1 /* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support 10 * 11 */ 12 13 #include <linux/crypto.h> 14 #include <linux/module.h> 15 #include <linux/kernel.h> 16 #include <linux/types.h> 17 #include <linux/slab.h> 18 #include <linux/socket.h> 19 #include <linux/string.h> 20 #include <linux/net.h> 21 #include <linux/skbuff.h> 22 #include <linux/pfkeyv2.h> 23 #include <linux/ipsec.h> 24 #include <linux/init.h> 25 #include <linux/security.h> 26 #include <net/sock.h> 27 #include <net/xfrm.h> 28 #include <net/netlink.h> 29 #include <asm/uaccess.h> 30 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 31 #include <linux/in6.h> 32 #endif 33 34 static inline int alg_len(struct xfrm_algo *alg) 35 { 36 return sizeof(*alg) + ((alg->alg_key_len + 7) / 8); 37 } 38 39 static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) 40 { 41 struct nlattr *rt = attrs[type]; 42 struct xfrm_algo *algp; 43 44 if (!rt) 45 return 0; 46 47 algp = nla_data(rt); 48 if (nla_len(rt) < alg_len(algp)) 49 return -EINVAL; 50 51 switch (type) { 52 case XFRMA_ALG_AUTH: 53 if (!algp->alg_key_len && 54 strcmp(algp->alg_name, "digest_null") != 0) 55 return -EINVAL; 56 break; 57 58 case XFRMA_ALG_CRYPT: 59 if (!algp->alg_key_len && 60 strcmp(algp->alg_name, "cipher_null") != 0) 61 return -EINVAL; 62 break; 63 64 case XFRMA_ALG_COMP: 65 /* Zero length keys are legal. */ 66 break; 67 68 default: 69 return -EINVAL; 70 } 71 72 algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0'; 73 return 0; 74 } 75 76 static void verify_one_addr(struct nlattr **attrs, enum xfrm_attr_type_t type, 77 xfrm_address_t **addrp) 78 { 79 struct nlattr *rt = attrs[type]; 80 81 if (rt && addrp) 82 *addrp = nla_data(rt); 83 } 84 85 static inline int verify_sec_ctx_len(struct nlattr **attrs) 86 { 87 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 88 struct xfrm_user_sec_ctx *uctx; 89 90 if (!rt) 91 return 0; 92 93 uctx = nla_data(rt); 94 if (uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len)) 95 return -EINVAL; 96 97 return 0; 98 } 99 100 101 static int verify_newsa_info(struct xfrm_usersa_info *p, 102 struct nlattr **attrs) 103 { 104 int err; 105 106 err = -EINVAL; 107 switch (p->family) { 108 case AF_INET: 109 break; 110 111 case AF_INET6: 112 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 113 break; 114 #else 115 err = -EAFNOSUPPORT; 116 goto out; 117 #endif 118 119 default: 120 goto out; 121 } 122 123 err = -EINVAL; 124 switch (p->id.proto) { 125 case IPPROTO_AH: 126 if (!attrs[XFRMA_ALG_AUTH] || 127 attrs[XFRMA_ALG_CRYPT] || 128 attrs[XFRMA_ALG_COMP]) 129 goto out; 130 break; 131 132 case IPPROTO_ESP: 133 if ((!attrs[XFRMA_ALG_AUTH] && 134 !attrs[XFRMA_ALG_CRYPT]) || 135 attrs[XFRMA_ALG_COMP]) 136 goto out; 137 break; 138 139 case IPPROTO_COMP: 140 if (!attrs[XFRMA_ALG_COMP] || 141 attrs[XFRMA_ALG_AUTH] || 142 attrs[XFRMA_ALG_CRYPT]) 143 goto out; 144 break; 145 146 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 147 case IPPROTO_DSTOPTS: 148 case IPPROTO_ROUTING: 149 if (attrs[XFRMA_ALG_COMP] || 150 attrs[XFRMA_ALG_AUTH] || 151 attrs[XFRMA_ALG_CRYPT] || 152 attrs[XFRMA_ENCAP] || 153 attrs[XFRMA_SEC_CTX] || 154 !attrs[XFRMA_COADDR]) 155 goto out; 156 break; 157 #endif 158 159 default: 160 goto out; 161 } 162 163 if ((err = verify_one_alg(attrs, XFRMA_ALG_AUTH))) 164 goto out; 165 if ((err = verify_one_alg(attrs, XFRMA_ALG_CRYPT))) 166 goto out; 167 if ((err = verify_one_alg(attrs, XFRMA_ALG_COMP))) 168 goto out; 169 if ((err = verify_sec_ctx_len(attrs))) 170 goto out; 171 172 err = -EINVAL; 173 switch (p->mode) { 174 case XFRM_MODE_TRANSPORT: 175 case XFRM_MODE_TUNNEL: 176 case XFRM_MODE_ROUTEOPTIMIZATION: 177 case XFRM_MODE_BEET: 178 break; 179 180 default: 181 goto out; 182 } 183 184 err = 0; 185 186 out: 187 return err; 188 } 189 190 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 191 struct xfrm_algo_desc *(*get_byname)(char *, int), 192 struct nlattr *rta) 193 { 194 struct xfrm_algo *p, *ualg; 195 struct xfrm_algo_desc *algo; 196 197 if (!rta) 198 return 0; 199 200 ualg = nla_data(rta); 201 202 algo = get_byname(ualg->alg_name, 1); 203 if (!algo) 204 return -ENOSYS; 205 *props = algo->desc.sadb_alg_id; 206 207 p = kmemdup(ualg, alg_len(ualg), GFP_KERNEL); 208 if (!p) 209 return -ENOMEM; 210 211 strcpy(p->alg_name, algo->name); 212 *algpp = p; 213 return 0; 214 } 215 216 static inline int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx) 217 { 218 int len = 0; 219 220 if (xfrm_ctx) { 221 len += sizeof(struct xfrm_user_sec_ctx); 222 len += xfrm_ctx->ctx_len; 223 } 224 return len; 225 } 226 227 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 228 { 229 memcpy(&x->id, &p->id, sizeof(x->id)); 230 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 231 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 232 x->props.mode = p->mode; 233 x->props.replay_window = p->replay_window; 234 x->props.reqid = p->reqid; 235 x->props.family = p->family; 236 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 237 x->props.flags = p->flags; 238 239 /* 240 * Set inner address family if the KM left it as zero. 241 * See comment in validate_tmpl. 242 */ 243 if (!x->sel.family) 244 x->sel.family = p->family; 245 } 246 247 /* 248 * someday when pfkey also has support, we could have the code 249 * somehow made shareable and move it to xfrm_state.c - JHS 250 * 251 */ 252 static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) 253 { 254 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 255 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 256 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; 257 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; 258 259 if (rp) { 260 struct xfrm_replay_state *replay; 261 replay = nla_data(rp); 262 memcpy(&x->replay, replay, sizeof(*replay)); 263 memcpy(&x->preplay, replay, sizeof(*replay)); 264 } 265 266 if (lt) { 267 struct xfrm_lifetime_cur *ltime; 268 ltime = nla_data(lt); 269 x->curlft.bytes = ltime->bytes; 270 x->curlft.packets = ltime->packets; 271 x->curlft.add_time = ltime->add_time; 272 x->curlft.use_time = ltime->use_time; 273 } 274 275 if (et) 276 x->replay_maxage = nla_get_u32(et); 277 278 if (rt) 279 x->replay_maxdiff = nla_get_u32(rt); 280 } 281 282 static struct xfrm_state *xfrm_state_construct(struct xfrm_usersa_info *p, 283 struct nlattr **attrs, 284 int *errp) 285 { 286 struct xfrm_state *x = xfrm_state_alloc(); 287 int err = -ENOMEM; 288 289 if (!x) 290 goto error_no_put; 291 292 copy_from_user_state(x, p); 293 294 if ((err = attach_one_algo(&x->aalg, &x->props.aalgo, 295 xfrm_aalg_get_byname, 296 attrs[XFRMA_ALG_AUTH]))) 297 goto error; 298 if ((err = attach_one_algo(&x->ealg, &x->props.ealgo, 299 xfrm_ealg_get_byname, 300 attrs[XFRMA_ALG_CRYPT]))) 301 goto error; 302 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 303 xfrm_calg_get_byname, 304 attrs[XFRMA_ALG_COMP]))) 305 goto error; 306 307 if (attrs[XFRMA_ENCAP]) { 308 x->encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]), 309 sizeof(*x->encap), GFP_KERNEL); 310 if (x->encap == NULL) 311 goto error; 312 } 313 314 if (attrs[XFRMA_COADDR]) { 315 x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]), 316 sizeof(*x->coaddr), GFP_KERNEL); 317 if (x->coaddr == NULL) 318 goto error; 319 } 320 321 err = xfrm_init_state(x); 322 if (err) 323 goto error; 324 325 if (attrs[XFRMA_SEC_CTX] && 326 security_xfrm_state_alloc(x, nla_data(attrs[XFRMA_SEC_CTX]))) 327 goto error; 328 329 x->km.seq = p->seq; 330 x->replay_maxdiff = sysctl_xfrm_aevent_rseqth; 331 /* sysctl_xfrm_aevent_etime is in 100ms units */ 332 x->replay_maxage = (sysctl_xfrm_aevent_etime*HZ)/XFRM_AE_ETH_M; 333 x->preplay.bitmap = 0; 334 x->preplay.seq = x->replay.seq+x->replay_maxdiff; 335 x->preplay.oseq = x->replay.oseq +x->replay_maxdiff; 336 337 /* override default values from above */ 338 339 xfrm_update_ae_params(x, attrs); 340 341 return x; 342 343 