1 /* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support 10 * 11 */ 12 13 #include <linux/crypto.h> 14 #include <linux/module.h> 15 #include <linux/kernel.h> 16 #include <linux/types.h> 17 #include <linux/slab.h> 18 #include <linux/socket.h> 19 #include <linux/string.h> 20 #include <linux/net.h> 21 #include <linux/skbuff.h> 22 #include <linux/rtnetlink.h> 23 #include <linux/pfkeyv2.h> 24 #include <linux/ipsec.h> 25 #include <linux/init.h> 26 #include <linux/security.h> 27 #include <net/sock.h> 28 #include <net/xfrm.h> 29 #include <net/netlink.h> 30 #include <asm/uaccess.h> 31 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 32 #include <linux/in6.h> 33 #endif 34 #include <linux/audit.h> 35 36 static int verify_one_alg(struct rtattr **xfrma, enum xfrm_attr_type_t type) 37 { 38 struct rtattr *rt = xfrma[type - 1]; 39 struct xfrm_algo *algp; 40 int len; 41 42 if (!rt) 43 return 0; 44 45 len = (rt->rta_len - sizeof(*rt)) - sizeof(*algp); 46 if (len < 0) 47 return -EINVAL; 48 49 algp = RTA_DATA(rt); 50 51 len -= (algp->alg_key_len + 7U) / 8; 52 if (len < 0) 53 return -EINVAL; 54 55 switch (type) { 56 case XFRMA_ALG_AUTH: 57 if (!algp->alg_key_len && 58 strcmp(algp->alg_name, "digest_null") != 0) 59 return -EINVAL; 60 break; 61 62 case XFRMA_ALG_CRYPT: 63 if (!algp->alg_key_len && 64 strcmp(algp->alg_name, "cipher_null") != 0) 65 return -EINVAL; 66 break; 67 68 case XFRMA_ALG_COMP: 69 /* Zero length keys are legal. */ 70 break; 71 72 default: 73 return -EINVAL; 74 }; 75 76 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 77 return 0; 78 } 79 80 static int verify_encap_tmpl(struct rtattr **xfrma) 81 { 82 struct rtattr *rt = xfrma[XFRMA_ENCAP - 1]; 83 struct xfrm_encap_tmpl *encap; 84 85 if (!rt) 86 return 0; 87 88 if ((rt->rta_len - sizeof(*rt)) < sizeof(*encap)) 89 return -EINVAL; 90 91 return 0; 92 } 93 94 static int verify_one_addr(struct rtattr **xfrma, enum xfrm_attr_type_t type, 95 xfrm_address_t **addrp) 96 { 97 struct rtattr *rt = xfrma[type - 1]; 98 99 if (!rt) 100 return 0; 101 102 if ((rt->rta_len - sizeof(*rt)) < sizeof(**addrp)) 103 return -EINVAL; 104 105 if (addrp) 106 *addrp = RTA_DATA(rt); 107 108 return 0; 109 } 110 111 static inline int verify_sec_ctx_len(struct rtattr **xfrma) 112 { 113 struct rtattr *rt = xfrma[XFRMA_SEC_CTX - 1]; 114 struct xfrm_user_sec_ctx *uctx; 115 int len = 0; 116 117 if (!rt) 118 return 0; 119 120 if (rt->rta_len < sizeof(*uctx)) 121 return -EINVAL; 122 123 uctx = RTA_DATA(rt); 124 125 len += sizeof(struct xfrm_user_sec_ctx); 126 len += uctx->ctx_len; 127 128 if (uctx->len != len) 129 return -EINVAL; 130 131 return 0; 132 } 133 134 135 static int verify_newsa_info(struct xfrm_usersa_info *p, 136 struct rtattr **xfrma) 137 { 138 int err; 139 140 err = -EINVAL; 141 switch (p->family) { 142 case AF_INET: 143 break; 144 145 case AF_INET6: 146 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 147 break; 148 #else 149 err = -EAFNOSUPPORT; 150 goto out; 151 #endif 152 153 default: 154 goto out; 155 }; 156 157 err = -EINVAL; 158 switch (p->id.proto) { 159 case IPPROTO_AH: 160 if (!xfrma[XFRMA_ALG_AUTH-1] || 161 xfrma[XFRMA_ALG_CRYPT-1] || 162 xfrma[XFRMA_ALG_COMP-1]) 163 goto out; 164 break; 165 166 case IPPROTO_ESP: 167 if ((!xfrma[XFRMA_ALG_AUTH-1] && 168 !xfrma[XFRMA_ALG_CRYPT-1]) || 169 xfrma[XFRMA_ALG_COMP-1]) 170 goto out; 171 break; 172 173 case IPPROTO_COMP: 174 if (!xfrma[XFRMA_ALG_COMP-1] || 175 xfrma[XFRMA_ALG_AUTH-1] || 176 xfrma[XFRMA_ALG_CRYPT-1]) 177 goto out; 178 break; 179 180 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 181 case IPPROTO_DSTOPTS: 182 case IPPROTO_ROUTING: 183 if (xfrma[XFRMA_ALG_COMP-1] || 184 xfrma[XFRMA_ALG_AUTH-1] || 185 xfrma[XFRMA_ALG_CRYPT-1] || 186 xfrma[XFRMA_ENCAP-1] || 187 xfrma[XFRMA_SEC_CTX-1] || 188 !xfrma[XFRMA_COADDR-1]) 189 goto out; 190 break; 191 #endif 192 193 default: 194 goto out; 195 }; 196 197 if ((err = verify_one_alg(xfrma, XFRMA_ALG_AUTH))) 198 goto out; 199 if ((err = verify_one_alg(xfrma, XFRMA_ALG_CRYPT))) 200 goto out; 201 if ((err = verify_one_alg(xfrma, XFRMA_ALG_COMP))) 202 goto out; 203 if ((err = verify_encap_tmpl(xfrma))) 204 goto out; 205 if ((err = verify_sec_ctx_len(xfrma))) 206 goto out; 207 if ((err = verify_one_addr(xfrma, XFRMA_COADDR, NULL))) 208 goto out; 209 210 err = -EINVAL; 211 switch (p->mode) { 212 case XFRM_MODE_TRANSPORT: 213 case XFRM_MODE_TUNNEL: 214 case XFRM_MODE_ROUTEOPTIMIZATION: 215 case XFRM_MODE_BEET: 216 break; 217 218 default: 219 goto out; 220 }; 221 222 err = 0; 223 224 out: 225 return err; 226 } 227 228 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 229 struct xfrm_algo_desc *(*get_byname)(char *, int), 230 struct rtattr *u_arg) 231 { 232 struct rtattr *rta = u_arg; 233 struct xfrm_algo *p, *ualg; 234 struct xfrm_algo_desc *algo; 235 int len; 236 237 if (!rta) 238 return 0; 239 240 ualg = RTA_DATA(rta); 241 242 algo = get_byname(ualg->alg_name, 1); 243 if (!algo) 244 return -ENOSYS; 245 *props = algo->desc.sadb_alg_id; 246 247 len = sizeof(*ualg) + (ualg->alg_key_len + 7U) / 8; 248 p = kmemdup(ualg, len, GFP_KERNEL); 249 if (!p) 250 return -ENOMEM; 251 252 strcpy(p->alg_name, algo->name); 253 *algpp = p; 254 return 0; 255 } 256 257 static int attach_encap_tmpl(struct xfrm_encap_tmpl **encapp, struct rtattr *u_arg) 258 { 259 struct rtattr *rta = u_arg; 260 struct xfrm_encap_tmpl *p, *uencap; 261 262 if (!rta) 263 return 0; 264 265 uencap = RTA_DATA(rta); 266 p = kmemdup(uencap, sizeof(*p), GFP_KERNEL); 267 if (!p) 268 return -ENOMEM; 269 270 *encapp = p; 271 return 0; 272 } 273 274 275 static inline int xfrm_user_sec_ctx_size(struct xfrm_policy *xp) 276 { 277 struct xfrm_sec_ctx *xfrm_ctx = xp->security; 278 int len = 0; 279 280 if (xfrm_ctx) { 281 len += sizeof(struct xfrm_user_sec_ctx); 282 len += xfrm_ctx->ctx_len; 283 } 284 return len; 285 } 286 287 static int attach_sec_ctx(struct xfrm_state *x, struct rtattr *u_arg) 288 { 289 struct xfrm_user_sec_ctx *uctx; 290 291 if (!u_arg) 292 return 0; 293 294 uctx = RTA_DATA(u_arg); 295 return security_xfrm_state_alloc(x, uctx); 296 } 297 298 static int attach_one_addr(xfrm_address_t **addrpp, struct rtattr *u_arg) 299 { 300 struct rtattr *rta = u_arg; 301 xfrm_address_t *p, *uaddrp; 302 303 if (!rta) 304 return 0; 305 306 uaddrp = RTA_DATA(rta); 307 p = kmemdup(uaddrp, sizeof(*p), GFP_KERNEL); 308 if (!p) 309 return -ENOMEM; 310 311 *addrpp = p; 312 return 0; 313 } 314 315 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 316 { 317 memcpy(&x->id, &p->id, sizeof(x->id)); 318 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 319 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 320 x->props.mode = p->mode; 321 x->props.replay_window = p->replay_window; 322 x->props.reqid = p->reqid; 323 x->props.family = p->family; 324 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 325 x->props.flags = p->flags; 326 } 327 328 /* 329 * someday when pfkey also has support, we could have the code 330 * somehow made shareable and move it to xfrm_state.c - JHS 331 * 332 */ 333 static int xfrm_update_ae_params(struct xfrm_state *x, struct rtattr **xfrma) 334 { 335 int err = - EINVAL; 336 struct rtattr *rp = xfrma[XFRMA_REPLAY_VAL-1]; 337 struct rtattr *lt = xfrma[XFRMA_LTIME_VAL-1]; 338 struct rtattr *et = xfrma[XFRMA_ETIMER_THRESH-1]; 339 struct rtattr *rt = xfrma[XFRMA_REPLAY_THRESH-1]; 