Gitiles
Code Review Sign In
192.168.1.100 / T800 / e2381fbede2313f15e12a3dea9726ff3dc828f34 / . / src / kernel / linux / v4.19 / net / xfrm / xfrm_state.c
blob: c1900e44bbbca203cd7000ee9f216d3bbecf5e21 [file] [log] [blame]
xjb04a4022021-11-25 15:01:52 +0800[diff] [blame]1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
13 *
14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
21#include <linux/cache.h>
22#include <linux/audit.h>
23#include <linux/uaccess.h>
24#include <linux/ktime.h>
25#include <linux/slab.h>
26#include <linux/interrupt.h>
27#include <linux/kernel.h>
28
29#include "xfrm_hash.h"
30
31#define xfrm_state_deref_prot(table, net) \
32 rcu_dereference_protected((table), lockdep_is_held(&(net)->xfrm.xfrm_state_lock))
33
34static void xfrm_state_gc_task(struct work_struct *work);
35
36/* Each xfrm_state may be linked to two tables:
37
38 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
39 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
40 destination/tunnel endpoint. (output)
41 */
42
43static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
44static __read_mostly seqcount_t xfrm_state_hash_generation = SEQCNT_ZERO(xfrm_state_hash_generation);
45static struct kmem_cache *xfrm_state_cache __ro_after_init;
46
47static DECLARE_WORK(xfrm_state_gc_work, xfrm_state_gc_task);
48static HLIST_HEAD(xfrm_state_gc_list);
49
50static inline bool xfrm_state_hold_rcu(struct xfrm_state __rcu *x)
51{
52 return refcount_inc_not_zero(&x->refcnt);
53}
54
55static inline unsigned int xfrm_dst_hash(struct net *net,
56 const xfrm_address_t *daddr,
57 const xfrm_address_t *saddr,
58 u32 reqid,
59 unsigned short family)
60{
61 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask);
62}
63
64static inline unsigned int xfrm_src_hash(struct net *net,
65 const xfrm_address_t *daddr,
66 const xfrm_address_t *saddr,
67 unsigned short family)
68{
69 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
70}
71
72static inline unsigned int
73xfrm_spi_hash(struct net *net, const xfrm_address_t *daddr,
74 __be32 spi, u8 proto, unsigned short family)
75{
76 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
77}
78
79static void xfrm_hash_transfer(struct hlist_head *list,
80 struct hlist_head *ndsttable,
81 struct hlist_head *nsrctable,
82 struct hlist_head *nspitable,
83 unsigned int nhashmask)
84{
85 struct hlist_node *tmp;
86 struct xfrm_state *x;
87
88 hlist_for_each_entry_safe(x, tmp, list, bydst) {
89 unsigned int h;
90
91 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
92 x->props.reqid, x->props.family,
93 nhashmask);
94 hlist_add_head_rcu(&x->bydst, ndsttable + h);
95
96 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
97 x->props.family,
98 nhashmask);
99 hlist_add_head_rcu(&x->bysrc, nsrctable + h);
100
101 if (x->id.spi) {
102 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
103 x->id.proto, x->props.family,
104 nhashmask);
105 hlist_add_head_rcu(&x->byspi, nspitable + h);
106 }
107 }
108}
109
110static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
111{
112 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
113}
114
115static void xfrm_hash_resize(struct work_struct *work)
116{
117 struct net *net = container_of(work, struct net, xfrm.state_hash_work);
118 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
119 unsigned long nsize, osize;
120 unsigned int nhashmask, ohashmask;
121 int i;
122
123 nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
124 ndst = xfrm_hash_alloc(nsize);
125 if (!ndst)
126 return;
127 nsrc = xfrm_hash_alloc(nsize);
128 if (!nsrc) {
129 xfrm_hash_free(ndst, nsize);
130 return;
131 }
132 nspi = xfrm_hash_alloc(nsize);
133 if (!nspi) {
134 xfrm_hash_free(ndst, nsize);
135 xfrm_hash_free(nsrc, nsize);
136 return;
137 }
138
139 spin_lock_bh(&net->xfrm.xfrm_state_lock);
140 write_seqcount_begin(&xfrm_state_hash_generation);
141
142 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
143 odst = xfrm_state_deref_prot(net->xfrm.state_bydst, net);
144 for (i = net->xfrm.state_hmask; i >= 0; i--)
145 xfrm_hash_transfer(odst + i, ndst, nsrc, nspi, nhashmask);
146
147 osrc = xfrm_state_deref_prot(net->xfrm.state_bysrc, net);
148 ospi = xfrm_state_deref_prot(net->xfrm.state_byspi, net);
149 ohashmask = net->xfrm.state_hmask;
150
151 rcu_assign_pointer(net->xfrm.state_bydst, ndst);
152 rcu_assign_pointer(net->xfrm.state_bysrc, nsrc);
153 rcu_assign_pointer(net->xfrm.state_byspi, nspi);
154 net->xfrm.state_hmask = nhashmask;
155
156 write_seqcount_end(&xfrm_state_hash_generation);
157 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
158
159 osize = (ohashmask + 1) * sizeof(struct hlist_head);
160
161 synchronize_rcu();
162
163 xfrm_hash_free(odst, osize);
164 xfrm_hash_free(osrc, osize);
165 xfrm_hash_free(ospi, osize);
166}
167
168static DEFINE_SPINLOCK(xfrm_state_afinfo_lock);
169static struct xfrm_state_afinfo __rcu *xfrm_state_afinfo[NPROTO];
170
171static DEFINE_SPINLOCK(xfrm_state_gc_lock);
172
173int __xfrm_state_delete(struct xfrm_state *x);
174
175int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
176bool km_is_alive(const struct km_event *c);
177void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
178
179static DEFINE_SPINLOCK(xfrm_type_lock);
180int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
181{
182 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
183 const struct xfrm_type **typemap;
184 int err = 0;
185
186 if (unlikely(afinfo == NULL))
187 return -EAFNOSUPPORT;
188 typemap = afinfo->type_map;
189 spin_lock_bh(&xfrm_type_lock);
190
191 if (likely(typemap[type->proto] == NULL))
192 typemap[type->proto] = type;
193 else
194 err = -EEXIST;
195 spin_unlock_bh(&xfrm_type_lock);
196 rcu_read_unlock();
197 return err;
198}
199EXPORT_SYMBOL(xfrm_register_type);
200
201int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
202{
203 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
204 const struct xfrm_type **typemap;
205 int err = 0;
206
207 if (unlikely(afinfo == NULL))
208 return -EAFNOSUPPORT;
209 typemap = afinfo->type_map;
210 spin_lock_bh(&xfrm_type_lock);
211
212 if (unlikely(typemap[type->proto] != type))
213 err = -ENOENT;
214 else
215 typemap[type->proto] = NULL;
216 spin_unlock_bh(&xfrm_type_lock);
217 rcu_read_unlock();
218 return err;
219}
220EXPORT_SYMBOL(xfrm_unregister_type);
221
222static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
223{
224 struct xfrm_state_afinfo *afinfo;
225 const struct xfrm_type **typemap;
226 const struct xfrm_type *type;
227 int modload_attempted = 0;
228
229retry:
230 afinfo = xfrm_state_get_afinfo(family);
231 if (unlikely(afinfo == NULL))
232 return NULL;
233 typemap = afinfo->type_map;
234
235 type = READ_ONCE(typemap[proto]);
236 if (unlikely(type && !try_module_get(type->owner)))
237 type = NULL;
238
239 rcu_read_unlock();
240
241 if (!type && !modload_attempted) {
242 request_module("xfrm-type-%d-%d", family, proto);
243 modload_attempted = 1;
244 goto retry;
245 }
246
247 return type;
248}
249
250static void xfrm_put_type(const struct xfrm_type *type)
251{
252 module_put(type->owner);
253}
254
255static DEFINE_SPINLOCK(xfrm_type_offload_lock);
256int xfrm_register_type_offload(const struct xfrm_type_offload *type,
257 unsigned short family)
258{
259 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
260 const struct xfrm_type_offload **typemap;
261 int err = 0;
262
263 if (unlikely(afinfo == NULL))
264 return -EAFNOSUPPORT;
265 typemap = afinfo->type_offload_map;
266 spin_lock_bh(&xfrm_type_offload_lock);
267
268 if (likely(typemap[type->proto] == NULL))
269 typemap[type->proto] = type;
270 else
271 err = -EEXIST;
272 spin_unlock_bh(&xfrm_type_offload_lock);
273 rcu_read_unlock();
274 return err;
275}
276EXPORT_SYMBOL(xfrm_register_type_offload);
277
278int xfrm_unregister_type_offload(const struct xfrm_type_offload *type,
279 unsigned short family)
280{
281 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
282 const struct xfrm_type_offload **typemap;
283 int err = 0;
284
285 if (unlikely(afinfo == NULL))
286 return -EAFNOSUPPORT;
287 typemap = afinfo->type_offload_map;
288 spin_lock_bh(&xfrm_type_offload_lock);
289
290 if (unlikely(typemap[type->proto] != type))
291 err = -ENOENT;
292 else
293 typemap[type->proto] = NULL;
294 spin_unlock_bh(&xfrm_type_offload_lock);
295 rcu_read_unlock();
296 return err;
297}
298EXPORT_SYMBOL(xfrm_unregister_type_offload);
299
300static const struct xfrm_type_offload *
301xfrm_get_type_offload(u8 proto, unsigned short family, bool try_load)
302{
303 struct xfrm_state_afinfo *afinfo;
