1 /* xfrm_user.c: User interface to configure xfrm engine. 2 * 3 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 4 * 5 * Changes: 6 * Mitsuru KANDA @USAGI 7 * Kazunori MIYAZAWA @USAGI 8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 9 * IPv6 support 10 * 11 */ 12 13 #include <linux/crypto.h> 14 #include <linux/module.h> 15 #include <linux/kernel.h> 16 #include <linux/types.h> 17 #include <linux/slab.h> 18 #include <linux/socket.h> 19 #include <linux/string.h> 20 #include <linux/net.h> 21 #include <linux/skbuff.h> 22 #include <linux/pfkeyv2.h> 23 #include <linux/ipsec.h> 24 #include <linux/init.h> 25 #include <linux/security.h> 26 #include <net/sock.h> 27 #include <net/xfrm.h> 28 #include <net/netlink.h> 29 #include <net/ah.h> 30 #include <linux/uaccess.h> 31 #if IS_ENABLED(CONFIG_IPV6) 32 #include <linux/in6.h> 33 #endif 34 #include <asm/unaligned.h> 35 36 static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) 37 { 38 struct nlattr *rt = attrs[type]; 39 struct xfrm_algo *algp; 40 41 if (!rt) 42 return 0; 43 44 algp = nla_data(rt); 45 if (nla_len(rt) < (int)xfrm_alg_len(algp)) 46 return -EINVAL; 47 48 switch (type) { 49 case XFRMA_ALG_AUTH: 50 case XFRMA_ALG_CRYPT: 51 case XFRMA_ALG_COMP: 52 break; 53 54 default: 55 return -EINVAL; 56 } 57 58 algp->alg_name[sizeof(algp->alg_name) - 1] = '\0'; 59 return 0; 60 } 61 62 static int verify_auth_trunc(struct nlattr **attrs) 63 { 64 struct nlattr *rt = attrs[XFRMA_ALG_AUTH_TRUNC]; 65 struct xfrm_algo_auth *algp; 66 67 if (!rt) 68 return 0; 69 70 algp = nla_data(rt); 71 if (nla_len(rt) < (int)xfrm_alg_auth_len(algp)) 72 return -EINVAL; 73 74 algp->alg_name[sizeof(algp->alg_name) - 1] = '\0'; 75 return 0; 76 } 77 78 static int verify_aead(struct nlattr **attrs) 79 { 80 struct nlattr *rt = attrs[XFRMA_ALG_AEAD]; 81 struct xfrm_algo_aead *algp; 82 83 if (!rt) 84 return 0; 85 86 algp = nla_data(rt); 87 if (nla_len(rt) < (int)aead_len(algp)) 88 return -EINVAL; 89 90 algp->alg_name[sizeof(algp->alg_name) - 1] = '\0'; 91 return 0; 92 } 93 94 static void verify_one_addr(struct nlattr **attrs, enum xfrm_attr_type_t type, 95 xfrm_address_t **addrp) 96 { 97 struct nlattr *rt = attrs[type]; 98 99 if (rt && addrp) 100 *addrp = nla_data(rt); 101 } 102 103 static inline int verify_sec_ctx_len(struct nlattr **attrs) 104 { 105 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 106 struct xfrm_user_sec_ctx *uctx; 107 108 if (!rt) 109 return 0; 110 111 uctx = nla_data(rt); 112 if (uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len)) 113 return -EINVAL; 114 115 return 0; 116 } 117 118 static inline int verify_replay(struct xfrm_usersa_info *p, 119 struct nlattr **attrs) 120 { 121 struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; 122 struct xfrm_replay_state_esn *rs; 123 124 if (!rt) 125 return (p->flags & XFRM_STATE_ESN) ? -EINVAL : 0; 126 127 rs = nla_data(rt); 128 129 if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8) 130 return -EINVAL; 131 132 if (nla_len(rt) < (int)xfrm_replay_state_esn_len(rs) && 133 nla_len(rt) != sizeof(*rs)) 134 return -EINVAL; 135 136 /* As only ESP and AH support ESN feature. */ 137 if ((p->id.proto != IPPROTO_ESP) && (p->id.proto != IPPROTO_AH)) 138 return -EINVAL; 139 140 if (p->replay_window != 0) 141 return -EINVAL; 142 143 return 0; 144 } 145 146 static int verify_newsa_info(struct xfrm_usersa_info *p, 147 struct nlattr **attrs) 148 { 149 int err; 150 151 err = -EINVAL; 152 switch (p->family) { 153 case AF_INET: 154 break; 155 156 case AF_INET6: 157 #if IS_ENABLED(CONFIG_IPV6) 158 break; 159 #else 160 err = -EAFNOSUPPORT; 161 goto out; 162 #endif 163 164 default: 165 goto out; 166 } 167 168 err = -EINVAL; 169 switch (p->id.proto) { 170 case IPPROTO_AH: 171 if ((!attrs[XFRMA_ALG_AUTH] && 172 !attrs[XFRMA_ALG_AUTH_TRUNC]) || 173 attrs[XFRMA_ALG_AEAD] || 174 attrs[XFRMA_ALG_CRYPT] || 175 attrs[XFRMA_ALG_COMP] || 176 attrs[XFRMA_TFCPAD]) 177 goto out; 178 break; 179 180 case IPPROTO_ESP: 181 if (attrs[XFRMA_ALG_COMP]) 182 goto out; 183 if (!attrs[XFRMA_ALG_AUTH] && 184 !attrs[XFRMA_ALG_AUTH_TRUNC] && 185 !attrs[XFRMA_ALG_CRYPT] && 186 !attrs[XFRMA_ALG_AEAD]) 187 goto out; 188 if ((attrs[XFRMA_ALG_AUTH] || 189 attrs[XFRMA_ALG_AUTH_TRUNC] || 190 attrs[XFRMA_ALG_CRYPT]) && 191 attrs[XFRMA_ALG_AEAD]) 192 goto out; 193 if (attrs[XFRMA_TFCPAD] && 194 p->mode != XFRM_MODE_TUNNEL) 195 goto out; 196 break; 197 198 case IPPROTO_COMP: 199 if (!attrs[XFRMA_ALG_COMP] || 200 attrs[XFRMA_ALG_AEAD] || 201 attrs[XFRMA_ALG_AUTH] || 202 attrs[XFRMA_ALG_AUTH_TRUNC] || 203 attrs[XFRMA_ALG_CRYPT] || 204 attrs[XFRMA_TFCPAD] || 205 (ntohl(p->id.spi) >= 0x10000)) 206 goto out; 207 break; 208 209 #if IS_ENABLED(CONFIG_IPV6) 210 case IPPROTO_DSTOPTS: 211 case IPPROTO_ROUTING: 212 if (attrs[XFRMA_ALG_COMP] || 213 attrs[XFRMA_ALG_AUTH] || 214 attrs[XFRMA_ALG_AUTH_TRUNC] || 215 attrs[XFRMA_ALG_AEAD] || 216 attrs[XFRMA_ALG_CRYPT] || 217 attrs[XFRMA_ENCAP] || 218 attrs[XFRMA_SEC_CTX] || 219 attrs[XFRMA_TFCPAD] || 220 !attrs[XFRMA_COADDR]) 221 goto out; 222 break; 223 #endif 224 225 default: 226 goto out; 227 } 228 229 if ((err = verify_aead(attrs))) 230 goto out; 231 if ((err = verify_auth_trunc(attrs))) 232 goto out; 233 if ((err = verify_one_alg(attrs, XFRMA_ALG_AUTH))) 234 goto out; 235 if ((err = verify_one_alg(attrs, XFRMA_ALG_CRYPT))) 236 goto out; 237 if ((err = verify_one_alg(attrs, XFRMA_ALG_COMP))) 238 goto out; 239 if ((err = verify_sec_ctx_len(attrs))) 240 goto out; 241 if ((err = verify_replay(p, attrs))) 242 goto out; 243 244 err = -EINVAL; 245 switch (p->mode) { 246 case XFRM_MODE_TRANSPORT: 247 case XFRM_MODE_TUNNEL: 248 case XFRM_MODE_ROUTEOPTIMIZATION: 249 case XFRM_MODE_BEET: 250 break; 251 252 default: 253 goto out; 254 } 255 256 err = 0; 257 258 out: 259 return err; 260 } 261 262 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 263 struct xfrm_algo_desc *(*get_byname)(const char *, int), 264 struct nlattr *rta) 265 { 266 struct xfrm_algo *p, *ualg; 267 struct xfrm_algo_desc *algo; 268 269 if (!rta) 270 return 0; 271 272 ualg = nla_data(rta); 273 274 algo = get_byname(ualg->alg_name, 1); 275 if (!algo) 276 return -ENOSYS; 277 *props = algo->desc.sadb_alg_id; 278 279 p = kmemdup(ualg, xfrm_alg_len(ualg), GFP_KERNEL); 280 if (!p) 281 return -ENOMEM; 282 283 strcpy(p->alg_name, algo->name); 284 *algpp = p; 285 return 0; 286 } 287 288 static int attach_crypt(struct xfrm_state *x, struct nlattr *rta) 289 { 290 struct xfrm_algo *p, *ualg; 291 struct xfrm_algo_desc *algo; 292 293 if (!rta) 294 return 0; 295 296 ualg = nla_data(rta); 297 298 algo = xfrm_ealg_get_byname(ualg->alg_name, 1); 299 if (!algo) 300 return -ENOSYS; 301 x->props.ealgo = algo->desc.sadb_alg_id; 302 303 p = kmemdup(ualg, xfrm_alg_len(ualg), GFP_KERNEL); 304 if (!p) 305 return -ENOMEM; 306 307 strcpy(p->alg_name, algo->name); 308 x->ealg = p; 309 x->geniv = algo->uinfo.encr.geniv; 310 return 0; 311 } 312 313 static int attach_auth(struct xfrm_algo_auth **algpp, u8 *props, 314 struct nlattr *rta) 315 { 316 struct xfrm_algo *ualg; 317 struct xfrm_algo_auth *p; 318 struct xfrm_algo_desc *algo; 319 320 if (!rta) 321 return 0; 322 323 ualg = nla_data(rta); 324 325 algo = xfrm_aalg_get_byname(ualg->alg_name, 1); 326 if (!algo) 327 return -ENOSYS; 328 *props = algo->desc.sadb_alg_id; 329 330 p = kmalloc(sizeof(*p) + (ualg->alg_key_len + 7) / 8, GFP_KERNEL); 331 if (!p) 332 return -ENOMEM; 333 334 strcpy(p->alg_name, algo->name); 335 p->alg_key_len = ualg->alg_key_len; 336 p->alg_trunc_len = algo->uinfo.auth.icv_truncbits; 337 memcpy(p->alg_key, ualg->alg_key, (ualg->alg_key_len + 7) / 8); 338 339 *algpp = p; 340 return 0; 341 } 342 343 static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props, 344 struct nlattr *rta) 345 { 346 struct xfrm_algo_auth *p, *ualg; 347 struct xfrm_algo_desc *algo; 348 349 if (!rta) 350 return 0; 351 352 ualg = nla_data(rta); 353 354 algo = xfrm_aalg_get_byname(ualg->alg_name, 1); 355 if (!algo) 356 return -ENOSYS; 357 if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) 358 return -EINVAL; 359 *props = algo->desc.sadb_alg_id; 360 361 p = kmemdup(ualg, xfrm_alg_auth_len(ualg), GFP_KERNEL); 362 if (!p) 363 return -ENOMEM; 364 365 strcpy(p->alg_name, algo->name); 366 if (!p->alg_trunc_len) 367 p->alg_trunc_len = algo->uinfo.auth.icv_truncbits; 368 369 *algpp = p; 370 return 0; 371 } 372 373 static int attach_aead(struct xfrm_state *x, struct nlattr *rta) 374 { 375 struct xfrm_algo_aead *p, *ualg; 376 struct xfrm_algo_desc *algo; 377 378 if (!rta) 379 return 0; 380 381 ualg = nla_data(rta); 382 383 algo = xfrm_aead_get_byname(ualg->alg_name, ualg->alg_icv_len, 1); 384 if (!algo) 385 return -ENOSYS; 386 x->props.ealgo = algo->desc.sadb_alg_id; 387 388 p = kmemdup(ualg, aead_len(ualg), GFP_KERNEL); 389 if (!p) 390 return -ENOMEM; 391 392 strcpy(p->alg_name, algo->name); 393 x->aead = p; 394 x->geniv = algo->uinfo.aead.geniv; 395 return 0; 396 } 397 398 static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_esn, 399 struct nlattr *rp) 400 { 401 struct xfrm_replay_state_esn *up; 402 unsigned int ulen; 403 404 if (!replay_esn || !rp) 405 return 0; 406 407 up = nla_data(rp); 408 ulen = xfrm_replay_state_esn_len(up); 409 410 /* Check the overall length and the internal bitmap length to avoid 411 * potential overflow. */ 412 if (nla_len(rp) < (int)ulen || 413 xfrm_replay_state_esn_len(replay_esn) != ulen || 414 replay_esn->bmp_len != up->bmp_len) 415 return -EINVAL; 416 417 if (up->replay_window > up->bmp_len * sizeof(__u32) * 8) 418 return -EINVAL; 419 420 return 0; 421 } 422 423 static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn, 424 struct xfrm_replay_state_esn **preplay_esn, 425 struct nlattr *rta) 426 { 427 struct xfrm_replay_state_esn *p, *pp, *up; 428 unsigned int klen, ulen; 429 430 if (!rta) 431 return 0; 432 433 up = nla_data(rta); 434 klen = xfrm_replay_state_esn_len(up); 435 ulen = nla_len(rta) >= (int)klen ? klen : sizeof(*up); 436 437 p = kzalloc(klen, GFP_KERNEL); 438 if (!p) 439 return -ENOMEM; 440 441 pp = kzalloc(klen, GFP_KERNEL); 442 if (!pp) { 443 kfree(p); 444 return -ENOMEM; 445 } 446 447 memcpy(p, up, ulen); 448 memcpy(pp, up, ulen); 449 450 *replay_esn = p; 451 *preplay_esn = pp; 452 453 return 0; 454 } 455 456 static inline unsigned int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx) 457 { 458 unsigned int len = 0; 459 460 if (xfrm_ctx) { 461 len += sizeof(struct xfrm_user_sec_ctx); 462 len += xfrm_ctx->ctx_len; 463 } 464 return len; 465 } 466 467 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 468 { 469 memcpy(&x->id, &p->id, sizeof(x->id)); 470 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 471 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 472 x->props.mode = p->mode; 473 x->props.replay_window = min_t(unsigned int, p->replay_window, 474 sizeof(x->replay.bitmap) * 8); 475 x->props.reqid = p->reqid; 476 x->props.family = p->family; 477 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 478 x->props.flags = p->flags; 479 480 if (!x->sel.family && !