projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ipsec: Fix xfrm_state_walk race
[deliverable/linux.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
68277acc 22#include <linux/audit.h>
b5890d8b 23#include <asm/uaccess.h>
1da177e4 24
44e36b42
DM		 25#include "xfrm_hash.h"
26
ee857a7d
DM		 27struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl);
29
01e67d08 30u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
a70fcb0b
DM		 31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32
01e67d08 33u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
a70fcb0b
DM		 34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35
01e67d08
DM		 36u32 sysctl_xfrm_acq_expires __read_mostly = 30;
37
1da177e4
LT		 38/* Each xfrm_state may be linked to two tables:
39
40 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 41 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 42 destination/tunnel endpoint. (output)
43 */
44
45static DEFINE_SPINLOCK(xfrm_state_lock);
46
47/* Hash table to find appropriate SA towards given target (endpoint
48 * of tunnel or destination of transport mode) allowed by selector.
49 *
50 * Main use is finding SA after policy selected tunnel or transport mode.
51 * Also, it can be used by ah/esp icmp error handler to find offending SA.
52 */
4c563f76 53static LIST_HEAD(xfrm_state_all);
f034b5d4
DM		 54static struct hlist_head *xfrm_state_bydst __read_mostly;
55static struct hlist_head *xfrm_state_bysrc __read_mostly;
56static struct hlist_head *xfrm_state_byspi __read_mostly;
57static unsigned int xfrm_state_hmask __read_mostly;
58static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
59static unsigned int xfrm_state_num;
9d4a706d 60static unsigned int xfrm_state_genid;
f034b5d4 61
abb81c4f
HX		 62/* Counter indicating ongoing walk, protected by xfrm_state_lock. */
63static unsigned long xfrm_state_walk_ongoing;
64/* Counter indicating walk completion, protected by xfrm_cfg_mutex. */
65static unsigned long xfrm_state_walk_completed;
66
5c182458
HX		 67/* List of outstanding state walks used to set the completed counter. */
68static LIST_HEAD(xfrm_state_walks);
69
17c2a42a
HX		 70static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
71static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
72
afeb14b4
PM		 73#ifdef CONFIG_AUDITSYSCALL
74static void xfrm_audit_state_replay(struct xfrm_state *x,
75 struct sk_buff *skb, __be32 net_seq);
76#else
77#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
78#endif /* CONFIG_AUDITSYSCALL */
79
c1969f29
DM		 80static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
81 xfrm_address_t *saddr,
82 u32 reqid,
a624c108 83 unsigned short family)
f034b5d4 84{
c1969f29 85 return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
f034b5d4
DM		 86}
87
667bbcb6
MN		 88static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
89 xfrm_address_t *saddr,
44e36b42 90 unsigned short family)
f034b5d4 91{
667bbcb6 92 return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
f034b5d4
DM		 93}
94
f034b5d4 95static inline unsigned int
8122adf0 96xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 97{
c1969f29 98 return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
f034b5d4
DM		 99}
100
f034b5d4
DM		 101static void xfrm_hash_transfer(struct hlist_head *list,
102 struct hlist_head *ndsttable,
103 struct hlist_head *nsrctable,
104 struct hlist_head *nspitable,
105 unsigned int nhashmask)
106{
107 struct hlist_node *entry, *tmp;
108 struct xfrm_state *x;
109
110 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
111 unsigned int h;
112
c1969f29
DM		 113 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
114 x->props.reqid, x->props.family,
115 nhashmask);
f034b5d4
DM		 116 hlist_add_head(&x->bydst, ndsttable+h);
117
667bbcb6
MN		 118 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
119 x->props.family,
f034b5d4
DM		 120 nhashmask);
121 hlist_add_head(&x->bysrc, nsrctable+h);
122
7b4dc360
MN		 123 if (x->id.spi) {
124 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
125 x->id.proto, x->props.family,
126 nhashmask);
127 hlist_add_head(&x->byspi, nspitable+h);
128 }
f034b5d4
DM		 129 }
130}
131
132static unsigned long xfrm_hash_new_size(void)
133{
134 return ((xfrm_state_hmask + 1) << 1) *
135 sizeof(struct hlist_head);
136}
137
138static DEFINE_MUTEX(hash_resize_mutex);
139
c4028958 140static void xfrm_hash_resize(struct work_struct *__unused)
f034b5d4
DM		 141{
142 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
143 unsigned long nsize, osize;
144 unsigned int nhashmask, ohashmask;
145 int i;
146
147 mutex_lock(&hash_resize_mutex);
148
149 nsize = xfrm_hash_new_size();
44e36b42 150 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 151 if (!ndst)
152 goto out_unlock;
44e36b42 153 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 154 if (!nsrc) {
44e36b42 155 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 156 goto out_unlock;
157 }
44e36b42 158 nspi = xfrm_hash_alloc(nsize);
f034b5d4 159 if (!nspi) {
44e36b42
DM		 160 xfrm_hash_free(ndst, nsize);
161 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 162 goto out_unlock;
163 }
164
165 spin_lock_bh(&xfrm_state_lock);
166
167 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
168 for (i = xfrm_state_hmask; i >= 0; i--)
169 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
170 nhashmask);
171
172 odst = xfrm_state_bydst;
173 osrc = xfrm_state_bysrc;
174 ospi = xfrm_state_byspi;
175 ohashmask = xfrm_state_hmask;
176
177 xfrm_state_bydst = ndst;
178 xfrm_state_bysrc = nsrc;
179 xfrm_state_byspi = nspi;
180 xfrm_state_hmask = nhashmask;
181
182 spin_unlock_bh(&xfrm_state_lock);
183