304 const struct xfrm_type_offload **typemap;
305 const struct xfrm_type_offload *type;
306
307retry:
308 afinfo = xfrm_state_get_afinfo(family);
309 if (unlikely(afinfo == NULL))
310 return NULL;
311 typemap = afinfo->type_offload_map;
312
313 type = typemap[proto];
314 if ((type && !try_module_get(type->owner)))
315 type = NULL;
316
317 rcu_read_unlock();
318
319 if (!type && try_load) {
320 request_module("xfrm-offload-%d-%d", family, proto);
321 try_load = false;
322 goto retry;
323 }
324
325 return type;
326}
327
328static void xfrm_put_type_offload(const struct xfrm_type_offload *type)
329{
330 module_put(type->owner);
331}
332
333static DEFINE_SPINLOCK(xfrm_mode_lock);
334int xfrm_register_mode(struct xfrm_mode *mode, int family)
335{
336 struct xfrm_state_afinfo *afinfo;
337 struct xfrm_mode **modemap;
338 int err;
339
340 if (unlikely(mode->encap >= XFRM_MODE_MAX))
341 return -EINVAL;
342
343 afinfo = xfrm_state_get_afinfo(family);
344 if (unlikely(afinfo == NULL))
345 return -EAFNOSUPPORT;
346
347 err = -EEXIST;
348 modemap = afinfo->mode_map;
349 spin_lock_bh(&xfrm_mode_lock);
350 if (modemap[mode->encap])
351 goto out;
352
353 err = -ENOENT;
354 if (!try_module_get(afinfo->owner))
355 goto out;
356
357 mode->afinfo = afinfo;
358 modemap[mode->encap] = mode;
359 err = 0;
360
361out:
362 spin_unlock_bh(&xfrm_mode_lock);
363 rcu_read_unlock();
364 return err;
365}
366EXPORT_SYMBOL(xfrm_register_mode);
367
368int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
369{
370 struct xfrm_state_afinfo *afinfo;
371 struct xfrm_mode **modemap;
372 int err;
373
374 if (unlikely(mode->encap >= XFRM_MODE_MAX))
375 return -EINVAL;
376
377 afinfo = xfrm_state_get_afinfo(family);
378 if (unlikely(afinfo == NULL))
379 return -EAFNOSUPPORT;
380
381 err = -ENOENT;
382 modemap = afinfo->mode_map;
383 spin_lock_bh(&xfrm_mode_lock);
384 if (likely(modemap[mode->encap] == mode)) {
385 modemap[mode->encap] = NULL;
386 module_put(mode->afinfo->owner);
387 err = 0;
388 }
389
390 spin_unlock_bh(&xfrm_mode_lock);
391 rcu_read_unlock();
392 return err;
393}
394EXPORT_SYMBOL(xfrm_unregister_mode);
395
396static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
397{
398 struct xfrm_state_afinfo *afinfo;
399 struct xfrm_mode *mode;
400 int modload_attempted = 0;
401
402 if (unlikely(encap >= XFRM_MODE_MAX))
403 return NULL;
404
405retry:
406 afinfo = xfrm_state_get_afinfo(family);
407 if (unlikely(afinfo == NULL))
408 return NULL;
409
410 mode = READ_ONCE(afinfo->mode_map[encap]);
411 if (unlikely(mode && !try_module_get(mode->owner)))
412 mode = NULL;
413
414 rcu_read_unlock();
415 if (!mode && !modload_attempted) {
416 request_module("xfrm-mode-%d-%d", family, encap);
417 modload_attempted = 1;
418 goto retry;
419 }
420
421 return mode;
422}
423
424static void xfrm_put_mode(struct xfrm_mode *mode)
425{
426 module_put(mode->owner);
427}
428
429void xfrm_state_free(struct xfrm_state *x)
430{
431 kmem_cache_free(xfrm_state_cache, x);
432}
433EXPORT_SYMBOL(xfrm_state_free);
434
435static void ___xfrm_state_destroy(struct xfrm_state *x)
436{
437 tasklet_hrtimer_cancel(&x->mtimer);
438 del_timer_sync(&x->rtimer);
439 kfree(x->aead);
440 kfree(x->aalg);
441 kfree(x->ealg);
442 kfree(x->calg);
443 kfree(x->encap);
444 kfree(x->coaddr);
445 kfree(x->replay_esn);
446 kfree(x->preplay_esn);
447 if (x->inner_mode)
448 xfrm_put_mode(x->inner_mode);
449 if (x->inner_mode_iaf)
450 xfrm_put_mode(x->inner_mode_iaf);
451 if (x->outer_mode)
452 xfrm_put_mode(x->outer_mode);
453 if (x->type_offload)
454 xfrm_put_type_offload(x->type_offload);
455 if (x->type) {
456 x->type->destructor(x);
457 xfrm_put_type(x->type);
458 }
459 if (x->xfrag.page)
460 put_page(x->xfrag.page);
461 xfrm_dev_state_free(x);
462 security_xfrm_state_free(x);
463 xfrm_state_free(x);
464}
465
466static void xfrm_state_gc_task(struct work_struct *work)
467{
468 struct xfrm_state *x;
469 struct hlist_node *tmp;
470 struct hlist_head gc_list;
471
472 spin_lock_bh(&xfrm_state_gc_lock);
473 hlist_move_list(&xfrm_state_gc_list, &gc_list);
474 spin_unlock_bh(&xfrm_state_gc_lock);
475
476 synchronize_rcu();
477
478 hlist_for_each_entry_safe(x, tmp, &gc_list, gclist)
479 ___xfrm_state_destroy(x);
480}
481
482static enum hrtimer_restart xfrm_timer_handler(struct hrtimer *me)
483{
484 struct tasklet_hrtimer *thr = container_of(me, struct tasklet_hrtimer, timer);
485 struct xfrm_state *x = container_of(thr, struct xfrm_state, mtimer);
486 time64_t now = ktime_get_real_seconds();
487 time64_t next = TIME64_MAX;
488 int warn = 0;
489 int err = 0;
490
491 spin_lock(&x->lock);
492 if (x->km.state == XFRM_STATE_DEAD)
493 goto out;
494 if (x->km.state == XFRM_STATE_EXPIRED)
495 goto expired;
496 if (x->lft.hard_add_expires_seconds) {
497 long tmo = x->lft.hard_add_expires_seconds +
498 x->curlft.add_time - now;
499 if (tmo <= 0) {
500 if (x->xflags & XFRM_SOFT_EXPIRE) {
501 /* enter hard expire without soft expire first?!
502 * setting a new date could trigger this.
503 * workaround: fix x->curflt.add_time by below:
504 */
505 x->curlft.add_time = now - x->saved_tmo - 1;
506 tmo = x->lft.hard_add_expires_seconds - x->saved_tmo;
507 } else
508 goto expired;
509 }
510 if (tmo < next)
511 next = tmo;
512 }
513 if (x->lft.hard_use_expires_seconds) {
514 long tmo = x->lft.hard_use_expires_seconds +
515 (x->curlft.use_time ? : now) - now;
516 if (tmo <= 0)
517 goto expired;
518 if (tmo < next)
519 next = tmo;
520 }
521 if (x->km.dying)
522 goto resched;
523 if (x->lft.soft_add_expires_seconds) {
524 long tmo = x->lft.soft_add_expires_seconds +
525 x->curlft.add_time - now;
526 if (tmo <= 0) {
527 warn = 1;
528 x->xflags &= ~XFRM_SOFT_EXPIRE;
529 } else if (tmo < next) {
530 next = tmo;
531 x->xflags |= XFRM_SOFT_EXPIRE;
532 x->saved_tmo = tmo;
533 }
534 }
535 if (x->lft.soft_use_expires_seconds) {
536 long tmo = x->lft.soft_use_expires_seconds +
537 (x->curlft.use_time ? : now) - now;
538 if (tmo <= 0)
539 warn = 1;
540 else if (tmo < next)
541 next = tmo;
542 }
543
544 x->km.dying = warn;
545 if (warn)
546 km_state_expired(x, 0, 0);
547resched:
548 if (next != TIME64_MAX) {
549 tasklet_hrtimer_start(&x->mtimer, ktime_set(next, 0), HRTIMER_MODE_REL);
550 }
551
552 goto out;
553
554expired:
555 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0)
556 x->km.state = XFRM_STATE_EXPIRED;
557
558 err = __xfrm_state_delete(x);
559 if (!err)
560 km_state_expired(x, 1, 0);
561
562 xfrm_audit_state_delete(x, err ? 0 : 1, true);
563
564out:
565 spin_unlock(&x->lock);
566 return HRTIMER_NORESTART;
567}
568
569static void xfrm_replay_timer_handler(struct timer_list *t);
570
571struct xfrm_state *xfrm_state_alloc(struct net *net)
572{
573 struct xfrm_state *x;
574
575 x = kmem_cache_alloc(xfrm_state_cache, GFP_ATOMIC | __GFP_ZERO);
576
577 if (x) {
578 write_pnet(&x->xs_net, net);
579 refcount_set(&x->refcnt, 1);
580 atomic_set(&x->tunnel_users, 0);
581 INIT_LIST_HEAD(&x->km.all);
582 INIT_HLIST_NODE(&x->bydst);
583 INIT_HLIST_NODE(&x->bysrc);
584 INIT_HLIST_NODE(&x->byspi);
585 tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler,
586 CLOCK_BOOTTIME, HRTIMER_MODE_ABS);
587 timer_setup(&x->rtimer, xfrm_replay_timer_handler, 0);
588 x->curlft.add_time = ktime_get_real_seconds();
589 x->lft.soft_byte_limit = XFRM_INF;
590 x->lft.soft_packet_limit = XFRM_INF;
591 x->lft.hard_byte_limit = XFRM_INF;
592 x->lft.hard_packet_limit = XFRM_INF;
593 x->replay_maxage = 0;
594 x->replay_maxdiff = 0;
595 x->inner_mode = NULL;
596 x->inner_mode_iaf = NULL;
597 spin_lock_init(&x->lock);
598 }
599 return x;
600}
601EXPORT_SYMBOL(xfrm_state_alloc);
602
603void __xfrm_state_destroy(struct xfrm_state *x, bool sync)
604{
605 WARN_ON(x->km.state != XFRM_STATE_DEAD);
606
607 if (sync) {
608 synchronize_rcu();
609 ___xfrm_state_destroy(x);
610 } else {
611 spin_lock_bh(&xfrm_state_gc_lock);
612 hlist_add_head(&x->gclist, &xfrm_state_gc_list);
613 spin_unlock_bh(&xfrm_state_gc_lock);
614 schedule_work(&xfrm_state_gc_work);
615 }
616}
617EXPORT_SYMBOL(__xfrm_state_destroy);
618
619int __xfrm_state_delete(struct xfrm_state *x)
620{
621 struct net *net = xs_net(x);
622 int err = -ESRCH;
623
624 if (x->km.state != XFRM_STATE_DEAD) {
625 x->km.state = XFRM_STATE_DEAD;
626 spin_lock(&net->xfrm.xfrm_state_lock);
627 list_del(&x->km.all);
628 hlist_del_rcu(&x->bydst);
629 hlist_del_rcu(&x->bysrc);
630 if (x->id.spi)
631 hlist_del_rcu(&x->byspi);
632 net->xfrm.state_num--;
633 spin_unlock(&net->xfrm.xfrm_state_lock);
634
635 xfrm_dev_state_delete(x);
636
637 /* All xfrm_state objects are created by xfrm_state_alloc.