340 341 if (rp) { 342 struct xfrm_replay_state *replay; 343 if (RTA_PAYLOAD(rp) < sizeof(*replay)) 344 goto error; 345 replay = RTA_DATA(rp); 346 memcpy(&x->replay, replay, sizeof(*replay)); 347 memcpy(&x->preplay, replay, sizeof(*replay)); 348 } 349 350 if (lt) { 351 struct xfrm_lifetime_cur *ltime; 352 if (RTA_PAYLOAD(lt) < sizeof(*ltime)) 353 goto error; 354 ltime = RTA_DATA(lt); 355 x->curlft.bytes = ltime->bytes; 356 x->curlft.packets = ltime->packets; 357 x->curlft.add_time = ltime->add_time; 358 x->curlft.use_time = ltime->use_time; 359 } 360 361 if (et) { 362 if (RTA_PAYLOAD(et) < sizeof(u32)) 363 goto error; 364 x->replay_maxage = *(u32*)RTA_DATA(et); 365 } 366 367 if (rt) { 368 if (RTA_PAYLOAD(rt) < sizeof(u32)) 369 goto error; 370 x->replay_maxdiff = *(u32*)RTA_DATA(rt); 371 } 372 373 return 0; 374 error: 375 return err; 376 } 377 378 static struct xfrm_state *xfrm_state_construct(struct xfrm_usersa_info *p, 379 struct rtattr **xfrma, 380 int *errp) 381 { 382 struct xfrm_state *x = xfrm_state_alloc(); 383 int err = -ENOMEM; 384 385 if (!x) 386 goto error_no_put; 387 388 copy_from_user_state(x, p); 389 390 if ((err = attach_one_algo(&x->aalg, &x->props.aalgo, 391 xfrm_aalg_get_byname, 392 xfrma[XFRMA_ALG_AUTH-1]))) 393 goto error; 394 if ((err = attach_one_algo(&x->ealg, &x->props.ealgo, 395 xfrm_ealg_get_byname, 396 xfrma[XFRMA_ALG_CRYPT-1]))) 397 goto error; 398 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 399 xfrm_calg_get_byname, 400 xfrma[XFRMA_ALG_COMP-1]))) 401 goto error; 402 if ((err = attach_encap_tmpl(&x->encap, xfrma[XFRMA_ENCAP-1]))) 403 goto error; 404 if ((err = attach_one_addr(&x->coaddr, xfrma[XFRMA_COADDR-1]))) 405 goto error; 406 err = xfrm_init_state(x); 407 if (err) 408 goto error; 409 410 if ((err = attach_sec_ctx(x, xfrma[XFRMA_SEC_CTX-1]))) 411 goto error; 412 413 x->km.seq = p->seq; 414 x->replay_maxdiff = sysctl_xfrm_aevent_rseqth; 415 /* sysctl_xfrm_aevent_etime is in 100ms units */ 416 x->replay_maxage = (sysctl_xfrm_aevent_etime*HZ)/XFRM_AE_ETH_M; 417 x->preplay.bitmap = 0; 418 x->preplay.seq = x->replay.seq+x->replay_maxdiff; 419 x->preplay.oseq = x->replay.oseq +x->replay_maxdiff; 420 421 /* override default values from above */ 422 423 err = xfrm_update_ae_params(x, (struct rtattr **)xfrma); 424 if (err < 0) 425 goto error; 426 427 return x; 428 429 error: 430 x->km.state = XFRM_STATE_DEAD; 431 xfrm_state_put(x); 432 error_no_put: 433 *errp = err; 434 return NULL; 435 } 436 437 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 438 struct rtattr **xfrma) 439 { 440 struct xfrm_usersa_info *p = NLMSG_DATA(nlh); 441 struct xfrm_state *x; 442 int err; 443 struct km_event c; 444 445 err = verify_newsa_info(p, xfrma); 446 if (err) 447 return err; 448 449 x = xfrm_state_construct(p, xfrma, &err); 450 if (!x) 451 return err; 452 453 xfrm_state_hold(x); 454 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 455 err = xfrm_state_add(x); 456 else 457 err = xfrm_state_update(x); 458 459 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 460 AUDIT_MAC_IPSEC_ADDSA, err ? 0 : 1, NULL, x); 461 462 if (err < 0) { 463 x->km.state = XFRM_STATE_DEAD; 464 __xfrm_state_put(x); 465 goto out; 466 } 467 468 c.seq = nlh->nlmsg_seq; 469 c.pid = nlh->nlmsg_pid; 470 c.event = nlh->nlmsg_type; 471 472 km_state_notify(x, &c); 473 out: 474 xfrm_state_put(x); 475 return err; 476 } 477 478 static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, 479 struct rtattr **xfrma, 480 int *errp) 481 { 482 struct xfrm_state *x = NULL; 483 int err; 484 485 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { 486 err = -ESRCH; 487 x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); 488 } else { 489 xfrm_address_t *saddr = NULL; 490 491 err = verify_one_addr(xfrma, XFRMA_SRCADDR, &saddr); 492 if (err) 493 goto out; 494 495 if (!saddr) { 496 err = -EINVAL; 497 goto out; 498 } 499 500 err = -ESRCH; 501 x = xfrm_state_lookup_byaddr(&p->daddr, saddr, p->proto, 502 p->family); 503 } 504 505 out: 506 if (!x && errp) 507 *errp = err; 508 return x; 509 } 510 511 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 512 struct rtattr **xfrma) 513 { 514 struct xfrm_state *x; 515 int err = -ESRCH; 516 struct km_event c; 517 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 518 519 x = xfrm_user_state_lookup(p, xfrma, &err); 520 if (x == NULL) 521 return err; 522 523 if ((err = security_xfrm_state_delete(x)) != 0) 524 goto out; 525 526 if (xfrm_state_kern(x)) { 527 err = -EPERM; 528 goto out; 529 } 530 531 err = xfrm_state_delete(x); 532 533 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 534 AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); 535 536 if (err < 0) 537 goto out; 538 539 c.seq = nlh->nlmsg_seq; 540 c.pid = nlh->nlmsg_pid; 541 c.event = nlh->nlmsg_type; 542 km_state_notify(x, &c); 543 544 out: 545 xfrm_state_put(x); 546 return err; 547 } 548 549 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 550 { 551 memcpy(&p->id, &x->id, sizeof(p->id)); 552 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 553 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 554 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 555 memcpy(&p->stats, &x->stats, sizeof(p->stats)); 556 memcpy(&p->saddr, &x->props.saddr, sizeof(p->saddr)); 557 p->mode = x->props.mode; 558 p->replay_window = x->props.replay_window; 559 p->reqid = x->props.reqid; 560 p->family = x->props.family; 561 p->flags = x->props.flags; 562 p->seq = x->km.seq; 563 } 564 565 struct xfrm_dump_info { 566 struct sk_buff *in_skb; 567 struct sk_buff *out_skb; 568 u32 nlmsg_seq; 569 u16 nlmsg_flags; 570 int start_idx; 571 int this_idx; 572 }; 573 574 static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 575 { 576 struct xfrm_dump_info *sp = ptr; 577 struct sk_buff *in_skb = sp->in_skb; 578 struct sk_buff *skb = sp->out_skb; 579 struct xfrm_usersa_info *p; 580 struct nlmsghdr *nlh; 581 unsigned char *b = skb->tail; 582 583 if (sp->this_idx < sp->start_idx) 584 goto out; 585 586 nlh = NLMSG_PUT(skb, NETLINK_CB(in_skb).pid, 587 sp->nlmsg_seq, 588 XFRM_MSG_NEWSA, sizeof(*p)); 589 nlh->nlmsg_flags = sp->nlmsg_flags; 590 591 p = NLMSG_DATA(nlh); 592 copy_to_user_state(x, p); 593 594 if (x->aalg) 595 RTA_PUT(skb, XFRMA_ALG_AUTH, 596 sizeof(*(x->aalg))+(x->aalg->alg_key_len+7)/8, x->aalg); 597 if (x->ealg) 598 RTA_PUT(skb, XFRMA_ALG_CRYPT, 599 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 600 if (x->calg) 601 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 602 603 if (x->encap) 604 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 605 606 if (x->security) { 607 int ctx_size = sizeof(struct xfrm_sec_ctx) + 608 x->security->ctx_len; 609 struct rtattr *rt = __RTA_PUT(skb, XFRMA_SEC_CTX, ctx_size); 610 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 611 612 uctx->exttype = XFRMA_SEC_CTX; 613 uctx->len = ctx_size; 614 uctx->ctx_doi = x->security->ctx_doi; 615 uctx->ctx_alg = x->security->ctx_alg; 616 uctx->ctx_len = x->security->ctx_len; 617 memcpy(uctx + 1, x->security->ctx_str, x->security->ctx_len); 618 } 619 620 if (x->coaddr) 621 RTA_PUT(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr); 622 623 if (x->lastused) 624 RTA_PUT(skb, XFRMA_LASTUSED, sizeof(x->lastused), &x->lastused); 625 626 nlh->nlmsg_len = skb->tail - b; 627 out: 628 sp->this_idx++; 629 return 0; 630 631 