184 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 185 xfrm_hash_free(odst, osize);
186 xfrm_hash_free(osrc, osize);
187 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 188
189out_unlock:
190 mutex_unlock(&hash_resize_mutex);
191}
192
c4028958 193static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
f034b5d4 194
1da177e4
LT		 195DECLARE_WAIT_QUEUE_HEAD(km_waitq);
196EXPORT_SYMBOL(km_waitq);
197
198static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
199static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
200
201static struct work_struct xfrm_state_gc_work;
abb81c4f
HX		 202static LIST_HEAD(xfrm_state_gc_leftovers);
203static LIST_HEAD(xfrm_state_gc_list);
1da177e4
LT		 204static DEFINE_SPINLOCK(xfrm_state_gc_lock);
205
53bc6b4d 206int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 207
980ebd25 208int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 209void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4 210
aa5d62cc
HX		 211static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
212{
213 struct xfrm_state_afinfo *afinfo;
214 if (unlikely(family >= NPROTO))
215 return NULL;
216 write_lock_bh(&xfrm_state_afinfo_lock);
217 afinfo = xfrm_state_afinfo[family];
218 if (unlikely(!afinfo))
219 write_unlock_bh(&xfrm_state_afinfo_lock);
220 return afinfo;
221}
222
223static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 224 __releases(xfrm_state_afinfo_lock)
aa5d62cc
HX		 225{
226 write_unlock_bh(&xfrm_state_afinfo_lock);
227}
228
533cb5b0 229int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 230{
231 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 232 const struct xfrm_type **typemap;
aa5d62cc
HX		 233 int err = 0;
234
235 if (unlikely(afinfo == NULL))
236 return -EAFNOSUPPORT;
237 typemap = afinfo->type_map;
238
239 if (likely(typemap[type->proto] == NULL))
240 typemap[type->proto] = type;
241 else
242 err = -EEXIST;
243 xfrm_state_unlock_afinfo(afinfo);
244 return err;
245}
246EXPORT_SYMBOL(xfrm_register_type);
247
533cb5b0 248int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 249{
250 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 251 const struct xfrm_type **typemap;
aa5d62cc
HX		 252 int err = 0;
253
254 if (unlikely(afinfo == NULL))
255 return -EAFNOSUPPORT;
256 typemap = afinfo->type_map;
257
258 if (unlikely(typemap[type->proto] != type))
259 err = -ENOENT;
260 else
261 typemap[type->proto] = NULL;
262 xfrm_state_unlock_afinfo(afinfo);
263 return err;
264}
265EXPORT_SYMBOL(xfrm_unregister_type);
266
533cb5b0 267static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
aa5d62cc
HX		 268{
269 struct xfrm_state_afinfo *afinfo;
533cb5b0
ED		 270 const struct xfrm_type **typemap;
271 const struct xfrm_type *type;
aa5d62cc
HX		 272 int modload_attempted = 0;
273
274retry:
275 afinfo = xfrm_state_get_afinfo(family);
276 if (unlikely(afinfo == NULL))
277 return NULL;
278 typemap = afinfo->type_map;
279
280 type = typemap[proto];
281 if (unlikely(type && !try_module_get(type->owner)))
282 type = NULL;
283 if (!type && !modload_attempted) {
284 xfrm_state_put_afinfo(afinfo);
285 request_module("xfrm-type-%d-%d", family, proto);
286 modload_attempted = 1;
287 goto retry;
288 }
289
290 xfrm_state_put_afinfo(afinfo);
291 return type;
292}
293
533cb5b0 294static void xfrm_put_type(const struct xfrm_type *type)
aa5d62cc
HX		 295{
296 module_put(type->owner);
297}
298
299int xfrm_register_mode(struct xfrm_mode *mode, int family)
300{
301 struct xfrm_state_afinfo *afinfo;
302 struct xfrm_mode **modemap;
303 int err;
304
305 if (unlikely(mode->encap >= XFRM_MODE_MAX))
306 return -EINVAL;
307
308 afinfo = xfrm_state_lock_afinfo(family);
309 if (unlikely(afinfo == NULL))
310 return -EAFNOSUPPORT;
311
312 err = -EEXIST;
313 modemap = afinfo->mode_map;
17c2a42a
HX		 314 if (modemap[mode->encap])
315 goto out;
aa5d62cc 316
17c2a42a
HX		 317 err = -ENOENT;
318 if (!try_module_get(afinfo->owner))
319 goto out;
320
321 mode->afinfo = afinfo;
322 modemap[mode->encap] = mode;
323 err = 0;
324
325out:
aa5d62cc
HX		 326 xfrm_state_unlock_afinfo(afinfo);
327 return err;
328}
329EXPORT_SYMBOL(xfrm_register_mode);
330
331int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
332{
333 struct xfrm_state_afinfo *afinfo;
334 struct xfrm_mode **modemap;
335 int err;
336
337 if (unlikely(mode->encap >= XFRM_MODE_MAX))
338 return -EINVAL;
339
340 afinfo = xfrm_state_lock_afinfo(family);
341 if (unlikely(afinfo == NULL))
342 return -EAFNOSUPPORT;
343
344 err = -ENOENT;
345 modemap = afinfo->mode_map;
346 if (likely(modemap[mode->encap] == mode)) {
347 modemap[mode->encap] = NULL;
17c2a42a 348 module_put(mode->afinfo->owner);
aa5d62cc
HX		 349 err = 0;
350 }
351
352 xfrm_state_unlock_afinfo(afinfo);
353 return err;
354}
355EXPORT_SYMBOL(xfrm_unregister_mode);
356
357static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
358{
359 struct xfrm_state_afinfo *afinfo;
360 struct xfrm_mode *mode;
361 int modload_attempted = 0;
362
363 if (unlikely(encap >= XFRM_MODE_MAX))
364 return NULL;
365
366retry:
367 afinfo = xfrm_state_get_afinfo(family);
368 if (unlikely(afinfo == NULL))
369 return NULL;
370
371 mode = afinfo->mode_map[encap];
372 if (unlikely(mode && !try_module_get(mode->owner)))
373 mode = NULL;
374 if (!mode && !modload_attempted) {
375 xfrm_state_put_afinfo(afinfo);
376 request_module("xfrm-mode-%d-%d", family, encap);
377 modload_attempted = 1;
378 goto retry;
379 }
380
381 xfrm_state_put_afinfo(afinfo);
382 return mode;
383}
384
385static void xfrm_put_mode(struct xfrm_mode *mode)
386{
387 module_put(mode->owner);
388}
389
1da177e4
LT		 390static void xfrm_state_gc_destroy(struct xfrm_state *x)
391{
a47f0ce0
DM		 392 del_timer_sync(&x->timer);