(p->flags & XFRM_STATE_AF_UNSPEC)) 481 x->sel.family = p->family; 482 } 483 484 /* 485 * someday when pfkey also has support, we could have the code 486 * somehow made shareable and move it to xfrm_state.c - JHS 487 * 488 */ 489 static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs, 490 int update_esn) 491 { 492 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 493 struct nlattr *re = update_esn ? attrs[XFRMA_REPLAY_ESN_VAL] : NULL; 494 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 495 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; 496 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; 497 498 if (re) { 499 struct xfrm_replay_state_esn *replay_esn; 500 replay_esn = nla_data(re); 501 memcpy(x->replay_esn, replay_esn, 502 xfrm_replay_state_esn_len(replay_esn)); 503 memcpy(x->preplay_esn, replay_esn, 504 xfrm_replay_state_esn_len(replay_esn)); 505 } 506 507 if (rp) { 508 struct xfrm_replay_state *replay; 509 replay = nla_data(rp); 510 memcpy(&x->replay, replay, sizeof(*replay)); 511 memcpy(&x->preplay, replay, sizeof(*replay)); 512 } 513 514 if (lt) { 515 struct xfrm_lifetime_cur *ltime; 516 ltime = nla_data(lt); 517 x->curlft.bytes = ltime->bytes; 518 x->curlft.packets = ltime->packets; 519 x->curlft.add_time = ltime->add_time; 520 x->curlft.use_time = ltime->use_time; 521 } 522 523 if (et) 524 x->replay_maxage = nla_get_u32(et); 525 526 if (rt) 527 x->replay_maxdiff = nla_get_u32(rt); 528 } 529 530 static void xfrm_smark_init(struct nlattr **attrs, struct xfrm_mark *m) 531 { 532 if (attrs[XFRMA_SET_MARK]) { 533 m->v = nla_get_u32(attrs[XFRMA_SET_MARK]); 534 if (attrs[XFRMA_SET_MARK_MASK]) 535 m->m = nla_get_u32(attrs[XFRMA_SET_MARK_MASK]); 536 else 537 m->m = 0xffffffff; 538 } else { 539 m->v = m->m = 0; 540 } 541 } 542 543 static struct xfrm_state *xfrm_state_construct(struct net *net, 544 struct xfrm_usersa_info *p, 545 struct nlattr **attrs, 546 int *errp) 547 { 548 struct xfrm_state *x = xfrm_state_alloc(net); 549 int err = -ENOMEM; 550 551 if (!x) 552 goto error_no_put; 553 554 copy_from_user_state(x, p); 555 556 if (attrs[XFRMA_SA_EXTRA_FLAGS]) 557 x->props.extra_flags = nla_get_u32(attrs[XFRMA_SA_EXTRA_FLAGS]); 558 559 if ((err = attach_aead(x, attrs[XFRMA_ALG_AEAD]))) 560 goto error; 561 if ((err = attach_auth_trunc(&x->aalg, &x->props.aalgo, 562 attrs[XFRMA_ALG_AUTH_TRUNC]))) 563 goto error; 564 if (!x->props.aalgo) { 565 if ((err = attach_auth(&x->aalg, &x->props.aalgo, 566 attrs[XFRMA_ALG_AUTH]))) 567 goto error; 568 } 569 if ((err = attach_crypt(x, attrs[XFRMA_ALG_CRYPT]))) 570 goto error; 571 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 572 xfrm_calg_get_byname, 573 attrs[XFRMA_ALG_COMP]))) 574 goto error; 575 576 if (attrs[XFRMA_ENCAP]) { 577 x->encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]), 578 sizeof(*x->encap), GFP_KERNEL); 579 if (x->encap == NULL) 580 goto error; 581 } 582 583 if (attrs[XFRMA_TFCPAD]) 584 x->tfcpad = nla_get_u32(attrs[XFRMA_TFCPAD]); 585 586 if (attrs[XFRMA_COADDR]) { 587 x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]), 588 sizeof(*x->coaddr), GFP_KERNEL); 589 if (x->coaddr == NULL) 590 goto error; 591 } 592 593 xfrm_mark_get(attrs, &x->mark); 594 595 xfrm_smark_init(attrs, &x->props.smark); 596 597 if (attrs[XFRMA_IF_ID]) 598 x->if_id = nla_get_u32(attrs[XFRMA_IF_ID]); 599 600 err = __xfrm_init_state(x, false, attrs[XFRMA_OFFLOAD_DEV]); 601 if (err) 602 goto error; 603 604 if (attrs[XFRMA_SEC_CTX]) { 605 err = security_xfrm_state_alloc(x, 606 nla_data(attrs[XFRMA_SEC_CTX])); 607 if (err) 608 goto error; 609 } 610 611 if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn, 612 attrs[XFRMA_REPLAY_ESN_VAL]))) 613 goto error; 614 615 x->km.seq = p->seq; 616 x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth; 617 /* sysctl_xfrm_aevent_etime is in 100ms units */ 618 x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M; 619 620 if ((err = xfrm_init_replay(x))) 621 goto error; 622 623 /* override default values from above */ 624 xfrm_update_ae_params(x, attrs, 0); 625 626 /* configure the hardware if offload is requested */ 627 if (attrs[XFRMA_OFFLOAD_DEV]) { 628 err = xfrm_dev_state_add(net, x, 629 nla_data(attrs[XFRMA_OFFLOAD_DEV])); 630 if (err) 631 goto error; 632 } 633 634 return x; 635 636 error: 637 x->km.state = XFRM_STATE_DEAD; 638 xfrm_state_put(x); 639 error_no_put: 640 *errp = err; 641 return NULL; 642 } 643 644 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 645 struct nlattr **attrs) 646 { 647 struct net *net = sock_net(skb->sk); 648 struct xfrm_usersa_info *p = nlmsg_data(nlh); 649 struct xfrm_state *x; 650 int err; 651 struct km_event c; 652 653 err = verify_newsa_info(p, attrs); 654 if (err) 655 return err; 656 657 x = xfrm_state_construct(net, p, attrs, &err); 658 if (!x) 659 return err; 660 661 xfrm_state_hold(x); 662 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 663 err = xfrm_state_add(x); 664 else 665 err = xfrm_state_update(x); 666 667 xfrm_audit_state_add(x, err ? 0 : 1, true); 668 669 if (err < 0) { 670 x->km.state = XFRM_STATE_DEAD; 671 xfrm_dev_state_delete(x); 672 __xfrm_state_put(x); 673 goto out; 674 } 675 676 if (x->km.state == XFRM_STATE_VOID) 677 x->km.state = XFRM_STATE_VALID; 678 679 c.seq = nlh->nlmsg_seq; 680 c.portid = nlh->nlmsg_pid; 681 c.event = nlh->nlmsg_type; 682 683 km_state_notify(x, &c); 684 out: 685 xfrm_state_put(x); 686 return err; 687 } 688 689 static struct xfrm_state *xfrm_user_state_lookup(struct net *net, 690 struct xfrm_usersa_id *p, 691 struct nlattr **attrs, 692 int *errp) 693 { 694 struct xfrm_state *x = NULL; 695 struct xfrm_mark m; 696 int err; 697 u32 mark = xfrm_mark_get(attrs, &m); 698 699 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { 700 err = -ESRCH; 701 x = xfrm_state_lookup(net, mark, &p->daddr, p->spi, p->proto, p->family); 702 } else { 703 xfrm_address_t *saddr = NULL; 704 705 verify_one_addr(attrs, XFRMA_SRCADDR, &saddr); 706 if (!saddr) { 707 err = -EINVAL; 708 goto out; 709 } 710 711 err = -ESRCH; 712 x = xfrm_state_lookup_byaddr(net, mark, 713 &p->daddr, saddr, 714 p->proto, p->family); 715 } 716 717 out: 718 if (!x && errp) 719 *errp = err; 720 return x; 721 } 722 723 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 724 struct nlattr **attrs) 725 { 726 struct net *net = sock_net(skb->sk); 727 struct xfrm_state *x; 728 int err = -ESRCH; 729 struct km_event c; 730 struct xfrm_usersa_id *p = nlmsg_data(nlh); 731 732 x = xfrm_user_state_lookup(net, p, attrs, &err); 733 if (x == NULL) 734 return err; 735 736 if ((err = security_xfrm_state_delete(x)) != 0) 737 goto out; 738 739 if (xfrm_state_kern(x)) { 740 err = -EPERM; 741 goto out; 742 } 743 744 err = xfrm_state_delete(x); 745 746 if (err < 0) 747 goto out; 748 749 c.seq = nlh->nlmsg_seq; 750 c.portid = nlh->nlmsg_pid; 751 c.event = nlh->nlmsg_type; 752 km_state_notify(x, &c); 753 754 out: 755 xfrm_audit_state_delete(x, err ? 0 : 1, true); 756 xfrm_state_put(x); 757 return err; 758 } 759 760 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 761 { 762 memset(p, 0, sizeof(*p)); 763 memcpy(&p->id, &x->id, sizeof(p->id)); 764 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 765 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 766 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 767 put_unaligned(x->stats.replay_window, &p->stats.replay_window); 768 put_unaligned(x->stats.replay, &p->stats.replay); 769 put_unaligned(x->stats.integrity_failed, &p->stats.integrity_failed); 770 memcpy(&p->saddr, &x->props.saddr, sizeof(p->saddr)); 771 p->mode = x->props.mode; 772 p->replay_window = x->props.replay_window; 773 p->reqid = x->props.reqid; 774 p->family = x->props.family; 775 p->flags = x->props.flags; 776 p->seq = x->km.seq; 777 } 778 779 struct xfrm_dump_info { 780 struct sk_buff *in_skb; 781 struct sk_buff *out_skb; 782 u32 nlmsg_seq; 783 u16 nlmsg_flags; 784 }; 785 786 static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb) 787 { 788 struct xfrm_user_sec_ctx *uctx; 789 struct nlattr *attr; 790 int ctx_size = sizeof(*uctx) + s->ctx_len; 791 792 attr = nla_reserve(skb, XFRMA_SEC_CTX, ctx_size); 793 if (attr == NULL) 794 return -EMSGSIZE; 795 796 uctx = nla_data(attr); 797 uctx->exttype = XFRMA_SEC_CTX; 798 uctx->len = ctx_size; 799 uctx->ctx_doi = s->ctx_doi; 800 uctx->ctx_alg = s->ctx_alg; 801 uctx->ctx_len = s->ctx_len; 802 memcpy(uctx + 1, s->ctx_str, s->ctx_len); 803 804 return 0; 805 } 806 807 static int copy_user_offload(struct xfrm_state_offload *xso, struct sk_buff *skb) 808 { 809 struct xfrm_user_offload *xuo; 810 struct nlattr *attr; 811 812 attr = nla_reserve(skb, XFRMA_OFFLOAD_DEV, sizeof(*xuo)); 813 if (attr == NULL) 814 return -EMSGSIZE; 815 816 xuo = nla_data(attr); 817 memset(xuo, 0, sizeof(*xuo)); 818 xuo->ifindex = xso->dev->ifindex; 819 xuo->flags = xso->flags; 820 821 return 0; 822 } 823 824 static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb) 825 { 826 struct xfrm_algo *algo; 827 struct nlattr *nla; 828 829 nla = nla_reserve(skb, XFRMA_ALG_AUTH, 830 sizeof(*algo) + (auth->alg_key_len + 7) / 8); 831 if (!nla) 832 return -EMSGSIZE; 833 834 algo = nla_data(nla); 835 strncpy(algo->alg_name, auth->alg_name, sizeof(algo->alg_name)); 836 memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8); 837 algo->alg_key_len = auth->alg_key_len; 838 839 return 0; 840 } 841 842 static int xfrm_smark_put(struct sk_buff *skb, struct xfrm_mark *m) 843 { 844 int ret = 0; 845 846 if (m->v | m->m) { 847 ret = nla_put_u32(skb, XFRMA_SET_MARK, m->v); 848 if (!ret) 849 ret = nla_put_u32(skb, XFRMA_SET_MARK_MASK, m->m); 850 } 851 return ret; 852 } 853 854 /* Don't change this without updating xfrm_sa_len! */ 855 static int copy_to_user_state_extra(struct xfrm_state *x, 856 struct xfrm_usersa_info *p, 857 struct sk_buff *skb) 858 { 859 int ret = 0; 860 861 copy_to_user_state(x, p); 862 863 if (x->props.extra_flags) { 864 ret = nla_put_u32(skb, XFRMA_SA_EXTRA_FLAGS, 865 x->props.extra_flags); 866 if (ret) 867 goto out; 868 } 869 870 if (x->coaddr) { 871 ret = nla_put(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr); 872 if (ret) 873 goto out; 874 } 875 if (x->lastused) { 876 ret = nla_put_u64_64bit(skb, XFRMA_LASTUSED, x->lastused, 877 XFRMA_PAD); 878 if (ret) 879 goto out; 880 } 881 if (x->aead) { 882 ret = nla_put(skb, XFRMA_ALG_AEAD, aead_len(x->aead), x->aead); 883 if (ret) 884 goto out; 885 } 886 if (x->aalg) { 887 ret = copy_to_user_auth(x->aalg, skb); 888 if (!ret) 889 ret = nla_put(skb, XFRMA_ALG_AUTH_TRUNC, 890 xfrm_alg_auth_len(x->aalg), x->aalg); 891 if (ret) 892 goto out; 893 } 894 if (x->ealg) { 895 ret = nla_put(skb, XFRMA_ALG_CRYPT, xfrm_alg_len(x->ealg), x->ealg); 896 if (ret) 897 goto out; 898 } 899 if (x->calg) { 900 ret = nla_put(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 901 if (ret) 902 goto out; 903 } 904 if (x->encap) { 905 ret = nla_put(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 906 if (ret) 907 goto out; 908 } 909 if (x->tfcpad) { 910 ret = nla_put_u32(skb, XFRMA_TFCPAD, x->tfcpad); 911 if (ret) 912 goto out; 913 } 914 ret = xfrm_mark_put(skb, &x->mark); 915 if (ret) 916 goto out; 917 918 ret = xfrm_smark_put(skb, &x->props.smark); 919 if (ret) 920 goto out; 921 922 if (x->replay_esn) 923 ret = nla_put(skb, XFRMA_REPLAY_ESN_VAL, 924 xfrm_replay_state_esn_len(x->replay_esn), 925 x->replay_esn); 926 else 927 ret = nla_put(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), 