nlmsg_failure: 632 rtattr_failure: 633 skb_trim(skb, b - skb->data); 634 return -1; 635 } 636 637 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 638 { 639 struct xfrm_dump_info info; 640 641 info.in_skb = cb->skb; 642 info.out_skb = skb; 643 info.nlmsg_seq = cb->nlh->nlmsg_seq; 644 info.nlmsg_flags = NLM_F_MULTI; 645 info.this_idx = 0; 646 info.start_idx = cb->args[0]; 647 (void) xfrm_state_walk(0, dump_one_state, &info); 648 cb->args[0] = info.this_idx; 649 650 return skb->len; 651 } 652 653 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 654 struct xfrm_state *x, u32 seq) 655 { 656 struct xfrm_dump_info info; 657 struct sk_buff *skb; 658 659 skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC); 660 if (!skb) 661 return ERR_PTR(-ENOMEM); 662 663 info.in_skb = in_skb; 664 info.out_skb = skb; 665 info.nlmsg_seq = seq; 666 info.nlmsg_flags = 0; 667 info.this_idx = info.start_idx = 0; 668 669 if (dump_one_state(x, 0, &info)) { 670 kfree_skb(skb); 671 return NULL; 672 } 673 674 return skb; 675 } 676 677 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 678 struct rtattr **xfrma) 679 { 680 struct xfrm_usersa_id *p = NLMSG_DATA(nlh); 681 struct xfrm_state *x; 682 struct sk_buff *resp_skb; 683 int err = -ESRCH; 684 685 x = xfrm_user_state_lookup(p, xfrma, &err); 686 if (x == NULL) 687 goto out_noput; 688 689 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 690 if (IS_ERR(resp_skb)) { 691 err = PTR_ERR(resp_skb); 692 } else { 693 err = netlink_unicast(xfrm_nl, resp_skb, 694 NETLINK_CB(skb).pid, MSG_DONTWAIT); 695 } 696 xfrm_state_put(x); 697 out_noput: 698 return err; 699 } 700 701 static int verify_userspi_info(struct xfrm_userspi_info *p) 702 { 703 switch (p->info.id.proto) { 704 case IPPROTO_AH: 705 case IPPROTO_ESP: 706 break; 707 708 case IPPROTO_COMP: 709 /* IPCOMP spi is 16-bits. */ 710 if (p->max >= 0x10000) 711 return -EINVAL; 712 break; 713 714 default: 715 return -EINVAL; 716 }; 717 718 if (p->min > p->max) 719 return -EINVAL; 720 721 return 0; 722 } 723 724 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, 725 struct rtattr **xfrma) 726 { 727 struct xfrm_state *x; 728 struct xfrm_userspi_info *p; 729 struct sk_buff *resp_skb; 730 xfrm_address_t *daddr; 731 int family; 732 int err; 733 734 p = NLMSG_DATA(nlh); 735 err = verify_userspi_info(p); 736 if (err) 737 goto out_noput; 738 739 family = p->info.family; 740 daddr = &p->info.id.daddr; 741 742 x = NULL; 743 if (p->info.seq) { 744 x = xfrm_find_acq_byseq(p->info.seq); 745 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) { 746 xfrm_state_put(x); 747 x = NULL; 748 } 749 } 750 751 if (!x) 752 x = xfrm_find_acq(p->info.mode, p->info.reqid, 753 p->info.id.proto, daddr, 754 &p->info.saddr, 1, 755 family); 756 err = -ENOENT; 757 if (x == NULL) 758 goto out_noput; 759 760 resp_skb = ERR_PTR(-ENOENT); 761 762 spin_lock_bh(&x->lock); 763 if (x->km.state != XFRM_STATE_DEAD) { 764 xfrm_alloc_spi(x, htonl(p->min), htonl(p->max)); 765 if (x->id.spi) 766 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 767 } 768 spin_unlock_bh(&x->lock); 769 770 if (IS_ERR(resp_skb)) { 771 err = PTR_ERR(resp_skb); 772 goto out; 773 } 774 775 err = netlink_unicast(xfrm_nl, resp_skb, 776 NETLINK_CB(skb).pid, MSG_DONTWAIT); 777 778 out: 779 xfrm_state_put(x); 780 out_noput: 781 return err; 782 } 783 784 static int verify_policy_dir(u8 dir) 785 { 786 switch (dir) { 787 case XFRM_POLICY_IN: 788 case XFRM_POLICY_OUT: 789 case XFRM_POLICY_FWD: 790 break; 791 792 default: 793 return -EINVAL; 794 }; 795 796 return 0; 797 } 798 799 static int verify_policy_type(u8 type) 800 { 801 switch (type) { 802 case XFRM_POLICY_TYPE_MAIN: 803 #ifdef CONFIG_XFRM_SUB_POLICY 804 case XFRM_POLICY_TYPE_SUB: 805 #endif 806 break; 807 808 default: 809 return -EINVAL; 810 }; 811 812 return 0; 813 } 814 815 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 816 { 817 switch (p->share) { 818 case XFRM_SHARE_ANY: 819 case XFRM_SHARE_SESSION: 820 case XFRM_SHARE_USER: 821 case XFRM_SHARE_UNIQUE: 822 break; 823 824 default: 825 return -EINVAL; 826 }; 827 828 switch (p->action) { 829 case XFRM_POLICY_ALLOW: 830 case XFRM_POLICY_BLOCK: 831 break; 832 833 default: 834 return -EINVAL; 835 }; 836 837 switch (p->sel.family) { 838 case AF_INET: 839 break; 840 841 case AF_INET6: 842 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 843 break; 844 #else 845 return -EAFNOSUPPORT; 846 #endif 847 848 default: 849 return -EINVAL; 850 }; 851 852 return verify_policy_dir(p->dir); 853 } 854 855 static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct rtattr **xfrma) 856 { 857 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 858 struct xfrm_user_sec_ctx *uctx; 859 860 if (!rt) 861 return 0; 862 863 uctx = RTA_DATA(rt); 864 return security_xfrm_policy_alloc(pol, uctx); 865 } 866 867 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 868 int nr) 869 { 870 int i; 871 872 xp->xfrm_nr = nr; 873 for (i = 0; i < nr; i++, ut++) { 874 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 875 876 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 877 memcpy(&t->saddr, &ut->saddr, 878 sizeof(xfrm_address_t)); 879 t->reqid = ut->reqid; 880 t->mode = ut->mode; 881 t->share = ut->share; 882 t->optional = ut->optional; 883 t->aalgos = ut->aalgos; 884 t->ealgos = ut->ealgos; 885 t->calgos = ut->calgos; 886 t->encap_family = ut->family; 887 } 888 } 889 890 static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family) 891 { 892 int i; 893 894 if (nr > XFRM_MAX_DEPTH) 895 return -EINVAL; 896 897 for (i = 0; i < nr; i++) { 898 /* We never validated the ut->family value, so many 899 * applications simply leave it at zero. The check was 900 * never made and ut->family was ignored because all 901 * templates could be assumed to have the same family as 902 * the policy itself. Now that we will have ipv4-in-ipv6 903 * and ipv6-in-ipv4 tunnels, this is no longer true. 904 */ 905 if (!ut[i].family) 906 ut[i].family = family; 907 908 switch (ut[i].family) { 909 case AF_INET: 910 break; 911 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 912 case AF_INET6: 913 break; 914 #endif 915 default: 916 return -EINVAL; 917 }; 918 } 919 920 return 0; 921 } 922 923 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct rtattr **xfrma) 924 { 925 struct rtattr *rt = xfrma[XFRMA_TMPL-1]; 926 927 if (!rt) { 928 pol->xfrm_nr = 0; 929 } else { 930 struct xfrm_user_tmpl *utmpl = RTA_DATA(rt); 931 int nr = (rt->rta_len - sizeof(*rt)) / sizeof(*utmpl); 932 int err; 933 934 err = validate_tmpl(nr, utmpl, pol->family); 935 if (err) 936 return err; 937 938 copy_templates(pol, RTA_DATA(rt), nr); 939 } 940 return 0; 941 } 942 943 static int copy_from_user_policy_type(u8 *tp, struct rtattr **xfrma) 944 { 945 struct rtattr *rt = xfrma[XFRMA_POLICY_TYPE-1]; 946 struct xfrm_userpolicy_type *upt; 947 u8 type = XFRM_POLICY_TYPE_MAIN; 948 int err; 949 950 if (rt) { 951 if (rt->rta_len < sizeof(*upt)) 952 return -EINVAL; 953 954 upt = RTA_DATA(rt); 955 type = upt->type; 956 } 957 958 err = verify_policy_type(type); 959 if (err) 960 return err; 961 962 *tp = type; 963 return 0; 964 } 965 966 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 967 { 968 xp->priority = p->priority; 969 xp->index = p->index; 970 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 971 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 972 xp->action = p->action; 973 xp->flags = p->flags; 974 xp->family = p->sel.family; 975 /* XXX xp->share = p->share; */ 976 } 977 978 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 979 { 980 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 981 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 982 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 983 p->priority = xp->priority; 984 p->index = xp->index; 985 p->sel.family = xp->family; 986 p->dir = dir; 987 p->action = xp->action; 988 p->flags = xp->flags; 989 p->share = XFRM_SHARE_ANY; /* XXX xp->share */ 990 } 991 992 static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct rtattr **xfrma, int *errp) 993 { 994 struct xfrm_policy *xp = xfrm_policy_alloc(GFP_KERNEL); 995 int err; 996 997 if (!xp) { 998 *errp = -ENOMEM; 999 return NULL; 1000 } 1001 1002 copy_from_user_policy(xp, p); 1003 1004 err = copy_from_user_policy_type(&xp->type, xfrma); 1005 if (err) 1006 goto error; 1007 1008 if (!