error: 344 x->km.state = XFRM_STATE_DEAD; 345 xfrm_state_put(x); 346 error_no_put: 347 *errp = err; 348 return NULL; 349 } 350 351 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 352 struct nlattr **attrs) 353 { 354 struct xfrm_usersa_info *p = nlmsg_data(nlh); 355 struct xfrm_state *x; 356 int err; 357 struct km_event c; 358 359 err = verify_newsa_info(p, attrs); 360 if (err) 361 return err; 362 363 x = xfrm_state_construct(p, attrs, &err); 364 if (!x) 365 return err; 366 367 xfrm_state_hold(x); 368 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 369 err = xfrm_state_add(x); 370 else 371 err = xfrm_state_update(x); 372 373 xfrm_audit_state_add(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, 374 NETLINK_CB(skb).sid); 375 376 if (err < 0) { 377 x->km.state = XFRM_STATE_DEAD; 378 __xfrm_state_put(x); 379 goto out; 380 } 381 382 c.seq = nlh->nlmsg_seq; 383 c.pid = nlh->nlmsg_pid; 384 c.event = nlh->nlmsg_type; 385 386 km_state_notify(x, &c); 387 out: 388 xfrm_state_put(x); 389 return err; 390 } 391 392 static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, 393 struct nlattr **attrs, 394 int *errp) 395 { 396 struct xfrm_state *x = NULL; 397 int err; 398 399 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { 400 err = -ESRCH; 401 x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); 402 } else { 403 xfrm_address_t *saddr = NULL; 404 405 verify_one_addr(attrs, XFRMA_SRCADDR, &saddr); 406 if (!saddr) { 407 err = -EINVAL; 408 goto out; 409 } 410 411 err = -ESRCH; 412 x = xfrm_state_lookup_byaddr(&p->daddr, saddr, p->proto, 413 p->family); 414 } 415 416 out: 417 if (!x && errp) 418 *errp = err; 419 return x; 420 } 421 422 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 423 struct nlattr **attrs) 424 { 425 struct xfrm_state *x; 426 int err = -ESRCH; 427 struct km_event c; 428 struct xfrm_usersa_id *p = nlmsg_data(nlh); 429 430 x = xfrm_user_state_lookup(p, attrs, &err); 431 if (x == NULL) 432 return err; 433 434 if ((err = security_xfrm_state_delete(x)) != 0) 435 goto out; 436 437 if (xfrm_state_kern(x)) { 438 err = -EPERM; 439 goto out; 440 } 441 442 err = xfrm_state_delete(x); 443 444 if (err < 0) 445 goto out; 446 447 c.seq = nlh->nlmsg_seq; 448 c.pid = nlh->nlmsg_pid; 449 c.event = nlh->nlmsg_type; 450 km_state_notify(x, &c); 451 452 out: 453 xfrm_audit_state_delete(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, 454 NETLINK_CB(skb).sid); 455 xfrm_state_put(x); 456 return err; 457 } 458 459 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 460 { 461 memcpy(&p->id, &x->id, sizeof(p->id)); 462 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 463 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 464 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 465 memcpy(&p->stats, &x->stats, sizeof(p->stats)); 466 memcpy(&p->saddr, &x->props.saddr, sizeof(p->saddr)); 467 p->mode = x->props.mode; 468 p->replay_window = x->props.replay_window; 469 p->reqid = x->props.reqid; 470 p->family = x->props.family; 471 p->flags = x->props.flags; 472 p->seq = x->km.seq; 473 } 474 475 struct xfrm_dump_info { 476 struct sk_buff *in_skb; 477 struct sk_buff *out_skb; 478 u32 nlmsg_seq; 479 u16 nlmsg_flags; 480 int start_idx; 481 int this_idx; 482 }; 483 484 static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb) 485 { 486 struct xfrm_user_sec_ctx *uctx; 487 struct nlattr *attr; 488 int ctx_size = sizeof(*uctx) + s->ctx_len; 489 490 attr = nla_reserve(skb, XFRMA_SEC_CTX, ctx_size); 491 if (attr == NULL) 492 return -EMSGSIZE; 493 494 uctx = nla_data(attr); 495 uctx->exttype = XFRMA_SEC_CTX; 496 uctx->len = ctx_size; 497 uctx->ctx_doi = s->ctx_doi; 498 uctx->ctx_alg = s->ctx_alg; 499 uctx->ctx_len = s->ctx_len; 500 memcpy(uctx + 1, s->ctx_str, s->ctx_len); 501 502 return 0; 503 } 504 505 /* Don't change this without updating xfrm_sa_len! */ 506 static int copy_to_user_state_extra(struct xfrm_state *x, 507 struct xfrm_usersa_info *p, 508 struct sk_buff *skb) 509 { 510 spin_lock_bh(&x->lock); 511 copy_to_user_state(x, p); 512 513 if (x->coaddr) 514 NLA_PUT(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr); 515 516 if (x->lastused) 517 NLA_PUT_U64(skb, XFRMA_LASTUSED, x->lastused); 518 spin_unlock_bh(&x->lock); 519 520 if (x->aalg) 521 NLA_PUT(skb, XFRMA_ALG_AUTH, alg_len(x->aalg), x->aalg); 522 if (x->ealg) 523 NLA_PUT(skb, XFRMA_ALG_CRYPT, alg_len(x->ealg), x->ealg); 524 if (x->calg) 525 NLA_PUT(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 526 527 if (x->encap) 528 NLA_PUT(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 529 530 if (x->security && copy_sec_ctx(x->security, skb) < 0) 531 goto nla_put_failure; 532 533 return 0; 534 535 nla_put_failure: 536 return -EMSGSIZE; 537 } 538 539 static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 540 { 541 struct xfrm_dump_info *sp = ptr; 542 struct sk_buff *in_skb = sp->in_skb; 543 struct sk_buff *skb = sp->out_skb; 544 struct xfrm_usersa_info *p; 545 struct nlmsghdr *nlh; 546 int err; 547 548 if (sp->this_idx < sp->start_idx) 549 goto out; 550 551 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).pid, sp->nlmsg_seq, 552 XFRM_MSG_NEWSA, sizeof(*p), sp->nlmsg_flags); 553 if (nlh == NULL) 554 return -EMSGSIZE; 555 556 p = nlmsg_data(nlh); 557 558 err = copy_to_user_state_extra(x, p, skb); 559 if (err) 560 goto nla_put_failure; 561 562 nlmsg_end(skb, nlh); 563 out: 564 sp->this_idx++; 565 return 0; 566 567 nla_put_failure: 568 nlmsg_cancel(skb, nlh); 569 return err; 570 } 571 572 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 573 { 574 struct xfrm_dump_info info; 575 576 info.in_skb = cb->skb; 577 info.out_skb = skb; 578 info.nlmsg_seq = cb->nlh->nlmsg_seq; 579 info.nlmsg_flags = NLM_F_MULTI; 580 info.this_idx = 0; 581 info.start_idx = cb->args[0]; 582 (void) xfrm_state_walk(0, dump_one_state, &info); 583 cb->args[0] = info.this_idx; 584 585 return skb->len; 586 } 587 588 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 589 struct xfrm_state *x, u32 seq) 590 { 591 struct xfrm_dump_info info; 592 struct sk_buff *skb; 593 594 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 595 if (!skb) 596 return ERR_PTR(-ENOMEM); 597 598 info.in_skb = in_skb; 599 info.out_skb = skb; 600 info.nlmsg_seq = seq; 601 info.nlmsg_flags = 0; 602 info.this_idx = info.start_idx = 0; 603 604 if (dump_one_state(x, 0, &info)) { 605 kfree_skb(skb); 606 return NULL; 607 } 608 609 return skb; 610 } 611 612 static inline size_t xfrm_spdinfo_msgsize(void) 613 { 614 return NLMSG_ALIGN(4) 615 + nla_total_size(sizeof(struct xfrmu_spdinfo)) 616 + nla_total_size(sizeof(struct xfrmu_spdhinfo)); 617 } 618 619 static int build_spdinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 620 { 621 struct xfrmk_spdinfo si; 622 struct xfrmu_spdinfo spc; 623 struct xfrmu_spdhinfo sph; 624 struct nlmsghdr *nlh; 625 u32 *f; 626 627 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0); 628 if (nlh == NULL) /* shouldnt really happen ... */ 629 return -EMSGSIZE; 630 631 f = nlmsg_data(nlh); 632 *f = flags; 633 xfrm_spd_getinfo(&si); 634 spc.incnt = si.incnt; 635 spc.outcnt = si.outcnt; 636 spc.fwdcnt = si.fwdcnt; 637 spc.inscnt = si.inscnt; 638 spc.outscnt = si.outscnt; 639 spc.fwdscnt = si.fwdscnt; 640 sph.spdhcnt = si.spdhcnt; 641 sph.spdhmcnt = si.spdhmcnt; 642 643 NLA_PUT(skb, XFRMA_SPD_INFO, sizeof(spc), &spc); 644 NLA_PUT(skb, XFRMA_SPD_HINFO, sizeof(sph), &sph); 645 646 return nlmsg_end(skb, nlh); 647 648 nla_put_failure: 649 nlmsg_cancel(skb, nlh); 650 return -EMSGSIZE; 651 } 652 653 static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 654 struct nlattr **attrs) 655 { 656 struct sk_buff *r_skb; 657 u32 *flags = nlmsg_data(nlh); 658 u32 spid = NETLINK_CB(skb).pid; 659 u32 seq = nlh->nlmsg_seq; 660 661 r_skb = nlmsg_new(xfrm_spdinfo_msgsize(), GFP_ATOMIC); 662 if (r_skb == NULL) 663 return -ENOMEM; 664 665 if (build_spdinfo(r_skb, spid, seq, *flags) < 