto, 2631 struct xfrm_selector *sel, xfrm_address_t *addr) 2632 { 2633 struct xfrm_user_report *ur; 2634 struct nlmsghdr *nlh; 2635 2636 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_REPORT, sizeof(*ur), 0); 2637 if (nlh == NULL) 2638 return -EMSGSIZE; 2639 2640 ur = nlmsg_data(nlh); 2641 ur->proto = proto; 2642 memcpy(&ur->sel, sel, sizeof(ur->sel)); 2643 2644 if (addr) 2645 NLA_PUT(skb, XFRMA_COADDR, sizeof(*addr), addr); 2646 2647 return nlmsg_end(skb, nlh); 2648 2649 nla_put_failure: 2650 nlmsg_cancel(skb, nlh); 2651 return -EMSGSIZE; 2652 } 2653 2654 static int xfrm_send_report(struct net *net, u8 proto, 2655 struct xfrm_selector *sel, xfrm_address_t *addr) 2656 { 2657 struct sk_buff *skb; 2658 2659 skb = nlmsg_new(xfrm_report_msgsize(), GFP_ATOMIC); 2660 if (skb == NULL) 2661 return -ENOMEM; 2662 2663 if (build_report(skb, proto, sel, addr) < 0) 2664 BUG(); 2665 2666 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_REPORT, GFP_ATOMIC); 2667 } 2668 2669 static inline size_t xfrm_mapping_msgsize(void) 2670 { 2671 return NLMSG_ALIGN(sizeof(struct xfrm_user_mapping)); 2672 } 2673 2674 static int build_mapping(struct sk_buff *skb, struct xfrm_state *x, 2675 xfrm_address_t *new_saddr, __be16 new_sport) 2676 { 2677 struct xfrm_user_mapping *um; 2678 struct nlmsghdr *nlh; 2679 2680 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MAPPING, sizeof(*um), 0); 2681 if (nlh == NULL) 2682 return -EMSGSIZE; 2683 2684 um = nlmsg_data(nlh); 2685 2686 memcpy(&um->id.daddr, &x->id.daddr, sizeof(um->id.daddr)); 2687 um->id.spi = x->id.spi; 2688 um->id.family = x->props.family; 2689 um->id.proto = x->id.proto; 2690 memcpy(&um->new_saddr, new_saddr, sizeof(um->new_saddr)); 2691 memcpy(&um->old_saddr, &x->props.saddr, sizeof(um->old_saddr)); 2692 um->new_sport = new_sport; 2693 um->old_sport = x->encap->encap_sport; 2694 um->reqid = x->props.reqid; 2695 2696 return nlmsg_end(skb, nlh); 2697 } 2698 2699 static int xfrm_send_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, 2700 __be16 sport) 2701 { 2702 struct net *net = xs_net(x); 2703 struct sk_buff *skb; 2704 2705 if (x->id.proto != IPPROTO_ESP) 2706 return -EINVAL; 2707 2708 if (!x->encap) 2709 return -EINVAL; 2710 2711 skb = nlmsg_new(xfrm_mapping_msgsize(), GFP_ATOMIC); 2712 if (skb == NULL) 2713 return -ENOMEM; 2714 2715 if (build_mapping(skb, x, ipaddr, sport) < 0) 2716 BUG(); 2717 2718 return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_MAPPING, GFP_ATOMIC); 2719 } 2720 2721 static struct xfrm_mgr netlink_mgr = { 2722 .id = "netlink", 2723 .notify = xfrm_send_state_notify, 2724 .acquire = xfrm_send_acquire, 2725 .compile_policy = xfrm_compile_policy, 2726 .notify_policy = xfrm_send_policy_notify, 2727 .report = xfrm_send_report, 2728 .migrate = xfrm_send_migrate, 2729 .new_mapping = xfrm_send_mapping, 2730 }; 2731 2732 static int __net_init xfrm_user_net_init(struct net *net) 2733 { 2734 struct sock *nlsk; 2735 2736 nlsk = netlink_kernel_create(net, NETLINK_XFRM, XFRMNLGRP_MAX, 2737 xfrm_netlink_rcv, NULL, THIS_MODULE); 2738 if (nlsk == NULL) 2739 return -ENOMEM; 2740 net->xfrm.nlsk_stash = nlsk; /* Don't set to NULL */ 2741 rcu_assign_pointer(net->xfrm.nlsk, nlsk); 2742 return 0; 2743 } 2744 2745 static void __net_exit xfrm_user_net_exit(struct list_head *net_exit_list) 2746 { 2747 struct net *net; 2748 list_for_each_entry(net, net_exit_list, exit_list) 2749 rcu_assign_pointer(net->xfrm.nlsk, NULL); 2750 synchronize_net(); 2751 list_for_each_entry(net, net_exit_list, exit_list) 2752 netlink_kernel_release(net->xfrm.nlsk_stash); 2753 } 2754 2755 static struct pernet_operations xfrm_user_net_ops = { 2756 .init = xfrm_user_net_init, 2757 .exit_batch = xfrm_user_net_exit, 2758 }; 2759 2760 static int __init xfrm_user_init(void) 2761 { 2762 int rv; 2763 2764 printk(KERN_INFO "Initializing XFRM netlink socket\n"); 2765 2766 rv = register_pernet_subsys(&xfrm_user_net_ops); 2767 if (rv < 0) 2768 return rv; 2769 rv = xfrm_register_km(&netlink_mgr); 2770 if (rv < 0) 2771 unregister_pernet_subsys(&xfrm_user_net_ops); 2772 return rv; 2773 } 2774 2775 static void __exit xfrm_user_exit(void) 2776 { 2777 xfrm_unregister_km(&netlink_mgr); 2778 unregister_pernet_subsys(&xfrm_user_net_ops); 2779 } 2780 2781 module_init(xfrm_user_init); 2782 module_exit(xfrm_user_exit); 2783 MODULE_LICENSE("GPL"); 2784 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM); 2785 2786