393 del_timer_sync(&x->rtimer);
a51482bd
JJ		 394 kfree(x->aalg);
395 kfree(x->ealg);
396 kfree(x->calg);
397 kfree(x->encap);
060f02a3 398 kfree(x->coaddr);
13996378
HX		 399 if (x->inner_mode)
400 xfrm_put_mode(x->inner_mode);
df9dcb45
KM		 401 if (x->inner_mode_iaf)
402 xfrm_put_mode(x->inner_mode_iaf);
13996378
HX		 403 if (x->outer_mode)
404 xfrm_put_mode(x->outer_mode);
1da177e4
LT		 405 if (x->type) {
406 x->type->destructor(x);
407 xfrm_put_type(x->type);
408 }
df71837d 409 security_xfrm_state_free(x);
1da177e4
LT		 410 kfree(x);
411}
412
c4028958 413static void xfrm_state_gc_task(struct work_struct *data)
1da177e4 414{
abb81c4f
HX		 415 struct xfrm_state *x, *tmp;
416 unsigned long completed;
1da177e4 417
abb81c4f 418 mutex_lock(&xfrm_cfg_mutex);
1da177e4 419 spin_lock_bh(&xfrm_state_gc_lock);
abb81c4f 420 list_splice_tail_init(&xfrm_state_gc_list, &xfrm_state_gc_leftovers);
1da177e4
LT		 421 spin_unlock_bh(&xfrm_state_gc_lock);
422
abb81c4f
HX		 423 completed = xfrm_state_walk_completed;
424 mutex_unlock(&xfrm_cfg_mutex);
425
426 list_for_each_entry_safe(x, tmp, &xfrm_state_gc_leftovers, gclist) {
427 if ((long)(x->lastused - completed) > 0)
428 break;
08569908 429 list_del(&x->gclist);
1da177e4 430 xfrm_state_gc_destroy(x);
abb81c4f 431 }
8f126e37 432
1da177e4
LT		 433 wake_up(&km_waitq);
434}
435
436static inline unsigned long make_jiffies(long secs)
437{
438 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
439 return MAX_SCHEDULE_TIMEOUT-1;
440 else
a716c119 441 return secs*HZ;
1da177e4
LT		 442}
443
444static void xfrm_timer_handler(unsigned long data)
445{
446 struct xfrm_state *x = (struct xfrm_state*)data;
9d729f72 447 unsigned long now = get_seconds();
1da177e4
LT		 448 long next = LONG_MAX;
449 int warn = 0;
161a09e7 450 int err = 0;
1da177e4
LT		 451
452 spin_lock(&x->lock);
453 if (x->km.state == XFRM_STATE_DEAD)
454 goto out;
455 if (x->km.state == XFRM_STATE_EXPIRED)
456 goto expired;
457 if (x->lft.hard_add_expires_seconds) {
458 long tmo = x->lft.hard_add_expires_seconds +
459 x->curlft.add_time - now;
460 if (tmo <= 0)
461 goto expired;
462 if (tmo < next)
463 next = tmo;
464 }
465 if (x->lft.hard_use_expires_seconds) {
466 long tmo = x->lft.hard_use_expires_seconds +
467 (x->curlft.use_time ? : now) - now;
468 if (tmo <= 0)
469 goto expired;
470 if (tmo < next)
471 next = tmo;
472 }
473 if (x->km.dying)
474 goto resched;
475 if (x->lft.soft_add_expires_seconds) {
476 long tmo = x->lft.soft_add_expires_seconds +
477 x->curlft.add_time - now;
478 if (tmo <= 0)
479 warn = 1;
480 else if (tmo < next)
481 next = tmo;
482 }
483 if (x->lft.soft_use_expires_seconds) {
484 long tmo = x->lft.soft_use_expires_seconds +
485 (x->curlft.use_time ? : now) - now;
486 if (tmo <= 0)
487 warn = 1;
488 else if (tmo < next)
489 next = tmo;
490 }
491
4666faab 492 x->km.dying = warn;
1da177e4 493 if (warn)
53bc6b4d 494 km_state_expired(x, 0, 0);
1da177e4 495resched:
a47f0ce0
DM		 496 if (next != LONG_MAX)
497 mod_timer(&x->timer, jiffies + make_jiffies(next));
498
1da177e4
LT		 499 goto out;
500
501expired:
502 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
503 x->km.state = XFRM_STATE_EXPIRED;
504 wake_up(&km_waitq);
505 next = 2;
506 goto resched;
507 }
161a09e7
JL		 508
509 err = __xfrm_state_delete(x);
510 if (!err && x->id.spi)
53bc6b4d 511 km_state_expired(x, 1, 0);
1da177e4 512
ab5f5e8b 513 xfrm_audit_state_delete(x, err ? 0 : 1,
2532386f
EP		 514 audit_get_loginuid(current),
515 audit_get_sessionid(current), 0);
161a09e7 516
1da177e4
LT		 517out:
518 spin_unlock(&x->lock);
1da177e4
LT		 519}
520
0ac84752
DM		 521static void xfrm_replay_timer_handler(unsigned long data);
522
1da177e4
LT		 523struct xfrm_state *xfrm_state_alloc(void)
524{
525 struct xfrm_state *x;
526
0da974f4 527 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 528
529 if (x) {
1da177e4
LT		 530 atomic_set(&x->refcnt, 1);
531 atomic_set(&x->tunnel_users, 0);
4c563f76 532 INIT_LIST_HEAD(&x->all);
8f126e37
DM		 533 INIT_HLIST_NODE(&x->bydst);
534 INIT_HLIST_NODE(&x->bysrc);
535 INIT_HLIST_NODE(&x->byspi);
b24b8a24
PE		 536 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
537 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
538 (unsigned long)x);
9d729f72 539 x->curlft.add_time = get_seconds();
1da177e4
LT		 540 x->lft.soft_byte_limit = XFRM_INF;
541 x->lft.soft_packet_limit = XFRM_INF;
542 x->lft.hard_byte_limit = XFRM_INF;
543 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 544 x->replay_maxage = 0;
545 x->replay_maxdiff = 0;
df9dcb45
KM		 546 x->inner_mode = NULL;
547 x->inner_mode_iaf = NULL;
1da177e4
LT		 548 spin_lock_init(&x->lock);
549 }
550 return x;
551}
552EXPORT_SYMBOL(xfrm_state_alloc);
553
554void __xfrm_state_destroy(struct xfrm_state *x)
555{
547b792c 556 WARN_ON(x->km.state != XFRM_STATE_DEAD);
1da177e4
LT		 557
558 spin_lock_bh(&xfrm_state_gc_lock);
abb81c4f 559 list_add_tail(&x->gclist, &xfrm_state_gc_list);
1da177e4
LT		 560 spin_unlock_bh(&xfrm_state_gc_lock);
561 schedule_work(&xfrm_state_gc_work);
562}
563EXPORT_SYMBOL(__xfrm_state_destroy);
564
53bc6b4d 565int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 566{
26b15dad
JHS		 567 int err = -ESRCH;
568
1da177e4
LT		 569 if (x->km.state != XFRM_STATE_DEAD) {
570 x->km.state = XFRM_STATE_DEAD;
571 spin_lock(&xfrm_state_lock);
abb81c4f
HX		 572 x->lastused = xfrm_state_walk_ongoing;
573 list_del_rcu(&x->all);
8f126e37 574 hlist_del(&x->bydst);
8f126e37 575 hlist_del(&x->bysrc);
a47f0ce0 576 if (x->id.spi)
8f126e37 577 hlist_del(&x->byspi);
f034b5d4 578 xfrm_state_num--;
1da177e4 579 spin_unlock(&xfrm_state_lock);
1da177e4 580
1da177e4
LT		 581 /* All xfrm_state objects are created by xfrm_state_alloc.