0) 666 BUG(); 667 668 return nlmsg_unicast(xfrm_nl, r_skb, spid); 669 } 670 671 static inline size_t xfrm_sadinfo_msgsize(void) 672 { 673 return NLMSG_ALIGN(4) 674 + nla_total_size(sizeof(struct xfrmu_sadhinfo)) 675 + nla_total_size(4); /* XFRMA_SAD_CNT */ 676 } 677 678 static int build_sadinfo(struct sk_buff *skb, u32 pid, u32 seq, u32 flags) 679 { 680 struct xfrmk_sadinfo si; 681 struct xfrmu_sadhinfo sh; 682 struct nlmsghdr *nlh; 683 u32 *f; 684 685 nlh = nlmsg_put(skb, pid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0); 686 if (nlh == NULL) /* shouldnt really happen ... */ 687 return -EMSGSIZE; 688 689 f = nlmsg_data(nlh); 690 *f = flags; 691 xfrm_sad_getinfo(&si); 692 693 sh.sadhmcnt = si.sadhmcnt; 694 sh.sadhcnt = si.sadhcnt; 695 696 NLA_PUT_U32(skb, XFRMA_SAD_CNT, si.sadcnt); 697 NLA_PUT(skb, XFRMA_SAD_HINFO, sizeof(sh), &sh); 698 699 return nlmsg_end(skb, nlh); 700 701 nla_put_failure: 702 nlmsg_cancel(skb, nlh); 703 return -EMSGSIZE; 704 } 705 706 static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 707 struct nlattr **attrs) 708 { 709 struct sk_buff *r_skb; 710 u32 *flags = nlmsg_data(nlh); 711 u32 spid = NETLINK_CB(skb).pid; 712 u32 seq = nlh->nlmsg_seq; 713 714 r_skb = nlmsg_new(xfrm_sadinfo_msgsize(), GFP_ATOMIC); 715 if (r_skb == NULL) 716 return -ENOMEM; 717 718 if (build_sadinfo(r_skb, spid, seq, *flags) < 0) 719 BUG(); 720 721 return nlmsg_unicast(xfrm_nl, r_skb, spid); 722 } 723 724 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 725 struct nlattr **attrs) 726 { 727 struct xfrm_usersa_id *p = nlmsg_data(nlh); 728 struct xfrm_state *x; 729 struct sk_buff *resp_skb; 730 int err = -ESRCH; 731 732 x = xfrm_user_state_lookup(p, attrs, &err); 733 if (x == NULL) 734 goto out_noput; 735 736 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 737 if (IS_ERR(resp_skb)) { 738 err = PTR_ERR(resp_skb); 739 } else { 740 err = nlmsg_unicast(xfrm_nl, resp_skb, NETLINK_CB(skb).pid); 741 } 742 xfrm_state_put(x); 743 out_noput: 744 return err; 745 } 746 747 static int verify_userspi_info(struct xfrm_userspi_info *p) 748 { 749 switch (p->info.id.proto) { 750 case IPPROTO_AH: 751 case IPPROTO_ESP: 752 break; 753 754 case IPPROTO_COMP: 755 /* IPCOMP spi is 16-bits. */ 756 if (p->max >= 0x10000) 757 return -EINVAL; 758 break; 759 760 default: 761 return -EINVAL; 762 } 763 764 if (p->min > p->max) 765 return -EINVAL; 766 767 return 0; 768 } 769 770 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, 771 struct nlattr **attrs) 772 { 773 struct xfrm_state *x; 774 struct xfrm_userspi_info *p; 775 struct sk_buff *resp_skb; 776 xfrm_address_t *daddr; 777 int family; 778 int err; 779 780 p = nlmsg_data(nlh); 781 err = verify_userspi_info(p); 782 if (err) 783 goto out_noput; 784 785 family = p->info.family; 786 daddr = &p->info.id.daddr; 787 788 x = NULL; 789 if (p->info.seq) { 790 x = xfrm_find_acq_byseq(p->info.seq); 791 if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) { 792 xfrm_state_put(x); 793 x = NULL; 794 } 795 } 796 797 if (!x) 798 x = xfrm_find_acq(p->info.mode, p->info.reqid, 799 p->info.id.proto, daddr, 800 &p->info.saddr, 1, 801 family); 802 err = -ENOENT; 803 if (x == NULL) 804 goto out_noput; 805 806 err = xfrm_alloc_spi(x, p->min, p->max); 807 if (err) 808 goto out; 809 810 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 811 if (IS_ERR(resp_skb)) { 812 err = PTR_ERR(resp_skb); 813 goto out; 814 } 815 816 err = nlmsg_unicast(xfrm_nl, resp_skb, NETLINK_CB(skb).pid); 817 818 out: 819 xfrm_state_put(x); 820 out_noput: 821 return err; 822 } 823 824 static int verify_policy_dir(u8 dir) 825 { 826 switch (dir) { 827 case XFRM_POLICY_IN: 828 case XFRM_POLICY_OUT: 829 case XFRM_POLICY_FWD: 830 break; 831 832 default: 833 return -EINVAL; 834 } 835 836 return 0; 837 } 838 839 static int verify_policy_type(u8 type) 840 { 841 switch (type) { 842 case XFRM_POLICY_TYPE_MAIN: 843 #ifdef CONFIG_XFRM_SUB_POLICY 844 case XFRM_POLICY_TYPE_SUB: 845 #endif 846 break; 847 848 default: 849 return -EINVAL; 850 } 851 852 return 0; 853 } 854 855 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 856 { 857 switch (p->share) { 858 case XFRM_SHARE_ANY: 859 case XFRM_SHARE_SESSION: 860 case XFRM_SHARE_USER: 861 case XFRM_SHARE_UNIQUE: 862 break; 863 864 default: 865 return -EINVAL; 866 } 867 868 switch (p->action) { 869 case XFRM_POLICY_ALLOW: 870 case XFRM_POLICY_BLOCK: 871 break; 872 873 default: 874 return -EINVAL; 875 } 876 877 switch (p->sel.family) { 878 case AF_INET: 879 break; 880 881 case AF_INET6: 882 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 883 break; 884 #else 885 return -EAFNOSUPPORT; 886 #endif 887 888 default: 889 return -EINVAL; 890 } 891 892 return verify_policy_dir(p->dir); 893 } 894 895 static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct nlattr **attrs) 896 { 897 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 898 struct xfrm_user_sec_ctx *uctx; 899 900 if (!rt) 901 return 0; 902 903 uctx = nla_data(rt); 904 return security_xfrm_policy_alloc(pol, uctx); 905 } 906 907 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 908 int nr) 909 { 910 int i; 911 912 xp->xfrm_nr = nr; 913 for (i = 0; i < nr; i++, ut++) { 914 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 915 916 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 917 memcpy(&t->saddr, &ut->saddr, 918 sizeof(xfrm_address_t)); 919 t->reqid = ut->reqid; 920 t->mode = ut->mode; 921 t->share = ut->share; 922 t->optional = ut->optional; 923 t->aalgos = ut->aalgos; 924 t->ealgos = ut->ealgos; 925 t->calgos = ut->calgos; 926 t->encap_family = ut->family; 927 } 928 } 929 930 static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family) 931 { 932 int i; 933 934 if (nr > XFRM_MAX_DEPTH) 935 return -EINVAL; 936 937 for (i = 0; i < nr; i++) { 938 /* We never validated the ut->family value, so many 939 * applications simply leave it at zero. The check was 940 * never made and ut->family was ignored because all 941 * templates could be assumed to have the same family as 942 * the policy itself. Now that we will have ipv4-in-ipv6 943 * and ipv6-in-ipv4 tunnels, this is no longer true. 944 */ 945 if (!ut[i].family) 946 ut[i].family = family; 947 948 switch (ut[i].family) { 949 case AF_INET: 950 break; 951 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 952 case AF_INET6: 953 break; 954 #endif 955 default: 956 return -EINVAL; 957 } 958 } 959 960 return 0; 961 } 962 963 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct nlattr **attrs) 964 { 965 struct nlattr *rt = attrs[XFRMA_TMPL]; 966 967 if (!rt) { 968 pol->xfrm_nr = 0; 969 } else { 970 struct xfrm_user_tmpl *utmpl = nla_data(rt); 971 int nr = nla_len(rt) / sizeof(*utmpl); 972 int err; 973 974 err = validate_tmpl(nr, utmpl, pol->family); 975 if (err) 976 return err; 977 978 copy_templates(pol, utmpl, nr); 979 } 980 return 0; 981 } 982 983 static int copy_from_user_policy_type(u8 *tp, struct nlattr **attrs) 984 { 985 struct nlattr *rt = attrs[XFRMA_POLICY_TYPE]; 986 struct xfrm_userpolicy_type *upt; 987 u8 type = XFRM_POLICY_TYPE_MAIN; 988 int err; 989 990 if (rt) { 991 upt = nla_data(rt); 992 type = upt->type; 993 } 994 995 err = verify_policy_type(type); 996 if (err) 997 return err; 998 999 *tp = type; 1000 return 0; 1001 } 1002 1003 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 1004 { 1005 xp->priority = p->priority; 1006 xp->index = p->index; 1007 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 1008 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 1009 xp->action = p->action; 1010 xp->flags = p->flags; 1011 xp->family = p->sel.family; 1012 /* XXX xp->share = p->share; */ 1013 } 1014 1015 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 1016 { 1017 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 1018 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 1019 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 1020 p->priority = xp->priority; 1021 p->index = xp->index; 1022 p->sel.family = xp->family; 1023 p->dir = dir; 1024 p->action = xp->action; 1025 p->flags = xp->flags; 1026 p->share = XFRM_SHARE_ANY; /* XXX xp->share */ 1027 } 1028 1029 static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) 1030 { 1031 struct xfrm_policy *xp = xfrm_policy_alloc(GFP_KERNEL); 1032 int err; 1033 1034 if (!xp) { 1035 *errp = -ENOMEM; 1036 return NULL; 1037 } 1038 1039 copy_from_user_policy(xp, p); 1040 1041 err = copy_from_user_policy_type(&xp->type, attrs); 1042 if (err) 1043 goto error; 1044 1045 if (!