(err = copy_from_user_tmpl(xp, xfrma))) 1009 err = copy_from_user_sec_ctx(xp, xfrma); 1010 if (err) 1011 goto error; 1012 1013 return xp; 1014 error: 1015 *errp = err; 1016 kfree(xp); 1017 return NULL; 1018 } 1019 1020 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1021 struct rtattr **xfrma) 1022 { 1023 struct xfrm_userpolicy_info *p = NLMSG_DATA(nlh); 1024 struct xfrm_policy *xp; 1025 struct km_event c; 1026 int err; 1027 int excl; 1028 1029 err = verify_newpolicy_info(p); 1030 if (err) 1031 return err; 1032 err = verify_sec_ctx_len(xfrma); 1033 if (err) 1034 return err; 1035 1036 xp = xfrm_policy_construct(p, xfrma, &err); 1037 if (!xp) 1038 return err; 1039 1040 /* shouldnt excl be based on nlh flags?? 1041 * Aha! this is anti-netlink really i.e more pfkey derived 1042 * in netlink excl is a flag and you wouldnt need 1043 * a type XFRM_MSG_UPDPOLICY - JHS */ 1044 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1045 err = xfrm_policy_insert(p->dir, xp, excl); 1046 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1047 AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); 1048 1049 if (err) { 1050 security_xfrm_policy_free(xp); 1051 kfree(xp); 1052 return err; 1053 } 1054 1055 c.event = nlh->nlmsg_type; 1056 c.seq = nlh->nlmsg_seq; 1057 c.pid = nlh->nlmsg_pid; 1058 km_policy_notify(xp, p->dir, &c); 1059 1060 xfrm_pol_put(xp); 1061 1062 return 0; 1063 } 1064 1065 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 1066 { 1067 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 1068 int i; 1069 1070 if (xp->xfrm_nr == 0) 1071 return 0; 1072 1073 for (i = 0; i < xp->xfrm_nr; i++) { 1074 struct xfrm_user_tmpl *up = &vec[i]; 1075 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1076 1077 memcpy(&up->id, &kp->id, sizeof(up->id)); 1078 up->family = kp->encap_family; 1079 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1080 up->reqid = kp->reqid; 1081 up->mode = kp->mode; 1082 up->share = kp->share; 1083 up->optional = kp->optional; 1084 up->aalgos = kp->aalgos; 1085 up->ealgos = kp->ealgos; 1086 up->calgos = kp->calgos; 1087 } 1088 RTA_PUT(skb, XFRMA_TMPL, 1089 (sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr), 1090 vec); 1091 1092 return 0; 1093 1094 rtattr_failure: 1095 return -1; 1096 } 1097 1098 static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb) 1099 { 1100 int ctx_size = sizeof(struct xfrm_sec_ctx) + s->ctx_len; 1101 struct rtattr *rt = __RTA_PUT(skb, XFRMA_SEC_CTX, ctx_size); 1102 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 1103 1104 uctx->exttype = XFRMA_SEC_CTX; 1105 uctx->len = ctx_size; 1106 uctx->ctx_doi = s->ctx_doi; 1107 uctx->ctx_alg = s->ctx_alg; 1108 uctx->ctx_len = s->ctx_len; 1109 memcpy(uctx + 1, s->ctx_str, s->ctx_len); 1110 return 0; 1111 1112 rtattr_failure: 1113 return -1; 1114 } 1115 1116 static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb) 1117 { 1118 if (x->security) { 1119 return copy_sec_ctx(x->security, skb); 1120 } 1121 return 0; 1122 } 1123 1124 static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb) 1125 { 1126 if (xp->security) { 1127 return copy_sec_ctx(xp->security, skb); 1128 } 1129 return 0; 1130 } 1131 1132 #ifdef CONFIG_XFRM_SUB_POLICY 1133 static int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1134 { 1135 struct xfrm_userpolicy_type upt; 1136 1137 memset(&upt, 0, sizeof(upt)); 1138 upt.type = type; 1139 1140 RTA_PUT(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); 1141 1142 return 0; 1143 1144 rtattr_failure: 1145 return -1; 1146 } 1147 1148 #else 1149 static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1150 { 1151 return 0; 1152 } 1153 #endif 1154 1155 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 1156 { 1157 struct xfrm_dump_info *sp = ptr; 1158 struct xfrm_userpolicy_info *p; 1159 struct sk_buff *in_skb = sp->in_skb; 1160 struct sk_buff *skb = sp->out_skb; 1161 struct nlmsghdr *nlh; 1162 unsigned char *b = skb->tail; 1163 1164 if (sp->this_idx < sp->start_idx) 1165 goto out; 1166 1167 nlh = NLMSG_PUT(skb, NETLINK_CB(in_skb).pid, 1168 sp->nlmsg_seq, 1169 XFRM_MSG_NEWPOLICY, sizeof(*p)); 1170 p = NLMSG_DATA(nlh); 1171 nlh->nlmsg_flags = sp->nlmsg_flags; 1172 1173 copy_to_user_policy(xp, p, dir); 1174 if (copy_to_user_tmpl(xp, skb) < 0) 1175 goto nlmsg_failure; 1176 if (copy_to_user_sec_ctx(xp, skb)) 1177 goto nlmsg_failure; 1178 if (copy_to_user_policy_type(xp->type, skb) < 0) 1179 goto nlmsg_failure; 1180 1181 nlh->nlmsg_len = skb->tail - b; 1182 out: 1183 sp->this_idx++; 1184 return 0; 1185 1186 nlmsg_failure: 1187 skb_trim(skb, b - skb->data); 1188 return -1; 1189 } 1190 1191 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 1192 { 1193 struct xfrm_dump_info info; 1194 1195 info.in_skb = cb->skb; 1196 info.out_skb = skb; 1197 info.nlmsg_seq = cb->nlh->nlmsg_seq; 1198 info.nlmsg_flags = NLM_F_MULTI; 1199 info.this_idx = 0; 1200 info.start_idx = cb->args[0]; 1201 (void) xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, dump_one_policy, &info); 1202 #ifdef CONFIG_XFRM_SUB_POLICY 1203 (void) xfrm_policy_walk(XFRM_POLICY_TYPE_SUB, dump_one_policy, &info); 1204 #endif 1205 cb->args[0] = info.this_idx; 1206 1207 return skb->len; 1208 } 1209 1210 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 1211 struct xfrm_policy *xp, 1212 int dir, u32 seq) 1213 { 1214 struct xfrm_dump_info info; 1215 struct sk_buff *skb; 1216 1217 skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 1218 if (!skb) 1219 return ERR_PTR(-ENOMEM); 1220 1221 info.in_skb = in_skb; 1222 info.out_skb = skb; 1223 info.nlmsg_seq = seq; 1224 info.nlmsg_flags = 0; 1225 info.this_idx = info.start_idx = 0; 1226 1227 if (dump_one_policy(xp, dir, 0, &info) < 0) { 1228 kfree_skb(skb); 1229 return NULL; 1230 } 1231 1232 return skb; 1233 } 1234 1235 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1236 struct rtattr **xfrma) 1237 { 1238 struct xfrm_policy *xp; 1239 struct xfrm_userpolicy_id *p; 1240 u8 type = XFRM_POLICY_TYPE_MAIN; 1241 int err; 1242 struct km_event c; 1243 int delete; 1244 1245 p = NLMSG_DATA(nlh); 1246 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 1247 1248 err = copy_from_user_policy_type(&type, xfrma); 1249 if (err) 1250 return err; 1251 1252 err = verify_policy_dir(p->dir); 1253 if (err) 1254 return err; 1255 1256 if (p->index) 1257 xp = xfrm_policy_byid(type, p->dir, p->index, delete); 