638 * The xfrm_state_alloc call gives a reference, and that
639 * is what we are dropping here.
640 */
641 xfrm_state_put(x);
642 err = 0;
643 }
644
645 return err;
646}
647EXPORT_SYMBOL(__xfrm_state_delete);
648
649int xfrm_state_delete(struct xfrm_state *x)
650{
651 int err;
652
653 spin_lock_bh(&x->lock);
654 err = __xfrm_state_delete(x);
655 spin_unlock_bh(&x->lock);
656
657 return err;
658}
659EXPORT_SYMBOL(xfrm_state_delete);
660
661#ifdef CONFIG_SECURITY_NETWORK_XFRM
662static inline int
663xfrm_state_flush_secctx_check(struct net *net, u8 proto, bool task_valid)
664{
665 int i, err = 0;
666
667 for (i = 0; i <= net->xfrm.state_hmask; i++) {
668 struct xfrm_state *x;
669
670 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
671 if (xfrm_id_proto_match(x->id.proto, proto) &&
672 (err = security_xfrm_state_delete(x)) != 0) {
673 xfrm_audit_state_delete(x, 0, task_valid);
674 return err;
675 }
676 }
677 }
678
679 return err;
680}
681
682static inline int
683xfrm_dev_state_flush_secctx_check(struct net *net, struct net_device *dev, bool task_valid)
684{
685 int i, err = 0;
686
687 for (i = 0; i <= net->xfrm.state_hmask; i++) {
688 struct xfrm_state *x;
689 struct xfrm_state_offload *xso;
690
691 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
692 xso = &x->xso;
693
694 if (xso->dev == dev &&
695 (err = security_xfrm_state_delete(x)) != 0) {
696 xfrm_audit_state_delete(x, 0, task_valid);
697 return err;
698 }
699 }
700 }
701
702 return err;
703}
704#else
705static inline int
706xfrm_state_flush_secctx_check(struct net *net, u8 proto, bool task_valid)
707{
708 return 0;
709}
710
711static inline int
712xfrm_dev_state_flush_secctx_check(struct net *net, struct net_device *dev, bool task_valid)
713{
714 return 0;
715}
716#endif
717
718int xfrm_state_flush(struct net *net, u8 proto, bool task_valid, bool sync)
719{
720 int i, err = 0, cnt = 0;
721
722 spin_lock_bh(&net->xfrm.xfrm_state_lock);
723 err = xfrm_state_flush_secctx_check(net, proto, task_valid);
724 if (err)
725 goto out;
726
727 err = -ESRCH;
728 for (i = 0; i <= net->xfrm.state_hmask; i++) {
729 struct xfrm_state *x;
730restart:
731 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
732 if (!xfrm_state_kern(x) &&
733 xfrm_id_proto_match(x->id.proto, proto)) {
734 xfrm_state_hold(x);
735 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
736
737 err = xfrm_state_delete(x);
738 xfrm_audit_state_delete(x, err ? 0 : 1,
739 task_valid);
740 if (sync)
741 xfrm_state_put_sync(x);
742 else
743 xfrm_state_put(x);
744 if (!err)
745 cnt++;
746
747 spin_lock_bh(&net->xfrm.xfrm_state_lock);
748 goto restart;
749 }
750 }
751 }
752out:
753 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
754 if (cnt)
755 err = 0;
756
757 return err;
758}
759EXPORT_SYMBOL(xfrm_state_flush);
760
761int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_valid)
762{
763 int i, err = 0, cnt = 0;
764
765 spin_lock_bh(&net->xfrm.xfrm_state_lock);
766 err = xfrm_dev_state_flush_secctx_check(net, dev, task_valid);
767 if (err)
768 goto out;
769
770 err = -ESRCH;
771 for (i = 0; i <= net->xfrm.state_hmask; i++) {
772 struct xfrm_state *x;
773 struct xfrm_state_offload *xso;
774restart:
775 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
776 xso = &x->xso;
777
778 if (!xfrm_state_kern(x) && xso->dev == dev) {
779 xfrm_state_hold(x);
780 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
781
782 err = xfrm_state_delete(x);
783 xfrm_audit_state_delete(x, err ? 0 : 1,
784 task_valid);
785 xfrm_state_put(x);
786 if (!err)
787 cnt++;
788
789 spin_lock_bh(&net->xfrm.xfrm_state_lock);
790 goto restart;
791 }
792 }
793 }
794 if (cnt)
795 err = 0;
796
797out:
798 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
799 return err;
800}
801EXPORT_SYMBOL(xfrm_dev_state_flush);
802
803void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si)
804{
805 spin_lock_bh(&net->xfrm.xfrm_state_lock);
806 si->sadcnt = net->xfrm.state_num;
807 si->sadhcnt = net->xfrm.state_hmask + 1;
808 si->sadhmcnt = xfrm_state_hashmax;
809 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
810}
811EXPORT_SYMBOL(xfrm_sad_getinfo);
812
813static void
814xfrm_init_tempstate(struct xfrm_state *x, const struct flowi *fl,
815 const struct xfrm_tmpl *tmpl,
816 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
817 unsigned short family)
818{
819 struct xfrm_state_afinfo *afinfo = xfrm_state_afinfo_get_rcu(family);
820
821 if (!afinfo)
822 return;
823
824 afinfo->init_tempsel(&x->sel, fl);
825
826 if (family != tmpl->encap_family) {
827 afinfo = xfrm_state_afinfo_get_rcu(tmpl->encap_family);
828 if (!afinfo)
829 return;
830 }
831 afinfo->init_temprop(x, tmpl, daddr, saddr);
832}
833
834static struct xfrm_state *__xfrm_state_lookup(struct net *net, u32 mark,
835 const xfrm_address_t *daddr,
836 __be32 spi, u8 proto,
837 unsigned short family)
838{
839 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
840 struct xfrm_state *x;
841
842 hlist_for_each_entry_rcu(x, net->xfrm.state_byspi + h, byspi) {
843 if (x->props.family != family ||
844 x->id.spi != spi ||
845 x->id.proto != proto ||
846 !xfrm_addr_equal(&x->id.daddr, daddr, family))
847 continue;
848
849 if ((mark & x->mark.m) != x->mark.v)
850 continue;
851 if (!xfrm_state_hold_rcu(x))
852 continue;
853 return x;
854 }
855
856 return NULL;
857}
858
859static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, u32 mark,
860 const xfrm_address_t *daddr,
861 const xfrm_address_t *saddr,
862 u8 proto, unsigned short family)
863{
864 unsigned int h = xfrm_src_hash(net, daddr, saddr, family);
865 struct xfrm_state *x;
866
867 hlist_for_each_entry_rcu(x, net->xfrm.state_bysrc + h, bysrc) {
868 if (x->props.family != family ||
869 x->id.proto != proto ||
870 !xfrm_addr_equal(&x->id.daddr, daddr, family) ||
871 !xfrm_addr_equal(&x->props.saddr, saddr, family))
872 continue;
873
874 if ((mark & x->mark.m) != x->mark.v)
875 continue;
876 if (!xfrm_state_hold_rcu(x))
877 continue;
878 return x;
879 }
880
881 return NULL;
882}
883
884static inline struct xfrm_state *
885__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
886{
887 struct net *net = xs_net(x);
888 u32 mark = x->mark.v & x->mark.m;
889
890 if (use_spi)
891 return __xfrm_state_lookup(net, mark, &x->id.daddr,
892 x->id.spi, x->id.proto, family);
893 else
894 return __xfrm_state_lookup_byaddr(net, mark,
895 &x->id.daddr,
896 &x->props.saddr,
897 x->id.proto, family);
898}
899
900static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
901{
902 if (have_hash_collision &&
903 (net->xfrm.state_hmask + 1) < xfrm_state_hashmax &&
904 net->xfrm.state_num > net->xfrm.state_hmask)
905 schedule_work(&net->xfrm.state_hash_work);
906}
907
908static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
909 const struct flowi *fl, unsigned short family,
910 struct xfrm_state **best, int *acq_in_progress,
911 int *error)
912{
913 /* Resolution logic:
914 * 1. There is a valid state with matching selector. Done.
915 * 2. Valid state with inappropriate selector. Skip.
916 *
917 * Entering area of "sysdeps".
918 *
919 * 3. If state is not valid, selector is temporary, it selects
920 * only session which triggered previous resolution. Key
921 * manager will do something to install a state with proper
922 * selector.