(err = copy_from_user_tmpl(xp, attrs))) 1046 err = copy_from_user_sec_ctx(xp, attrs); 1047 if (err) 1048 goto error; 1049 1050 return xp; 1051 error: 1052 *errp = err; 1053 kfree(xp); 1054 return NULL; 1055 } 1056 1057 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1058 struct nlattr **attrs) 1059 { 1060 struct xfrm_userpolicy_info *p = nlmsg_data(nlh); 1061 struct xfrm_policy *xp; 1062 struct km_event c; 1063 int err; 1064 int excl; 1065 1066 err = verify_newpolicy_info(p); 1067 if (err) 1068 return err; 1069 err = verify_sec_ctx_len(attrs); 1070 if (err) 1071 return err; 1072 1073 xp = xfrm_policy_construct(p, attrs, &err); 1074 if (!xp) 1075 return err; 1076 1077 /* shouldnt excl be based on nlh flags?? 1078 * Aha! this is anti-netlink really i.e more pfkey derived 1079 * in netlink excl is a flag and you wouldnt need 1080 * a type XFRM_MSG_UPDPOLICY - JHS */ 1081 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1082 err = xfrm_policy_insert(p->dir, xp, excl); 1083 xfrm_audit_policy_add(xp, err ? 0 : 1, NETLINK_CB(skb).loginuid, 1084 NETLINK_CB(skb).sid); 1085 1086 if (err) { 1087 security_xfrm_policy_free(xp); 1088 kfree(xp); 1089 return err; 1090 } 1091 1092 c.event = nlh->nlmsg_type; 1093 c.seq = nlh->nlmsg_seq; 1094 c.pid = nlh->nlmsg_pid; 1095 km_policy_notify(xp, p->dir, &c); 1096 1097 xfrm_pol_put(xp); 1098 1099 return 0; 1100 } 1101 1102 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 1103 { 1104 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 1105 int i; 1106 1107 if (xp->xfrm_nr == 0) 1108 return 0; 1109 1110 for (i = 0; i < xp->xfrm_nr; i++) { 1111 struct xfrm_user_tmpl *up = &vec[i]; 1112 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1113 1114 memcpy(&up->id, &kp->id, sizeof(up->id)); 1115 up->family = kp->encap_family; 1116 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1117 up->reqid = kp->reqid; 1118 up->mode = kp->mode; 1119 up->share = kp->share; 1120 up->optional = kp->optional; 1121 up->aalgos = kp->aalgos; 1122 up->ealgos = kp->ealgos; 1123 up->calgos = kp->calgos; 1124 } 1125 1126 return nla_put(skb, XFRMA_TMPL, 1127 sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr, vec); 1128 } 1129 1130 static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb) 1131 { 1132 if (x->security) { 1133 return copy_sec_ctx(x->security, skb); 1134 } 1135 return 0; 1136 } 1137 1138 static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb) 1139 { 1140 if (xp->security) { 1141 return copy_sec_ctx(xp->security, skb); 1142 } 1143 return 0; 1144 } 1145 static inline size_t userpolicy_type_attrsize(void) 1146 { 1147 #ifdef CONFIG_XFRM_SUB_POLICY 1148 return nla_total_size(sizeof(struct xfrm_userpolicy_type)); 1149 #else 1150 return 0; 1151 #endif 1152 } 1153 1154 #ifdef CONFIG_XFRM_SUB_POLICY 1155 static int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1156 { 1157 struct xfrm_userpolicy_type upt = { 1158 .type = type, 1159 }; 1160 1161 return nla_put(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); 1162 } 1163 1164 #else 1165 static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1166 { 1167 return 0; 1168 } 1169 #endif 1170 1171 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 1172 { 1173 struct xfrm_dump_info *sp = ptr; 1174 struct xfrm_userpolicy_info *p; 1175 struct sk_buff *in_skb = sp->in_skb; 1176 struct sk_buff *skb = sp->out_skb; 1177 struct nlmsghdr *nlh; 1178 1179 if (sp->this_idx < sp->start_idx) 1180 goto out; 1181 1182 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).pid, sp->nlmsg_seq, 1183 XFRM_MSG_NEWPOLICY, sizeof(*p), sp->nlmsg_flags); 1184 if (nlh == NULL) 1185 return -EMSGSIZE; 1186 1187 p = nlmsg_data(nlh); 1188 copy_to_user_policy(xp, p, dir); 1189 if (copy_to_user_tmpl(xp, skb) < 0) 1190 goto nlmsg_failure; 1191 if (copy_to_user_sec_ctx(xp, skb)) 1192 goto nlmsg_failure; 1193 if (copy_to_user_policy_type(xp->type, skb) < 0) 1194 goto nlmsg_failure; 1195 1196 nlmsg_end(skb, nlh); 1197 out: 1198 sp->this_idx++; 1199 return 0; 1200 1201 nlmsg_failure: 1202 nlmsg_cancel(skb, nlh); 1203 return -EMSGSIZE; 1204 } 1205 1206 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 1207 { 1208 struct xfrm_dump_info info; 1209 1210 info.in_skb = cb->skb; 1211 info.out_skb = skb; 1212 info.nlmsg_seq = cb->nlh->nlmsg_seq; 1213 info.nlmsg_flags = NLM_F_MULTI; 1214 info.this_idx = 0; 1215 info.start_idx = cb->args[0]; 1216 (void) xfrm_policy_walk(XFRM_POLICY_TYPE_MAIN, dump_one_policy, &info); 1217 #ifdef CONFIG_XFRM_SUB_POLICY 1218 (void) xfrm_policy_walk(XFRM_POLICY_TYPE_SUB, dump_one_policy, &info); 1219 #endif 1220 cb->args[0] = info.this_idx; 1221 1222 return skb->len; 1223 } 1224 1225 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 1226 struct xfrm_policy *xp, 1227 int dir, u32 seq) 1228 { 1229 struct xfrm_dump_info info; 1230 struct sk_buff *skb; 1231 1232 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1233 if (!skb) 1234 return ERR_PTR(-ENOMEM); 1235 1236 info.in_skb = in_skb; 1237 info.out_skb = skb; 1238 info.nlmsg_seq = seq; 1239 info.nlmsg_flags = 0; 1240 info.this_idx = info.start_idx = 0; 1241 1242 if (dump_one_policy(xp, dir, 0, &info) < 0) { 1243 kfree_skb(skb); 1244 return NULL; 1245 } 1246 1247 return skb; 1248 } 1249 1250 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1251 struct nlattr **attrs) 1252 { 1253 struct xfrm_policy *xp; 1254 struct xfrm_userpolicy_id *p; 1255 u8 type = XFRM_POLICY_TYPE_MAIN; 1256 int err; 1257 struct km_event c; 1258 int delete; 1259 1260 p = nlmsg_data(nlh); 1261 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 1262 1263 err = copy_from_user_policy_type(&type, attrs); 1264 if (err) 1265 return err; 1266 1267 err = verify_policy_dir(p->dir); 1268 if (err) 1269 return err; 1270 1271 if (p->index) 1272 xp = xfrm_policy_byid(type, p->dir, p->index, delete, &err); 1273 else { 1274 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1275 struct xfrm_policy tmp; 1276 1277 err = verify_sec_ctx_len(attrs); 1278 if (err) 1279 return err; 1280 1281 memset(&tmp, 0, sizeof(struct xfrm_policy)); 1282 if (rt) { 1283 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 1284 1285 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1286 return err; 1287 } 1288 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1289 delete, &err); 1290 security_xfrm_policy_free(&tmp); 1291 } 1292 if (xp == NULL) 1293 return -ENOENT; 1294 1295 if (!delete) { 1296 struct sk_buff *resp_skb; 1297 1298 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 1299 if (IS_ERR(resp_skb)) { 1300 err = PTR_ERR(resp_skb); 1301 } else { 1302 err = nlmsg_unicast(xfrm_nl, resp_skb, 1303 NETLINK_CB(skb).pid); 1304 } 1305 } else { 1306 xfrm_audit_policy_delete(xp, err ? 