582 * The xfrm_state_alloc call gives a reference, and that
583 * is what we are dropping here.
584 */
5dba4797 585 xfrm_state_put(x);
26b15dad 586 err = 0;
1da177e4 587 }
26b15dad
JHS		 588
589 return err;
1da177e4 590}
53bc6b4d 591EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 592
26b15dad 593int xfrm_state_delete(struct xfrm_state *x)
1da177e4 594{
26b15dad
JHS		 595 int err;
596
1da177e4 597 spin_lock_bh(&x->lock);
26b15dad 598 err = __xfrm_state_delete(x);
1da177e4 599 spin_unlock_bh(&x->lock);
26b15dad
JHS		 600
601 return err;
1da177e4
LT		 602}
603EXPORT_SYMBOL(xfrm_state_delete);
604
4aa2e62c
JL		 605#ifdef CONFIG_SECURITY_NETWORK_XFRM
606static inline int
607xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
1da177e4 608{
4aa2e62c
JL		 609 int i, err = 0;
610
611 for (i = 0; i <= xfrm_state_hmask; i++) {
612 struct hlist_node *entry;
613 struct xfrm_state *x;
614
615 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
616 if (xfrm_id_proto_match(x->id.proto, proto) &&
617 (err = security_xfrm_state_delete(x)) != 0) {
ab5f5e8b
JL		 618 xfrm_audit_state_delete(x, 0,
619 audit_info->loginuid,
2532386f 620 audit_info->sessionid,
ab5f5e8b 621 audit_info->secid);
4aa2e62c
JL		 622 return err;
623 }
624 }
625 }
626
627 return err;
628}
629#else
630static inline int
631xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
632{
633 return 0;
634}
635#endif
636
637int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
638{
639 int i, err = 0;
1da177e4
LT		 640
641 spin_lock_bh(&xfrm_state_lock);
4aa2e62c
JL		 642 err = xfrm_state_flush_secctx_check(proto, audit_info);
643 if (err)
644 goto out;
645
a9917c06 646 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37
DM		 647 struct hlist_node *entry;
648 struct xfrm_state *x;
1da177e4 649restart:
8f126e37 650 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1da177e4 651 if (!xfrm_state_kern(x) &&
5794708f 652 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 653 xfrm_state_hold(x);
654 spin_unlock_bh(&xfrm_state_lock);
655
161a09e7 656 err = xfrm_state_delete(x);
ab5f5e8b
JL		 657 xfrm_audit_state_delete(x, err ? 0 : 1,
658 audit_info->loginuid,
2532386f 659 audit_info->sessionid,
ab5f5e8b 660 audit_info->secid);
1da177e4
LT		 661 xfrm_state_put(x);
662
663 spin_lock_bh(&xfrm_state_lock);
664 goto restart;
665 }
666 }
667 }
4aa2e62c
JL		 668 err = 0;
669
670out:
1da177e4
LT		 671 spin_unlock_bh(&xfrm_state_lock);
672 wake_up(&km_waitq);
4aa2e62c 673 return err;
1da177e4
LT		 674}
675EXPORT_SYMBOL(xfrm_state_flush);
676
af11e316 677void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
28d8909b
JHS		 678{
679 spin_lock_bh(&xfrm_state_lock);
680 si->sadcnt = xfrm_state_num;
681 si->sadhcnt = xfrm_state_hmask;
682 si->sadhmcnt = xfrm_state_hashmax;
683 spin_unlock_bh(&xfrm_state_lock);
684}
685EXPORT_SYMBOL(xfrm_sad_getinfo);
686
1da177e4
LT		 687static int
688xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
689 struct xfrm_tmpl *tmpl,
690 xfrm_address_t *daddr, xfrm_address_t *saddr,
691 unsigned short family)
692{
693 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
694 if (!afinfo)
695 return -1;
696 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
697 xfrm_state_put_afinfo(afinfo);
698 return 0;
699}
700
a94cfd19 701static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821
DM		 702{
703 unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
704 struct xfrm_state *x;
8f126e37 705 struct hlist_node *entry;
edcd5821 706
8f126e37 707 hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
edcd5821
DM		 708 if (x->props.family != family ||
709 x->id.spi != spi ||
710 x->id.proto != proto)
711 continue;
712
713 switch (family) {
714 case AF_INET:
715 if (x->id.daddr.a4 != daddr->a4)
716 continue;
717 break;
718 case AF_INET6:
719 if (!ipv6_addr_equal((struct in6_addr *)daddr,
720 (struct in6_addr *)
721 x->id.daddr.a6))
722 continue;
723 break;
3ff50b79 724 }
edcd5821
DM		 725
726 xfrm_state_hold(x);
727 return x;
728 }
729
730 return NULL;
731}
732
733static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
734{
667bbcb6 735 unsigned int h = xfrm_src_hash(daddr, saddr, family);
edcd5821 736 struct xfrm_state *x;
8f126e37 737 struct hlist_node *entry;
edcd5821 738
8f126e37 739 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
edcd5821
DM		 740 if (x->props.family != family ||
741 x->id.proto != proto)
742 continue;
743
744 switch (family) {
745 case AF_INET:
746 if (x->id.daddr.a4 != daddr->a4 ||
747 x->props.saddr.a4 != saddr->a4)
748 continue;
749 break;
750 case AF_INET6:
751 if (!ipv6_addr_equal((struct in6_addr *)daddr,
752 (struct in6_addr *)
753 x->id.daddr.a6) ||
754 !ipv6_addr_equal((struct in6_addr *)saddr,
755 (struct in6_addr *)
756 x->props.saddr.a6))
757 continue;
758 break;
3ff50b79 759 }
edcd5821
DM		 760
761 xfrm_state_hold(x);
762 return x;
763 }
764
765 return NULL;
766}
767
768static inline struct xfrm_state *
769__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
770{
771 if (use_spi)
772 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
773 x->id.proto, family);
774 else
775 return __xfrm_state_lookup_byaddr(&x->id.daddr,
776 &x->props.saddr,
777 x->id.proto, family);
778}
779
2fab22f2
PM		 780static void xfrm_hash_grow_check(int have_hash_collision)
781{
782 if (have_hash_collision &&
783 (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
784 xfrm_state_num > xfrm_state_hmask)
785 schedule_work(&xfrm_hash_work);
786}
787
1da177e4 788struct xfrm_state *
a716c119 789xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 790 struct flowi *fl, struct xfrm_tmpl *tmpl,
791 struct xfrm_policy *pol, int *err,
792 unsigned short family)
793{
4bda4f25 794 unsigned int h;
8f126e37 795 struct hlist_node *entry;
37b08e34 796 struct xfrm_state *x, *x0, *to_put;
1da177e4
LT		 797 int acquire_in_progress = 0;
798 int error = 0;
799 struct xfrm_state *best = NULL;
a716c119 800
37b08e34
DM		 801 to_put = NULL;
802
1da177e4 803 spin_lock_bh(&xfrm_state_lock);
4bda4f25 804 h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
8f126e37 805 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1da177e4
LT		 806 if (x->props.family == family &&
807 x->props.reqid == tmpl->reqid &&
fbd9a5b4 808 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 809 xfrm_state_addr_check(x, daddr, saddr, family) &&
810 tmpl->mode == x->props.mode &&
811 tmpl->id.proto == x->id.proto &&
812 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
813 /* Resolution logic:
814 1. There is a valid state with matching selector.