923 */
924 if (x->km.state == XFRM_STATE_VALID) {
925 if ((x->sel.family &&
926 !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
927 !security_xfrm_state_pol_flow_match(x, pol, fl))
928 return;
929
930 if (!*best ||
931 (*best)->km.dying > x->km.dying ||
932 ((*best)->km.dying == x->km.dying &&
933 (*best)->curlft.add_time < x->curlft.add_time))
934 *best = x;
935 } else if (x->km.state == XFRM_STATE_ACQ) {
936 *acq_in_progress = 1;
937 } else if (x->km.state == XFRM_STATE_ERROR ||
938 x->km.state == XFRM_STATE_EXPIRED) {
939 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
940 security_xfrm_state_pol_flow_match(x, pol, fl))
941 *error = -ESRCH;
942 }
943}
944
945struct xfrm_state *
946xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
947 const struct flowi *fl, struct xfrm_tmpl *tmpl,
948 struct xfrm_policy *pol, int *err,
949 unsigned short family, u32 if_id)
950{
951 static xfrm_address_t saddr_wildcard = { };
952 struct net *net = xp_net(pol);
953 unsigned int h, h_wildcard;
954 struct xfrm_state *x, *x0, *to_put;
955 int acquire_in_progress = 0;
956 int error = 0;
957 struct xfrm_state *best = NULL;
958 u32 mark = pol->mark.v & pol->mark.m;
959 unsigned short encap_family = tmpl->encap_family;
960 unsigned int sequence;
961 struct km_event c;
962
963 to_put = NULL;
964
965 sequence = read_seqcount_begin(&xfrm_state_hash_generation);
966
967 rcu_read_lock();
968 h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family);
969 hlist_for_each_entry_rcu(x, net->xfrm.state_bydst + h, bydst) {
970 if (x->props.family == encap_family &&
971 x->props.reqid == tmpl->reqid &&
972 (mark & x->mark.m) == x->mark.v &&
973 x->if_id == if_id &&
974 !(x->props.flags & XFRM_STATE_WILDRECV) &&
975 xfrm_state_addr_check(x, daddr, saddr, encap_family) &&
976 tmpl->mode == x->props.mode &&
977 tmpl->id.proto == x->id.proto &&
978 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
979 xfrm_state_look_at(pol, x, fl, encap_family,
980 &best, &acquire_in_progress, &error);
981 }
982 if (best || acquire_in_progress)
983 goto found;
984
985 h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, encap_family);
986 hlist_for_each_entry_rcu(x, net->xfrm.state_bydst + h_wildcard, bydst) {
987 if (x->props.family == encap_family &&
988 x->props.reqid == tmpl->reqid &&
989 (mark & x->mark.m) == x->mark.v &&
990 x->if_id == if_id &&
991 !(x->props.flags & XFRM_STATE_WILDRECV) &&
992 xfrm_addr_equal(&x->id.daddr, daddr, encap_family) &&
993 tmpl->mode == x->props.mode &&
994 tmpl->id.proto == x->id.proto &&
995 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
996 xfrm_state_look_at(pol, x, fl, encap_family,
997 &best, &acquire_in_progress, &error);
998 }
999
1000found:
1001 x = best;
1002 if (!x && !error && !acquire_in_progress) {
1003 if (tmpl->id.spi &&
1004 (x0 = __xfrm_state_lookup(net, mark, daddr, tmpl->id.spi,
1005 tmpl->id.proto, encap_family)) != NULL) {
1006 to_put = x0;
1007 error = -EEXIST;
1008 goto out;
1009 }
1010
1011 c.net = net;
1012 /* If the KMs have no listeners (yet...), avoid allocating an SA
1013 * for each and every packet - garbage collection might not
1014 * handle the flood.
1015 */
1016 if (!km_is_alive(&c)) {
1017 error = -ESRCH;
1018 goto out;
1019 }
1020
1021 x = xfrm_state_alloc(net);
1022 if (x == NULL) {
1023 error = -ENOMEM;
1024 goto out;
1025 }
1026 /* Initialize temporary state matching only
1027 * to current session. */
1028 xfrm_init_tempstate(x, fl, tmpl, daddr, saddr, family);
1029 memcpy(&x->mark, &pol->mark, sizeof(x->mark));
1030 x->if_id = if_id;
1031
1032 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->flowi_secid);
1033 if (error) {
1034 x->km.state = XFRM_STATE_DEAD;
1035 to_put = x;
1036 x = NULL;
1037 goto out;
1038 }
1039
1040 if (km_query(x, tmpl, pol) == 0) {
1041 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1042 x->km.state = XFRM_STATE_ACQ;
1043 list_add(&x->km.all, &net->xfrm.state_all);
1044 hlist_add_head_rcu(&x->bydst, net->xfrm.state_bydst + h);
1045 h = xfrm_src_hash(net, daddr, saddr, encap_family);
1046 hlist_add_head_rcu(&x->bysrc, net->xfrm.state_bysrc + h);
1047 if (x->id.spi) {
1048 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family);
1049 hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h);
1050 }
1051 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
1052 tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
1053 net->xfrm.state_num++;
1054 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1055 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1056 } else {
1057 x->km.state = XFRM_STATE_DEAD;
1058 to_put = x;
1059 x = NULL;
1060 error = -ESRCH;
1061 }
1062 }
1063out:
1064 if (x) {
1065 if (!xfrm_state_hold_rcu(x)) {
1066 *err = -EAGAIN;
1067 x = NULL;
1068 }
1069 } else {
1070 *err = acquire_in_progress ? -EAGAIN : error;
1071 }
1072 rcu_read_unlock();
1073 if (to_put)
1074 xfrm_state_put(to_put);
1075
1076 if (read_seqcount_retry(&xfrm_state_hash_generation, sequence)) {
1077 *err = -EAGAIN;
1078 if (x) {
1079 xfrm_state_put(x);
1080 x = NULL;
1081 }
1082 }
1083
1084 return x;
1085}
1086
1087struct xfrm_state *
1088xfrm_stateonly_find(struct net *net, u32 mark, u32 if_id,
1089 xfrm_address_t *daddr, xfrm_address_t *saddr,
1090 unsigned short family, u8 mode, u8 proto, u32 reqid)
1091{
1092 unsigned int h;
1093 struct xfrm_state *rx = NULL, *x = NULL;
1094
1095 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1096 h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
1097 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1098 if (x->props.family == family &&
1099 x->props.reqid == reqid &&
1100 (mark & x->mark.m) == x->mark.v &&
1101 x->if_id == if_id &&
1102 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1103 xfrm_state_addr_check(x, daddr, saddr, family) &&
1104 mode == x->props.mode &&
1105 proto == x->id.proto &&
1106 x->km.state == XFRM_STATE_VALID) {
1107 rx = x;
1108 break;
1109 }
1110 }
1111
1112 if (rx)
1113 xfrm_state_hold(rx);
1114 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1115
1116
1117 return rx;
1118}
1119EXPORT_SYMBOL(xfrm_stateonly_find);
1120
1121struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi,
1122 unsigned short family)
1123{
1124 struct xfrm_state *x;
1125 struct xfrm_state_walk *w;
1126
1127 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1128 list_for_each_entry(w, &net->xfrm.state_all, all) {
1129 x = container_of(w, struct xfrm_state, km);
1130 if (x->props.family != family ||
1131 x->id.spi != spi)
1132 continue;
1133
1134 xfrm_state_hold(x);
1135 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1136 return x;
1137 }
1138 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1139 return NULL;
1140}
1141EXPORT_SYMBOL(xfrm_state_lookup_byspi);
1142
1143static void __xfrm_state_insert(struct xfrm_state *x)
1144{
1145 struct net *net = xs_net(x);
1146 unsigned int h;
1147
1148 list_add(&x->km.all, &net->xfrm.state_all);
1149
1150 h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr,
1151 x->props.reqid, x->props.family);
1152 hlist_add_head_rcu(&x->bydst, net->xfrm.state_bydst + h);
1153
1154 h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family);
1155 hlist_add_head_rcu(&x->bysrc, net->xfrm.state_bysrc + h);
1156
1157 if (x->id.spi) {
1158 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto,
1159 x->props.family);
1160
1161 hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h);
1162 }
1163
1164 tasklet_hrtimer_start(&x->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
1165 if (x->replay_maxage)
1166 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
1167
1168 net->xfrm.state_num++;
1169
1170 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1171}
1172
1173/* net->xfrm.xfrm_state_lock is held */
1174static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
1175{
1176 struct net *net = xs_net(xnew);
1177 unsigned short family = xnew->props.family;
1178 u32 reqid = xnew->props.reqid;
1179 struct xfrm_state *x;
1180 unsigned int h;
1181 u32 mark = xnew->mark.v & xnew->mark.m;
1182 u32 if_id = xnew->if_id;
1183
1184 h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
1185 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1186 if (x->props.family == family &&
1187 x->props.reqid == reqid &&
1188 x->if_id == if_id &&
1189 (mark & x->mark.m) == x->mark.v &&
1190 xfrm_addr_equal(&x->id.daddr, &xnew->id.daddr, family) &&
1191 xfrm_addr_equal(&x->props.saddr, &xnew->props.saddr, family))
1192 x->genid++;
1193 }
1194}
1195
1196void xfrm_state_insert(struct xfrm_state *x)
1197{
1198 struct net *net = xs_net(x);
1199
1200 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1201 __xfrm_state_bump_genids(x);
1202 __xfrm_state_insert(x);
1203 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1204}
1205EXPORT_SYMBOL(xfrm_state_insert);
1206
1207/* net->xfrm.xfrm_state_lock is held */
1208static struct xfrm_state *__find_acq_core(struct net *net,