928 &x->replay); 929 if (ret) 930 goto out; 931 if(x->xso.dev) 932 ret = copy_user_offload(&x->xso, skb); 933 if (ret) 934 goto out; 935 if (x->if_id) { 936 ret = nla_put_u32(skb, XFRMA_IF_ID, x->if_id); 937 if (ret) 938 goto out; 939 } 940 if (x->security) 941 ret = copy_sec_ctx(x->security, skb); 942 out: 943 return ret; 944 } 945 946 static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 947 { 948 struct xfrm_dump_info *sp = ptr; 949 struct sk_buff *in_skb = sp->in_skb; 950 struct sk_buff *skb = sp->out_skb; 951 struct xfrm_usersa_info *p; 952 struct nlmsghdr *nlh; 953 int err; 954 955 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).portid, sp->nlmsg_seq, 956 XFRM_MSG_NEWSA, sizeof(*p), sp->nlmsg_flags); 957 if (nlh == NULL) 958 return -EMSGSIZE; 959 960 p = nlmsg_data(nlh); 961 962 err = copy_to_user_state_extra(x, p, skb); 963 if (err) { 964 nlmsg_cancel(skb, nlh); 965 return err; 966 } 967 nlmsg_end(skb, nlh); 968 return 0; 969 } 970 971 static int xfrm_dump_sa_done(struct netlink_callback *cb) 972 { 973 struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; 974 struct sock *sk = cb->skb->sk; 975 struct net *net = sock_net(sk); 976 977 if (cb->args[0]) 978 xfrm_state_walk_done(walk, net); 979 return 0; 980 } 981 982 static const struct nla_policy xfrma_policy[XFRMA_MAX+1]; 983 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 984 { 985 struct net *net = sock_net(skb->sk); 986 struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; 987 struct xfrm_dump_info info; 988 989 BUILD_BUG_ON(sizeof(struct xfrm_state_walk) > 990 sizeof(cb->args) - sizeof(cb->args[0])); 991 992 info.in_skb = cb->skb; 993 info.out_skb = skb; 994 info.nlmsg_seq = cb->nlh->nlmsg_seq; 995 info.nlmsg_flags = NLM_F_MULTI; 996 997 if (!cb->args[0]) { 998 struct nlattr *attrs[XFRMA_MAX+1]; 999 struct xfrm_address_filter *filter = NULL; 1000 u8 proto = 0; 1001 int err; 1002 1003 err = nlmsg_parse(cb->nlh, 0, attrs, XFRMA_MAX, xfrma_policy, 1004 NULL); 1005 if (err < 0) 1006 return err; 1007 1008 if (attrs[XFRMA_ADDRESS_FILTER]) { 1009 filter = kmemdup(nla_data(attrs[XFRMA_ADDRESS_FILTER]), 1010 sizeof(*filter), GFP_KERNEL); 1011 if (filter == NULL) 1012 return -ENOMEM; 1013 } 1014 1015 if (attrs[XFRMA_PROTO]) 1016 proto = nla_get_u8(attrs[XFRMA_PROTO]); 1017 1018 xfrm_state_walk_init(walk, proto, filter); 1019 cb->args[0] = 1; 1020 } 1021 1022 (void) xfrm_state_walk(net, walk, dump_one_state, &info); 1023 1024 return skb->len; 1025 } 1026 1027 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 1028 struct xfrm_state *x, u32 seq) 1029 { 1030 struct xfrm_dump_info info; 1031 struct sk_buff *skb; 1032 int err; 1033 1034 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 1035 if (!skb) 1036 return ERR_PTR(-ENOMEM); 1037 1038 info.in_skb = in_skb; 1039 info.out_skb = skb; 1040 info.nlmsg_seq = seq; 1041 info.nlmsg_flags = 0; 1042 1043 err = dump_one_state(x, 0, &info); 1044 if (err) { 1045 kfree_skb(skb); 1046 return ERR_PTR(err); 1047 } 1048 1049 return skb; 1050 } 1051 1052 /* A wrapper for nlmsg_multicast() checking that nlsk is still available. 1053 * Must be called with RCU read lock. 1054 */ 1055 static inline int xfrm_nlmsg_multicast(struct net *net, struct sk_buff *skb, 1056 u32 pid, unsigned int group) 1057 { 1058 struct sock *nlsk = rcu_dereference(net->xfrm.nlsk); 1059 1060 if (!nlsk) { 1061 kfree_skb(skb); 1062 return -EPIPE; 1063 } 1064 1065 return nlmsg_multicast(nlsk, skb, pid, group, GFP_ATOMIC); 1066 } 1067 1068 static inline unsigned int xfrm_spdinfo_msgsize(void) 1069 { 1070 return NLMSG_ALIGN(4) 1071 + nla_total_size(sizeof(struct xfrmu_spdinfo)) 1072 + nla_total_size(sizeof(struct xfrmu_spdhinfo)) 1073 + nla_total_size(sizeof(struct xfrmu_spdhthresh)) 1074 + nla_total_size(sizeof(struct xfrmu_spdhthresh)); 1075 } 1076 1077 static int build_spdinfo(struct sk_buff *skb, struct net *net, 1078 u32 portid, u32 seq, u32 flags) 1079 { 1080 struct xfrmk_spdinfo si; 1081 struct xfrmu_spdinfo spc; 1082 struct xfrmu_spdhinfo sph; 1083 struct xfrmu_spdhthresh spt4, spt6; 1084 struct nlmsghdr *nlh; 1085 int err; 1086 u32 *f; 1087 unsigned lseq; 1088 1089 nlh = nlmsg_put(skb, portid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0); 1090 if (nlh == NULL) /* shouldn't really happen ... */ 1091 return -EMSGSIZE; 1092 1093 f = nlmsg_data(nlh); 1094 *f = flags; 1095 xfrm_spd_getinfo(net, &si); 1096 spc.incnt = si.incnt; 1097 spc.outcnt = si.outcnt; 1098 spc.fwdcnt = si.fwdcnt; 1099 spc.inscnt = si.inscnt; 1100 spc.outscnt = si.outscnt; 1101 spc.fwdscnt = si.fwdscnt; 1102 sph.spdhcnt = si.spdhcnt; 1103 sph.spdhmcnt = si.spdhmcnt; 1104 1105 do { 1106 lseq = read_seqbegin(&net->xfrm.policy_hthresh.lock); 1107 1108 spt4.lbits = net->xfrm.policy_hthresh.lbits4; 1109 spt4.rbits = net->xfrm.policy_hthresh.rbits4; 1110 spt6.lbits = net->xfrm.policy_hthresh.lbits6; 1111 spt6.rbits = net->xfrm.policy_hthresh.rbits6; 1112 } while (read_seqretry(&net->xfrm.policy_hthresh.lock, lseq)); 1113 1114 err = nla_put(skb, XFRMA_SPD_INFO, sizeof(spc), &spc); 1115 if (!err) 1116 err = nla_put(skb, XFRMA_SPD_HINFO, sizeof(sph), &sph); 1117 if (!err) 1118 err = nla_put(skb, XFRMA_SPD_IPV4_HTHRESH, sizeof(spt4), &spt4); 1119 if (!err) 1120 err = nla_put(skb, XFRMA_SPD_IPV6_HTHRESH, sizeof(spt6), &spt6); 1121 if (err) { 1122 nlmsg_cancel(skb, nlh); 1123 return err; 1124 } 1125 1126 nlmsg_end(skb, nlh); 1127 return 0; 1128 } 1129 1130 static int xfrm_set_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 1131 struct nlattr **attrs) 1132 { 1133 struct net *net = sock_net(skb->sk); 1134 struct xfrmu_spdhthresh *thresh4 = NULL; 1135 struct xfrmu_spdhthresh *thresh6 = NULL; 1136 1137 /* selector prefixlen thresholds to hash policies */ 1138 if (attrs[XFRMA_SPD_IPV4_HTHRESH]) { 1139 struct nlattr *rta = attrs[XFRMA_SPD_IPV4_HTHRESH]; 1140 1141 if (nla_len(rta) < sizeof(*thresh4)) 1142 return -EINVAL; 1143 thresh4 = nla_data(rta); 1144 if (thresh4->lbits > 32 || thresh4->rbits > 32) 1145 return -EINVAL; 1146 } 1147 if (attrs[XFRMA_SPD_IPV6_HTHRESH]) { 1148 struct nlattr *rta = attrs[XFRMA_SPD_IPV6_HTHRESH]; 1149 1150 if (nla_len(rta) < sizeof(*thresh6)) 1151 return -EINVAL; 1152 thresh6 = nla_data(rta); 1153 if (thresh6->lbits > 128 || thresh6->rbits > 128) 1154 return -EINVAL; 1155 } 1156 1157 if (thresh4 || thresh6) { 1158 write_seqlock(&net->xfrm.policy_hthresh.lock); 1159 if (thresh4) { 1160 net->xfrm.policy_hthresh.lbits4 = thresh4->lbits; 1161 net->xfrm.policy_hthresh.rbits4 = thresh4->rbits; 1162 } 1163 if (thresh6) { 1164 net->xfrm.policy_hthresh.lbits6 = thresh6->lbits; 1165 net->xfrm.policy_hthresh.rbits6 = thresh6->rbits; 1166 } 1167 write_sequnlock(&net->xfrm.policy_hthresh.lock); 1168 1169 xfrm_policy_hash_rebuild(net); 1170 } 1171 1172 return 0; 1173 } 1174 1175 static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 1176 struct nlattr **attrs) 1177 { 1178 struct net *net = sock_net(skb->sk); 1179 struct sk_buff *r_skb; 1180 u32 *flags = nlmsg_data(nlh); 1181 u32 sportid = NETLINK_CB(skb).portid; 1182 u32 seq = nlh->nlmsg_seq; 1183 int err; 1184 1185 r_skb = nlmsg_new(xfrm_spdinfo_msgsize(), GFP_ATOMIC); 1186 if (r_skb == NULL) 1187 return -ENOMEM; 1188 1189 err = build_spdinfo(r_skb, net, sportid, seq, *flags); 1190 BUG_ON(err < 0); 1191 1192 return nlmsg_unicast(net->xfrm.nlsk, r_skb, sportid); 1193 } 1194 1195 static inline unsigned int xfrm_sadinfo_msgsize(void) 1196 { 1197 return NLMSG_ALIGN(4) 1198 + nla_total_size(sizeof(struct xfrmu_sadhinfo)) 1199 + nla_total_size(4); /* XFRMA_SAD_CNT */ 1200 } 1201 1202 static int build_sadinfo(struct sk_buff *skb, struct net *net, 1203 u32 portid, u32 seq, u32 flags) 1204 { 1205 struct xfrmk_sadinfo si; 1206 struct xfrmu_sadhinfo sh; 1207 struct nlmsghdr *nlh; 1208 int err; 1209 u32 *f; 1210 1211 nlh = nlmsg_put(skb, portid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0); 1212 if (nlh == NULL) /* shouldn't really happen ... */ 1213 return -EMSGSIZE; 1214 1215 f = nlmsg_data(nlh); 1216 *f = flags; 1217 xfrm_sad_getinfo(net, &si); 1218 1219 sh.sadhmcnt = si.sadhmcnt; 1220 sh.sadhcnt = si.sadhcnt; 1221 1222 err = nla_put_u32(skb, XFRMA_SAD_CNT, si.sadcnt); 1223 if (!err) 1224 err = nla_put(skb, XFRMA_SAD_HINFO, sizeof(sh), &sh); 1225 if (err) { 1226 nlmsg_cancel(skb, nlh); 1227 return err; 1228 } 1229 1230 nlmsg_end(skb, nlh); 1231 return 0; 1232 } 1233 1234 static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 1235 struct nlattr **attrs) 1236 { 1237 struct net *net = sock_net(skb->sk); 1238 struct sk_buff *r_skb; 1239 u32 *flags = nlmsg_data(nlh); 1240 u32 sportid = NETLINK_CB(skb).portid; 1241 u32 seq = nlh->nlmsg_seq; 1242 int err; 1243 1244 r_skb = nlmsg_new(xfrm_sadinfo_msgsize(), GFP_ATOMIC); 1245 if (r_skb == NULL) 1246 return -ENOMEM; 1247 1248 err = build_sadinfo(r_skb, net, sportid, seq, *flags); 1249 BUG_ON(err < 0); 1250 1251 return nlmsg_unicast(net->xfrm.nlsk, r_skb, sportid); 1252 } 1253 1254 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 1255 struct nlattr **attrs) 1256 { 1257 struct net *net = sock_net(skb->sk); 1258 struct xfrm_usersa_id *p = nlmsg_data(nlh); 1259 struct xfrm_state *x; 1260 struct sk_buff *resp_skb; 1261 int err = -ESRCH; 1262 1263 x = xfrm_user_state_lookup(net, p, attrs, &err); 1264 if (x == NULL) 1265 goto out_noput; 1266 1267 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 1268 if (IS_ERR(resp_skb)) { 1269 err = PTR_ERR(resp_skb); 1270 } else { 1271 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).portid); 1272 } 1273 xfrm_state_put(x); 1274 out_noput: 1275 return err; 1276 } 1277 1278 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, 1279 struct nlattr **attrs) 1280 { 1281 struct net *net = sock_net(skb->sk); 1282 struct xfrm_state *x; 1283 struct xfrm_userspi_info *p; 1284 struct sk_buff *resp_skb; 1285 xfrm_address_t *daddr; 1286 int family; 1287 int err; 1288 u32 mark; 1289 struct xfrm_mark m; 1290 u32 if_id = 0; 1291 1292 p = nlmsg_data(nlh); 1293 err = verify_spi_info(p->info.id.proto, p->min, p->max); 1294 if (err) 1295 goto out_noput; 1296 1297 family = p->info.family; 1298 daddr = &p->info.id.daddr; 1299 1300 x = NULL; 1301 1302 mark = xfrm_mark_get(attrs, &m); 1303 1304 if (attrs[XFRMA_IF_ID]) 1305 if_id = nla_get_u32(attrs[XFRMA_IF_ID]); 1306 1307 if (p->info.seq) { 1308 x = xfrm_find_acq_byseq(net, mark, p->info.seq); 1309 if (x && !xfrm_addr_equal(&x->id.daddr, daddr, family)) { 1310 xfrm_state_put(x); 1311 x = NULL; 1312 } 1313 } 1314 1315 if (!x) 1316 x = xfrm_find_acq(net, &m, p->info.mode, p->info.reqid, 1317 if_id, p->info.id.proto, daddr, 1318 &p->info.saddr, 1, 1319 family); 1320 err = -ENOENT; 1321 if (x == NULL) 1322 goto out_noput; 1323 1324 err = xfrm_alloc_spi(x, p->min, p->max); 1325 if (err) 1326 goto out; 1327 1328 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 1329 if (IS_ERR(resp_skb)) { 1330 err = PTR_ERR(resp_skb); 1331 goto out; 1332 } 1333 1334 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).portid); 1335 1336 out: 1337 xfrm_state_put(x); 1338 out_noput: 1339 return err; 1340 } 1341 1342 static int verify_policy_dir(u8 dir) 1343 { 1344 switch (dir) { 1345 case XFRM_POLICY_IN: 1346 case XFRM_POLICY_OUT: 