815 Done.
816 2. Valid state with inappropriate selector. Skip.
817
818 Entering area of "sysdeps".
819
820 3. If state is not valid, selector is temporary,
821 it selects only session which triggered
822 previous resolution. Key manager will do
823 something to install a state with proper
824 selector.
825 */
826 if (x->km.state == XFRM_STATE_VALID) {
df9dcb45 827 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
e0d1caa7 828 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 829 continue;
830 if (!best ||
831 best->km.dying > x->km.dying ||
832 (best->km.dying == x->km.dying &&
833 best->curlft.add_time < x->curlft.add_time))
834 best = x;
835 } else if (x->km.state == XFRM_STATE_ACQ) {
836 acquire_in_progress = 1;
837 } else if (x->km.state == XFRM_STATE_ERROR ||
838 x->km.state == XFRM_STATE_EXPIRED) {
48b8d783 839 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
e0d1caa7 840 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 841 error = -ESRCH;
842 }
843 }
844 }
845
846 x = best;
847 if (!x && !error && !acquire_in_progress) {
5c5d281a 848 if (tmpl->id.spi &&
edcd5821
DM		 849 (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
850 tmpl->id.proto, family)) != NULL) {
37b08e34 851 to_put = x0;
1da177e4
LT		 852 error = -EEXIST;
853 goto out;
854 }
855 x = xfrm_state_alloc();
856 if (x == NULL) {
857 error = -ENOMEM;
858 goto out;
859 }
860 /* Initialize temporary selector matching only
861 * to current session. */
862 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
863
e0d1caa7
VY		 864 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
865 if (error) {
866 x->km.state = XFRM_STATE_DEAD;
37b08e34 867 to_put = x;
e0d1caa7
VY		 868 x = NULL;
869 goto out;
870 }
871
1da177e4
LT		 872 if (km_query(x, tmpl, pol) == 0) {
873 x->km.state = XFRM_STATE_ACQ;
225f4005 874 list_add_tail(&x->all, &xfrm_state_all);
8f126e37 875 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
667bbcb6 876 h = xfrm_src_hash(daddr, saddr, family);
8f126e37 877 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1da177e4
LT		 878 if (x->id.spi) {
879 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
8f126e37 880 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1da177e4 881 }
01e67d08
DM		 882 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
883 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1da177e4 884 add_timer(&x->timer);
2fab22f2
PM		 885 xfrm_state_num++;
886 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 887 } else {
888 x->km.state = XFRM_STATE_DEAD;
37b08e34 889 to_put = x;
1da177e4
LT		 890 x = NULL;
891 error = -ESRCH;
892 }
893 }
894out:
895 if (x)
896 xfrm_state_hold(x);
897 else
898 *err = acquire_in_progress ? -EAGAIN : error;
899 spin_unlock_bh(&xfrm_state_lock);
37b08e34
DM		 900 if (to_put)
901 xfrm_state_put(to_put);
1da177e4
LT		 902 return x;
903}
904
628529b6
JHS		 905struct xfrm_state *
906xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
907 unsigned short family, u8 mode, u8 proto, u32 reqid)
908{
4bda4f25 909 unsigned int h;
628529b6
JHS		 910 struct xfrm_state *rx = NULL, *x = NULL;
911 struct hlist_node *entry;
912
913 spin_lock(&xfrm_state_lock);
4bda4f25 914 h = xfrm_dst_hash(daddr, saddr, reqid, family);
628529b6
JHS		 915 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
916 if (x->props.family == family &&
917 x->props.reqid == reqid &&
918 !(x->props.flags & XFRM_STATE_WILDRECV) &&
919 xfrm_state_addr_check(x, daddr, saddr, family) &&
920 mode == x->props.mode &&
921 proto == x->id.proto &&
922 x->km.state == XFRM_STATE_VALID) {
923 rx = x;
924 break;
925 }
926 }
927
928 if (rx)
929 xfrm_state_hold(rx);
930 spin_unlock(&xfrm_state_lock);
931
932
933 return rx;
934}
935EXPORT_SYMBOL(xfrm_stateonly_find);
936
1da177e4
LT		 937static void __xfrm_state_insert(struct xfrm_state *x)
938{
a624c108 939 unsigned int h;
1da177e4 940
9d4a706d
DM		 941 x->genid = ++xfrm_state_genid;
942
4c563f76
TT		 943 list_add_tail(&x->all, &xfrm_state_all);
944
c1969f29
DM		 945 h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
946 x->props.reqid, x->props.family);
8f126e37 947 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1da177e4 948
667bbcb6 949 h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
8f126e37 950 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1da177e4 951
7b4dc360 952 if (x->id.spi) {
6c44e6b7
MN		 953 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
954 x->props.family);
955
8f126e37 956 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
6c44e6b7
MN		 957 }
958
a47f0ce0
DM		 959 mod_timer(&x->timer, jiffies + HZ);
960 if (x->replay_maxage)
961 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 962
1da177e4 963 wake_up(&km_waitq);
f034b5d4
DM		 964
965 xfrm_state_num++;
966
918049f0 967 xfrm_hash_grow_check(x->bydst.next != NULL);
1da177e4
LT		 968}
969
c7f5ea3a
DM		 970/* xfrm_state_lock is held */
971static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
972{
973 unsigned short family = xnew->props.family;
974 u32 reqid = xnew->props.reqid;
975 struct xfrm_state *x;
976 struct hlist_node *entry;
977 unsigned int h;
978
c1969f29 979 h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
c7f5ea3a
DM		 980 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
981 if (x->props.family == family &&
982 x->props.reqid == reqid &&
c1969f29
DM		 983 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
984 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 985 x->genid = xfrm_state_genid;
986 }
987}
988
1da177e4
LT		 989void xfrm_state_insert(struct xfrm_state *x)
990{
991 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 992 __xfrm_state_bump_genids(x);
1da177e4
LT		 993 __xfrm_state_insert(x);