1209 const struct xfrm_mark *m,
1210 unsigned short family, u8 mode,
1211 u32 reqid, u32 if_id, u8 proto,
1212 const xfrm_address_t *daddr,
1213 const xfrm_address_t *saddr,
1214 int create)
1215{
1216 unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
1217 struct xfrm_state *x;
1218 u32 mark = m->v & m->m;
1219
1220 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1221 if (x->props.reqid != reqid ||
1222 x->props.mode != mode ||
1223 x->props.family != family ||
1224 x->km.state != XFRM_STATE_ACQ ||
1225 x->id.spi != 0 ||
1226 x->id.proto != proto ||
1227 (mark & x->mark.m) != x->mark.v ||
1228 !xfrm_addr_equal(&x->id.daddr, daddr, family) ||
1229 !xfrm_addr_equal(&x->props.saddr, saddr, family))
1230 continue;
1231
1232 xfrm_state_hold(x);
1233 return x;
1234 }
1235
1236 if (!create)
1237 return NULL;
1238
1239 x = xfrm_state_alloc(net);
1240 if (likely(x)) {
1241 switch (family) {
1242 case AF_INET:
1243 x->sel.daddr.a4 = daddr->a4;
1244 x->sel.saddr.a4 = saddr->a4;
1245 x->sel.prefixlen_d = 32;
1246 x->sel.prefixlen_s = 32;
1247 x->props.saddr.a4 = saddr->a4;
1248 x->id.daddr.a4 = daddr->a4;
1249 break;
1250
1251 case AF_INET6:
1252 x->sel.daddr.in6 = daddr->in6;
1253 x->sel.saddr.in6 = saddr->in6;
1254 x->sel.prefixlen_d = 128;
1255 x->sel.prefixlen_s = 128;
1256 x->props.saddr.in6 = saddr->in6;
1257 x->id.daddr.in6 = daddr->in6;
1258 break;
1259 }
1260
1261 x->km.state = XFRM_STATE_ACQ;
1262 x->id.proto = proto;
1263 x->props.family = family;
1264 x->props.mode = mode;
1265 x->props.reqid = reqid;
1266 x->if_id = if_id;
1267 x->mark.v = m->v;
1268 x->mark.m = m->m;
1269 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
1270 xfrm_state_hold(x);
1271 tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
1272 list_add(&x->km.all, &net->xfrm.state_all);
1273 hlist_add_head_rcu(&x->bydst, net->xfrm.state_bydst + h);
1274 h = xfrm_src_hash(net, daddr, saddr, family);
1275 hlist_add_head_rcu(&x->bysrc, net->xfrm.state_bysrc + h);
1276
1277 net->xfrm.state_num++;
1278
1279 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1280 }
1281
1282 return x;
1283}
1284
1285static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq);
1286
1287int xfrm_state_add(struct xfrm_state *x)
1288{
1289 struct net *net = xs_net(x);
1290 struct xfrm_state *x1, *to_put;
1291 int family;
1292 int err;
1293 u32 mark = x->mark.v & x->mark.m;
1294 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1295
1296 family = x->props.family;
1297
1298 to_put = NULL;
1299
1300 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1301
1302 x1 = __xfrm_state_locate(x, use_spi, family);
1303 if (x1) {
1304 to_put = x1;
1305 x1 = NULL;
1306 err = -EEXIST;
1307 goto out;
1308 }
1309
1310 if (use_spi && x->km.seq) {
1311 x1 = __xfrm_find_acq_byseq(net, mark, x->km.seq);
1312 if (x1 && ((x1->id.proto != x->id.proto) ||
1313 !xfrm_addr_equal(&x1->id.daddr, &x->id.daddr, family))) {
1314 to_put = x1;
1315 x1 = NULL;
1316 }
1317 }
1318
1319 if (use_spi && !x1)
1320 x1 = __find_acq_core(net, &x->mark, family, x->props.mode,
1321 x->props.reqid, x->if_id, x->id.proto,
1322 &x->id.daddr, &x->props.saddr, 0);
1323
1324 __xfrm_state_bump_genids(x);
1325 __xfrm_state_insert(x);
1326 err = 0;
1327
1328out:
1329 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1330
1331 if (x1) {
1332 xfrm_state_delete(x1);
1333 xfrm_state_put(x1);
1334 }
1335
1336 if (to_put)
1337 xfrm_state_put(to_put);
1338
1339 return err;
1340}
1341EXPORT_SYMBOL(xfrm_state_add);
1342
1343#ifdef CONFIG_XFRM_MIGRATE
1344static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig,
1345 struct xfrm_encap_tmpl *encap)
1346{
1347 struct net *net = xs_net(orig);
1348 struct xfrm_state *x = xfrm_state_alloc(net);
1349 if (!x)
1350 goto out;
1351
1352 memcpy(&x->id, &orig->id, sizeof(x->id));
1353 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1354 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1355 x->props.mode = orig->props.mode;
1356 x->props.replay_window = orig->props.replay_window;
1357 x->props.reqid = orig->props.reqid;
1358 x->props.family = orig->props.family;
1359 x->props.saddr = orig->props.saddr;
1360
1361 if (orig->aalg) {
1362 x->aalg = xfrm_algo_auth_clone(orig->aalg);
1363 if (!x->aalg)
1364 goto error;
1365 }
1366 x->props.aalgo = orig->props.aalgo;
1367
1368 if (orig->aead) {
1369 x->aead = xfrm_algo_aead_clone(orig->aead);
1370 x->geniv = orig->geniv;
1371 if (!x->aead)
1372 goto error;
1373 }
1374 if (orig->ealg) {
1375 x->ealg = xfrm_algo_clone(orig->ealg);
1376 if (!x->ealg)
1377 goto error;
1378 }
1379 x->props.ealgo = orig->props.ealgo;
1380
1381 if (orig->calg) {
1382 x->calg = xfrm_algo_clone(orig->calg);
1383 if (!x->calg)
1384 goto error;
1385 }
1386 x->props.calgo = orig->props.calgo;
1387
1388 if (encap || orig->encap) {
1389 if (encap)
1390 x->encap = kmemdup(encap, sizeof(*x->encap),
1391 GFP_KERNEL);
1392 else
1393 x->encap = kmemdup(orig->encap, sizeof(*x->encap),
1394 GFP_KERNEL);
1395
1396 if (!x->encap)
1397 goto error;
1398 }
1399
1400 if (orig->coaddr) {
1401 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1402 GFP_KERNEL);
1403 if (!x->coaddr)
1404 goto error;
1405 }
1406
1407 if (orig->replay_esn) {
1408 if (xfrm_replay_clone(x, orig))
1409 goto error;
1410 }
1411
1412 memcpy(&x->mark, &orig->mark, sizeof(x->mark));
1413
1414 if (xfrm_init_state(x) < 0)
1415 goto error;
1416
1417 x->props.flags = orig->props.flags;
1418 x->props.extra_flags = orig->props.extra_flags;
1419
1420 x->if_id = orig->if_id;
1421 x->tfcpad = orig->tfcpad;
1422 x->replay_maxdiff = orig->replay_maxdiff;
1423 x->replay_maxage = orig->replay_maxage;
1424 x->curlft.add_time = orig->curlft.add_time;
1425 x->km.state = orig->km.state;
1426 x->km.seq = orig->km.seq;
1427 x->replay = orig->replay;
1428 x->preplay = orig->preplay;
1429
1430 return x;
1431
1432 error:
1433 xfrm_state_put(x);
1434out:
1435 return NULL;
1436}
1437
1438struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net)
1439{
1440 unsigned int h;
1441 struct xfrm_state *x = NULL;
1442
1443 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1444
1445 if (m->reqid) {
1446 h = xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr,
1447 m->reqid, m->old_family);
1448 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1449 if (x->props.mode != m->mode ||
1450 x->id.proto != m->proto)
1451 continue;
1452 if (m->reqid && x->props.reqid != m->reqid)
1453 continue;
1454 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr,
1455 m->old_family) ||
1456 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr,
1457 m->old_family))
1458 continue;
1459 xfrm_state_hold(x);
1460 break;
1461 }
1462 } else {
1463 h = xfrm_src_hash(net, &m->old_daddr, &m->old_saddr,
1464 m->old_family);
1465 hlist_for_each_entry(x, net->xfrm.state_bysrc+h, bysrc) {
1466 if (x->props.mode != m->mode ||
1467 x->id.proto != m->proto)
1468 continue;
1469 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr,
1470 m->old_family) ||
1471 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr,
1472 m->old_family))
1473 continue;
1474 xfrm_state_hold(x);
1475 break;
1476 }
1477 }
1478
1479 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1480
1481 return x;
1482}
1483EXPORT_SYMBOL(xfrm_migrate_state_find);
1484
1485struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
1486 struct xfrm_migrate *m,
1487 struct xfrm_encap_tmpl *encap)
1488{
1489 struct xfrm_state *xc;
1490
1491 xc = xfrm_state_clone(x, encap);
1492 if (!xc)
1493 return NULL;
1494
1495 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1496 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1497
1498 /* add state */
1499 if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) {
1500 /* a care is needed when the destination address of the
1501 state is to be updated as it is a part of triplet */
1502 xfrm_state_insert(xc);
1503 } else {
1504 if (xfrm_state_add(xc) < 0)
1505 goto error;
1506 }
1507
1508 return xc;
1509error:
1510 xfrm_state_put(xc);
1511 return NULL;
1512}
1513EXPORT_SYMBOL(xfrm_state_migrate);
1514#endif
1515
1516int xfrm_state_update(struct xfrm_state *x)
1517{
1518 struct xfrm_state *x1, *to_put;
1519 int err;
1520 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1521 struct net *net = xs_net(x);
1522
1523 to_put = NULL;
1524
1525 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1526 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1527
1528 err = -ESRCH;
1529 if (!x1)
1530 goto out;
1531
1532 if (xfrm_state_kern(x1)) {
1533 to_put = x1;
1534 err = -EEXIST;
1535 goto out;
1536 }
1537
1538 if (x1->km.state == XFRM_STATE_ACQ) {
1539 __xfrm_state_insert(x);
1540 x = NULL;
1541 }
1542 err = 0;
1543
1544out:
1545 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1546
1547 if (to_put)
1548 xfrm_state_put(to_put);
1549
1550 if (err)
1551 return err;
1552
1553 if (!x) {
1554 xfrm_state_delete(x1);