1347 case XFRM_POLICY_FWD: 1348 break; 1349 1350 default: 1351 return -EINVAL; 1352 } 1353 1354 return 0; 1355 } 1356 1357 static int verify_policy_type(u8 type) 1358 { 1359 switch (type) { 1360 case XFRM_POLICY_TYPE_MAIN: 1361 #ifdef CONFIG_XFRM_SUB_POLICY 1362 case XFRM_POLICY_TYPE_SUB: 1363 #endif 1364 break; 1365 1366 default: 1367 return -EINVAL; 1368 } 1369 1370 return 0; 1371 } 1372 1373 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 1374 { 1375 int ret; 1376 1377 switch (p->share) { 1378 case XFRM_SHARE_ANY: 1379 case XFRM_SHARE_SESSION: 1380 case XFRM_SHARE_USER: 1381 case XFRM_SHARE_UNIQUE: 1382 break; 1383 1384 default: 1385 return -EINVAL; 1386 } 1387 1388 switch (p->action) { 1389 case XFRM_POLICY_ALLOW: 1390 case XFRM_POLICY_BLOCK: 1391 break; 1392 1393 default: 1394 return -EINVAL; 1395 } 1396 1397 switch (p->sel.family) { 1398 case AF_INET: 1399 break; 1400 1401 case AF_INET6: 1402 #if IS_ENABLED(CONFIG_IPV6) 1403 break; 1404 #else 1405 return -EAFNOSUPPORT; 1406 #endif 1407 1408 default: 1409 return -EINVAL; 1410 } 1411 1412 ret = verify_policy_dir(p->dir); 1413 if (ret) 1414 return ret; 1415 if (p->index && ((p->index & XFRM_POLICY_MAX) != p->dir)) 1416 return -EINVAL; 1417 1418 return 0; 1419 } 1420 1421 static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct nlattr **attrs) 1422 { 1423 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1424 struct xfrm_user_sec_ctx *uctx; 1425 1426 if (!rt) 1427 return 0; 1428 1429 uctx = nla_data(rt); 1430 return security_xfrm_policy_alloc(&pol->security, uctx, GFP_KERNEL); 1431 } 1432 1433 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 1434 int nr) 1435 { 1436 int i; 1437 1438 xp->xfrm_nr = nr; 1439 for (i = 0; i < nr; i++, ut++) { 1440 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 1441 1442 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 1443 memcpy(&t->saddr, &ut->saddr, 1444 sizeof(xfrm_address_t)); 1445 t->reqid = ut->reqid; 1446 t->mode = ut->mode; 1447 t->share = ut->share; 1448 t->optional = ut->optional; 1449 t->aalgos = ut->aalgos; 1450 t->ealgos = ut->ealgos; 1451 t->calgos = ut->calgos; 1452 /* If all masks are ~0, then we allow all algorithms. */ 1453 t->allalgs = !~(t->aalgos & t->ealgos & t->calgos); 1454 t->encap_family = ut->family; 1455 } 1456 } 1457 1458 static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family) 1459 { 1460 u16 prev_family; 1461 int i; 1462 1463 if (nr > XFRM_MAX_DEPTH) 1464 return -EINVAL; 1465 1466 prev_family = family; 1467 1468 for (i = 0; i < nr; i++) { 1469 /* We never validated the ut->family value, so many 1470 * applications simply leave it at zero. The check was 1471 * never made and ut->family was ignored because all 1472 * templates could be assumed to have the same family as 1473 * the policy itself. Now that we will have ipv4-in-ipv6 1474 * and ipv6-in-ipv4 tunnels, this is no longer true. 1475 */ 1476 if (!ut[i].family) 1477 ut[i].family = family; 1478 1479 if ((ut[i].mode == XFRM_MODE_TRANSPORT) && 1480 (ut[i].family != prev_family)) 1481 return -EINVAL; 1482 1483 prev_family = ut[i].family; 1484 1485 switch (ut[i].family) { 1486 case AF_INET: 1487 break; 1488 #if IS_ENABLED(CONFIG_IPV6) 1489 case AF_INET6: 1490 break; 1491 #endif 1492 default: 1493 return -EINVAL; 1494 } 1495 1496 switch (ut[i].id.proto) { 1497 case IPPROTO_AH: 1498 case IPPROTO_ESP: 1499 case IPPROTO_COMP: 1500 #if IS_ENABLED(CONFIG_IPV6) 1501 case IPPROTO_ROUTING: 1502 case IPPROTO_DSTOPTS: 1503 #endif 1504 case IPSEC_PROTO_ANY: 1505 break; 1506 default: 1507 return -EINVAL; 1508 } 1509 1510 } 1511 1512 return 0; 1513 } 1514 1515 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct nlattr **attrs) 1516 { 1517 struct nlattr *rt = attrs[XFRMA_TMPL]; 1518 1519 if (!rt) { 1520 pol->xfrm_nr = 0; 1521 } else { 1522 struct xfrm_user_tmpl *utmpl = nla_data(rt); 1523 int nr = nla_len(rt) / sizeof(*utmpl); 1524 int err; 1525 1526 err = validate_tmpl(nr, utmpl, pol->family); 1527 if (err) 1528 return err; 1529 1530 copy_templates(pol, utmpl, nr); 1531 } 1532 return 0; 1533 } 1534 1535 static int copy_from_user_policy_type(u8 *tp, struct nlattr **attrs) 1536 { 1537 struct nlattr *rt = attrs[XFRMA_POLICY_TYPE]; 1538 struct xfrm_userpolicy_type *upt; 1539 u8 type = XFRM_POLICY_TYPE_MAIN; 1540 int err; 1541 1542 if (rt) { 1543 upt = nla_data(rt); 1544 type = upt->type; 1545 } 1546 1547 err = verify_policy_type(type); 1548 if (err) 1549 return err; 1550 1551 *tp = type; 1552 return 0; 1553 } 1554 1555 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 1556 { 1557 xp->priority = p->priority; 1558 xp->index = p->index; 1559 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 1560 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 1561 xp->action = p->action; 1562 xp->flags = p->flags; 1563 xp->family = p->sel.family; 1564 /* XXX xp->share = p->share; */ 1565 } 1566 1567 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 1568 { 1569 memset(p, 0, sizeof(*p)); 1570 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 1571 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 1572 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 1573 p->priority = xp->priority; 1574 p->index = xp->index; 1575 p->sel.family = xp->family; 1576 p->dir = dir; 1577 p->action = xp->action; 1578 p->flags = xp->flags; 1579 p->share = XFRM_SHARE_ANY; /* XXX xp->share */ 1580 } 1581 1582 static struct xfrm_policy *xfrm_policy_construct(struct net *net, struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) 1583 { 1584 struct xfrm_policy *xp = xfrm_policy_alloc(net, GFP_KERNEL); 1585 int err; 1586 1587 if (!xp) { 1588 *errp = -ENOMEM; 1589 return NULL; 1590 } 1591 1592 copy_from_user_policy(xp, p); 1593 1594 err = copy_from_user_policy_type(&xp->type, attrs); 1595 if (err) 1596 goto error; 1597 1598 if (!(err = copy_from_user_tmpl(xp, attrs))) 1599 err = copy_from_user_sec_ctx(xp, attrs); 1600 if (err) 1601 goto error; 1602 1603 xfrm_mark_get(attrs, &xp->mark); 1604 1605 if (attrs[XFRMA_IF_ID]) 1606 xp->if_id = nla_get_u32(attrs[XFRMA_IF_ID]); 1607 1608 return xp; 1609 error: 1610 *errp = err; 1611 xp->walk.dead = 1; 1612 xfrm_policy_destroy(xp); 1613 return NULL; 1614 } 1615 1616 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1617 struct nlattr **attrs) 1618 { 1619 struct net *net = sock_net(skb->sk); 1620 struct xfrm_userpolicy_info *p = nlmsg_data(nlh); 1621 struct xfrm_policy *xp; 1622 struct km_event c; 1623 int err; 1624 int excl; 1625 1626 err = verify_newpolicy_info(p); 1627 if (err) 1628 return err; 1629 err = verify_sec_ctx_len(attrs); 1630 if (err) 1631 return err; 1632 1633 xp = xfrm_policy_construct(net, p, attrs, &err); 1634 if (!xp) 1635 return err; 1636 1637 /* shouldn't excl be based on nlh flags?? 1638 * Aha! this is anti-netlink really i.e more pfkey derived 1639 * in netlink excl is a flag and you wouldnt need 1640 * a type XFRM_MSG_UPDPOLICY - JHS */ 1641 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1642 err = xfrm_policy_insert(p->dir, xp, excl); 1643 xfrm_audit_policy_add(xp, err ? 0 : 1, true); 1644 1645 if (err) { 1646 security_xfrm_policy_free(xp->security); 1647 kfree(xp); 1648 return err; 1649 } 1650 1651 c.event = nlh->nlmsg_type; 1652 c.seq = nlh->nlmsg_seq; 1653 c.portid = nlh->nlmsg_pid; 1654 km_policy_notify(xp, p->dir, &c); 1655 1656 xfrm_pol_put(xp); 1657 1658 return 0; 1659 } 1660 1661 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 1662 { 1663 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 1664 int i; 1665 1666 if (xp->xfrm_nr == 0) 1667 return 0; 1668 1669 for (i = 0; i < xp->xfrm_nr; i++) { 1670 struct xfrm_user_tmpl *up = &vec[i]; 1671 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1672 1673 memset(up, 0, sizeof(*up)); 1674 memcpy(&up->id, &kp->id, sizeof(up->id)); 1675 up->family = kp->encap_family; 1676 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1677 up->reqid = kp->reqid; 1678 up->mode = kp->mode; 1679 up->share = kp->share; 1680 up->optional = kp->optional; 1681 up->aalgos = kp->aalgos; 1682 up->ealgos = kp->ealgos; 1683 up->calgos = kp->calgos; 1684 } 1685 1686 return nla_put(skb, XFRMA_TMPL, 1687 sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr, vec); 1688 } 1689 1690 static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb) 1691 { 1692 if (x->security) { 1693 return copy_sec_ctx(x->security, skb); 1694 } 1695 return 0; 1696 } 1697 1698 static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb) 1699 { 1700 if (xp->security) 1701 return copy_sec_ctx(xp->security, skb); 1702 return 0; 1703 } 1704 static inline unsigned int userpolicy_type_attrsize(void) 1705 { 1706 #ifdef CONFIG_XFRM_SUB_POLICY 1707 return nla_total_size(sizeof(struct xfrm_userpolicy_type)); 1708 #else 1709 return 0; 1710 #endif 1711 } 1712 1713 #ifdef CONFIG_XFRM_SUB_POLICY 1714 static int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1715 { 1716 struct xfrm_userpolicy_type upt; 1717 1718 /* Sadly there are two holes in struct xfrm_userpolicy_type */ 1719 memset(&upt, 0, sizeof(upt)); 1720 upt.type = type; 1721 1722 return nla_put(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); 1723 } 1724 1725 #else 1726 static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1727 { 1728 return 0; 1729 } 1730 #endif 1731 1732 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 1733 { 1734 struct xfrm_dump_info *sp = ptr; 1735 struct xfrm_userpolicy_info *p; 1736 struct sk_buff *in_skb = sp->in_skb; 1737 struct sk_buff *skb = sp->out_skb; 1738 struct nlmsghdr *nlh; 1739 int err; 1740 1741 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).portid, sp->nlmsg_seq, 1742 XFRM_MSG_NEWPOLICY, sizeof(*p), sp->nlmsg_flags); 1743 if (nlh == NULL) 1744 return -EMSGSIZE; 1745 1746 p = nlmsg_data(nlh); 1747 copy_to_user_policy(xp, p, dir); 1748 err = copy_to_user_tmpl(xp, skb); 1749 if (!err) 1750 err = copy_to_user_sec_ctx(xp, skb); 1751 if (!err) 1752 err = copy_to_user_policy_type(xp->type, skb); 1753 if (!err) 1754 err = xfrm_mark_put(skb, &xp->mark); 1755 if (!err) 1756 err = xfrm_if_id_put(skb, xp->if_id); 1757 if (err) { 1758 nlmsg_cancel(skb, nlh); 1759 return err; 1760 } 1761 nlmsg_end(skb, nlh); 1762 return 0; 1763 } 1764 1765 static int xfrm_dump_policy_done(struct netlink_callback *cb) 1766 { 1767 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args; 1768 struct net *net = sock_net(cb->skb->sk); 1769 1770 xfrm_policy_walk_done(walk, net); 1771 return 0; 1772 } 1773 1774 static int xfrm_dump_policy_start(struct netlink_callback *cb) 1775 { 1776 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args; 1777 1778 BUILD_BUG_ON(sizeof(*walk) > sizeof(cb->args)); 1779 1780 xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY); 1781 return 0; 1782 } 1783 1784 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 1785 { 1786 struct net *net = sock_net(skb->sk); 1787 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args; 1788 struct xfrm_dump_info info; 1789 1790 info.in_skb = cb->skb; 1791 info.out_skb = skb; 1792 info.nlmsg_seq = cb->nlh->nlmsg_seq; 1793 info.nlmsg_flags = NLM_F_MULTI; 1794 1795 (void) xfrm_policy_walk(net, walk, dump_one_policy, &info); 1796 1797 return skb->len; 1798 } 1799 1800 