994 spin_unlock_bh(&xfrm_state_lock);
995}
996EXPORT_SYMBOL(xfrm_state_insert);
997
2770834c
DM		 998/* xfrm_state_lock is held */
999static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
1000{
c1969f29 1001 unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
8f126e37 1002 struct hlist_node *entry;
2770834c
DM		 1003 struct xfrm_state *x;
1004
8f126e37 1005 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
2770834c
DM		 1006 if (x->props.reqid != reqid ||
1007 x->props.mode != mode ||
1008 x->props.family != family ||
1009 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 1010 x->id.spi != 0 ||
1011 x->id.proto != proto)
2770834c
DM		 1012 continue;
1013
1014 switch (family) {
1015 case AF_INET:
1016 if (x->id.daddr.a4 != daddr->a4 ||
1017 x->props.saddr.a4 != saddr->a4)
1018 continue;
1019 break;
1020 case AF_INET6:
1021 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
1022 (struct in6_addr *)daddr) ||
1023 !ipv6_addr_equal((struct in6_addr *)
1024 x->props.saddr.a6,
1025 (struct in6_addr *)saddr))
1026 continue;
1027 break;
3ff50b79 1028 }
2770834c
DM		 1029
1030 xfrm_state_hold(x);
1031 return x;
1032 }
1033
1034 if (!create)
1035 return NULL;
1036
1037 x = xfrm_state_alloc();
1038 if (likely(x)) {
1039 switch (family) {
1040 case AF_INET:
1041 x->sel.daddr.a4 = daddr->a4;
1042 x->sel.saddr.a4 = saddr->a4;
1043 x->sel.prefixlen_d = 32;
1044 x->sel.prefixlen_s = 32;
1045 x->props.saddr.a4 = saddr->a4;
1046 x->id.daddr.a4 = daddr->a4;
1047 break;
1048
1049 case AF_INET6:
1050 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1051 (struct in6_addr *)daddr);
1052 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1053 (struct in6_addr *)saddr);
1054 x->sel.prefixlen_d = 128;
1055 x->sel.prefixlen_s = 128;
1056 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1057 (struct in6_addr *)saddr);
1058 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1059 (struct in6_addr *)daddr);
1060 break;
3ff50b79 1061 }
2770834c
DM		 1062
1063 x->km.state = XFRM_STATE_ACQ;
1064 x->id.proto = proto;
1065 x->props.family = family;
1066 x->props.mode = mode;
1067 x->props.reqid = reqid;
01e67d08 1068 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
2770834c 1069 xfrm_state_hold(x);
01e67d08 1070 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
2770834c 1071 add_timer(&x->timer);
225f4005 1072 list_add_tail(&x->all, &xfrm_state_all);
8f126e37 1073 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
667bbcb6 1074 h = xfrm_src_hash(daddr, saddr, family);
8f126e37 1075 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
918049f0
DM		 1076
1077 xfrm_state_num++;
1078
1079 xfrm_hash_grow_check(x->bydst.next != NULL);
2770834c
DM		 1080 }
1081
1082 return x;
1083}
1084
1da177e4
LT		 1085static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1086
1087int xfrm_state_add(struct xfrm_state *x)
1088{
37b08e34 1089 struct xfrm_state *x1, *to_put;
1da177e4
LT		 1090 int family;
1091 int err;
eb2971b6 1092 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 1093
1094 family = x->props.family;
1da177e4 1095
37b08e34
DM		 1096 to_put = NULL;
1097
1da177e4
LT		 1098 spin_lock_bh(&xfrm_state_lock);
1099
edcd5821 1100 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4 1101 if (x1) {
37b08e34 1102 to_put = x1;
1da177e4
LT		 1103 x1 = NULL;
1104 err = -EEXIST;
1105 goto out;
1106 }
1107
eb2971b6 1108 if (use_spi && x->km.seq) {
1da177e4 1109 x1 = __xfrm_find_acq_byseq(x->km.seq);
75e252d9
JL		 1110 if (x1 && ((x1->id.proto != x->id.proto) ||
1111 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
37b08e34 1112 to_put = x1;
1da177e4
LT		 1113 x1 = NULL;
1114 }
1115 }
1116
eb2971b6 1117 if (use_spi && !x1)
2770834c
DM		 1118 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1119 x->id.proto,
1120 &x->id.daddr, &x->props.saddr, 0);
1da177e4 1121
c7f5ea3a 1122 __xfrm_state_bump_genids(x);
1da177e4
LT		 1123 __xfrm_state_insert(x);
1124 err = 0;
1125
1126out:
1127 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1128
1129 if (x1) {
1130 xfrm_state_delete(x1);
1131 xfrm_state_put(x1);
1132 }
1133
37b08e34
DM		 1134 if (to_put)
1135 xfrm_state_put(to_put);
1136
1da177e4
LT		 1137 return err;
1138}
1139EXPORT_SYMBOL(xfrm_state_add);
1140
80c9abaa 1141#ifdef CONFIG_XFRM_MIGRATE
6666351d 1142static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
80c9abaa
SS		 1143{
1144 int err = -ENOMEM;
1145 struct xfrm_state *x = xfrm_state_alloc();
1146 if (!x)
1147 goto error;
1148
1149 memcpy(&x->id, &orig->id, sizeof(x->id));
1150 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1151 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1152 x->props.mode = orig->props.mode;
1153 x->props.replay_window = orig->props.replay_window;
1154 x->props.reqid = orig->props.reqid;
1155 x->props.family = orig->props.family;
1156 x->props.saddr = orig->props.saddr;
1157
1158 if (orig->aalg) {
1159 x->aalg = xfrm_algo_clone(orig->aalg);
1160 if (!x->aalg)
1161 goto error;
1162 }
1163 x->props.aalgo = orig->props.aalgo;
1164
1165 if (orig->ealg) {
1166 x->ealg = xfrm_algo_clone(orig->ealg);
1167 if (!x->ealg)
1168 goto error;
1169 }
1170 x->props.ealgo = orig->props.ealgo;
1171
1172 if (orig->calg) {
1173 x->calg = xfrm_algo_clone(orig->calg);
1174 if (!x->calg)
1175 goto error;
1176 }
1177 x->props.calgo = orig->props.calgo;
1178
a716c119 1179 if (orig->encap) {
80c9abaa
SS		 1180 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1181 if (!x->encap)
1182 goto error;
1183 }
1184
1185 if (orig->coaddr) {
1186 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1187 GFP_KERNEL);
1188 if (!x->coaddr)
1189 goto error;
1190 }
1191
1192 err = xfrm_init_state(x);
1193 if (err)
1194 goto error;
1195
1196 x->props.flags = orig->props.flags;