1555 xfrm_state_put(x1);
1556 return 0;
1557 }
1558
1559 err = -EINVAL;
1560 spin_lock_bh(&x1->lock);
1561 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1562 if (x->encap && x1->encap &&
1563 x->encap->encap_type == x1->encap->encap_type)
1564 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1565 else if (x->encap || x1->encap)
1566 goto fail;
1567
1568 if (x->coaddr && x1->coaddr) {
1569 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1570 }
1571 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1572 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1573 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1574 x1->km.dying = 0;
1575
1576 tasklet_hrtimer_start(&x1->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
1577 if (x1->curlft.use_time)
1578 xfrm_state_check_expire(x1);
1579
1580 if (x->props.smark.m || x->props.smark.v || x->if_id) {
1581 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1582
1583 if (x->props.smark.m || x->props.smark.v)
1584 x1->props.smark = x->props.smark;
1585
1586 if (x->if_id)
1587 x1->if_id = x->if_id;
1588
1589 __xfrm_state_bump_genids(x1);
1590 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1591 }
1592
1593 err = 0;
1594 x->km.state = XFRM_STATE_DEAD;
1595 __xfrm_state_put(x);
1596 }
1597
1598fail:
1599 spin_unlock_bh(&x1->lock);
1600
1601 xfrm_state_put(x1);
1602
1603 return err;
1604}
1605EXPORT_SYMBOL(xfrm_state_update);
1606
1607int xfrm_state_check_expire(struct xfrm_state *x)
1608{
1609 if (!x->curlft.use_time)
1610 x->curlft.use_time = ktime_get_real_seconds();
1611
1612 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1613 x->curlft.packets >= x->lft.hard_packet_limit) {
1614 x->km.state = XFRM_STATE_EXPIRED;
1615 tasklet_hrtimer_start(&x->mtimer, 0, HRTIMER_MODE_REL);
1616 return -EINVAL;
1617 }
1618
1619 if (!x->km.dying &&
1620 (x->curlft.bytes >= x->lft.soft_byte_limit ||
1621 x->curlft.packets >= x->lft.soft_packet_limit)) {
1622 x->km.dying = 1;
1623 km_state_expired(x, 0, 0);
1624 }
1625 return 0;
1626}
1627EXPORT_SYMBOL(xfrm_state_check_expire);
1628
1629struct xfrm_state *
1630xfrm_state_lookup(struct net *net, u32 mark, const xfrm_address_t *daddr, __be32 spi,
1631 u8 proto, unsigned short family)
1632{
1633 struct xfrm_state *x;
1634
1635 rcu_read_lock();
1636 x = __xfrm_state_lookup(net, mark, daddr, spi, proto, family);
1637 rcu_read_unlock();
1638 return x;
1639}
1640EXPORT_SYMBOL(xfrm_state_lookup);
1641
1642struct xfrm_state *
1643xfrm_state_lookup_byaddr(struct net *net, u32 mark,
1644 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
1645 u8 proto, unsigned short family)
1646{
1647 struct xfrm_state *x;
1648
1649 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1650 x = __xfrm_state_lookup_byaddr(net, mark, daddr, saddr, proto, family);
1651 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1652 return x;
1653}
1654EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1655
1656struct xfrm_state *
1657xfrm_find_acq(struct net *net, const struct xfrm_mark *mark, u8 mode, u32 reqid,
1658 u32 if_id, u8 proto, const xfrm_address_t *daddr,
1659 const xfrm_address_t *saddr, int create, unsigned short family)
1660{
1661 struct xfrm_state *x;
1662
1663 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1664 x = __find_acq_core(net, mark, family, mode, reqid, if_id, proto, daddr, saddr, create);
1665 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1666
1667 return x;
1668}
1669EXPORT_SYMBOL(xfrm_find_acq);
1670
1671#ifdef CONFIG_XFRM_SUB_POLICY
1672int
1673xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1674 unsigned short family, struct net *net)
1675{
1676 int i;
1677 int err = 0;
1678 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1679 if (!afinfo)
1680 return -EAFNOSUPPORT;
1681
1682 spin_lock_bh(&net->xfrm.xfrm_state_lock); /*FIXME*/
1683 if (afinfo->tmpl_sort)
1684 err = afinfo->tmpl_sort(dst, src, n);
1685 else
1686 for (i = 0; i < n; i++)
1687 dst[i] = src[i];
1688 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1689 rcu_read_unlock();
1690 return err;
1691}
1692EXPORT_SYMBOL(xfrm_tmpl_sort);
1693
1694int
1695xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1696 unsigned short family)
1697{
1698 int i;
1699 int err = 0;
1700 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1701 struct net *net = xs_net(*src);
1702
1703 if (!afinfo)
1704 return -EAFNOSUPPORT;
1705
1706 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1707 if (afinfo->state_sort)
1708 err = afinfo->state_sort(dst, src, n);
1709 else
1710 for (i = 0; i < n; i++)
1711 dst[i] = src[i];
1712 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1713 rcu_read_unlock();
1714 return err;
1715}
1716EXPORT_SYMBOL(xfrm_state_sort);
1717#endif
1718
1719/* Silly enough, but I'm lazy to build resolution list */
1720
1721static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
1722{
1723 int i;
1724
1725 for (i = 0; i <= net->xfrm.state_hmask; i++) {
1726 struct xfrm_state *x;
1727
1728 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
1729 if (x->km.seq == seq &&
1730 (mark & x->mark.m) == x->mark.v &&
1731 x->km.state == XFRM_STATE_ACQ) {
1732 xfrm_state_hold(x);
1733 return x;
1734 }
1735 }
1736 }
1737 return NULL;
1738}
1739
1740struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
1741{
1742 struct xfrm_state *x;
1743
1744 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1745 x = __xfrm_find_acq_byseq(net, mark, seq);
1746 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1747 return x;
1748}
1749EXPORT_SYMBOL(xfrm_find_acq_byseq);
1750
1751u32 xfrm_get_acqseq(void)
1752{
1753 u32 res;
1754 static atomic_t acqseq;
1755
1756 do {
1757 res = atomic_inc_return(&acqseq);
1758 } while (!res);
1759
1760 return res;
1761}
1762EXPORT_SYMBOL(xfrm_get_acqseq);
1763
1764int verify_spi_info(u8 proto, u32 min, u32 max)
1765{
1766 switch (proto) {
1767 case IPPROTO_AH:
1768 case IPPROTO_ESP:
1769 break;
1770
1771 case IPPROTO_COMP:
1772 /* IPCOMP spi is 16-bits. */
1773 if (max >= 0x10000)
1774 return -EINVAL;
1775 break;
1776
1777 default:
1778 return -EINVAL;
1779 }
1780
1781 if (min > max)
1782 return -EINVAL;
1783
1784 return 0;
1785}
1786EXPORT_SYMBOL(verify_spi_info);
1787
1788int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1789{
1790 struct net *net = xs_net(x);
1791 unsigned int h;
1792 struct xfrm_state *x0;
1793 int err = -ENOENT;
1794 __be32 minspi = htonl(low);
1795 __be32 maxspi = htonl(high);
1796 u32 mark = x->mark.v & x->mark.m;
1797
1798 spin_lock_bh(&x->lock);
1799 if (x->km.state == XFRM_STATE_DEAD)
1800 goto unlock;
1801
1802 err = 0;
1803 if (x->id.spi)
1804 goto unlock;
1805
1806 err = -ENOENT;
1807
1808 if (minspi == maxspi) {
1809 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, minspi, x->id.proto, x->props.family);
1810 if (x0) {
1811 xfrm_state_put(x0);
1812 goto unlock;
1813 }
1814 x->id.spi = minspi;
1815 } else {
1816 u32 spi = 0;
1817 for (h = 0; h < high-low+1; h++) {
1818 spi = low + prandom_u32()%(high-low+1);
1819 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1820 if (x0 == NULL) {
1821 x->id.spi = htonl(spi);
1822 break;
1823 }
1824 xfrm_state_put(x0);
1825 }
1826 }
1827 if (x->id.spi) {
1828 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1829 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1830 hlist_add_head_rcu(&x->byspi, net->xfrm.state_byspi + h);
1831 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1832
1833 err = 0;
1834 }
1835
1836unlock:
1837 spin_unlock_bh(&x->lock);
1838
1839 return err;
1840}
1841EXPORT_SYMBOL(xfrm_alloc_spi);
1842
1843static bool __xfrm_state_filter_match(struct xfrm_state *x,
1844 struct xfrm_address_filter *filter)
1845{
1846 if (filter) {
1847 if ((filter->family == AF_INET ||
1848 filter->family == AF_INET6) &&
1849 x->props.family != filter->family)
1850 return false;
1851
1852 return addr_match(&x->props.saddr, &filter->saddr,
1853 filter->splen) &&
1854 addr_match(&x->id.daddr, &filter->daddr,
1855 filter->dplen);
1856 }
1857 return true;
1858}
1859
1860int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
1861 int (*func)(struct xfrm_state *, int, void*),
1862 void *data)
1863{
1864 struct xfrm_state *state;
1865 struct xfrm_state_walk *x;
1866 int err = 0;
1867
1868 if (walk->seq != 0 && list_empty(&walk->all))
1869 return 0;
1870
1871 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1872 if (list_empty(&walk->all))
1873 x = list_first_entry(&net->xfrm.state_all, struct xfrm_state_walk, all);
1874 else
1875 x = list_first_entry(&walk->all, struct xfrm_state_walk, all);
1876 list_for_each_entry_from(x, &net->xfrm.state_all, all) {
1877 if (x->state == XFRM_STATE_DEAD)
1878 continue;
1879 state = container_of(x, struct xfrm_state, km);
1880 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
1881 continue;
1882 if (!__xfrm_state_filter_match(state, walk->filter))
1883 continue;
1884 err = func(state, walk->seq, data);