0 : 1, 1307 NETLINK_CB(skb).loginuid, 1308 NETLINK_CB(skb).sid); 1309 1310 if (err != 0) 1311 goto out; 1312 1313 c.data.byid = p->index; 1314 c.event = nlh->nlmsg_type; 1315 c.seq = nlh->nlmsg_seq; 1316 c.pid = nlh->nlmsg_pid; 1317 km_policy_notify(xp, p->dir, &c); 1318 } 1319 1320 out: 1321 xfrm_pol_put(xp); 1322 return err; 1323 } 1324 1325 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 1326 struct nlattr **attrs) 1327 { 1328 struct km_event c; 1329 struct xfrm_usersa_flush *p = nlmsg_data(nlh); 1330 struct xfrm_audit audit_info; 1331 int err; 1332 1333 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1334 audit_info.secid = NETLINK_CB(skb).sid; 1335 err = xfrm_state_flush(p->proto, &audit_info); 1336 if (err) 1337 return err; 1338 c.data.proto = p->proto; 1339 c.event = nlh->nlmsg_type; 1340 c.seq = nlh->nlmsg_seq; 1341 c.pid = nlh->nlmsg_pid; 1342 km_state_notify(NULL, &c); 1343 1344 return 0; 1345 } 1346 1347 static inline size_t xfrm_aevent_msgsize(void) 1348 { 1349 return NLMSG_ALIGN(sizeof(struct xfrm_aevent_id)) 1350 + nla_total_size(sizeof(struct xfrm_replay_state)) 1351 + nla_total_size(sizeof(struct xfrm_lifetime_cur)) 1352 + nla_total_size(4) /* XFRM_AE_RTHR */ 1353 + nla_total_size(4); /* XFRM_AE_ETHR */ 1354 } 1355 1356 static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 1357 { 1358 struct xfrm_aevent_id *id; 1359 struct nlmsghdr *nlh; 1360 1361 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_NEWAE, sizeof(*id), 0); 1362 if (nlh == NULL) 1363 return -EMSGSIZE; 1364 1365 id = nlmsg_data(nlh); 1366 memcpy(&id->sa_id.daddr, &x->id.daddr,sizeof(x->id.daddr)); 1367 id->sa_id.spi = x->id.spi; 1368 id->sa_id.family = x->props.family; 1369 id->sa_id.proto = x->id.proto; 1370 memcpy(&id->saddr, &x->props.saddr,sizeof(x->props.saddr)); 1371 id->reqid = x->props.reqid; 1372 id->flags = c->data.aevent; 1373 1374 NLA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay); 1375 NLA_PUT(skb, XFRMA_LTIME_VAL, sizeof(x->curlft), &x->curlft); 1376 1377 if (id->flags & XFRM_AE_RTHR) 1378 NLA_PUT_U32(skb, XFRMA_REPLAY_THRESH, x->replay_maxdiff); 1379 1380 if (id->flags & XFRM_AE_ETHR) 1381 NLA_PUT_U32(skb, XFRMA_ETIMER_THRESH, 1382 x->replay_maxage * 10 / HZ); 1383 1384 return nlmsg_end(skb, nlh); 1385 1386 nla_put_failure: 1387 nlmsg_cancel(skb, nlh); 1388 return -EMSGSIZE; 1389 } 1390 1391 static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1392 struct nlattr **attrs) 1393 { 1394 struct xfrm_state *x; 1395 struct sk_buff *r_skb; 1396 int err; 1397 struct km_event c; 1398 struct xfrm_aevent_id *p = nlmsg_data(nlh); 1399 struct xfrm_usersa_id *id = &p->sa_id; 1400 1401 r_skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); 1402 if (r_skb == NULL) 1403 return -ENOMEM; 1404 1405 x = xfrm_state_lookup(&id->daddr, id->spi, id->proto, id->family); 1406 if (x == NULL) { 1407 kfree_skb(r_skb); 1408 return -ESRCH; 1409 } 1410 1411 /* 1412 * XXX: is this lock really needed - none of the other 1413 * gets lock (the concern is things getting updated 1414 * while we are still reading) - jhs 1415 */ 1416 spin_lock_bh(&x->lock); 1417 c.data.aevent = p->flags; 1418 c.seq = nlh->nlmsg_seq; 1419 c.pid = nlh->nlmsg_pid; 1420 1421 if (build_aevent(r_skb, x, &c) < 0) 1422 BUG(); 1423 err = nlmsg_unicast(xfrm_nl, r_skb, NETLINK_CB(skb).pid); 1424 spin_unlock_bh(&x->lock); 1425 xfrm_state_put(x); 1426 return err; 1427 } 1428 1429 static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 1430 struct nlattr **attrs) 1431 { 1432 struct xfrm_state *x; 1433 struct km_event c; 1434 int err = - EINVAL; 1435 struct xfrm_aevent_id *p = nlmsg_data(nlh); 1436 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 1437 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 1438 1439 if (!lt && !rp) 1440 return err; 1441 1442 /* pedantic mode - thou shalt sayeth replaceth */ 1443 if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) 1444 return err; 1445 1446 x = xfrm_state_lookup(&p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); 1447 if (x == NULL) 1448 return -ESRCH; 1449 1450 if (x->km.state != XFRM_STATE_VALID) 1451 goto out; 1452 1453 spin_lock_bh(&x->lock); 1454 xfrm_update_ae_params(x, attrs); 1455 spin_unlock_bh(&x->lock); 1456 1457 c.event = nlh->nlmsg_type; 1458 c.seq = nlh->nlmsg_seq; 1459 c.pid = nlh->nlmsg_pid; 1460 c.data.aevent = XFRM_AE_CU; 1461 km_state_notify(x, &c); 1462 err = 0; 1463 out: 1464 xfrm_state_put(x); 1465 return err; 1466 } 1467 1468 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1469 struct nlattr **attrs) 1470 { 1471 struct km_event c; 1472 u8 type = XFRM_POLICY_TYPE_MAIN; 1473 int err; 1474 struct xfrm_audit audit_info; 1475 1476 err = copy_from_user_policy_type(&type, attrs); 1477 if (err) 1478 return err; 1479 1480 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1481 audit_info.secid = NETLINK_CB(skb).sid; 1482 err = xfrm_policy_flush(type, &audit_info); 1483 if (err) 1484 return err; 1485 c.data.type = type; 1486 c.event = nlh->nlmsg_type; 1487 c.seq = nlh->nlmsg_seq; 1488 c.pid = nlh->nlmsg_pid; 1489 km_policy_notify(NULL, 0, &c); 1490 return 0; 1491 } 1492 1493 static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1494 struct nlattr **attrs) 1495 { 1496 struct xfrm_policy *xp; 1497 struct xfrm_user_polexpire *up = nlmsg_data(nlh); 1498 struct xfrm_userpolicy_info *p = &up->pol; 1499 u8 type = XFRM_POLICY_TYPE_MAIN; 1500 int err = -ENOENT; 1501 1502 err = copy_from_user_policy_type(&type, attrs); 1503 if (err) 1504 return err; 1505 1506 if (p->index) 1507 xp = xfrm_policy_byid(type, p->dir, p->index, 0, &err); 1508 else { 1509 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1510 struct xfrm_policy tmp; 1511 1512 err = verify_sec_ctx_len(attrs); 1513 if (err) 1514 return err; 1515 1516 memset(&tmp, 0, sizeof(struct xfrm_policy)); 1517 if (rt) { 1518 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 1519 1520 if ((err = security_xfrm_policy_alloc(&tmp, uctx))) 1521 return err; 1522 } 1523 xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, 1524 0, &err); 1525 security_xfrm_policy_free(&tmp); 1526 } 1527 1528 if (xp == NULL) 1529 return -ENOENT; 1530 read_lock(&xp->lock); 1531 if (xp->dead) { 1532 read_unlock(&xp->lock); 1533 goto out; 1534 } 1535 1536 read_unlock(&xp->lock); 1537 err = 0; 1538 if (up->hard) { 1539 xfrm_policy_delete(xp, p->dir); 1540 xfrm_audit_policy_delete(xp, 1, NETLINK_CB(skb).loginuid, 1541 NETLINK_CB(skb).sid); 1542 1543 } else { 1544 // reset the timers here? 1545 printk("Dont know what to do with soft policy expire\n"); 1546 } 1547 km_policy_expired(xp, p->dir, up->hard, current->pid); 1548 1549 out: 1550 xfrm_pol_put(xp); 1551 return err; 1552 } 1553 1554 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 1555 struct nlattr **attrs) 1556 { 1557 struct xfrm_state *x; 1558 int err; 1559 struct xfrm_user_expire *ue = nlmsg_data(nlh); 1560 struct xfrm_usersa_info *p = &ue->state; 1561 1562 x = xfrm_state_lookup(&p->id.daddr, p->id.spi, p->id.proto, p->family); 1563 1564 err = -ENOENT; 1565 if (x == NULL) 1566 return err; 1567 1568 spin_lock_bh(&x->lock); 1569 err = -EINVAL; 1570 if (x->km.state != XFRM_STATE_VALID) 1571 goto out; 1572 km_state_expired(x, ue->hard, current->pid); 1573 1574 if (ue->hard) { 1575 __xfrm_state_delete(x); 1576 xfrm_audit_state_delete(x, 1, NETLINK_CB(skb).loginuid, 1577 NETLINK_CB(skb).sid); 1578 } 1579 err = 0; 1580 out: 1581 spin_unlock_bh(&x->lock); 1582 xfrm_state_put(x); 1583 return err; 1584 } 1585 1586 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, 1587 struct nlattr **attrs) 1588 { 1589 struct xfrm_policy *xp; 1590 struct xfrm_user_tmpl *ut; 1591 int i; 1592 struct nlattr *rt = attrs[XFRMA_TMPL]; 1593 1594 struct xfrm_user_acquire *ua = nlmsg_data(nlh); 1595 struct xfrm_state *x = xfrm_state_alloc(); 1596 int err = -ENOMEM; 1597 1598 if (!x) 1599 return err; 1600 1601 err = verify_newpolicy_info(&ua->policy); 1602 if (err) { 1603 printk("BAD policy passed\n"); 1604 kfree(x); 1605 return err; 1606 } 1607 1608 /* build an XP */ 1609 xp = xfrm_policy_construct(&ua->policy, attrs, &err); 1610 if (!xp) { 1611 kfree(x); 1612 return err; 1613 } 1614 1615 memcpy(&x->id, &ua->id, sizeof(ua->id)); 1616 memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr)); 1617 memcpy(&x->sel, &ua->sel, sizeof(ua->sel)); 1618 1619 ut = nla_data(rt); 1620 /* extract the templates and for each call km_key */ 1621 for (i = 0; i < xp->xfrm_nr; i++, ut++) { 1622 