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 1801 struct xfrm_policy *xp, 1802 int dir, u32 seq) 1803 { 1804 struct xfrm_dump_info info; 1805 struct sk_buff *skb; 1806 int err; 1807 1808 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1809 if (!skb) 1810 return ERR_PTR(-ENOMEM); 1811 1812 info.in_skb = in_skb; 1813 info.out_skb = skb; 1814 info.nlmsg_seq = seq; 1815 info.nlmsg_flags = 0; 1816 1817 err = dump_one_policy(xp, dir, 0, &info); 1818 if (err) { 1819 kfree_skb(skb); 1820 return ERR_PTR(err); 1821 } 1822 1823 return skb; 1824 } 1825 1826 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1827 struct nlattr **attrs) 1828 { 1829 struct net *net = sock_net(skb->sk); 1830 struct xfrm_policy *xp; 1831 struct xfrm_userpolicy_id *p; 1832 u8 type = XFRM_POLICY_TYPE_MAIN; 1833 int err; 1834 struct km_event c; 1835 int delete; 1836 struct xfrm_mark m; 1837 u32 mark = xfrm_mark_get(attrs, &m); 1838 u32 if_id = 0; 1839 1840 p = nlmsg_data(nlh); 1841 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 1842 1843 err = copy_from_user_policy_type(&type, attrs); 1844 if (err) 1845 return err; 1846 1847 err = verify_policy_dir(p->dir); 1848 if (err) 1849 return err; 1850 1851 if (attrs[XFRMA_IF_ID]) 1852 if_id = nla_get_u32(attrs[XFRMA_IF_ID]); 1853 1854 if (p->index) 1855 xp = xfrm_policy_byid(net, mark, if_id, type, p->dir, p->index, delete, &err); 1856 else { 1857 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1858 struct xfrm_sec_ctx *ctx; 1859 1860 err = verify_sec_ctx_len(attrs); 1861 if (err) 1862 return err; 1863 1864 ctx = NULL; 1865 if (rt) { 1866 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 1867 1868 err = security_xfrm_policy_alloc(&ctx, uctx, GFP_KERNEL); 1869 if (err) 1870 return err; 1871 } 1872 xp = xfrm_policy_bysel_ctx(net, mark, if_id, type, p->dir, &p->sel, 1873 ctx, delete, &err); 1874 security_xfrm_policy_free(ctx); 1875 } 1876 if (xp == NULL) 1877 return -ENOENT; 1878 1879 if (!delete) { 1880 struct sk_buff *resp_skb; 1881 1882 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 1883 if (IS_ERR(resp_skb)) { 1884 err = PTR_ERR(resp_skb); 1885 } else { 1886 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, 1887 NETLINK_CB(skb).portid); 1888 } 1889 } else { 1890 xfrm_audit_policy_delete(xp, err ? 0 : 1, true); 1891 1892 if (err != 0) 1893 goto out; 1894 1895 c.data.byid = p->index; 1896 c.event = nlh->nlmsg_type; 1897 c.seq = nlh->nlmsg_seq; 1898 c.portid = nlh->nlmsg_pid; 1899 km_policy_notify(xp, p->dir, &c); 1900 } 1901 1902 out: 1903 xfrm_pol_put(xp); 1904 return err; 1905 } 1906 1907 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 1908 struct nlattr **attrs) 1909 { 1910 struct net *net = sock_net(skb->sk); 1911 struct km_event c; 1912 struct xfrm_usersa_flush *p = nlmsg_data(nlh); 1913 int err; 1914 1915 err = xfrm_state_flush(net, p->proto, true); 1916 if (err) { 1917 if (err == -ESRCH) /* empty table */ 1918 return 0; 1919 return err; 1920 } 1921 c.data.proto = p->proto; 1922 c.event = nlh->nlmsg_type; 1923 c.seq = nlh->nlmsg_seq; 1924 c.portid = nlh->nlmsg_pid; 1925 c.net = net; 1926 km_state_notify(NULL, &c); 1927 1928 return 0; 1929 } 1930 1931 static inline unsigned int xfrm_aevent_msgsize(struct xfrm_state *x) 1932 { 1933 unsigned int replay_size = x->replay_esn ? 1934 xfrm_replay_state_esn_len(x->replay_esn) : 1935 sizeof(struct xfrm_replay_state); 1936 1937 return NLMSG_ALIGN(sizeof(struct xfrm_aevent_id)) 1938 + nla_total_size(replay_size) 1939 + nla_total_size_64bit(sizeof(struct xfrm_lifetime_cur)) 1940 + nla_total_size(sizeof(struct xfrm_mark)) 1941 + nla_total_size(4) /* XFRM_AE_RTHR */ 1942 + nla_total_size(4); /* XFRM_AE_ETHR */ 1943 } 1944 1945 static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c) 1946 { 1947 struct xfrm_aevent_id *id; 1948 struct nlmsghdr *nlh; 1949 int err; 1950 1951 nlh = nlmsg_put(skb, c->portid, c->seq, XFRM_MSG_NEWAE, sizeof(*id), 0); 1952 if (nlh == NULL) 1953 return -EMSGSIZE; 1954 1955 id = nlmsg_data(nlh); 1956 memset(&id->sa_id, 0, sizeof(id->sa_id)); 1957 memcpy(&id->sa_id.daddr, &x->id.daddr, sizeof(x->id.daddr)); 1958 id->sa_id.spi = x->id.spi; 1959 id->sa_id.family = x->props.family; 1960 id->sa_id.proto = x->id.proto; 1961 memcpy(&id->saddr, &x->props.saddr, sizeof(x->props.saddr)); 1962 id->reqid = x->props.reqid; 1963 id->flags = c->data.aevent; 1964 1965 if (x->replay_esn) { 1966 err = nla_put(skb, XFRMA_REPLAY_ESN_VAL, 1967 xfrm_replay_state_esn_len(x->replay_esn), 1968 x->replay_esn); 1969 } else { 1970 err = nla_put(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), 1971 &x->replay); 1972 } 1973 if (err) 1974 goto out_cancel; 1975 err = nla_put_64bit(skb, XFRMA_LTIME_VAL, sizeof(x->curlft), &x->curlft, 1976 XFRMA_PAD); 1977 if (err) 1978 goto out_cancel; 1979 1980 if (id->flags & XFRM_AE_RTHR) { 1981 err = nla_put_u32(skb, XFRMA_REPLAY_THRESH, x->replay_maxdiff); 1982 if (err) 1983 goto out_cancel; 1984 } 1985 if (id->flags & XFRM_AE_ETHR) { 1986 err = nla_put_u32(skb, XFRMA_ETIMER_THRESH, 1987 x->replay_maxage * 10 / HZ); 1988 if (err) 1989 goto out_cancel; 1990 } 1991 err = xfrm_mark_put(skb, &x->mark); 1992 if (err) 1993 goto out_cancel; 1994 1995 err = xfrm_if_id_put(skb, x->if_id); 1996 if (err) 1997 goto out_cancel; 1998 1999 nlmsg_end(skb, nlh); 2000 return 0; 2001 2002 out_cancel: 2003 nlmsg_cancel(skb, nlh); 2004 return err; 2005 } 2006 2007 static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 2008 struct nlattr **attrs) 2009 { 2010 struct net *net = sock_net(skb->sk); 2011 struct xfrm_state *x; 2012 struct sk_buff *r_skb; 2013 int err; 2014 struct km_event c; 2015 u32 mark; 2016 struct xfrm_mark m; 2017 struct xfrm_aevent_id *p = nlmsg_data(nlh); 2018 struct xfrm_usersa_id *id = &p->sa_id; 2019 2020 mark = xfrm_mark_get(attrs, &m); 2021 2022 x = xfrm_state_lookup(net, mark, &id->daddr, id->spi, id->proto, id->family); 2023 if (x == NULL) 2024 return -ESRCH; 2025 2026 r_skb = nlmsg_new(xfrm_aevent_msgsize(x), GFP_ATOMIC); 2027 if (r_skb == NULL) { 2028 xfrm_state_put(x); 2029 return -ENOMEM; 2030 } 2031 2032 /* 2033 * XXX: is this lock really needed - none of the other 2034 * gets lock (the concern is things getting updated 2035 * while we are still reading) - jhs 2036 */ 2037 spin_lock_bh(&x->lock); 2038 c.data.aevent = p->flags; 2039 c.seq = nlh->nlmsg_seq; 2040 c.portid = nlh->nlmsg_pid; 2041 2042 err = build_aevent(r_skb, x, &c); 2043 BUG_ON(err < 0); 2044 2045 err = nlmsg_unicast(net->xfrm.nlsk, r_skb, NETLINK_CB(skb).portid); 2046 spin_unlock_bh(&x->lock); 2047 xfrm_state_put(x); 2048 return err; 2049 } 2050 2051 static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 2052 struct nlattr **attrs) 2053 { 2054 struct net *net = sock_net(skb->sk); 2055 struct xfrm_state *x; 2056 struct km_event c; 2057 int err = -EINVAL; 2058 u32 mark = 0; 2059 struct xfrm_mark m; 2060 struct xfrm_aevent_id *p = nlmsg_data(nlh); 2061 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 2062 struct nlattr *re = attrs[XFRMA_REPLAY_ESN_VAL]; 2063 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 2064 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; 2065 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; 2066 2067 if (!lt && !rp && !re && !et && !rt) 2068 return err; 2069 2070 /* pedantic mode - thou shalt sayeth replaceth */ 2071 if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) 2072 return err; 2073 2074 mark = xfrm_mark_get(attrs, &m); 2075 2076 x = xfrm_state_lookup(net, mark, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); 2077 if (x == NULL) 2078 return -ESRCH; 2079 2080 if (x->km.state != XFRM_STATE_VALID) 2081 goto out; 2082 2083 err = xfrm_replay_verify_len(x->replay_esn, re); 2084 if (err) 2085 goto out; 2086 2087 spin_lock_bh(&x->lock); 2088 xfrm_update_ae_params(x, attrs, 1); 2089 spin_unlock_bh(&x->lock); 2090 2091 c.event = nlh->nlmsg_type; 2092 c.seq = nlh->nlmsg_seq; 2093 c.portid = nlh->nlmsg_pid; 2094 c.data.aevent = XFRM_AE_CU; 2095 km_state_notify(x, &c); 2096 err = 0; 2097 out: 2098 xfrm_state_put(x); 2099 return err; 2100 } 2101 2102 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 2103 struct nlattr **attrs) 2104 { 2105 struct net *net = sock_net(skb->sk); 2106 struct km_event c; 2107 u8 type = XFRM_POLICY_TYPE_MAIN; 2108 int err; 2109 2110 err = copy_from_user_policy_type(&type, attrs); 2111 if (err) 2112 return err; 2113 2114 err = xfrm_policy_flush(net, type, true); 2115 if (err) { 2116 if (err == -ESRCH) /* empty table */ 2117 return 0; 2118 return err; 2119 } 2120 2121 c.data.type = type; 2122 c.event = nlh->nlmsg_type; 2123 c.seq = nlh->nlmsg_seq; 2124 c.portid = nlh->nlmsg_pid; 2125 c.net = net; 2126 km_policy_notify(NULL, 0, &c); 2127 return 0; 2128 } 2129 2130 static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 2131 struct nlattr **attrs) 2132 { 2133 struct net *net = sock_net(skb->sk); 2134 struct xfrm_policy *xp; 2135 struct xfrm_user_polexpire *up = nlmsg_data(nlh); 2136 struct xfrm_userpolicy_info *p = &up->pol; 2137 u8 type = XFRM_POLICY_TYPE_MAIN; 2138 int err = -ENOENT; 2139 struct xfrm_mark m; 2140 u32 mark = xfrm_mark_get(attrs, &m); 2141 u32 if_id = 0; 2142 2143 err = copy_from_user_policy_type(&type, attrs); 2144 if (err) 2145 return err; 2146 2147 err = verify_policy_dir(p->dir); 2148 if (err) 2149 return err; 2150 2151 if (attrs[XFRMA_IF_ID]) 2152 if_id = nla_get_u32(attrs[XFRMA_IF_ID]); 2153 2154 if (p->index) 2155 xp = xfrm_policy_byid(net, mark, if_id, type, p->dir, p->index, 0, &err); 2156 else { 2157 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 2158 struct xfrm_sec_ctx *ctx; 2159 2160 err = verify_sec_ctx_len(attrs); 2161 if (err) 2162 return err; 2163 2164 ctx = NULL; 2165 if (rt) { 2166 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 2167 2168 err = security_xfrm_policy_alloc(&ctx, uctx, GFP_KERNEL); 2169 if (err) 2170 return err; 2171 } 2172 xp = xfrm_policy_bysel_ctx(net, mark, if_id, type, p->dir, 2173 &p->sel, ctx, 0, &err); 2174 security_xfrm_policy_free(ctx); 2175 } 2176 if (xp == NULL) 2177 return -ENOENT; 2178 2179 if (unlikely(xp->walk.dead)) 2180 goto out; 2181 2182 err = 0; 2183 if (up->hard) { 2184 xfrm_policy_delete(xp, p->dir); 2185 xfrm_audit_policy_delete(xp, 1, true); 2186 } 2187 km_policy_expired(xp, p->dir, up->hard, nlh->nlmsg_pid); 2188 2189 out: 2190 xfrm_pol_put(xp); 2191 return err; 2192 } 2193 2194 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 2195 struct nlattr **attrs) 2196 { 2197 struct net *net = sock_net(skb->sk); 2198 struct xfrm_state *x; 2199 int err; 2200 struct xfrm_user_expire *ue = nlmsg_data(nlh); 2201 struct xfrm_usersa_info *p = &ue->state; 2202 struct xfrm_mark m; 2203 u32 mark = xfrm_mark_get(attrs, &m); 2204 2205 x = xfrm_state_lookup(net, mark, &p->id.daddr, p->id.spi, p->id.proto, p->family); 2206 2207 err = -ENOENT; 2208 if (x == NULL) 2209 return err; 2210 2211 spin_lock_bh(&x->lock); 2212 err = -EINVAL; 2213 if (x->km.state != XFRM_STATE_VALID) 2214 goto out; 2215 km_state_expired(x, ue->hard, nlh->nlmsg_pid); 2216 2217 if (ue->hard) { 2218 __xfrm_state_delete(x); 2219 xfrm_audit_state_delete(x, 1, true); 2220 } 2221 err = 0; 2222 out: 2223 spin_unlock_bh(&x->lock); 2224 xfrm_state_put(x); 