1197
1198 x->curlft.add_time = orig->curlft.add_time;
1199 x->km.state = orig->km.state;
1200 x->km.seq = orig->km.seq;
1201
1202 return x;
1203
1204 error:
1205 if (errp)
1206 *errp = err;
1207 if (x) {
1208 kfree(x->aalg);
1209 kfree(x->ealg);
1210 kfree(x->calg);
1211 kfree(x->encap);
1212 kfree(x->coaddr);
1213 }
1214 kfree(x);
1215 return NULL;
1216}
80c9abaa
SS		 1217
1218/* xfrm_state_lock is held */
1219struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1220{
1221 unsigned int h;
1222 struct xfrm_state *x;
1223 struct hlist_node *entry;
1224
1225 if (m->reqid) {
1226 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1227 m->reqid, m->old_family);
1228 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1229 if (x->props.mode != m->mode ||
1230 x->id.proto != m->proto)
1231 continue;
1232 if (m->reqid && x->props.reqid != m->reqid)
1233 continue;
1234 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1235 m->old_family) ||
1236 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1237 m->old_family))
1238 continue;
1239 xfrm_state_hold(x);
1240 return x;
1241 }
1242 } else {
1243 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1244 m->old_family);
1245 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1246 if (x->props.mode != m->mode ||
1247 x->id.proto != m->proto)
1248 continue;
1249 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1250 m->old_family) ||
1251 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1252 m->old_family))
1253 continue;
1254 xfrm_state_hold(x);
1255 return x;
1256 }
1257 }
1258
a716c119 1259 return NULL;
80c9abaa
SS		 1260}
1261EXPORT_SYMBOL(xfrm_migrate_state_find);
1262
1263struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1264 struct xfrm_migrate *m)
1265{
1266 struct xfrm_state *xc;
1267 int err;
1268
1269 xc = xfrm_state_clone(x, &err);
1270 if (!xc)
1271 return NULL;
1272
1273 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1274 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1275
1276 /* add state */
1277 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1278 /* a care is needed when the destination address of the
1279 state is to be updated as it is a part of triplet */
1280 xfrm_state_insert(xc);
1281 } else {
1282 if ((err = xfrm_state_add(xc)) < 0)
1283 goto error;
1284 }
1285
1286 return xc;
1287error:
1288 kfree(xc);
1289 return NULL;
1290}
1291EXPORT_SYMBOL(xfrm_state_migrate);
1292#endif
1293
1da177e4
LT		 1294int xfrm_state_update(struct xfrm_state *x)
1295{
37b08e34 1296 struct xfrm_state *x1, *to_put;
1da177e4 1297 int err;
eb2971b6 1298 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1299
37b08e34
DM		 1300 to_put = NULL;
1301
1da177e4 1302 spin_lock_bh(&xfrm_state_lock);
edcd5821 1303 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1304
1305 err = -ESRCH;
1306 if (!x1)
1307 goto out;
1308
1309 if (xfrm_state_kern(x1)) {
37b08e34 1310 to_put = x1;
1da177e4
LT		 1311 err = -EEXIST;
1312 goto out;
1313 }
1314
1315 if (x1->km.state == XFRM_STATE_ACQ) {
1316 __xfrm_state_insert(x);
1317 x = NULL;
1318 }
1319 err = 0;
1320
1321out:
1322 spin_unlock_bh(&xfrm_state_lock);
1da177e4 1323
37b08e34
DM		 1324 if (to_put)
1325 xfrm_state_put(to_put);
1326
1da177e4
LT		 1327 if (err)
1328 return err;
1329
1330 if (!x) {
1331 xfrm_state_delete(x1);
1332 xfrm_state_put(x1);
1333 return 0;
1334 }
1335
1336 err = -EINVAL;
1337 spin_lock_bh(&x1->lock);
1338 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1339 if (x->encap && x1->encap)
1340 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1341 if (x->coaddr && x1->coaddr) {
1342 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1343 }
1344 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1345 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1346 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1347 x1->km.dying = 0;
1348
a47f0ce0 1349 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1350 if (x1->curlft.use_time)
1351 xfrm_state_check_expire(x1);
1352
1353 err = 0;
1354 }
1355 spin_unlock_bh(&x1->lock);
1356
1357 xfrm_state_put(x1);
1358
1359 return err;
1360}
1361EXPORT_SYMBOL(xfrm_state_update);
1362
1363int xfrm_state_check_expire(struct xfrm_state *x)
1364{
1365 if (!x->curlft.use_time)
9d729f72 1366 x->curlft.use_time = get_seconds();
1da177e4
LT		 1367
1368 if (x->km.state != XFRM_STATE_VALID)
1369 return -EINVAL;
1370
1371 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1372 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1373 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1374 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1375 return -EINVAL;
1376 }
1377
1378 if (!x->km.dying &&
1379 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1380 x->curlft.packets >= x->lft.soft_packet_limit)) {
1381 x->km.dying = 1;
53bc6b4d 1382 km_state_expired(x, 0, 0);
4666faab 1383 }
1da177e4
LT		 1384 return 0;
1385}
1386EXPORT_SYMBOL(xfrm_state_check_expire);
1387
1da177e4 1388struct xfrm_state *
a94cfd19 1389xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1390 unsigned short family)
1391{
1392 struct xfrm_state *x;
1da177e4
LT		 1393
1394 spin_lock_bh(&xfrm_state_lock);
edcd5821 1395 x = __xfrm_state_lookup(daddr, spi, proto, family);
1da177e4 1396 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1397 return x;
1398}
1399EXPORT_SYMBOL(xfrm_state_lookup);
1400
1401struct xfrm_state *
eb2971b6
MN		 1402xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1403 u8 proto, unsigned short family)
1404{
1405 struct xfrm_state *x;
eb2971b6
MN		 1406
1407 spin_lock_bh(&xfrm_state_lock);
edcd5821 1408 x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
eb2971b6 1409 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1410 return x;