1258 else { 1259 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1260 struct xfrm_policy tmp; 1261 1262 err = verify_sec_ctx_len(xfrma); 1263 if (err) 1264 return err; 1265 1266 memset(&tmp, 0, sizeof(struct xfrm_policy)); 1267 if (rt) { 1268 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 1269 1270 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1271 return err; 1272 } 1273 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete); 1274 security_xfrm_policy_free(&tmp); 1275 } 1276 if (delete) 1277 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1278 AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL); 1279 1280 if (xp == NULL) 1281 return -ENOENT; 1282 1283 if (!delete) { 1284 struct sk_buff *resp_skb; 1285 1286 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 1287 if (IS_ERR(resp_skb)) { 1288 err = PTR_ERR(resp_skb); 1289 } else { 1290 err = netlink_unicast(xfrm_nl, resp_skb, 1291 NETLINK_CB(skb).pid, 1292 MSG_DONTWAIT); 1293 } 1294 } else { 1295 if ((err = security_xfrm_policy_delete(xp)) != 0) 1296 goto out; 1297 c.data.byid = p->index; 1298 c.event = nlh->nlmsg_type; 1299 c.seq = nlh->nlmsg_seq; 1300 c.pid = nlh->nlmsg_pid; 1301 km_policy_notify(xp, p->dir, &c); 1302 } 1303 1304 xfrm_pol_put(xp); 1305 1306 out: 1307 return err; 1308 } 1309 1310 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 1311 struct rtattr **xfrma) 1312 { 1313 struct km_event c; 1314 struct xfrm_usersa_flush *p = NLMSG_DATA(nlh); 1315 struct xfrm_audit audit_info; 1316 1317 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1318 audit_info.secid = NETLINK_CB(skb).sid; 1319 xfrm_state_flush(p->proto, &audit_info); 1320 c.data.proto = p->proto; 1321 c.event = nlh->nlmsg_type; 1322 c.seq = nlh->nlmsg_seq; 1323 c.pid = nlh->nlmsg_pid; 1324 km_state_notify(NULL, &c); 1325 1326 return 0; 1327 } 1328 1329 1330 static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 1331 { 1332 struct xfrm_aevent_id *id; 1333 struct nlmsghdr *nlh; 1334 struct xfrm_lifetime_cur ltime; 1335 unsigned char *b = skb->tail; 1336 1337 nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_NEWAE, sizeof(*id)); 1338 id = NLMSG_DATA(nlh); 1339 nlh->nlmsg_flags = 0; 1340 1341 memcpy(&id->sa_id.daddr, &x->id.daddr,sizeof(x->id.daddr)); 1342 id->sa_id.spi = x->id.spi; 1343 id->sa_id.family = x->props.family; 1344 id->sa_id.proto = x->id.proto; 1345 memcpy(&id->saddr, &x->props.saddr,sizeof(x->props.saddr)); 1346 id->reqid = x->props.reqid; 1347 id->flags = c->data.aevent; 1348 1349 RTA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay); 1350 1351 ltime.bytes = x->curlft.bytes; 1352 ltime.packets = x->curlft.packets; 1353 ltime.add_time = x->curlft.add_time; 1354 ltime.use_time = x->curlft.use_time; 1355 1356 RTA_PUT(skb, XFRMA_LTIME_VAL, sizeof(struct xfrm_lifetime_cur), <ime); 1357 1358 if (id->flags&XFRM_AE_RTHR) { 1359 RTA_PUT(skb,XFRMA_REPLAY_THRESH,sizeof(u32),&x->replay_maxdiff); 1360 } 1361 1362 if (id->flags&XFRM_AE_ETHR) { 1363 u32 etimer = x->replay_maxage*10/HZ; 1364 RTA_PUT(skb,XFRMA_ETIMER_THRESH,sizeof(u32),&etimer); 1365 } 1366 1367 nlh->nlmsg_len = skb->tail - b; 1368 return skb->len; 1369 1370 rtattr_failure: 1371 nlmsg_failure: 1372 skb_trim(skb, b - skb->data); 1373 return -1; 1374 } 1375 1376 static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1377 struct rtattr **xfrma) 1378 { 1379 struct xfrm_state *x; 1380 struct sk_buff *r_skb; 1381 int err; 1382 struct km_event c; 1383 struct xfrm_aevent_id *p = NLMSG_DATA(nlh); 1384 int len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id)); 1385 struct xfrm_usersa_id *id = &p->sa_id; 1386 1387 len += RTA_SPACE(sizeof(struct xfrm_replay_state)); 1388 len += RTA_SPACE(sizeof(struct xfrm_lifetime_cur)); 1389 1390 if (p->flags&XFRM_AE_RTHR) 1391 len+=RTA_SPACE(sizeof(u32)); 1392 1393 if (p->flags&XFRM_AE_ETHR) 1394 len+=RTA_SPACE(sizeof(u32)); 1395 1396 r_skb = alloc_skb(len, GFP_ATOMIC); 1397 if (r_skb == NULL) 1398 return -ENOMEM; 1399 1400 x = xfrm_state_lookup(&id->daddr, id->spi, id->proto, id->family); 1401 if (x == NULL) { 1402 kfree(r_skb); 1403 return -ESRCH; 1404 } 1405 1406 /* 1407 * XXX: is this lock really needed - none of the other 1408 * gets lock (the concern is things getting updated 1409 * while we are still reading) - jhs 1410 */ 1411 spin_lock_bh(&x->lock); 1412 c.data.aevent = p->flags; 1413 c.seq = nlh->nlmsg_seq; 1414 c.pid = nlh->nlmsg_pid; 1415 1416 if (build_aevent(r_skb, x, &c) < 0) 1417 BUG(); 1418 err = netlink_unicast(xfrm_nl, r_skb, 1419 NETLINK_CB(skb).pid, MSG_DONTWAIT); 1420 spin_unlock_bh(&x->lock); 1421 xfrm_state_put(x); 1422 return err; 1423 } 1424 1425 static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1426 struct rtattr **xfrma) 1427 { 1428 struct xfrm_state *x; 1429 struct km_event c; 1430 int err = - EINVAL; 1431 struct xfrm_aevent_id *p = NLMSG_DATA(nlh); 1432 struct rtattr *rp = xfrma[XFRMA_REPLAY_VAL-1]; 1433 struct rtattr *lt = xfrma[XFRMA_LTIME_VAL-1]; 1434 1435 if (!lt && !rp) 1436 return err; 1437 1438 /* pedantic mode - thou shalt sayeth replaceth */ 1439 if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) 1440 return err; 1441 1442 x = xfrm_state_lookup(&p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); 1443 if (x == NULL) 1444 return -ESRCH; 1445 1446 if (x->km.state != XFRM_STATE_VALID) 1447 goto out; 1448 1449 spin_lock_bh(&x->lock); 1450 err = xfrm_update_ae_params(x, xfrma); 1451 spin_unlock_bh(&x->lock); 1452 if (err < 0) 1453 goto out; 1454 1455 c.event = nlh->nlmsg_type; 1456 c.seq = nlh->nlmsg_seq; 1457 c.pid = nlh->nlmsg_pid; 1458 c.data.aevent = XFRM_AE_CU; 1459 km_state_notify(x, &c); 1460 err = 0; 1461 out: 1462 xfrm_state_put(x); 1463 return err; 1464 } 1465 1466 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1467 struct rtattr **xfrma) 1468 { 1469 struct km_event c; 1470 u8 type = XFRM_POLICY_TYPE_MAIN; 1471 int err; 1472 struct xfrm_audit audit_info; 1473 1474 err = copy_from_user_policy_type(&type, xfrma); 1475 if (err) 1476 return err; 1477 1478 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1479 audit_info.secid = NETLINK_CB(skb).sid; 1480 xfrm_policy_flush(type, &audit_info); 1481 c.data.type = type; 1482 c.event = nlh->nlmsg_type; 1483 c.seq = nlh->nlmsg_seq; 1484 c.pid = nlh->nlmsg_pid; 1485 km_policy_notify(NULL, 0, &c); 1486 return 0; 1487 } 1488 1489 static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1490 struct rtattr **xfrma) 1491 { 1492 struct xfrm_policy *xp; 1493 struct xfrm_user_polexpire *up = NLMSG_DATA(nlh); 1494 struct xfrm_userpolicy_info *p = &up->pol; 1495 u8 type = XFRM_POLICY_TYPE_MAIN; 1496 int err = -ENOENT; 1497 1498 err = copy_from_user_policy_type(&type, xfrma); 1499 if (err) 1500 return err; 1501 1502 if (p->index) 1503 xp = xfrm_policy_byid(type, p->dir, p->index, 0); 1504 else { 1505 struct rtattr *rt = xfrma[XFRMA_SEC_CTX-1]; 1506 struct xfrm_policy tmp; 1507 1508 err = verify_sec_ctx_len(xfrma); 1509 if (err) 1510 return err; 1511 1512 memset(&tmp, 0, sizeof(struct xfrm_policy)); 1513 if (rt) { 1514 struct xfrm_user_sec_ctx *uctx = RTA_DATA(rt); 1515 1516 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1517 return err; 1518 } 1519 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 0); 1520 security_xfrm_policy_free(&tmp); 1521 } 1522 1523 if (xp == NULL) 1524 return err; 1525 