1885 if (err) {
1886 list_move_tail(&walk->all, &x->all);
1887 goto out;
1888 }
1889 walk->seq++;
1890 }
1891 if (walk->seq == 0) {
1892 err = -ENOENT;
1893 goto out;
1894 }
1895 list_del_init(&walk->all);
1896out:
1897 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1898 return err;
1899}
1900EXPORT_SYMBOL(xfrm_state_walk);
1901
1902void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto,
1903 struct xfrm_address_filter *filter)
1904{
1905 INIT_LIST_HEAD(&walk->all);
1906 walk->proto = proto;
1907 walk->state = XFRM_STATE_DEAD;
1908 walk->seq = 0;
1909 walk->filter = filter;
1910}
1911EXPORT_SYMBOL(xfrm_state_walk_init);
1912
1913void xfrm_state_walk_done(struct xfrm_state_walk *walk, struct net *net)
1914{
1915 kfree(walk->filter);
1916
1917 if (list_empty(&walk->all))
1918 return;
1919
1920 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1921 list_del(&walk->all);
1922 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1923}
1924EXPORT_SYMBOL(xfrm_state_walk_done);
1925
1926static void xfrm_replay_timer_handler(struct timer_list *t)
1927{
1928 struct xfrm_state *x = from_timer(x, t, rtimer);
1929
1930 spin_lock(&x->lock);
1931
1932 if (x->km.state == XFRM_STATE_VALID) {
1933 if (xfrm_aevent_is_on(xs_net(x)))
1934 x->repl->notify(x, XFRM_REPLAY_TIMEOUT);
1935 else
1936 x->xflags |= XFRM_TIME_DEFER;
1937 }
1938
1939 spin_unlock(&x->lock);
1940}
1941
1942static LIST_HEAD(xfrm_km_list);
1943
1944void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
1945{
1946 struct xfrm_mgr *km;
1947
1948 rcu_read_lock();
1949 list_for_each_entry_rcu(km, &xfrm_km_list, list)
1950 if (km->notify_policy)
1951 km->notify_policy(xp, dir, c);
1952 rcu_read_unlock();
1953}
1954
1955void km_state_notify(struct xfrm_state *x, const struct km_event *c)
1956{
1957 struct xfrm_mgr *km;
1958 rcu_read_lock();
1959 list_for_each_entry_rcu(km, &xfrm_km_list, list)
1960 if (km->notify)
1961 km->notify(x, c);
1962 rcu_read_unlock();
1963}
1964
1965EXPORT_SYMBOL(km_policy_notify);
1966EXPORT_SYMBOL(km_state_notify);
1967
1968void km_state_expired(struct xfrm_state *x, int hard, u32 portid)
1969{
1970 struct km_event c;
1971
1972 c.data.hard = hard;
1973 c.portid = portid;
1974 c.event = XFRM_MSG_EXPIRE;
1975 km_state_notify(x, &c);
1976}
1977
1978EXPORT_SYMBOL(km_state_expired);
1979/*
1980 * We send to all registered managers regardless of failure
1981 * We are happy with one success
1982*/
1983int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1984{
1985 int err = -EINVAL, acqret;
1986 struct xfrm_mgr *km;
1987
1988 rcu_read_lock();
1989 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1990 acqret = km->acquire(x, t, pol);
1991 if (!acqret)
1992 err = acqret;
1993 }
1994 rcu_read_unlock();
1995 return err;
1996}
1997EXPORT_SYMBOL(km_query);
1998
1999int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
2000{
2001 int err = -EINVAL;
2002 struct xfrm_mgr *km;
2003
2004 rcu_read_lock();
2005 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
2006 if (km->new_mapping)
2007 err = km->new_mapping(x, ipaddr, sport);
2008 if (!err)
2009 break;
2010 }
2011 rcu_read_unlock();
2012 return err;
2013}
2014EXPORT_SYMBOL(km_new_mapping);
2015
2016void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid)
2017{
2018 struct km_event c;
2019
2020 c.data.hard = hard;
2021 c.portid = portid;
2022 c.event = XFRM_MSG_POLEXPIRE;
2023 km_policy_notify(pol, dir, &c);
2024}
2025EXPORT_SYMBOL(km_policy_expired);
2026
2027#ifdef CONFIG_XFRM_MIGRATE
2028int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
2029 const struct xfrm_migrate *m, int num_migrate,
2030 const struct xfrm_kmaddress *k,
2031 const struct xfrm_encap_tmpl *encap)
2032{
2033 int err = -EINVAL;
2034 int ret;
2035 struct xfrm_mgr *km;
2036
2037 rcu_read_lock();
2038 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
2039 if (km->migrate) {
2040 ret = km->migrate(sel, dir, type, m, num_migrate, k,
2041 encap);
2042 if (!ret)
2043 err = ret;
2044 }
2045 }
2046 rcu_read_unlock();
2047 return err;
2048}
2049EXPORT_SYMBOL(km_migrate);
2050#endif
2051
2052int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
2053{
2054 int err = -EINVAL;
2055 int ret;
2056 struct xfrm_mgr *km;
2057
2058 rcu_read_lock();
2059 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
2060 if (km->report) {
2061 ret = km->report(net, proto, sel, addr);
2062 if (!ret)
2063 err = ret;
2064 }
2065 }
2066 rcu_read_unlock();
2067 return err;
2068}
2069EXPORT_SYMBOL(km_report);
2070
2071bool km_is_alive(const struct km_event *c)
2072{
2073 struct xfrm_mgr *km;
2074 bool is_alive = false;
2075
2076 rcu_read_lock();
2077 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
2078 if (km->is_alive && km->is_alive(c)) {
2079 is_alive = true;
2080 break;
2081 }
2082 }
2083 rcu_read_unlock();
2084
2085 return is_alive;
2086}
2087EXPORT_SYMBOL(km_is_alive);
2088
2089int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
2090{
2091 int err;
2092 u8 *data;
2093 struct xfrm_mgr *km;
2094 struct xfrm_policy *pol = NULL;
2095
2096 if (!optval && !optlen) {
2097 xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL);
2098 xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL);
2099 __sk_dst_reset(sk);
2100 return 0;
2101 }
2102
2103 if (optlen <= 0 || optlen > PAGE_SIZE)
2104 return -EMSGSIZE;
2105
2106 data = memdup_user(optval, optlen);
2107 if (IS_ERR(data))
2108 return PTR_ERR(data);
2109
2110 err = -EINVAL;
2111 rcu_read_lock();
2112 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
2113 pol = km->compile_policy(sk, optname, data,
2114 optlen, &err);
2115 if (err >= 0)
2116 break;
2117 }
2118 rcu_read_unlock();
2119
2120 if (err >= 0) {
2121 xfrm_sk_policy_insert(sk, err, pol);
2122 xfrm_pol_put(pol);
2123 __sk_dst_reset(sk);
2124 err = 0;
2125 }
2126
2127 kfree(data);
2128 return err;
2129}
2130EXPORT_SYMBOL(xfrm_user_policy);
2131
2132static DEFINE_SPINLOCK(xfrm_km_lock);
2133
2134int xfrm_register_km(struct xfrm_mgr *km)
2135{
2136 spin_lock_bh(&xfrm_km_lock);
2137 list_add_tail_rcu(&km->list, &xfrm_km_list);
2138 spin_unlock_bh(&xfrm_km_lock);
2139 return 0;
2140}
2141EXPORT_SYMBOL(xfrm_register_km);
2142
2143int xfrm_unregister_km(struct xfrm_mgr *km)
2144{
2145 spin_lock_bh(&xfrm_km_lock);
2146 list_del_rcu(&km->list);
2147 spin_unlock_bh(&xfrm_km_lock);
2148 synchronize_rcu();
2149 return 0;
2150}
2151EXPORT_SYMBOL(xfrm_unregister_km);
2152
2153int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
2154{
2155 int err = 0;
2156
2157 if (WARN_ON(afinfo->family >= NPROTO))
2158 return -EAFNOSUPPORT;
2159
2160 spin_lock_bh(&xfrm_state_afinfo_lock);
2161 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
2162 err = -EEXIST;
2163 else
2164 rcu_assign_pointer(xfrm_state_afinfo[afinfo->family], afinfo);
2165 spin_unlock_bh(&xfrm_state_afinfo_lock);
2166 return err;
2167}
2168EXPORT_SYMBOL(xfrm_state_register_afinfo);
2169
2170int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
2171{
2172 int err = 0, family = afinfo->family;
2173
2174 if (WARN_ON(family >= NPROTO))
2175 return -EAFNOSUPPORT;
2176
2177 spin_lock_bh(&xfrm_state_afinfo_lock);
2178 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
2179 if (rcu_access_pointer(xfrm_state_afinfo[family]) != afinfo)
2180 err = -EINVAL;
2181 else
2182 RCU_INIT_POINTER(xfrm_state_afinfo[afinfo->family], NULL);
2183 }
2184 spin_unlock_bh(&xfrm_state_afinfo_lock);
2185 synchronize_rcu();
2186 return err;
2187}
2188EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
2189
2190struct xfrm_state_afinfo *xfrm_state_afinfo_get_rcu(unsigned int family)
2191{
2192 if (unlikely(family >= NPROTO))
2193 return NULL;
2194
2195 return rcu_dereference(xfrm_state_afinfo[family]);
2196}
2197
2198struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
2199{
2200 struct xfrm_state_afinfo *afinfo;
2201 if (unlikely(family >= NPROTO))
2202 return NULL;
2203 rcu_read_lock();
2204 afinfo = rcu_dereference(xfrm_state_afinfo[family]);
2205 if (unlikely(!afinfo))
2206 rcu_read_unlock();
2207 return afinfo;
2208}
2209
2210void xfrm_flush_gc(void)
2211{
2212 flush_work(&xfrm_state_gc_work);
2213}
2214EXPORT_SYMBOL(xfrm_flush_gc);
2215
2216/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
2217void xfrm_state_delete_tunnel(struct xfrm_state *x)
2218{
2219 if (x->tunnel) {
2220 struct xfrm_state *t = x->tunnel;
2221
2222 if (atomic_read(&t->tunnel_users) == 2)
2223 xfrm_state_delete(t);
2224 atomic_dec(&t->tunnel_users);
2225 xfrm_state_put_sync(t);
2226 x->tunnel = NULL;
2227 }
2228}
2229EXPORT_SYMBOL(xfrm_state_delete_tunnel);
2230
2231int xfrm_state_mtu(struct xfrm_state *x, int mtu)
2232{
2233 const struct xfrm_type *type = READ_ONCE(x->type);
2234
2235 if (x->km.state == XFRM_STATE_VALID &&
2236 type && type->get_mtu)
2237 return type->get_mtu(x, mtu);
2238
2239 return mtu - x->props.header_len;
2240}
2241
2242int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload)