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 1623 memcpy(&x->id, &t->id, sizeof(x->id)); 1624 x->props.mode = t->mode; 1625 x->props.reqid = t->reqid; 1626 x->props.family = ut->family; 1627 t->aalgos = ua->aalgos; 1628 t->ealgos = ua->ealgos; 1629 t->calgos = ua->calgos; 1630 err = km_query(x, t, xp); 1631 1632 } 1633 1634 kfree(x); 1635 kfree(xp); 1636 1637 return 0; 1638 } 1639 1640 #ifdef CONFIG_XFRM_MIGRATE 1641 static int copy_from_user_migrate(struct xfrm_migrate *ma, 1642 struct nlattr **attrs, int *num) 1643 { 1644 struct nlattr *rt = attrs[XFRMA_MIGRATE]; 1645 struct xfrm_user_migrate *um; 1646 int i, num_migrate; 1647 1648 um = nla_data(rt); 1649 num_migrate = nla_len(rt) / sizeof(*um); 1650 1651 if (num_migrate <= 0 || num_migrate > XFRM_MAX_DEPTH) 1652 return -EINVAL; 1653 1654 for (i = 0; i < num_migrate; i++, um++, ma++) { 1655 memcpy(&ma->old_daddr, &um->old_daddr, sizeof(ma->old_daddr)); 1656 memcpy(&ma->old_saddr, &um->old_saddr, sizeof(ma->old_saddr)); 1657 memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); 1658 memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); 1659 1660 ma->proto = um->proto; 1661 ma->mode = um->mode; 1662 ma->reqid = um->reqid; 1663 1664 ma->old_family = um->old_family; 1665 ma->new_family = um->new_family; 1666 } 1667 1668 *num = i; 1669 return 0; 1670 } 1671 1672 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1673 struct nlattr **attrs) 1674 { 1675 struct xfrm_userpolicy_id *pi = nlmsg_data(nlh); 1676 struct xfrm_migrate m[XFRM_MAX_DEPTH]; 1677 u8 type; 1678 int err; 1679 int n = 0; 1680 1681 if (attrs[XFRMA_MIGRATE] == NULL) 1682 return -EINVAL; 1683 1684 err = copy_from_user_policy_type(&type, attrs); 1685 if (err) 1686 return err; 1687 1688 err = copy_from_user_migrate((struct xfrm_migrate *)m, 1689 attrs, &n); 1690 if (err) 1691 return err; 1692 1693 if (!n) 1694 return 0; 1695 1696 xfrm_migrate(&pi->sel, pi->dir, type, m, n); 1697 1698 return 0; 1699 } 1700 #else 1701 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 1702 struct nlattr **attrs) 1703 { 1704 return -ENOPROTOOPT; 1705 } 1706 #endif 1707 1708 #ifdef CONFIG_XFRM_MIGRATE 1709 static int copy_to_user_migrate(struct xfrm_migrate *m, struct sk_buff *skb) 1710 { 1711 struct xfrm_user_migrate um; 1712 1713 memset(&um, 0, sizeof(um)); 1714 um.proto = m->proto; 1715 um.mode = m->mode; 1716 um.reqid = m->reqid; 1717 um.old_family = m->old_family; 1718 memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); 1719 memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); 1720 um.new_family = m->new_family; 1721 memcpy(&um.new_daddr, &m->new_daddr, sizeof(um.new_daddr)); 1722 memcpy(&um.new_saddr, &m->new_saddr, sizeof(um.new_saddr)); 1723 1724 return nla_put(skb, XFRMA_MIGRATE, sizeof(um), &um); 1725 } 1726 1727 static inline size_t xfrm_migrate_msgsize(int num_migrate) 1728 { 1729 return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id)) 1730 + nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate) 1731 + userpolicy_type_attrsize(); 1732 } 1733 1734 static int build_migrate(struct sk_buff *skb, struct xfrm_migrate *m, 1735 int num_migrate, struct xfrm_selector *sel, 1736 u8 dir, u8 type) 1737 { 1738 struct xfrm_migrate *mp; 1739 struct xfrm_userpolicy_id *pol_id; 1740 struct nlmsghdr *nlh; 1741 int i; 1742 1743 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MIGRATE, sizeof(*pol_id), 0); 1744 if (nlh == NULL) 1745 return -EMSGSIZE; 1746 1747 pol_id = nlmsg_data(nlh); 1748 /* copy data from selector, dir, and type to the pol_id */ 1749 memset(pol_id, 0, sizeof(*pol_id)); 1750 memcpy(&pol_id->sel, sel, sizeof(pol_id->sel)); 1751 pol_id->dir = dir; 1752 1753 if (copy_to_user_policy_type(type, skb) < 0) 1754 goto nlmsg_failure; 1755 1756 for (i = 0, mp = m ; i < num_migrate; i++, mp++) { 1757 if (copy_to_user_migrate(mp, skb) < 0) 1758 goto nlmsg_failure; 1759 } 1760 1761 return nlmsg_end(skb, nlh); 1762 nlmsg_failure: 1763 nlmsg_cancel(skb, nlh); 1764 return -EMSGSIZE; 1765 } 1766 1767 static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1768 struct xfrm_migrate *m, int num_migrate) 1769 { 1770 struct sk_buff *skb; 1771 1772 skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate), GFP_ATOMIC); 1773 if (skb == NULL) 1774 return -ENOMEM; 1775 1776 /* build migrate */ 1777 if (build_migrate(skb, m, num_migrate, sel, dir, type) < 0) 1778 BUG(); 1779 1780 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_MIGRATE, GFP_ATOMIC); 1781 } 1782 #else 1783 static int xfrm_send_migrate(struct xfrm_selector *sel, u8 dir, u8 type, 1784 struct xfrm_migrate *m, int num_migrate) 1785 { 1786 return -ENOPROTOOPT; 1787 } 1788 #endif 1789 1790 #define XMSGSIZE(type) sizeof(struct type) 1791 1792 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 1793 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1794 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 1795 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 1796 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1797 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1798 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1799 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 1800 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 1801 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 1802 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 1803 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 1804 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 1805 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 1806 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = 0, 1807 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 1808 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 1809 [XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report), 1810 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 1811 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = sizeof(u32), 1812 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = sizeof(u32), 1813 }; 1814 1815 #undef XMSGSIZE 1816 1817 static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = { 1818 [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) }, 1819 [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) }, 1820 [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) }, 1821 [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) }, 1822 [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) }, 1823 [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) }, 1824 [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) }, 1825 [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) }, 1826 [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 }, 1827 [XFRMA_ETIMER_THRESH] = { .type = NLA_U32 }, 1828 [XFRMA_SRCADDR] = { .len = sizeof(xfrm_address_t) }, 1829 [XFRMA_COADDR] = { .len = sizeof(xfrm_address_t) }, 1830 [XFRMA_POLICY_TYPE] = { .len = sizeof(struct xfrm_userpolicy_type)}, 1831 [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) }, 1832 }; 1833 1834 static struct xfrm_link { 1835 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **); 1836 int (*dump)(struct sk_buff *, struct netlink_callback *); 1837 } xfrm_dispatch[XFRM_NR_MSGTYPES] = { 1838 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1839 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 1840 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 1841 .dump = xfrm_dump_sa }, 1842 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1843 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 1844 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 1845 .dump = xfrm_dump_policy }, 1846 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 1847 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, 1848 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, 1849 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 1850 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 