2225 return err; 2226 } 2227 2228 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, 2229 struct nlattr **attrs) 2230 { 2231 struct net *net = sock_net(skb->sk); 2232 struct xfrm_policy *xp; 2233 struct xfrm_user_tmpl *ut; 2234 int i; 2235 struct nlattr *rt = attrs[XFRMA_TMPL]; 2236 struct xfrm_mark mark; 2237 2238 struct xfrm_user_acquire *ua = nlmsg_data(nlh); 2239 struct xfrm_state *x = xfrm_state_alloc(net); 2240 int err = -ENOMEM; 2241 2242 if (!x) 2243 goto nomem; 2244 2245 xfrm_mark_get(attrs, &mark); 2246 2247 err = verify_newpolicy_info(&ua->policy); 2248 if (err) 2249 goto free_state; 2250 2251 /* build an XP */ 2252 xp = xfrm_policy_construct(net, &ua->policy, attrs, &err); 2253 if (!xp) 2254 goto free_state; 2255 2256 memcpy(&x->id, &ua->id, sizeof(ua->id)); 2257 memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr)); 2258 memcpy(&x->sel, &ua->sel, sizeof(ua->sel)); 2259 xp->mark.m = x->mark.m = mark.m; 2260 xp->mark.v = x->mark.v = mark.v; 2261 ut = nla_data(rt); 2262 /* extract the templates and for each call km_key */ 2263 for (i = 0; i < xp->xfrm_nr; i++, ut++) { 2264 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 2265 memcpy(&x->id, &t->id, sizeof(x->id)); 2266 x->props.mode = t->mode; 2267 x->props.reqid = t->reqid; 2268 x->props.family = ut->family; 2269 t->aalgos = ua->aalgos; 2270 t->ealgos = ua->ealgos; 2271 t->calgos = ua->calgos; 2272 err = km_query(x, t, xp); 2273 2274 } 2275 2276 kfree(x); 2277 kfree(xp); 2278 2279 return 0; 2280 2281 free_state: 2282 kfree(x); 2283 nomem: 2284 return err; 2285 } 2286 2287 #ifdef CONFIG_XFRM_MIGRATE 2288 static int copy_from_user_migrate(struct xfrm_migrate *ma, 2289 struct xfrm_kmaddress *k, 2290 struct nlattr **attrs, int *num) 2291 { 2292 struct nlattr *rt = attrs[XFRMA_MIGRATE]; 2293 struct xfrm_user_migrate *um; 2294 int i, num_migrate; 2295 2296 if (k != NULL) { 2297 struct xfrm_user_kmaddress *uk; 2298 2299 uk = nla_data(attrs[XFRMA_KMADDRESS]); 2300 memcpy(&k->local, &uk->local, sizeof(k->local)); 2301 memcpy(&k->remote, &uk->remote, sizeof(k->remote)); 2302 k->family = uk->family; 2303 k->reserved = uk->reserved; 2304 } 2305 2306 um = nla_data(rt); 2307 num_migrate = nla_len(rt) / sizeof(*um); 2308 2309 if (num_migrate <= 0 || num_migrate > XFRM_MAX_DEPTH) 2310 return -EINVAL; 2311 2312 for (i = 0; i < num_migrate; i++, um++, ma++) { 2313 memcpy(&ma->old_daddr, &um->old_daddr, sizeof(ma->old_daddr)); 2314 memcpy(&ma->old_saddr, &um->old_saddr, sizeof(ma->old_saddr)); 2315 memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); 2316 memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); 2317 2318 ma->proto = um->proto; 2319 ma->mode = um->mode; 2320 ma->reqid = um->reqid; 2321 2322 ma->old_family = um->old_family; 2323 ma->new_family = um->new_family; 2324 } 2325 2326 *num = i; 2327 return 0; 2328 } 2329 2330 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 2331 struct nlattr **attrs) 2332 { 2333 struct xfrm_userpolicy_id *pi = nlmsg_data(nlh); 2334 struct xfrm_migrate m[XFRM_MAX_DEPTH]; 2335 struct xfrm_kmaddress km, *kmp; 2336 u8 type; 2337 int err; 2338 int n = 0; 2339 struct net *net = sock_net(skb->sk); 2340 struct xfrm_encap_tmpl *encap = NULL; 2341 2342 if (attrs[XFRMA_MIGRATE] == NULL) 2343 return -EINVAL; 2344 2345 kmp = attrs[XFRMA_KMADDRESS] ? &km : NULL; 2346 2347 err = copy_from_user_policy_type(&type, attrs); 2348 if (err) 2349 return err; 2350 2351 err = copy_from_user_migrate((struct xfrm_migrate *)m, kmp, attrs, &n); 2352 if (err) 2353 return err; 2354 2355 if (!n) 2356 return 0; 2357 2358 if (attrs[XFRMA_ENCAP]) { 2359 encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]), 2360 sizeof(*encap), GFP_KERNEL); 2361 if (!encap) 2362 return 0; 2363 } 2364 2365 err = xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap); 2366 2367 kfree(encap); 2368 2369 return err; 2370 } 2371 #else 2372 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 2373 struct nlattr **attrs) 2374 { 2375 return -ENOPROTOOPT; 2376 } 2377 #endif 2378 2379 #ifdef CONFIG_XFRM_MIGRATE 2380 static int copy_to_user_migrate(const struct xfrm_migrate *m, struct sk_buff *skb) 2381 { 2382 struct xfrm_user_migrate um; 2383 2384 memset(&um, 0, sizeof(um)); 2385 um.proto = m->proto; 2386 um.mode = m->mode; 2387 um.reqid = m->reqid; 2388 um.old_family = m->old_family; 2389 memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); 2390 memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); 2391 um.new_family = m->new_family; 2392 memcpy(&um.new_daddr, &m->new_daddr, sizeof(um.new_daddr)); 2393 memcpy(&um.new_saddr, &m->new_saddr, sizeof(um.new_saddr)); 2394 2395 return nla_put(skb, XFRMA_MIGRATE, sizeof(um), &um); 2396 } 2397 2398 static int copy_to_user_kmaddress(const struct xfrm_kmaddress *k, struct sk_buff *skb) 2399 { 2400 struct xfrm_user_kmaddress uk; 2401 2402 memset(&uk, 0, sizeof(uk)); 2403 uk.family = k->family; 2404 uk.reserved = k->reserved; 2405 memcpy(&uk.local, &k->local, sizeof(uk.local)); 2406 memcpy(&uk.remote, &k->remote, sizeof(uk.remote)); 2407 2408 return nla_put(skb, XFRMA_KMADDRESS, sizeof(uk), &uk); 2409 } 2410 2411 static inline unsigned int xfrm_migrate_msgsize(int num_migrate, int with_kma, 2412 int with_encp) 2413 { 2414 return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id)) 2415 + (with_kma ? nla_total_size(sizeof(struct xfrm_kmaddress)) : 0) 2416 + (with_encp ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0) 2417 + nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate) 2418 + userpolicy_type_attrsize(); 2419 } 2420 2421 static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m, 2422 int num_migrate, const struct xfrm_kmaddress *k, 2423 const struct xfrm_selector *sel, 2424 const struct xfrm_encap_tmpl *encap, u8 dir, u8 type) 2425 { 2426 const struct xfrm_migrate *mp; 2427 struct xfrm_userpolicy_id *pol_id; 2428 struct nlmsghdr *nlh; 2429 int i, err; 2430 2431 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MIGRATE, sizeof(*pol_id), 0); 2432 if (nlh == NULL) 2433 return -EMSGSIZE; 2434 2435 pol_id = nlmsg_data(nlh); 2436 /* copy data from selector, dir, and type to the pol_id */ 2437 memset(pol_id, 0, sizeof(*pol_id)); 2438 memcpy(&pol_id->sel, sel, sizeof(pol_id->sel)); 2439 pol_id->dir = dir; 2440 2441 if (k != NULL) { 2442 err = copy_to_user_kmaddress(k, skb); 2443 if (err) 2444 goto out_cancel; 2445 } 2446 if (encap) { 2447 err = nla_put(skb, XFRMA_ENCAP, sizeof(*encap), encap); 2448 if (err) 2449 goto out_cancel; 2450 } 2451 err = copy_to_user_policy_type(type, skb); 2452 if (err) 2453 goto out_cancel; 2454 for (i = 0, mp = m ; i < num_migrate; i++, mp++) { 2455 err = copy_to_user_migrate(mp, skb); 2456 if (err) 2457 goto out_cancel; 2458 } 2459 2460 nlmsg_end(skb, nlh); 2461 return 0; 2462 2463 out_cancel: 2464 nlmsg_cancel(skb, nlh); 2465 return err; 2466 } 2467 2468 static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, 2469 const struct xfrm_migrate *m, int num_migrate, 2470 const struct xfrm_kmaddress *k, 2471 const struct xfrm_encap_tmpl *encap) 2472 { 2473 struct net *net = &init_net; 2474 struct sk_buff *skb; 2475 int err; 2476 2477 skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k, !!encap), 2478 GFP_ATOMIC); 2479 if (skb == NULL) 2480 return -ENOMEM; 2481 2482 /* build migrate */ 2483 err = build_migrate(skb, m, num_migrate, k, sel, encap, dir, type); 2484 BUG_ON(err < 0); 2485 2486 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE); 2487 } 2488 #else 2489 static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, 2490 const struct xfrm_migrate *m, int num_migrate, 2491 const struct xfrm_kmaddress *k, 2492 const struct xfrm_encap_tmpl *encap) 2493 { 2494 return -ENOPROTOOPT; 2495 } 2496 #endif 2497 2498 #define XMSGSIZE(type) sizeof(struct type) 2499 2500 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 2501 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 2502 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 2503 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 2504 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 2505 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 2506 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 2507 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 2508 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 2509 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 2510 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 2511 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 2512 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 2513 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 2514 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = 0, 2515 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 2516 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 2517 [XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report), 2518 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 2519 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = sizeof(u32), 2520 [XFRM_MSG_NEWSPDINFO - XFRM_MSG_BASE] = sizeof(u32), 2521 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = sizeof(u32), 2522 }; 2523 2524 #undef XMSGSIZE 2525 2526 static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = { 2527 [XFRMA_SA] = { .len = sizeof(struct xfrm_usersa_info)}, 2528 [XFRMA_POLICY] = { .len = sizeof(struct xfrm_userpolicy_info)}, 2529 [XFRMA_LASTUSED] = { .type = NLA_U64}, 2530 [XFRMA_ALG_AUTH_TRUNC] = { .len = sizeof(struct xfrm_algo_auth)}, 2531 [XFRMA_ALG_AEAD] = { .len = sizeof(struct xfrm_algo_aead) }, 2532 [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) }, 2533 [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) }, 2534 [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) }, 2535 [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) }, 2536 [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) }, 2537 [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) }, 2538 [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) }, 2539 [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) }, 2540 [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 }, 2541 [XFRMA_ETIMER_THRESH] = { .type = NLA_U32 }, 2542 [XFRMA_SRCADDR] = { .len = sizeof(xfrm_address_t) }, 2543 [XFRMA_COADDR] = { .len = sizeof(xfrm_address_t) }, 2544 [XFRMA_POLICY_TYPE] = { .len = sizeof(struct xfrm_userpolicy_type)}, 2545 [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) }, 2546 [XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) }, 2547 [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) }, 2548 [XFRMA_TFCPAD] = { .type = NLA_U32 }, 2549 [XFRMA_REPLAY_ESN_VAL] = { .len = sizeof(struct xfrm_replay_state_esn) }, 2550 [XFRMA_SA_EXTRA_FLAGS] = { .type = NLA_U32 }, 2551 [XFRMA_PROTO] = { .type = NLA_U8 }, 2552 [XFRMA_ADDRESS_FILTER] = { .len = sizeof(struct xfrm_address_filter) }, 2553 [XFRMA_OFFLOAD_DEV] = { .len = sizeof(struct xfrm_user_offload) }, 2554 [XFRMA_SET_MARK] = { .type = NLA_U32 }, 2555 [XFRMA_SET_MARK_MASK] = { .type = NLA_U32 }, 2556 [XFRMA_IF_ID] = { .type = NLA_U32 }, 2557 }; 2558 2559 static const struct nla_policy xfrma_spd_policy[XFRMA_SPD_MAX+1] = { 2560 [XFRMA_SPD_IPV4_HTHRESH] = { .len = sizeof(struct xfrmu_spdhthresh) }, 