read_lock(&xp->lock); 1526 if (xp->dead) { 1527 read_unlock(&xp->lock); 1528 goto out; 1529 } 1530 1531 read_unlock(&xp->lock); 1532 err = 0; 1533 if (up->hard) { 1534 xfrm_policy_delete(xp, p->dir); 1535 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1536 AUDIT_MAC_IPSEC_DELSPD, 1, xp, NULL); 1537 1538 } else { 1539 // reset the timers here? 1540 printk("Dont know what to do with soft policy expire\n"); 1541 } 1542 km_policy_expired(xp, p->dir, up->hard, current->pid); 1543 1544 out: 1545 xfrm_pol_put(xp); 1546 return err; 1547 } 1548 1549 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1550 struct rtattr **xfrma) 1551 { 1552 struct xfrm_state *x; 1553 int err; 1554 struct xfrm_user_expire *ue = NLMSG_DATA(nlh); 1555 struct xfrm_usersa_info *p = &ue->state; 1556 1557 x = xfrm_state_lookup(&p->id.daddr, p->id.spi, p->id.proto, p->family); 1558 err = -ENOENT; 1559 1560 if (x == NULL) 1561 return err; 1562 1563 err = -EINVAL; 1564 1565 spin_lock_bh(&x->lock); 1566 if (x->km.state != XFRM_STATE_VALID) 1567 goto out; 1568 km_state_expired(x, ue->hard, current->pid); 1569 1570 if (ue->hard) { 1571 __xfrm_state_delete(x); 1572 xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid, 1573 AUDIT_MAC_IPSEC_DELSA, 1, NULL, x); 1574 } 1575 out: 1576 spin_unlock_bh(&x->lock); 1577 xfrm_state_put(x); 1578 return err; 1579 } 1580 1581 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, 1582 struct rtattr **xfrma) 1583 { 1584 struct xfrm_policy *xp; 1585 struct xfrm_user_tmpl *ut; 1586 int i; 1587 struct rtattr *rt = xfrma[XFRMA_TMPL-1]; 1588 1589 struct xfrm_user_acquire *ua = NLMSG_DATA(nlh); 1590 struct xfrm_state *x = xfrm_state_alloc(); 1591 int err = -ENOMEM; 1592 1593 if (!x) 1594 return err; 1595 1596 err = verify_newpolicy_info(&ua->policy); 1597 if (err) { 1598 printk("BAD policy passed\n"); 1599 kfree(x); 1600 return err; 1601 } 1602 1603 /* build an XP */ 1604 xp = xfrm_policy_construct(&ua->policy, (struct rtattr **) xfrma, &err); 1605 if (!xp) { 1606 kfree(x); 1607 return err; 1608 } 1609 1610 memcpy(&x->id, &ua->id, sizeof(ua->id)); 1611 memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr)); 1612 memcpy(&x->sel, &ua->sel, sizeof(ua->sel)); 1613 1614 ut = RTA_DATA(rt); 1615 /* extract the templates and for each call km_key */ 1616 for (i = 0; i < xp->xfrm_nr; i++, ut++) { 1617 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 1618 memcpy(&x->id, &t->id, sizeof(x->id)); 1619 x->props.mode = t->mode; 1620 x->props.reqid = t->reqid; 1621 x->props.family = ut->family; 1622 t->aalgos = ua->aalgos; 1623 t->ealgos = ua->ealgos; 1624 t->calgos = ua->calgos; 1625 err = km_query(x, t, xp); 1626 1627 } 1628 1629 kfree(x); 1630 kfree(xp); 1631 1632 return 0; 1633 } 1634 1635 1636 #define XMSGSIZE(type) NLMSG_LENGTH(sizeof(struct type)) 1637 1638 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 1639 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1640 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 1641 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 1642 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1643 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1644 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1645 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 1646 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 1647 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 1648 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1649 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1650 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 1651 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 1652 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = NLMSG_LENGTH(0), 1653 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 1654 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 1655 [XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report), 1656 }; 1657 1658 #undef XMSGSIZE 1659 1660 static struct xfrm_link { 1661 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct rtattr **); 1662 int (*dump)(struct sk_buff *, struct netlink_callback *); 1663 } xfrm_dispatch[XFRM_NR_MSGTYPES] = { 1664 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1665 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 1666 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 1667 .dump = xfrm_dump_sa }, 1668 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1669 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 1670 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 1671 .dump = xfrm_dump_policy }, 1672 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 1673 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, 1674 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, 1675 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1676 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1677 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire}, 1678 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 1679 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 1680 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae }, 1681 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = { .doit = xfrm_get_ae }, 1682 }; 1683 1684 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *errp) 1685 { 1686 struct rtattr *xfrma[XFRMA_MAX]; 1687 struct xfrm_link *link; 1688 int type, min_len; 1689 1690 if (!(nlh->nlmsg_flags & NLM_F_REQUEST)) 1691 return 0; 1692 1693 type = nlh->nlmsg_type; 1694 1695 /* A control message: ignore them */ 1696 if (type < XFRM_MSG_BASE) 1697 return 0; 1698 1699 /* Unknown message: reply with EINVAL */ 1700 if (type > XFRM_MSG_MAX) 1701 goto err_einval; 1702 1703 type -= XFRM_MSG_BASE; 1704 link = &xfrm_dispatch[type]; 1705 1706 /* All operations require privileges, even GET */ 1707 if (security_netlink_recv(skb, CAP_NET_ADMIN)) { 1708 *errp = -EPERM; 1709 return -1; 1710 } 1711 1712 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 1713 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 1714 (nlh->nlmsg_flags & NLM_F_DUMP)) { 1715 if (link->dump == NULL) 1716 goto err_einval; 1717 1718 if ((*errp = netlink_dump_start(xfrm_nl, skb, nlh, 1719 link->dump, NULL)) != 0) { 1720 return -1; 1721 } 1722 1723 netlink_queue_skip(nlh, skb); 1724 return -1; 1725 } 1726 1727 memset(xfrma, 0, sizeof(xfrma)); 1728 1729 if (nlh->nlmsg_len < (min_len = xfrm_msg_min[type])) 1730 goto err_einval; 1731 1732 if (nlh->nlmsg_len > min_len) { 1733 int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); 1734 struct rtattr *attr = (void *) nlh + NLMSG_ALIGN(min_len); 1735 1736 while (RTA_OK(attr, attrlen)) { 1737 unsigned short flavor = attr->rta_type; 1738 if (flavor) { 1739 if (flavor > XFRMA_MAX) 1740 goto err_einval; 1741 xfrma[flavor - 1] = attr; 1742 } 1743 attr = RTA_NEXT(attr, attrlen); 1744 } 1745 } 1746 1747 if (link->doit == NULL) 1748 goto err_einval; 1749 *errp = link->doit(skb, nlh, xfrma); 1750 1751 return *errp; 1752 1753 err_einval: 1754 *errp = -EINVAL; 1755 return -1; 1756 } 1757 1758 static void xfrm_netlink_rcv(struct sock *sk, int len) 1759 { 1760 unsigned int qlen = 0; 1761 1762 do { 1763 mutex_lock(&xfrm_cfg_mutex); 1764 netlink_run_queue(sk, &qlen, &xfrm_user_rcv_msg); 1765 mutex_unlock(&xfrm_cfg_mutex); 1766 1767 } while (qlen); 1768 } 1769 1770 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 1771 { 1772 struct xfrm_user_expire *ue; 1773 struct nlmsghdr *nlh; 1774 unsigned char *b = skb->tail; 1775 1776 nlh = NLMSG_PUT(skb, c->pid, 0, XFRM_MSG_EXPIRE, 1777 sizeof(*ue)); 1778 ue = NLMSG_DATA(nlh); 1779 nlh->nlmsg_flags = 0; 1780 1781 copy_to_user_state(x, &ue->state); 1782 ue->hard = (c->data.hard != 0) ? 