1851 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire}, 1852 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 1853 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 1854 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae }, 1855 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = { .doit = xfrm_get_ae }, 1856 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = { .doit = xfrm_do_migrate }, 1857 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_sadinfo }, 1858 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_spdinfo }, 1859 }; 1860 1861 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 1862 { 1863 struct nlattr *attrs[XFRMA_MAX+1]; 1864 struct xfrm_link *link; 1865 int type, err; 1866 1867 type = nlh->nlmsg_type; 1868 if (type > XFRM_MSG_MAX) 1869 return -EINVAL; 1870 1871 type -= XFRM_MSG_BASE; 1872 link = &xfrm_dispatch[type]; 1873 1874 /* All operations require privileges, even GET */ 1875 if (security_netlink_recv(skb, CAP_NET_ADMIN)) 1876 return -EPERM; 1877 1878 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 1879 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 1880 (nlh->nlmsg_flags & NLM_F_DUMP)) { 1881 if (link->dump == NULL) 1882 return -EINVAL; 1883 1884 return netlink_dump_start(xfrm_nl, skb, nlh, link->dump, NULL); 1885 } 1886 1887 err = nlmsg_parse(nlh, xfrm_msg_min[type], attrs, XFRMA_MAX, 1888 xfrma_policy); 1889 if (err < 0) 1890 return err; 1891 1892 if (link->doit == NULL) 1893 return -EINVAL; 1894 1895 return link->doit(skb, nlh, attrs); 1896 } 1897 1898 static void xfrm_netlink_rcv(struct sk_buff *skb) 1899 { 1900 mutex_lock(&xfrm_cfg_mutex); 1901 netlink_rcv_skb(skb, &xfrm_user_rcv_msg); 1902 mutex_unlock(&xfrm_cfg_mutex); 1903 } 1904 1905 static inline size_t xfrm_expire_msgsize(void) 1906 { 1907 return NLMSG_ALIGN(sizeof(struct xfrm_user_expire)); 1908 } 1909 1910 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_event *c) 1911 { 1912 struct xfrm_user_expire *ue; 1913 struct nlmsghdr *nlh; 1914 1915 nlh = nlmsg_put(skb, c->pid, 0, XFRM_MSG_EXPIRE, sizeof(*ue), 0); 1916 if (nlh == NULL) 1917 return -EMSGSIZE; 1918 1919 ue = nlmsg_data(nlh); 1920 copy_to_user_state(x, &ue->state); 1921 ue->hard = (c->data.hard != 0) ? 1 : 0; 1922 1923 return nlmsg_end(skb, nlh); 1924 } 1925 1926 static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) 1927 { 1928 struct sk_buff *skb; 1929 1930 skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC); 1931 if (skb == NULL) 1932 return -ENOMEM; 1933 1934 if (build_expire(skb, x, c) < 0) 1935 BUG(); 1936 1937 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 1938 } 1939 1940 static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) 1941 { 1942 struct sk_buff *skb; 1943 1944 skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); 1945 if (skb == NULL) 1946 return -ENOMEM; 1947 1948 if (build_aevent(skb, x, c) < 0) 1949 BUG(); 1950 1951 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_AEVENTS, GFP_ATOMIC); 1952 } 1953 1954 static int xfrm_notify_sa_flush(struct km_event *c) 1955 { 1956 struct xfrm_usersa_flush *p; 1957 struct nlmsghdr *nlh; 1958 struct sk_buff *skb; 1959 int len = NLMSG_ALIGN(sizeof(struct xfrm_usersa_flush)); 1960 1961 skb = nlmsg_new(len, GFP_ATOMIC); 1962 if (skb == NULL) 1963 return -ENOMEM; 1964 1965 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_FLUSHSA, sizeof(*p), 0); 1966 if (nlh == NULL) { 1967 kfree_skb(skb); 1968 return -EMSGSIZE; 1969 } 1970 1971 p = nlmsg_data(nlh); 1972 p->proto = c->data.proto; 1973 1974 nlmsg_end(skb, nlh); 1975 1976 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 1977 } 1978 1979 static inline size_t xfrm_sa_len(struct xfrm_state *x) 1980 { 1981 size_t l = 0; 1982 if (x->aalg) 1983 l += nla_total_size(alg_len(x->aalg)); 1984 if (x->ealg) 1985 l += nla_total_size(alg_len(x->ealg)); 1986 if (x->calg) 1987 l += nla_total_size(sizeof(*x->calg)); 1988 if (x->encap) 1989 l += nla_total_size(sizeof(*x->encap)); 1990 if (x->security) 1991 l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) + 1992 x->security->ctx_len); 1993 if (x->coaddr) 1994 l += nla_total_size(sizeof(*x->coaddr)); 1995 1996 /* Must count this as this may become non-zero behind our back. */ 1997 l += nla_total_size(sizeof(x->lastused)); 1998 1999 return l; 2000 } 2001 2002 static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) 2003 { 2004 struct xfrm_usersa_info *p; 2005 struct xfrm_usersa_id *id; 2006 struct nlmsghdr *nlh; 2007 struct sk_buff *skb; 2008 int len = xfrm_sa_len(x); 2009 int headlen; 2010 2011 headlen = sizeof(*p); 2012 if (c->event == XFRM_MSG_DELSA) { 2013 len += nla_total_size(headlen); 2014 headlen = sizeof(*id); 2015 } 2016 len += NLMSG_ALIGN(headlen); 2017 2018 skb = nlmsg_new(len, GFP_ATOMIC); 2019 if (skb == NULL) 2020 return -ENOMEM; 2021 2022 nlh = nlmsg_put(skb, c->pid, c->seq, c->event, headlen, 0); 2023 if (nlh == NULL) 2024 goto nla_put_failure; 2025 2026 p = nlmsg_data(nlh); 2027 if (c->event == XFRM_MSG_DELSA) { 2028 struct nlattr *attr; 2029 2030 id = nlmsg_data(nlh); 2031 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr)); 2032 id->spi = x->id.spi; 2033 id->family = x->props.family; 2034 id->proto = x->id.proto; 2035 2036 attr = nla_reserve(skb, XFRMA_SA, sizeof(*p)); 2037 if (attr == NULL) 2038 goto nla_put_failure; 2039 2040 p = nla_data(attr); 2041 } 2042 2043 if (copy_to_user_state_extra(x, p, skb)) 2044 goto nla_put_failure; 2045 2046 nlmsg_end(skb, nlh); 2047 2048 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC); 2049 2050 nla_put_failure: 2051 /* Somebody screwed up with xfrm_sa_len! */ 2052 WARN_ON(1); 2053 kfree_skb(skb); 2054 return -1; 2055 } 2056 2057 static int xfrm_send_state_notify(struct xfrm_state *x, struct km_event *c) 2058 { 2059 2060 switch (c->event) { 2061 case XFRM_MSG_EXPIRE: 2062 return xfrm_exp_state_notify(x, c); 2063 case XFRM_MSG_NEWAE: 2064 return xfrm_aevent_state_notify(x, c); 2065 case XFRM_MSG_DELSA: 2066 case XFRM_MSG_UPDSA: 2067 case XFRM_MSG_NEWSA: 2068 return xfrm_notify_sa(x, c); 2069 case XFRM_MSG_FLUSHSA: 2070 return xfrm_notify_sa_flush(c); 2071 default: 2072 printk("xfrm_user: Unknown SA event %d\n", c->event); 2073 break; 2074 } 2075 2076 return 0; 2077 2078 } 2079 2080 static inline size_t xfrm_acquire_msgsize(struct xfrm_state *x, 2081 struct xfrm_policy *xp) 2082 { 2083 return NLMSG_ALIGN(sizeof(struct xfrm_user_acquire)) 2084 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 2085 + nla_total_size(xfrm_user_sec_ctx_size(x->security)) 2086 + userpolicy_type_attrsize(); 2087 } 2088 2089 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 2090 struct xfrm_tmpl *xt, struct xfrm_policy *xp, 2091 int dir) 2092 { 2093 struct xfrm_user_acquire *ua; 2094 struct nlmsghdr *nlh; 2095 __u32 seq = xfrm_get_acqseq(); 2096 2097 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_ACQUIRE, sizeof(*ua), 0); 2098 if (nlh == NULL) 2099 return -EMSGSIZE; 2100 2101 ua = nlmsg_data(nlh); 2102 memcpy(&ua->id, &x->id, sizeof(ua->id)); 2103 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 2104 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 2105 copy_to_user_policy(xp, &ua->policy, dir); 2106 ua->aalgos = xt->aalgos; 2107 ua->ealgos = xt->ealgos; 2108 ua->calgos = xt->calgos; 2109 ua->seq = x->km.seq = seq; 2110 2111 if (copy_to_user_tmpl(xp, skb) < 0) 2112 goto nlmsg_failure; 2113 if (copy_to_user_state_sec_ctx(x, skb)) 2114 goto nlmsg_failure; 2115 if (copy_to_user_policy_type(xp->type, skb) < 0) 2116 goto nlmsg_failure; 2117 2118 return nlmsg_end(skb, nlh); 2119 2120 nlmsg_failure: 2121 nlmsg_cancel(skb, nlh); 2122 return -EMSGSIZE; 2123 } 2124 2125 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 2126 struct xfrm_policy *xp, int dir) 2127 { 2128 struct sk_buff *skb; 2129 2130 skb = nlmsg_new(xfrm_acquire_msgsize(x, xp), GFP_ATOMIC); 2131 if (skb == NULL) 2132 return -ENOMEM; 2133 2134 if (build_acquire(skb, x, xt, xp, dir) < 0) 2135 BUG(); 2136 2137 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_ACQUIRE, GFP_ATOMIC); 2138 } 2139 2140 /* User gives us xfrm_user_policy_info followed by an array of 0 2141 * or more templates. 