2561 [XFRMA_SPD_IPV6_HTHRESH] = { .len = sizeof(struct xfrmu_spdhthresh) }, 2562 }; 2563 2564 static const struct xfrm_link { 2565 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **); 2566 int (*start)(struct netlink_callback *); 2567 int (*dump)(struct sk_buff *, struct netlink_callback *); 2568 int (*done)(struct netlink_callback *); 2569 const struct nla_policy *nla_pol; 2570 int nla_max; 2571 } xfrm_dispatch[XFRM_NR_MSGTYPES] = { 2572 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 2573 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 2574 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 2575 .dump = xfrm_dump_sa, 2576 .done = xfrm_dump_sa_done }, 2577 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 2578 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 2579 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 2580 .start = xfrm_dump_policy_start, 2581 .dump = xfrm_dump_policy, 2582 .done = xfrm_dump_policy_done }, 2583 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 2584 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, 2585 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, 2586 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 2587 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 2588 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire}, 2589 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 2590 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 2591 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae }, 2592 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = { .doit = xfrm_get_ae }, 2593 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = { .doit = xfrm_do_migrate }, 2594 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_sadinfo }, 2595 [XFRM_MSG_NEWSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_set_spdinfo, 2596 .nla_pol = xfrma_spd_policy, 2597 .nla_max = XFRMA_SPD_MAX }, 2598 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_spdinfo }, 2599 }; 2600 2601 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, 2602 struct netlink_ext_ack *extack) 2603 { 2604 struct net *net = sock_net(skb->sk); 2605 struct nlattr *attrs[XFRMA_MAX+1]; 2606 const struct xfrm_link *link; 2607 int type, err; 2608 2609 #ifdef CONFIG_COMPAT 2610 if (in_compat_syscall()) 2611 return -EOPNOTSUPP; 2612 #endif 2613 2614 type = nlh->nlmsg_type; 2615 if (type > XFRM_MSG_MAX) 2616 return -EINVAL; 2617 2618 type -= XFRM_MSG_BASE; 2619 link = &xfrm_dispatch[type]; 2620 2621 /* All operations require privileges, even GET */ 2622 if (!netlink_net_capable(skb, CAP_NET_ADMIN)) 2623 return -EPERM; 2624 2625 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 2626 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 2627 (nlh->nlmsg_flags & NLM_F_DUMP)) { 2628 if (link->dump == NULL) 2629 return -EINVAL; 2630 2631 { 2632 struct netlink_dump_control c = { 2633 .start = link->start, 2634 .dump = link->dump, 2635 .done = link->done, 2636 }; 2637 return netlink_dump_start(net->xfrm.nlsk, skb, nlh, &c); 2638 } 2639 } 2640 2641 err = nlmsg_parse(nlh, xfrm_msg_min[type], attrs, 2642 link->nla_max ? : XFRMA_MAX, 2643 link->nla_pol ? : xfrma_policy, extack); 2644 if (err < 0) 2645 return err; 2646 2647 if (link->doit == NULL) 2648 return -EINVAL; 2649 2650 return link->doit(skb, nlh, attrs); 2651 } 2652 2653 static void xfrm_netlink_rcv(struct sk_buff *skb) 2654 { 2655 struct net *net = sock_net(skb->sk); 2656 2657 mutex_lock(&net->xfrm.xfrm_cfg_mutex); 2658 netlink_rcv_skb(skb, &xfrm_user_rcv_msg); 2659 mutex_unlock(&net->xfrm.xfrm_cfg_mutex); 2660 } 2661 2662 static inline unsigned int xfrm_expire_msgsize(void) 2663 { 2664 return NLMSG_ALIGN(sizeof(struct xfrm_user_expire)) 2665 + nla_total_size(sizeof(struct xfrm_mark)); 2666 } 2667 2668 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c) 2669 { 2670 struct xfrm_user_expire *ue; 2671 struct nlmsghdr *nlh; 2672 int err; 2673 2674 nlh = nlmsg_put(skb, c->portid, 0, XFRM_MSG_EXPIRE, sizeof(*ue), 0); 2675 if (nlh == NULL) 2676 return -EMSGSIZE; 2677 2678 ue = nlmsg_data(nlh); 2679 copy_to_user_state(x, &ue->state); 2680 ue->hard = (c->data.hard != 0) ? 1 : 0; 2681 /* clear the padding bytes */ 2682 memset(&ue->hard + 1, 0, sizeof(*ue) - offsetofend(typeof(*ue), hard)); 2683 2684 err = xfrm_mark_put(skb, &x->mark); 2685 if (err) 2686 return err; 2687 2688 err = xfrm_if_id_put(skb, x->if_id); 2689 if (err) 2690 return err; 2691 2692 nlmsg_end(skb, nlh); 2693 return 0; 2694 } 2695 2696 static int xfrm_exp_state_notify(struct xfrm_state *x, const struct km_event *c) 2697 { 2698 struct net *net = xs_net(x); 2699 struct sk_buff *skb; 2700 2701 skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC); 2702 if (skb == NULL) 2703 return -ENOMEM; 2704 2705 if (build_expire(skb, x, c) < 0) { 2706 kfree_skb(skb); 2707 return -EMSGSIZE; 2708 } 2709 2710 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_EXPIRE); 2711 } 2712 2713 static int xfrm_aevent_state_notify(struct xfrm_state *x, const struct km_event *c) 2714 { 2715 struct net *net = xs_net(x); 2716 struct sk_buff *skb; 2717 int err; 2718 2719 skb = nlmsg_new(xfrm_aevent_msgsize(x), GFP_ATOMIC); 2720 if (skb == NULL) 2721 return -ENOMEM; 2722 2723 err = build_aevent(skb, x, c); 2724 BUG_ON(err < 0); 2725 2726 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_AEVENTS); 2727 } 2728 2729 static int xfrm_notify_sa_flush(const struct km_event *c) 2730 { 2731 struct net *net = c->net; 2732 struct xfrm_usersa_flush *p; 2733 struct nlmsghdr *nlh; 2734 struct sk_buff *skb; 2735 int len = NLMSG_ALIGN(sizeof(struct xfrm_usersa_flush)); 2736 2737 skb = nlmsg_new(len, GFP_ATOMIC); 2738 if (skb == NULL) 2739 return -ENOMEM; 2740 2741 nlh = nlmsg_put(skb, c->portid, c->seq, XFRM_MSG_FLUSHSA, sizeof(*p), 0); 2742 if (nlh == NULL) { 2743 kfree_skb(skb); 2744 return -EMSGSIZE; 2745 } 2746 2747 p = nlmsg_data(nlh); 2748 p->proto = c->data.proto; 2749 2750 nlmsg_end(skb, nlh); 2751 2752 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_SA); 2753 } 2754 2755 static inline unsigned int xfrm_sa_len(struct xfrm_state *x) 2756 { 2757 unsigned int l = 0; 2758 if (x->aead) 2759 l += nla_total_size(aead_len(x->aead)); 2760 if (x->aalg) { 2761 l += nla_total_size(sizeof(struct xfrm_algo) + 2762 (x->aalg->alg_key_len + 7) / 8); 2763 l += nla_total_size(xfrm_alg_auth_len(x->aalg)); 2764 } 2765 if (x->ealg) 2766 l += nla_total_size(xfrm_alg_len(x->ealg)); 2767 if (x->calg) 2768 l += nla_total_size(sizeof(*x->calg)); 2769 if (x->encap) 2770 l += nla_total_size(sizeof(*x->encap)); 2771 if (x->tfcpad) 2772 l += nla_total_size(sizeof(x->tfcpad)); 2773 if (x->replay_esn) 2774 l += nla_total_size(xfrm_replay_state_esn_len(x->replay_esn)); 2775 else 2776 l += nla_total_size(sizeof(struct xfrm_replay_state)); 2777 if (x->security) 2778 l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) + 2779 x->security->ctx_len); 2780 if (x->coaddr) 2781 l += nla_total_size(sizeof(*x->coaddr)); 2782 if (x->props.extra_flags) 2783 l += nla_total_size(sizeof(x->props.extra_flags)); 2784 if (x->xso.dev) 2785 l += nla_total_size(sizeof(x->xso)); 2786 if (x->props.smark.v | x->props.smark.m) { 2787 l += nla_total_size(sizeof(x->props.smark.v)); 2788 l += nla_total_size(sizeof(x->props.smark.m)); 2789 } 2790 if (x->if_id) 2791 l += nla_total_size(sizeof(x->if_id)); 2792 2793 /* Must count x->lastused as it may become non-zero behind our back. */ 2794 l += nla_total_size_64bit(sizeof(u64)); 2795 2796 return l; 2797 } 2798 2799 static int xfrm_notify_sa(struct xfrm_state *x, const struct km_event *c) 2800 { 2801 struct net *net = xs_net(x); 2802 struct xfrm_usersa_info *p; 2803 struct xfrm_usersa_id *id; 2804 struct nlmsghdr *nlh; 2805 struct sk_buff *skb; 2806 unsigned int len = xfrm_sa_len(x); 2807 unsigned int headlen; 2808 int err; 2809 2810 headlen = sizeof(*p); 2811 if (c->event == XFRM_MSG_DELSA) { 2812 len += nla_total_size(headlen); 2813 headlen = sizeof(*id); 2814 len += nla_total_size(sizeof(struct xfrm_mark)); 2815 } 2816 len += NLMSG_ALIGN(headlen); 2817 2818 skb = nlmsg_new(len, GFP_ATOMIC); 2819 if (skb == NULL) 2820 return -ENOMEM; 2821 2822 nlh = nlmsg_put(skb, c->portid, c->seq, c->event, headlen, 0); 2823 err = -EMSGSIZE; 2824 if (nlh == NULL) 2825 goto out_free_skb; 2826 2827 p = nlmsg_data(nlh); 2828 if (c->event == XFRM_MSG_DELSA) { 2829 struct nlattr *attr; 2830 2831 id = nlmsg_data(nlh); 2832 memset(id, 0, sizeof(*id)); 2833 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr)); 2834 id->spi = x->id.spi; 2835 id->family = x->props.family; 2836 id->proto = x->id.proto; 2837 2838 attr = nla_reserve(skb, XFRMA_SA, sizeof(*p)); 2839 err = -EMSGSIZE; 2840 if (attr == NULL) 2841 goto out_free_skb; 2842 2843 p = nla_data(attr); 2844 } 2845 err = copy_to_user_state_extra(x, p, skb); 2846 if (err) 2847 goto out_free_skb; 2848 2849 nlmsg_end(skb, nlh); 2850 2851 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_SA); 2852 2853 out_free_skb: 2854 kfree_skb(skb); 2855 return err; 2856 } 2857 2858 static int xfrm_send_state_notify(struct xfrm_state *x, const struct km_event *c) 2859 { 2860 2861 switch (c->event) { 2862 case XFRM_MSG_EXPIRE: 2863 return xfrm_exp_state_notify(x, c); 2864 case XFRM_MSG_NEWAE: 2865 return xfrm_aevent_state_notify(x, c); 2866 case XFRM_MSG_DELSA: 2867 case XFRM_MSG_UPDSA: 2868 case XFRM_MSG_NEWSA: 2869 return xfrm_notify_sa(x, c); 2870 case XFRM_MSG_FLUSHSA: 2871 return xfrm_notify_sa_flush(c); 2872 default: 2873 printk(KERN_NOTICE "xfrm_user: Unknown SA event %d\n", 2874 c->event); 2875 break; 2876 } 2877 2878 return 0; 2879 2880 } 2881 2882 static inline unsigned int xfrm_acquire_msgsize(struct xfrm_state *x, 2883 struct xfrm_policy *xp) 2884 { 2885 return NLMSG_ALIGN(sizeof(struct xfrm_user_acquire)) 2886 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 2887 + nla_total_size(sizeof(struct xfrm_mark)) 2888 + nla_total_size(xfrm_user_sec_ctx_size(x->security)) 2889 + userpolicy_type_attrsize(); 2890 } 2891 2892 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 2893 struct xfrm_tmpl *xt, struct xfrm_policy *xp) 2894 { 2895 __u32 seq = xfrm_get_acqseq(); 2896 struct xfrm_user_acquire *ua; 2897 struct nlmsghdr *nlh; 2898 int err; 2899 2900 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_ACQUIRE, sizeof(*ua), 0); 2901 if (nlh == NULL) 2902 return -EMSGSIZE; 2903 2904 ua = nlmsg_data(nlh); 2905 memcpy(&ua->id, &x->id, sizeof(ua->id)); 2906 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 2907 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 2908 copy_to_user_policy(xp, &ua->policy, XFRM_POLICY_OUT); 2909 ua->aalgos = xt->aalgos; 2910 ua->ealgos = xt->ealgos; 2911 ua->calgos = xt->calgos; 2912 ua->seq = x->km.seq = seq; 2913 2914 err = copy_to_user_tmpl(xp, skb); 2915 if (!err) 2916 err = copy_to_user_state_sec_ctx(x, skb); 2917 if (!err) 2918 err = copy_to_user_policy_type(xp->type, skb); 2919 if (!err) 2920 err = xfrm_mark_put(skb, &xp->mark); 2921 if (!err) 2922 err = xfrm_if_id_put(skb, xp->if_id); 2923 if (err) { 2924 nlmsg_cancel(skb, nlh); 2925 return err; 2926 } 2927 2928 nlmsg_end(skb, nlh); 2929 return 0; 2930 } 2931 2932 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 2933 struct xfrm_policy *xp) 2934 { 2935 struct net *net = xs_net(x); 2936 struct sk_buff *skb; 2937 int err; 2938 2939 skb = nlmsg_new(xfrm_acquire_msgsize(x, xp), GFP_ATOMIC); 2940 if (skb == NULL) 2941 return -ENOMEM; 2942 2943 err = build_acquire(skb, x, xt, xp); 2944 BUG_ON(err < 0); 2945 2946 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_ACQUIRE); 2947 } 2948 2949 /* User gives us xfrm_user_policy_info followed by an array of 0 2950 * or more templates. 