1 : 0; 1783 1784 nlh->nlmsg_len = skb->tail - b; 1785 return skb->len; 1786 1787 nlmsg_failure: 1788 skb_trim(skb, b - skb->data); 1789 return -1; 1790 } 1791 1792 static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) 1793 { 1794 struct sk_buff *skb; 1795 int len = NLMSG_LENGTH(sizeof(struct xfrm_user_expire)); 1796 1797 skb = alloc_skb(len, GFP_ATOMIC); 1798 if (skb == NULL) 1799 return -ENOMEM; 1800 1801 if (build_expire(skb, x, c) < 0) 1802 BUG(); 1803 1804 NETLINK_CB(skb).dst_group = XFRMNLGRP_EXPIRE; 1805 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 1806 } 1807 1808 static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) 1809 { 1810 struct sk_buff *skb; 1811 int len = NLMSG_LENGTH(sizeof(struct xfrm_aevent_id)); 1812 1813 len += RTA_SPACE(sizeof(struct xfrm_replay_state)); 1814 len += RTA_SPACE(sizeof(struct xfrm_lifetime_cur)); 1815 skb = alloc_skb(len, GFP_ATOMIC); 1816 if (skb == NULL) 1817 return -ENOMEM; 1818 1819 if (build_aevent(skb, x, c) < 0) 1820 BUG(); 1821 1822 NETLINK_CB(skb).dst_group = XFRMNLGRP_AEVENTS; 1823 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_AEVENTS, GFP_ATOMIC); 1824 } 1825 1826 static int xfrm_notify_sa_flush(struct km_event *c) 1827 { 1828 struct xfrm_usersa_flush *p; 1829 struct nlmsghdr *nlh; 1830 struct sk_buff *skb; 1831 unsigned char *b; 1832 int len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_flush)); 1833 1834 skb = alloc_skb(len, GFP_ATOMIC); 1835 if (skb == NULL) 1836 return -ENOMEM; 1837 b = skb->tail; 1838 1839 nlh = NLMSG_PUT(skb, c->pid, c->seq, 1840 XFRM_MSG_FLUSHSA, sizeof(*p)); 1841 nlh->nlmsg_flags = 0; 1842 1843 p = NLMSG_DATA(nlh); 1844 p->proto = c->data.proto; 1845 1846 nlh->nlmsg_len = skb->tail - b; 1847 1848 NETLINK_CB(skb).dst_group = XFRMNLGRP_SA; 1849 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 1850 1851 nlmsg_failure: 1852 kfree_skb(skb); 1853 return -1; 1854 } 1855 1856 static int inline xfrm_sa_len(struct xfrm_state *x) 1857 { 1858 int l = 0; 1859 if (x->aalg) 1860 l += RTA_SPACE(sizeof(*x->aalg) + (x->aalg->alg_key_len+7)/8); 1861 if (x->ealg) 1862 l += RTA_SPACE(sizeof(*x->ealg) + (x->ealg->alg_key_len+7)/8); 1863 if (x->calg) 1864 l += RTA_SPACE(sizeof(*x->calg)); 1865 if (x->encap) 1866 l += RTA_SPACE(sizeof(*x->encap)); 1867 1868 return l; 1869 } 1870 1871 static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) 1872 { 1873 struct xfrm_usersa_info *p; 1874 struct xfrm_usersa_id *id; 1875 struct nlmsghdr *nlh; 1876 struct sk_buff *skb; 1877 unsigned char *b; 1878 int len = xfrm_sa_len(x); 1879 int headlen; 1880 1881 headlen = sizeof(*p); 1882 if (c->event == XFRM_MSG_DELSA) { 1883 len += RTA_SPACE(headlen); 1884 headlen = sizeof(*id); 1885 } 1886 len += NLMSG_SPACE(headlen); 1887 1888 skb = alloc_skb(len, GFP_ATOMIC); 1889 if (skb == NULL) 1890 return -ENOMEM; 1891 b = skb->tail; 1892 1893 nlh = NLMSG_PUT(skb, c->pid, c->seq, c->event, headlen); 1894 nlh->nlmsg_flags = 0; 1895 1896 p = NLMSG_DATA(nlh); 1897 if (c->event == XFRM_MSG_DELSA) { 1898 id = NLMSG_DATA(nlh); 1899 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr)); 1900 id->spi = x->id.spi; 1901 id->family = x->props.family; 1902 id->proto = x->id.proto; 1903 1904 p = RTA_DATA(__RTA_PUT(skb, XFRMA_SA, sizeof(*p))); 1905 } 1906 1907 copy_to_user_state(x, p); 1908 1909 if (x->aalg) 1910 RTA_PUT(skb, XFRMA_ALG_AUTH, 1911 sizeof(*(x->aalg))+(x->aalg->alg_key_len+7)/8, x->aalg); 1912 if (x->ealg) 1913 RTA_PUT(skb, XFRMA_ALG_CRYPT, 1914 sizeof(*(x->ealg))+(x->ealg->alg_key_len+7)/8, x->ealg); 1915 if (x->calg) 1916 RTA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 1917 1918 if (x->encap) 1919 RTA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 1920 1921 nlh->nlmsg_len = skb->tail - b; 1922 1923 NETLINK_CB(skb).dst_group = XFRMNLGRP_SA; 1924 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 1925 1926 nlmsg_failure: 1927 rtattr_failure: 1928 kfree_skb(skb); 1929 return -1; 1930 } 1931 1932 static int xfrm_send_state_notify(struct xfrm_state *x, struct km_event *c) 1933 { 1934 1935 switch (c->event) { 1936 case XFRM_MSG_EXPIRE: 1937 return xfrm_exp_state_notify(x, c); 1938 case XFRM_MSG_NEWAE: 1939 return xfrm_aevent_state_notify(x, c); 1940 case XFRM_MSG_DELSA: 1941 case XFRM_MSG_UPDSA: 1942 case XFRM_MSG_NEWSA: 1943 return xfrm_notify_sa(x, c); 1944 case XFRM_MSG_FLUSHSA: 1945 return xfrm_notify_sa_flush(c); 1946 default: 1947 printk("xfrm_user: Unknown SA event %d\n", c->event); 1948 break; 1949 } 1950 1951 return 0; 1952 1953 } 1954 1955 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 1956 struct xfrm_tmpl *xt, struct xfrm_policy *xp, 1957 int dir) 1958 { 1959 struct xfrm_user_acquire *ua; 1960 struct nlmsghdr *nlh; 1961 unsigned char *b = skb->tail; 1962 __u32 seq = xfrm_get_acqseq(); 1963 1964 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_ACQUIRE, 1965 sizeof(*ua)); 1966 ua = NLMSG_DATA(nlh); 1967 nlh->nlmsg_flags = 0; 1968 1969 memcpy(&ua->id, &x->id, sizeof(ua->id)); 1970 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 1971 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 1972 copy_to_user_policy(xp, &ua->policy, dir); 1973 ua->aalgos = xt->aalgos; 1974 ua->ealgos = xt->ealgos; 1975 ua->calgos = xt->calgos; 1976 ua->seq = x->km.seq = seq; 1977 1978 if (copy_to_user_tmpl(xp, skb) < 0) 1979 goto nlmsg_failure; 1980 if (copy_to_user_state_sec_ctx(x, skb)) 1981 goto nlmsg_failure; 1982 if (copy_to_user_policy_type(xp->type, skb) < 0) 1983 goto nlmsg_failure; 1984 1985 nlh->nlmsg_len = skb->tail - b; 1986 return skb->len; 1987 1988 nlmsg_failure: 1989 skb_trim(skb, b - skb->data); 1990 return -1; 1991 } 1992 1993 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 1994 struct xfrm_policy *xp, int dir) 1995 { 1996 struct sk_buff *skb; 1997 size_t len; 1998 1999 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2000 len += NLMSG_SPACE(sizeof(struct xfrm_user_acquire)); 2001 len += RTA_SPACE(xfrm_user_sec_ctx_size(xp)); 2002 #ifdef CONFIG_XFRM_SUB_POLICY 2003 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2004 #endif 2005 skb = alloc_skb(len, GFP_ATOMIC); 2006 if (skb == NULL) 2007 return -ENOMEM; 2008 2009 if (build_acquire(skb, x, xt, xp, dir) < 0) 2010 BUG(); 2011 2012 NETLINK_CB(skb).dst_group = XFRMNLGRP_ACQUIRE; 2013 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_ACQUIRE, GFP_ATOMIC); 2014 } 2015 2016 /* User gives us xfrm_user_policy_info followed by an array of 0 2017 * or more templates. 