2142 */ 2143 static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, 2144 u8 *data, int len, int *dir) 2145 { 2146 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 2147 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 2148 struct xfrm_policy *xp; 2149 int nr; 2150 2151 switch (sk->sk_family) { 2152 case AF_INET: 2153 if (opt != IP_XFRM_POLICY) { 2154 *dir = -EOPNOTSUPP; 2155 return NULL; 2156 } 2157 break; 2158 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 2159 case AF_INET6: 2160 if (opt != IPV6_XFRM_POLICY) { 2161 *dir = -EOPNOTSUPP; 2162 return NULL; 2163 } 2164 break; 2165 #endif 2166 default: 2167 *dir = -EINVAL; 2168 return NULL; 2169 } 2170 2171 *dir = -EINVAL; 2172 2173 if (len < sizeof(*p) || 2174 verify_newpolicy_info(p)) 2175 return NULL; 2176 2177 nr = ((len - sizeof(*p)) / sizeof(*ut)); 2178 if (validate_tmpl(nr, ut, p->sel.family)) 2179 return NULL; 2180 2181 if (p->dir > XFRM_POLICY_OUT) 2182 return NULL; 2183 2184 xp = xfrm_policy_alloc(GFP_KERNEL); 2185 if (xp == NULL) { 2186 *dir = -ENOBUFS; 2187 return NULL; 2188 } 2189 2190 copy_from_user_policy(xp, p); 2191 xp->type = XFRM_POLICY_TYPE_MAIN; 2192 copy_templates(xp, ut, nr); 2193 2194 *dir = p->dir; 2195 2196 return xp; 2197 } 2198 2199 static inline size_t xfrm_polexpire_msgsize(struct xfrm_policy *xp) 2200 { 2201 return NLMSG_ALIGN(sizeof(struct xfrm_user_polexpire)) 2202 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 2203 + nla_total_size(xfrm_user_sec_ctx_size(xp->security)) 2204 + userpolicy_type_attrsize(); 2205 } 2206 2207 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 2208 int dir, struct km_event *c) 2209 { 2210 struct xfrm_user_polexpire *upe; 2211 struct nlmsghdr *nlh; 2212 int hard = c->data.hard; 2213 2214 nlh = nlmsg_put(skb, c->pid, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe), 0); 2215 if (nlh == NULL) 2216 return -EMSGSIZE; 2217 2218 upe = nlmsg_data(nlh); 2219 copy_to_user_policy(xp, &upe->pol, dir); 2220 if (copy_to_user_tmpl(xp, skb) < 0) 2221 goto nlmsg_failure; 2222 if (copy_to_user_sec_ctx(xp, skb)) 2223 goto nlmsg_failure; 2224 if (copy_to_user_policy_type(xp->type, skb) < 0) 2225 goto nlmsg_failure; 2226 upe->hard = !!hard; 2227 2228 return nlmsg_end(skb, nlh); 2229 2230 nlmsg_failure: 2231 nlmsg_cancel(skb, nlh); 2232 return -EMSGSIZE; 2233 } 2234 2235 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2236 { 2237 struct sk_buff *skb; 2238 2239 skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC); 2240 if (skb == NULL) 2241 return -ENOMEM; 2242 2243 if (build_polexpire(skb, xp, dir, c) < 0) 2244 BUG(); 2245 2246 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC); 2247 } 2248 2249 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) 2250 { 2251 struct xfrm_userpolicy_info *p; 2252 struct xfrm_userpolicy_id *id; 2253 struct nlmsghdr *nlh; 2254 struct sk_buff *skb; 2255 int len = nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 2256 int headlen; 2257 2258 headlen = sizeof(*p); 2259 if (c->event == XFRM_MSG_DELPOLICY) { 2260 len += nla_total_size(headlen); 2261 headlen = sizeof(*id); 2262 } 2263 len += userpolicy_type_attrsize(); 2264 len += NLMSG_ALIGN(headlen); 2265 2266 skb = nlmsg_new(len, GFP_ATOMIC); 2267 if (skb == NULL) 2268 return -ENOMEM; 2269 2270 nlh = nlmsg_put(skb, c->pid, c->seq, c->event, headlen, 0); 2271 if (nlh == NULL) 2272 goto nlmsg_failure; 2273 2274 p = nlmsg_data(nlh); 2275 if (c->event == XFRM_MSG_DELPOLICY) { 2276 struct nlattr *attr; 2277 2278 id = nlmsg_data(nlh); 2279 memset(id, 0, sizeof(*id)); 2280 id->dir = dir; 2281 if (c->data.byid) 2282 id->index = xp->index; 2283 else 2284 memcpy(&id->sel, &xp->selector, sizeof(id->sel)); 2285 2286 attr = nla_reserve(skb, XFRMA_POLICY, sizeof(*p)); 2287 if (attr == NULL) 2288 goto nlmsg_failure; 2289 2290 p = nla_data(attr); 2291 } 2292 2293 copy_to_user_policy(xp, p, dir); 2294 if (copy_to_user_tmpl(xp, skb) < 0) 2295 goto nlmsg_failure; 2296 if (copy_to_user_policy_type(xp->type, skb) < 0) 2297 goto nlmsg_failure; 2298 2299 nlmsg_end(skb, nlh); 2300 2301 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2302 2303 nlmsg_failure: 2304 kfree_skb(skb); 2305 return -1; 2306 } 2307 2308 static int xfrm_notify_policy_flush(struct km_event *c) 2309 { 2310 struct nlmsghdr *nlh; 2311 struct sk_buff *skb; 2312 2313 skb = nlmsg_new(userpolicy_type_attrsize(), GFP_ATOMIC); 2314 if (skb == NULL) 2315 return -ENOMEM; 2316 2317 nlh = nlmsg_put(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0, 0); 2318 if (nlh == NULL) 2319 goto nlmsg_failure; 2320 if (copy_to_user_policy_type(c->data.type, skb) < 0) 2321 goto nlmsg_failure; 2322 2323 nlmsg_end(skb, nlh); 2324 2325 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2326 2327 nlmsg_failure: 2328 kfree_skb(skb); 2329 return -1; 2330 } 2331 2332 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) 2333 { 2334 2335 switch (c->event) { 2336 case XFRM_MSG_NEWPOLICY: 2337 case XFRM_MSG_UPDPOLICY: 2338 case XFRM_MSG_DELPOLICY: 2339 return xfrm_notify_policy(xp, dir, c); 2340 case XFRM_MSG_FLUSHPOLICY: 2341 return xfrm_notify_policy_flush(c); 2342 case XFRM_MSG_POLEXPIRE: 2343 return xfrm_exp_policy_notify(xp, dir, c); 2344 default: 2345 printk("xfrm_user: Unknown Policy event %d\n", c->event); 2346 } 2347 2348 return 0; 2349 2350 } 2351 2352 static inline size_t xfrm_report_msgsize(void) 2353 { 2354 return NLMSG_ALIGN(sizeof(struct xfrm_user_report)); 2355 } 2356 2357 static int build_report(struct sk_buff *skb, u8 proto, 2358 struct xfrm_selector *sel, xfrm_address_t *addr) 2359 { 2360 struct xfrm_user_report *ur; 2361 struct nlmsghdr *nlh; 2362 2363 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_REPORT, sizeof(*ur), 0); 2364 if (nlh == NULL) 2365 return -EMSGSIZE; 2366 2367 ur = nlmsg_data(nlh); 2368 ur->proto = proto; 2369 memcpy(&ur->sel, sel, sizeof(ur->sel)); 2370 2371 if (addr) 2372 NLA_PUT(skb, XFRMA_COADDR, sizeof(*addr), addr); 2373 2374 return nlmsg_end(skb, nlh); 2375 2376 nla_put_failure: 2377 nlmsg_cancel(skb, nlh); 2378 return -EMSGSIZE; 2379 } 2380 2381 static int xfrm_send_report(u8 proto, struct xfrm_selector *sel, 2382 xfrm_address_t *addr) 2383 { 2384 struct sk_buff *skb; 2385 2386 skb = nlmsg_new(xfrm_report_msgsize(), GFP_ATOMIC); 2387 if (skb == NULL) 2388 return -ENOMEM; 2389 2390 if (build_report(skb, proto, sel, addr) < 0) 2391 BUG(); 2392 2393 return nlmsg_multicast(xfrm_nl, skb, 0, XFRMNLGRP_REPORT, GFP_ATOMIC); 2394 } 2395 2396 static struct xfrm_mgr netlink_mgr = { 2397 .id = "netlink", 2398 .notify = xfrm_send_state_notify, 2399 .acquire = xfrm_send_acquire, 2400 .compile_policy = xfrm_compile_policy, 2401 .notify_policy = xfrm_send_policy_notify, 2402 .report = xfrm_send_report, 2403 .migrate = xfrm_send_migrate, 2404 }; 2405 2406 static int __init xfrm_user_init(void) 2407 { 2408 struct sock *nlsk; 2409 2410 printk(KERN_INFO "Initializing XFRM netlink socket\n"); 2411 2412 nlsk = netlink_kernel_create(&init_net, NETLINK_XFRM, XFRMNLGRP_MAX, 2413 xfrm_netlink_rcv, NULL, THIS_MODULE); 2414 if (nlsk == NULL) 2415 return -ENOMEM; 2416 rcu_assign_pointer(xfrm_nl, nlsk); 2417 2418 xfrm_register_km(&netlink_mgr); 2419 2420 return 0; 2421 } 2422 2423 static void __exit xfrm_user_exit(void) 2424 { 2425 struct sock *nlsk = xfrm_nl; 2426 2427 xfrm_unregister_km(&netlink_mgr); 2428 rcu_assign_pointer(xfrm_nl, NULL); 2429 synchronize_rcu(); 2430 sock_release(nlsk->sk_socket); 2431 } 2432 2433 module_init(xfrm_user_init); 2434 module_exit(xfrm_user_exit); 2435 MODULE_LICENSE("GPL"); 2436 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM); 2437 2438