2951 */ 2952 static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, 2953 u8 *data, int len, int *dir) 2954 { 2955 struct net *net = sock_net(sk); 2956 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 2957 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 2958 struct xfrm_policy *xp; 2959 int nr; 2960 2961 switch (sk->sk_family) { 2962 case AF_INET: 2963 if (opt != IP_XFRM_POLICY) { 2964 *dir = -EOPNOTSUPP; 2965 return NULL; 2966 } 2967 break; 2968 #if IS_ENABLED(CONFIG_IPV6) 2969 case AF_INET6: 2970 if (opt != IPV6_XFRM_POLICY) { 2971 *dir = -EOPNOTSUPP; 2972 return NULL; 2973 } 2974 break; 2975 #endif 2976 default: 2977 *dir = -EINVAL; 2978 return NULL; 2979 } 2980 2981 *dir = -EINVAL; 2982 2983 if (len < sizeof(*p) || 2984 verify_newpolicy_info(p)) 2985 return NULL; 2986 2987 nr = ((len - sizeof(*p)) / sizeof(*ut)); 2988 if (validate_tmpl(nr, ut, p->sel.family)) 2989 return NULL; 2990 2991 if (p->dir > XFRM_POLICY_OUT) 2992 return NULL; 2993 2994 xp = xfrm_policy_alloc(net, GFP_ATOMIC); 2995 if (xp == NULL) { 2996 *dir = -ENOBUFS; 2997 return NULL; 2998 } 2999 3000 copy_from_user_policy(xp, p); 3001 xp->type = XFRM_POLICY_TYPE_MAIN; 3002 copy_templates(xp, ut, nr); 3003 3004 *dir = p->dir; 3005 3006 return xp; 3007 } 3008 3009 static inline unsigned int xfrm_polexpire_msgsize(struct xfrm_policy *xp) 3010 { 3011 return NLMSG_ALIGN(sizeof(struct xfrm_user_polexpire)) 3012 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 3013 + nla_total_size(xfrm_user_sec_ctx_size(xp->security)) 3014 + nla_total_size(sizeof(struct xfrm_mark)) 3015 + userpolicy_type_attrsize(); 3016 } 3017 3018 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 3019 int dir, const struct km_event *c) 3020 { 3021 struct xfrm_user_polexpire *upe; 3022 int hard = c->data.hard; 3023 struct nlmsghdr *nlh; 3024 int err; 3025 3026 nlh = nlmsg_put(skb, c->portid, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe), 0); 3027 if (nlh == NULL) 3028 return -EMSGSIZE; 3029 3030 upe = nlmsg_data(nlh); 3031 copy_to_user_policy(xp, &upe->pol, dir); 3032 err = copy_to_user_tmpl(xp, skb); 3033 if (!err) 3034 err = copy_to_user_sec_ctx(xp, skb); 3035 if (!err) 3036 err = copy_to_user_policy_type(xp->type, skb); 3037 if (!err) 3038 err = xfrm_mark_put(skb, &xp->mark); 3039 if (!err) 3040 err = xfrm_if_id_put(skb, xp->if_id); 3041 if (err) { 3042 nlmsg_cancel(skb, nlh); 3043 return err; 3044 } 3045 upe->hard = !!hard; 3046 3047 nlmsg_end(skb, nlh); 3048 return 0; 3049 } 3050 3051 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c) 3052 { 3053 struct net *net = xp_net(xp); 3054 struct sk_buff *skb; 3055 int err; 3056 3057 skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC); 3058 if (skb == NULL) 3059 return -ENOMEM; 3060 3061 err = build_polexpire(skb, xp, dir, c); 3062 BUG_ON(err < 0); 3063 3064 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_EXPIRE); 3065 } 3066 3067 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c) 3068 { 3069 unsigned int len = nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 3070 struct net *net = xp_net(xp); 3071 struct xfrm_userpolicy_info *p; 3072 struct xfrm_userpolicy_id *id; 3073 struct nlmsghdr *nlh; 3074 struct sk_buff *skb; 3075 unsigned int headlen; 3076 int err; 3077 3078 headlen = sizeof(*p); 3079 if (c->event == XFRM_MSG_DELPOLICY) { 3080 len += nla_total_size(headlen); 3081 headlen = sizeof(*id); 3082 } 3083 len += userpolicy_type_attrsize(); 3084 len += nla_total_size(sizeof(struct xfrm_mark)); 3085 len += NLMSG_ALIGN(headlen); 3086 3087 skb = nlmsg_new(len, GFP_ATOMIC); 3088 if (skb == NULL) 3089 return -ENOMEM; 3090 3091 nlh = nlmsg_put(skb, c->portid, c->seq, c->event, headlen, 0); 3092 err = -EMSGSIZE; 3093 if (nlh == NULL) 3094 goto out_free_skb; 3095 3096 p = nlmsg_data(nlh); 3097 if (c->event == XFRM_MSG_DELPOLICY) { 3098 struct nlattr *attr; 3099 3100 id = nlmsg_data(nlh); 3101 memset(id, 0, sizeof(*id)); 3102 id->dir = dir; 3103 if (c->data.byid) 3104 id->index = xp->index; 3105 else 3106 memcpy(&id->sel, &xp->selector, sizeof(id->sel)); 3107 3108 attr = nla_reserve(skb, XFRMA_POLICY, sizeof(*p)); 3109 err = -EMSGSIZE; 3110 if (attr == NULL) 3111 goto out_free_skb; 3112 3113 p = nla_data(attr); 3114 } 3115 3116 copy_to_user_policy(xp, p, dir); 3117 err = copy_to_user_tmpl(xp, skb); 3118 if (!err) 3119 err = copy_to_user_policy_type(xp->type, skb); 3120 if (!err) 3121 err = xfrm_mark_put(skb, &xp->mark); 3122 if (!err) 3123 err = xfrm_if_id_put(skb, xp->if_id); 3124 if (err) 3125 goto out_free_skb; 3126 3127 nlmsg_end(skb, nlh); 3128 3129 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY); 3130 3131 out_free_skb: 3132 kfree_skb(skb); 3133 return err; 3134 } 3135 3136 static int xfrm_notify_policy_flush(const struct km_event *c) 3137 { 3138 struct net *net = c->net; 3139 struct nlmsghdr *nlh; 3140 struct sk_buff *skb; 3141 int err; 3142 3143 skb = nlmsg_new(userpolicy_type_attrsize(), GFP_ATOMIC); 3144 if (skb == NULL) 3145 return -ENOMEM; 3146 3147 nlh = nlmsg_put(skb, c->portid, c->seq, XFRM_MSG_FLUSHPOLICY, 0, 0); 3148 err = -EMSGSIZE; 3149 if (nlh == NULL) 3150 goto out_free_skb; 3151 err = copy_to_user_policy_type(c->data.type, skb); 3152 if (err) 3153 goto out_free_skb; 3154 3155 nlmsg_end(skb, nlh); 3156 3157 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY); 3158 3159 out_free_skb: 3160 kfree_skb(skb); 3161 return err; 3162 } 3163 3164 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c) 3165 { 3166 3167 switch (c->event) { 3168 case XFRM_MSG_NEWPOLICY: 3169 case XFRM_MSG_UPDPOLICY: 3170 case XFRM_MSG_DELPOLICY: 3171 return xfrm_notify_policy(xp, dir, c); 3172 case XFRM_MSG_FLUSHPOLICY: 3173 return xfrm_notify_policy_flush(c); 3174 case XFRM_MSG_POLEXPIRE: 3175 return xfrm_exp_policy_notify(xp, dir, c); 3176 default: 3177 printk(KERN_NOTICE "xfrm_user: Unknown Policy event %d\n", 3178 c->event); 3179 } 3180 3181 return 0; 3182 3183 } 3184 3185 static inline unsigned int xfrm_report_msgsize(void) 3186 { 3187 return NLMSG_ALIGN(sizeof(struct xfrm_user_report)); 3188 } 3189 3190 static int build_report(struct sk_buff *skb, u8 proto, 3191 struct xfrm_selector *sel, xfrm_address_t *addr) 3192 { 3193 struct xfrm_user_report *ur; 3194 struct nlmsghdr *nlh; 3195 3196 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_REPORT, sizeof(*ur), 0); 3197 if (nlh == NULL) 3198 return -EMSGSIZE; 3199 3200 ur = nlmsg_data(nlh); 3201 ur->proto = proto; 3202 memcpy(&ur->sel, sel, sizeof(ur->sel)); 3203 3204 if (addr) { 3205 int err = nla_put(skb, XFRMA_COADDR, sizeof(*addr), addr); 3206 if (err) { 3207 nlmsg_cancel(skb, nlh); 3208 return err; 3209 } 3210 } 3211 nlmsg_end(skb, nlh); 3212 return 0; 3213 } 3214 3215 static int xfrm_send_report(struct net *net, u8 proto, 3216 struct xfrm_selector *sel, xfrm_address_t *addr) 3217 { 3218 struct sk_buff *skb; 3219 int err; 3220 3221 skb = nlmsg_new(xfrm_report_msgsize(), GFP_ATOMIC); 3222 if (skb == NULL) 3223 return -ENOMEM; 3224 3225 err = build_report(skb, proto, sel, addr); 3226 BUG_ON(err < 0); 3227 3228 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_REPORT); 3229 } 3230 3231 static inline unsigned int xfrm_mapping_msgsize(void) 3232 { 3233 return NLMSG_ALIGN(sizeof(struct xfrm_user_mapping)); 3234 } 3235 3236 static int build_mapping(struct sk_buff *skb, struct xfrm_state *x, 3237 xfrm_address_t *new_saddr, __be16 new_sport) 3238 { 3239 struct xfrm_user_mapping *um; 3240 struct nlmsghdr *nlh; 3241 3242 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MAPPING, sizeof(*um), 0); 3243 if (nlh == NULL) 3244 return -EMSGSIZE; 3245 3246 um = nlmsg_data(nlh); 3247 3248 memcpy(&um->id.daddr, &x->id.daddr, sizeof(um->id.daddr)); 3249 um->id.spi = x->id.spi; 3250 um->id.family = x->props.family; 3251 um->id.proto = x->id.proto; 3252 memcpy(&um->new_saddr, new_saddr, sizeof(um->new_saddr)); 3253 memcpy(&um->old_saddr, &x->props.saddr, sizeof(um->old_saddr)); 3254 um->new_sport = new_sport; 3255 um->old_sport = x->encap->encap_sport; 3256 um->reqid = x->props.reqid; 3257 3258 nlmsg_end(skb, nlh); 3259 return 0; 3260 } 3261 3262 static int xfrm_send_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, 3263 __be16 sport) 3264 { 3265 struct net *net = xs_net(x); 3266 struct sk_buff *skb; 3267 int err; 3268 3269 if (x->id.proto != IPPROTO_ESP) 3270 return -EINVAL; 3271 3272 if (!x->encap) 3273 return -EINVAL; 3274 3275 skb = nlmsg_new(xfrm_mapping_msgsize(), GFP_ATOMIC); 3276 if (skb == NULL) 3277 return -ENOMEM; 3278 3279 err = build_mapping(skb, x, ipaddr, sport); 3280 BUG_ON(err < 0); 3281 3282 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MAPPING); 3283 } 3284 3285 static bool xfrm_is_alive(const struct km_event *c) 3286 { 3287 return (bool)xfrm_acquire_is_on(c->net); 3288 } 3289 3290 static struct xfrm_mgr netlink_mgr = { 3291 .notify = xfrm_send_state_notify, 3292 .acquire = xfrm_send_acquire, 3293 .compile_policy = xfrm_compile_policy, 3294 .notify_policy = xfrm_send_policy_notify, 3295 .report = xfrm_send_report, 3296 .migrate = xfrm_send_migrate, 3297 .new_mapping = xfrm_send_mapping, 3298 .is_alive = xfrm_is_alive, 3299 }; 3300 3301 static int __net_init xfrm_user_net_init(struct net *net) 3302 { 3303 struct sock *nlsk; 3304 struct netlink_kernel_cfg cfg = { 3305 .groups = XFRMNLGRP_MAX, 3306 .input = xfrm_netlink_rcv, 3307 }; 3308 3309 nlsk = netlink_kernel_create(net, NETLINK_XFRM, &cfg); 3310 if (nlsk == NULL) 3311 return -ENOMEM; 3312 net->xfrm.nlsk_stash = nlsk; /* Don't set to NULL */ 3313 rcu_assign_pointer(net->xfrm.nlsk, nlsk); 3314 return 0; 3315 } 3316 3317 static void __net_exit xfrm_user_net_exit(struct list_head *net_exit_list) 3318 { 3319 struct net *net; 3320 list_for_each_entry(net, net_exit_list, exit_list) 3321 RCU_INIT_POINTER(net->xfrm.nlsk, NULL); 3322 synchronize_net(); 3323 list_for_each_entry(net, net_exit_list, exit_list) 3324 netlink_kernel_release(net->xfrm.nlsk_stash); 3325 } 3326 3327 static struct pernet_operations xfrm_user_net_ops = { 3328 .init = xfrm_user_net_init, 3329 .exit_batch = xfrm_user_net_exit, 3330 }; 3331 3332 static int __init xfrm_user_init(void) 3333 { 3334 int rv; 3335 3336 printk(KERN_INFO "Initializing XFRM netlink socket\n"); 3337 3338 rv = register_pernet_subsys(&xfrm_user_net_ops); 3339 if (rv < 0) 3340 return rv; 3341 rv = xfrm_register_km(&netlink_mgr); 3342 if (rv < 0) 3343 unregister_pernet_subsys(&xfrm_user_net_ops); 3344 return rv; 3345 } 3346 3347 static void __exit xfrm_user_exit(void) 3348 { 3349 xfrm_unregister_km(&netlink_mgr); 3350 unregister_pernet_subsys(&xfrm_user_net_ops); 3351 } 3352 3353 module_init(xfrm_user_init); 3354 module_exit(xfrm_user_exit); 3355 MODULE_LICENSE("GPL"); 3356 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM); 3357