2243{
2244 struct xfrm_state_afinfo *afinfo;
2245 struct xfrm_mode *inner_mode;
2246 int family = x->props.family;
2247 int err;
2248
2249 err = -EAFNOSUPPORT;
2250 afinfo = xfrm_state_get_afinfo(family);
2251 if (!afinfo)
2252 goto error;
2253
2254 err = 0;
2255 if (afinfo->init_flags)
2256 err = afinfo->init_flags(x);
2257
2258 rcu_read_unlock();
2259
2260 if (err)
2261 goto error;
2262
2263 err = -EPROTONOSUPPORT;
2264
2265 if (x->sel.family != AF_UNSPEC) {
2266 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2267 if (inner_mode == NULL)
2268 goto error;
2269
2270 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2271 family != x->sel.family) {
2272 xfrm_put_mode(inner_mode);
2273 goto error;
2274 }
2275
2276 x->inner_mode = inner_mode;
2277 } else {
2278 struct xfrm_mode *inner_mode_iaf;
2279 int iafamily = AF_INET;
2280
2281 inner_mode = xfrm_get_mode(x->props.mode, x->props.family);
2282 if (inner_mode == NULL)
2283 goto error;
2284
2285 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2286 xfrm_put_mode(inner_mode);
2287 goto error;
2288 }
2289 x->inner_mode = inner_mode;
2290
2291 if (x->props.family == AF_INET)
2292 iafamily = AF_INET6;
2293
2294 inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily);
2295 if (inner_mode_iaf) {
2296 if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)
2297 x->inner_mode_iaf = inner_mode_iaf;
2298 else
2299 xfrm_put_mode(inner_mode_iaf);
2300 }
2301 }
2302
2303 x->type = xfrm_get_type(x->id.proto, family);
2304 if (x->type == NULL)
2305 goto error;
2306
2307 x->type_offload = xfrm_get_type_offload(x->id.proto, family, offload);
2308
2309 err = x->type->init_state(x);
2310 if (err)
2311 goto error;
2312
2313 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2314 if (x->outer_mode == NULL) {
2315 err = -EPROTONOSUPPORT;
2316 goto error;
2317 }
2318
2319 if (init_replay) {
2320 err = xfrm_init_replay(x);
2321 if (err)
2322 goto error;
2323 }
2324
2325error:
2326 return err;
2327}
2328
2329EXPORT_SYMBOL(__xfrm_init_state);
2330
2331int xfrm_init_state(struct xfrm_state *x)
2332{
2333 int err;
2334
2335 err = __xfrm_init_state(x, true, false);
2336 if (!err)
2337 x->km.state = XFRM_STATE_VALID;
2338
2339 return err;
2340}
2341
2342EXPORT_SYMBOL(xfrm_init_state);
2343
2344int __net_init xfrm_state_init(struct net *net)
2345{
2346 unsigned int sz;
2347
2348 if (net_eq(net, &init_net))
2349 xfrm_state_cache = KMEM_CACHE(xfrm_state,
2350 SLAB_HWCACHE_ALIGN | SLAB_PANIC);
2351
2352 INIT_LIST_HEAD(&net->xfrm.state_all);
2353
2354 sz = sizeof(struct hlist_head) * 8;
2355
2356 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2357 if (!net->xfrm.state_bydst)
2358 goto out_bydst;
2359 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2360 if (!net->xfrm.state_bysrc)
2361 goto out_bysrc;
2362 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2363 if (!net->xfrm.state_byspi)
2364 goto out_byspi;
2365 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2366
2367 net->xfrm.state_num = 0;
2368 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
2369 spin_lock_init(&net->xfrm.xfrm_state_lock);
2370 return 0;
2371
2372out_byspi:
2373 xfrm_hash_free(net->xfrm.state_bysrc, sz);
2374out_bysrc:
2375 xfrm_hash_free(net->xfrm.state_bydst, sz);
2376out_bydst:
2377 return -ENOMEM;
2378}
2379
2380void xfrm_state_fini(struct net *net)
2381{
2382 unsigned int sz;
2383
2384 flush_work(&net->xfrm.state_hash_work);
2385 flush_work(&xfrm_state_gc_work);
2386 xfrm_state_flush(net, 0, false, true);
2387
2388 WARN_ON(!list_empty(&net->xfrm.state_all));
2389
2390 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
2391 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2392 xfrm_hash_free(net->xfrm.state_byspi, sz);
2393 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2394 xfrm_hash_free(net->xfrm.state_bysrc, sz);
2395 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2396 xfrm_hash_free(net->xfrm.state_bydst, sz);
2397}
2398
2399#ifdef CONFIG_AUDITSYSCALL
2400static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2401 struct audit_buffer *audit_buf)
2402{
2403 struct xfrm_sec_ctx *ctx = x->security;
2404 u32 spi = ntohl(x->id.spi);
2405
2406 if (ctx)
2407 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2408 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2409
2410 switch (x->props.family) {
2411 case AF_INET:
2412 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2413 &x->props.saddr.a4, &x->id.daddr.a4);
2414 break;
2415 case AF_INET6:
2416 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2417 x->props.saddr.a6, x->id.daddr.a6);
2418 break;
2419 }
2420
2421 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2422}
2423
2424static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2425 struct audit_buffer *audit_buf)
2426{
2427 const struct iphdr *iph4;
2428 const struct ipv6hdr *iph6;
2429
2430 switch (family) {
2431 case AF_INET:
2432 iph4 = ip_hdr(skb);
2433 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2434 &iph4->saddr, &iph4->daddr);
2435 break;
2436 case AF_INET6:
2437 iph6 = ipv6_hdr(skb);
2438 audit_log_format(audit_buf,
2439 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2440 &iph6->saddr, &iph6->daddr,
2441 iph6->flow_lbl[0] & 0x0f,
2442 iph6->flow_lbl[1],
2443 iph6->flow_lbl[2]);
2444 break;
2445 }
2446}
2447
2448void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid)
2449{
2450 struct audit_buffer *audit_buf;
2451
2452 audit_buf = xfrm_audit_start("SAD-add");
2453 if (audit_buf == NULL)
2454 return;
2455 xfrm_audit_helper_usrinfo(task_valid, audit_buf);
2456 xfrm_audit_helper_sainfo(x, audit_buf);
2457 audit_log_format(audit_buf, " res=%u", result);
2458 audit_log_end(audit_buf);
2459}
2460EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2461
2462void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid)
2463{
2464 struct audit_buffer *audit_buf;
2465
2466 audit_buf = xfrm_audit_start("SAD-delete");
2467 if (audit_buf == NULL)
2468 return;
2469 xfrm_audit_helper_usrinfo(task_valid, audit_buf);
2470 xfrm_audit_helper_sainfo(x, audit_buf);
2471 audit_log_format(audit_buf, " res=%u", result);
2472 audit_log_end(audit_buf);
2473}
2474EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2475
2476void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2477 struct sk_buff *skb)
2478{
2479 struct audit_buffer *audit_buf;
2480 u32 spi;
2481
2482 audit_buf = xfrm_audit_start("SA-replay-overflow");
2483 if (audit_buf == NULL)
2484 return;
2485 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2486 /* don't record the sequence number because it's inherent in this kind
2487 * of audit message */
2488 spi = ntohl(x->id.spi);
2489 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2490 audit_log_end(audit_buf);
2491}
2492EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2493
2494void xfrm_audit_state_replay(struct xfrm_state *x,
2495 struct sk_buff *skb, __be32 net_seq)
2496{
2497 struct audit_buffer *audit_buf;
2498 u32 spi;
2499
2500 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2501 if (audit_buf == NULL)
2502 return;
2503 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2504 spi = ntohl(x->id.spi);
2505 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2506 spi, spi, ntohl(net_seq));
2507 audit_log_end(audit_buf);
2508}
2509EXPORT_SYMBOL_GPL(xfrm_audit_state_replay);
2510
2511void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2512{
2513 struct audit_buffer *audit_buf;
2514
2515 audit_buf = xfrm_audit_start("SA-notfound");
2516 if (audit_buf == NULL)
2517 return;
2518 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2519 audit_log_end(audit_buf);
2520}
2521EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2522
2523void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2524 __be32 net_spi, __be32 net_seq)
2525{
2526 struct audit_buffer *audit_buf;
2527 u32 spi;
2528
2529 audit_buf = xfrm_audit_start("SA-notfound");
2530 if (audit_buf == NULL)
2531 return;
2532 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2533 spi = ntohl(net_spi);
2534 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2535 spi, spi, ntohl(net_seq));
2536 audit_log_end(audit_buf);
2537}
2538EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2539
2540void xfrm_audit_state_icvfail(struct xfrm_state *x,
2541 struct sk_buff *skb, u8 proto)
2542{
2543 struct audit_buffer *audit_buf;
2544 __be32 net_spi;
2545 __be32 net_seq;
2546
2547 audit_buf = xfrm_audit_start("SA-icv-failure");
2548 if (audit_buf == NULL)
2549 return;
2550 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2551 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2552 u32 spi = ntohl(net_spi);
2553 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2554 spi, spi, ntohl(net_seq));
2555 }
2556 audit_log_end(audit_buf);
2557}
2558EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2559#endif /* CONFIG_AUDITSYSCALL */