2018 */ 2019 static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, 2020 u8 *data, int len, int *dir) 2021 { 2022 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 2023 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 2024 struct xfrm_policy *xp; 2025 int nr; 2026 2027 switch (sk->sk_family) { 2028 case AF_INET: 2029 if (opt != IP_XFRM_POLICY) { 2030 *dir = -EOPNOTSUPP; 2031 return NULL; 2032 } 2033 break; 2034 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2035 case AF_INET6: 2036 if (opt != IPV6_XFRM_POLICY) { 2037 *dir = -EOPNOTSUPP; 2038 return NULL; 2039 } 2040 break; 2041 #endif 2042 default: 2043 *dir = -EINVAL; 2044 return NULL; 2045 } 2046 2047 *dir = -EINVAL; 2048 2049 if (len < sizeof(*p) || 2050 verify_newpolicy_info(p)) 2051 return NULL; 2052 2053 nr = ((len - sizeof(*p)) / sizeof(*ut)); 2054 if (validate_tmpl(nr, ut, p->sel.family)) 2055 return NULL; 2056 2057 if (p->dir > XFRM_POLICY_OUT) 2058 return NULL; 2059 2060 xp = xfrm_policy_alloc(GFP_KERNEL); 2061 if (xp == NULL) { 2062 *dir = -ENOBUFS; 2063 return NULL; 2064 } 2065 2066 copy_from_user_policy(xp, p); 2067 xp->type = XFRM_POLICY_TYPE_MAIN; 2068 copy_templates(xp, ut, nr); 2069 2070 *dir = p->dir; 2071 2072 return xp; 2073 } 2074 2075 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 2076 int dir, struct km_event *c) 2077 { 2078 struct xfrm_user_polexpire *upe; 2079 struct nlmsghdr *nlh; 2080 int hard = c->data.hard; 2081 unsigned char *b = skb->tail; 2082 2083 nlh = NLMSG_PUT(skb, c->pid, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe)); 2084 upe = NLMSG_DATA(nlh); 2085 nlh->nlmsg_flags = 0; 2086 2087 copy_to_user_policy(xp, &upe->pol, dir); 2088 if (copy_to_user_tmpl(xp, skb) < 0) 2089 goto nlmsg_failure; 2090 if (copy_to_user_sec_ctx(xp, skb)) 2091 goto nlmsg_failure; 2092 if (copy_to_user_policy_type(xp->type, skb) < 0) 2093 goto nlmsg_failure; 2094 upe->hard = !!hard; 2095 2096 nlh->nlmsg_len = skb->tail - b; 2097 return skb->len; 2098 2099 nlmsg_failure: 2100 skb_trim(skb, b - skb->data); 2101 return -1; 2102 } 2103 2104 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2105 { 2106 struct sk_buff *skb; 2107 size_t len; 2108 2109 len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2110 len += NLMSG_SPACE(sizeof(struct xfrm_user_polexpire)); 2111 len += RTA_SPACE(xfrm_user_sec_ctx_size(xp)); 2112 #ifdef CONFIG_XFRM_SUB_POLICY 2113 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2114 #endif 2115 skb = alloc_skb(len, GFP_ATOMIC); 2116 if (skb == NULL) 2117 return -ENOMEM; 2118 2119 if (build_polexpire(skb, xp, dir, c) < 0) 2120 BUG(); 2121 2122 NETLINK_CB(skb).dst_group = XFRMNLGRP_EXPIRE; 2123 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 2124 } 2125 2126 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 2127 { 2128 struct xfrm_userpolicy_info *p; 2129 struct xfrm_userpolicy_id *id; 2130 struct nlmsghdr *nlh; 2131 struct sk_buff *skb; 2132 unsigned char *b; 2133 int len = RTA_SPACE(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2134 int headlen; 2135 2136 headlen = sizeof(*p); 2137 if (c->event == XFRM_MSG_DELPOLICY) { 2138 len += RTA_SPACE(headlen); 2139 headlen = sizeof(*id); 2140 } 2141 #ifdef CONFIG_XFRM_SUB_POLICY 2142 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2143 #endif 2144 len += NLMSG_SPACE(headlen); 2145 2146 skb = alloc_skb(len, GFP_ATOMIC); 2147 if (skb == NULL) 2148 return -ENOMEM; 2149 b = skb->tail; 2150 2151 nlh = NLMSG_PUT(skb, c->pid, c->seq, c->event, headlen); 2152 2153 p = NLMSG_DATA(nlh); 2154 if (c->event == XFRM_MSG_DELPOLICY) { 2155 id = NLMSG_DATA(nlh); 2156 memset(id, 0, sizeof(*id)); 2157 id->dir = dir; 2158 if (c->data.byid) 2159 id->index = xp->index; 2160 else 2161 memcpy(&id->sel, &xp->selector, sizeof(id->sel)); 2162 2163 p = RTA_DATA(__RTA_PUT(skb, XFRMA_POLICY, sizeof(*p))); 2164 } 2165 2166 nlh->nlmsg_flags = 0; 2167 2168 copy_to_user_policy(xp, p, dir); 2169 if (copy_to_user_tmpl(xp, skb) < 0) 2170 goto nlmsg_failure; 2171 if (copy_to_user_policy_type(xp->type, skb) < 0) 2172 goto nlmsg_failure; 2173 2174 nlh->nlmsg_len = skb->tail - b; 2175 2176 NETLINK_CB(skb).dst_group = XFRMNLGRP_POLICY; 2177 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2178 2179 nlmsg_failure: 2180 rtattr_failure: 2181 kfree_skb(skb); 2182 return -1; 2183 } 2184 2185 static int xfrm_notify_policy_flush(struct km_event *c) 2186 { 2187 struct nlmsghdr *nlh; 2188 struct sk_buff *skb; 2189 unsigned char *b; 2190 int len = 0; 2191 #ifdef CONFIG_XFRM_SUB_POLICY 2192 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2193 #endif 2194 len += NLMSG_LENGTH(0); 2195 2196 skb = alloc_skb(len, GFP_ATOMIC); 2197 if (skb == NULL) 2198 return -ENOMEM; 2199 b = skb->tail; 2200 2201 2202 nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0); 2203 nlh->nlmsg_flags = 0; 2204 if (copy_to_user_policy_type(c->data.type, skb) < 0) 2205 goto nlmsg_failure; 2206 2207 nlh->nlmsg_len = skb->tail - b; 2208 2209 NETLINK_CB(skb).dst_group = XFRMNLGRP_POLICY; 2210 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2211 2212 nlmsg_failure: 2213 kfree_skb(skb); 2214 return -1; 2215 } 2216 2217 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2218 { 2219 2220 switch (c->event) { 2221 case XFRM_MSG_NEWPOLICY: 2222 case XFRM_MSG_UPDPOLICY: 2223 case XFRM_MSG_DELPOLICY: 2224 return xfrm_notify_policy(xp, dir, c); 2225 case XFRM_MSG_FLUSHPOLICY: 2226 return xfrm_notify_policy_flush(c); 2227 case XFRM_MSG_POLEXPIRE: 2228 return xfrm_exp_policy_notify(xp, dir, c); 2229 default: 2230 printk("xfrm_user: Unknown Policy event %d\n", c->event); 2231 } 2232 2233 return 0; 2234 2235 } 2236 2237 static int build_report(struct sk_buff *skb, u8 proto, 2238 struct xfrm_selector *sel, xfrm_address_t *addr) 2239 { 2240 struct xfrm_user_report *ur; 2241 struct nlmsghdr *nlh; 2242 unsigned char *b = skb->tail; 2243 2244 nlh = NLMSG_PUT(skb, 0, 0, XFRM_MSG_REPORT, sizeof(*ur)); 2245 ur = NLMSG_DATA(nlh); 2246 nlh->nlmsg_flags = 0; 2247 2248 ur->proto = proto; 2249 memcpy(&ur->sel, sel, sizeof(ur->sel)); 2250 2251 if (addr) 2252 RTA_PUT(skb, XFRMA_COADDR, sizeof(*addr), addr); 2253 2254 nlh->nlmsg_len = skb->tail - b; 2255 return skb->len; 2256 2257 nlmsg_failure: 2258 rtattr_failure: 2259 skb_trim(skb, b - skb->data); 2260 return -1; 2261 } 2262 2263 static int xfrm_send_report(u8 proto, struct xfrm_selector *sel, 2264 xfrm_address_t *addr) 2265 { 2266 struct sk_buff *skb; 2267 size_t len; 2268 2269 len = NLMSG_ALIGN(NLMSG_LENGTH(sizeof(struct xfrm_user_report))); 2270 skb = alloc_skb(len, GFP_ATOMIC); 2271 if (skb == NULL) 2272 return -ENOMEM; 2273 2274 if (build_report(skb, proto, sel, addr) < 0) 2275 BUG(); 2276 2277 NETLINK_CB(skb).dst_group = XFRMNLGRP_REPORT; 2278 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_REPORT, GFP_ATOMIC); 2279 } 2280 2281 static struct xfrm_mgr netlink_mgr = { 2282 .id = "netlink", 2283 .notify = xfrm_send_state_notify, 2284 .acquire = xfrm_send_acquire, 2285 .compile_policy = xfrm_compile_policy, 2286 .notify_policy = xfrm_send_policy_notify, 2287 .report = xfrm_send_report, 2288 }; 2289 2290 static int __init xfrm_user_init(void) 2291 { 2292 struct sock *nlsk; 2293 2294 printk(KERN_INFO "Initializing XFRM netlink socket\n"); 2295 2296 nlsk = netlink_kernel_create(NETLINK_XFRM, XFRMNLGRP_MAX, 2297 xfrm_netlink_rcv, THIS_MODULE); 2298 if (nlsk == NULL) 2299 return -ENOMEM; 2300 rcu_assign_pointer(xfrm_nl, nlsk); 2301 2302 xfrm_register_km(&netlink_mgr); 2303 2304 return 0; 2305 } 2306 2307 static void __exit xfrm_user_exit(void) 2308 { 2309 struct sock *nlsk = xfrm_nl; 2310 2311 xfrm_unregister_km(&netlink_mgr); 2312 rcu_assign_pointer(xfrm_nl, NULL); 2313 synchronize_rcu(); 2314 sock_release(nlsk->sk_socket); 2315 } 2316 2317 module_init(xfrm_user_init); 2318 module_exit(xfrm_user_exit); 2319 MODULE_LICENSE("GPL"); 2320 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM); 2321 2322