1411}
1412EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1413
1414struct xfrm_state *
a716c119
YH		 1415xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1416 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1417 int create, unsigned short family)
1418{
1419 struct xfrm_state *x;
1da177e4
LT		 1420
1421 spin_lock_bh(&xfrm_state_lock);
2770834c 1422 x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1423 spin_unlock_bh(&xfrm_state_lock);
2770834c 1424
1da177e4
LT		 1425 return x;
1426}
1427EXPORT_SYMBOL(xfrm_find_acq);
1428
41a49cc3
MN		 1429#ifdef CONFIG_XFRM_SUB_POLICY
1430int
1431xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1432 unsigned short family)
1433{
1434 int err = 0;
1435 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1436 if (!afinfo)
1437 return -EAFNOSUPPORT;
1438
1439 spin_lock_bh(&xfrm_state_lock);
1440 if (afinfo->tmpl_sort)
1441 err = afinfo->tmpl_sort(dst, src, n);
1442 spin_unlock_bh(&xfrm_state_lock);
1443 xfrm_state_put_afinfo(afinfo);
1444 return err;
1445}
1446EXPORT_SYMBOL(xfrm_tmpl_sort);
1447
1448int
1449xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1450 unsigned short family)
1451{
1452 int err = 0;
1453 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1454 if (!afinfo)
1455 return -EAFNOSUPPORT;
1456
1457 spin_lock_bh(&xfrm_state_lock);
1458 if (afinfo->state_sort)
1459 err = afinfo->state_sort(dst, src, n);
1460 spin_unlock_bh(&xfrm_state_lock);
1461 xfrm_state_put_afinfo(afinfo);
1462 return err;
1463}
1464EXPORT_SYMBOL(xfrm_state_sort);
1465#endif
1466
1da177e4
LT		 1467/* Silly enough, but I'm lazy to build resolution list */
1468
1469static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1470{
1471 int i;
1da177e4 1472
f034b5d4 1473 for (i = 0; i <= xfrm_state_hmask; i++) {
8f126e37
DM		 1474 struct hlist_node *entry;
1475 struct xfrm_state *x;
1476
1477 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1478 if (x->km.seq == seq &&
1479 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1480 xfrm_state_hold(x);
1481 return x;
1482 }
1483 }
1484 }
1485 return NULL;
1486}
1487
1488struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1489{
1490 struct xfrm_state *x;
1491
1492 spin_lock_bh(&xfrm_state_lock);
1493 x = __xfrm_find_acq_byseq(seq);
1494 spin_unlock_bh(&xfrm_state_lock);
1495 return x;
1496}
1497EXPORT_SYMBOL(xfrm_find_acq_byseq);
1498
1499u32 xfrm_get_acqseq(void)
1500{
1501 u32 res;
1502 static u32 acqseq;
1503 static DEFINE_SPINLOCK(acqseq_lock);
1504
1505 spin_lock_bh(&acqseq_lock);
1506 res = (++acqseq ? : ++acqseq);
1507 spin_unlock_bh(&acqseq_lock);
1508 return res;
1509}
1510EXPORT_SYMBOL(xfrm_get_acqseq);
1511
658b219e 1512int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1da177e4 1513{
f034b5d4 1514 unsigned int h;
1da177e4 1515 struct xfrm_state *x0;
658b219e
HX		 1516 int err = -ENOENT;
1517 __be32 minspi = htonl(low);
1518 __be32 maxspi = htonl(high);
1da177e4 1519
658b219e
HX		 1520 spin_lock_bh(&x->lock);
1521 if (x->km.state == XFRM_STATE_DEAD)
1522 goto unlock;
1523
1524 err = 0;
1da177e4 1525 if (x->id.spi)
658b219e
HX		 1526 goto unlock;
1527
1528 err = -ENOENT;
1da177e4
LT		 1529
1530 if (minspi == maxspi) {
1531 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1532 if (x0) {
1533 xfrm_state_put(x0);
658b219e 1534 goto unlock;
1da177e4
LT		 1535 }
1536 x->id.spi = minspi;
1537 } else {
1538 u32 spi = 0;
26977b4e
AV		 1539 for (h=0; h<high-low+1; h++) {
1540 spi = low + net_random()%(high-low+1);
1da177e4
LT		 1541 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1542 if (x0 == NULL) {
1543 x->id.spi = htonl(spi);
1544 break;
1545 }
1546 xfrm_state_put(x0);
1547 }
1548 }
1549 if (x->id.spi) {
1550 spin_lock_bh(&xfrm_state_lock);
1551 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
8f126e37 1552 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1da177e4 1553 spin_unlock_bh(&xfrm_state_lock);
658b219e
HX		 1554
1555 err = 0;
1da177e4 1556 }
658b219e
HX		 1557
1558unlock:
1559 spin_unlock_bh(&x->lock);
1560
1561 return err;
1da177e4
LT		 1562}
1563EXPORT_SYMBOL(xfrm_alloc_spi);
1564
4c563f76
TT		 1565int xfrm_state_walk(struct xfrm_state_walk *walk,
1566 int (*func)(struct xfrm_state *, int, void*),
1da177e4
LT		 1567 void *data)
1568{
4c563f76 1569 struct xfrm_state *old, *x, *last = NULL;
1da177e4
LT		 1570 int err = 0;
1571
4c563f76
TT		 1572 if (walk->state == NULL && walk->count != 0)
1573 return 0;
1574
1575 old = x = walk->state;
1576 walk->state = NULL;
1da177e4 1577 spin_lock_bh(&xfrm_state_lock);
4c563f76
TT		 1578 if (x == NULL)
1579 x = list_first_entry(&xfrm_state_all, struct xfrm_state, all);
1580 list_for_each_entry_from(x, &xfrm_state_all, all) {
1581 if (x->km.state == XFRM_STATE_DEAD)
1582 continue;
1583 if (!xfrm_id_proto_match(x->id.proto, walk->proto))
1584 continue;
1585 if (last) {
1586 err = func(last, walk->count, data);
1587 if (err) {
1588 xfrm_state_hold(last);
1589 walk->state = last;
1590 goto out;
94b9bb54 1591 }
1da177e4 1592 }
4c563f76
TT		 1593 last = x;
1594 walk->count++;
1da177e4 1595 }
4c563f76 1596 if (walk->count == 0) {
1da177e4
LT		 1597 err = -ENOENT;
1598 goto out;
1599 }
4c563f76
TT		 1600 if (last)
1601 err = func(last, 0, data);
1da177e4
LT		 1602out:
1603 spin_unlock_bh(&xfrm_state_lock);
5c182458 1604 if (old != NULL)
4c563f76 1605 xfrm_state_put(old);
1da177e4
LT		 1606 return err;
1607}
1608EXPORT_SYMBOL(xfrm_state_walk);
1609
5c182458
HX		 1610void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1611{
1612 walk->proto = proto;
1613 walk->state = NULL;
1614 walk->count = 0;
1615 list_add_tail(&walk->list, &xfrm_state_walks);
1616 walk->genid = ++xfrm_state_walk_ongoing;
1617}
1618EXPORT_SYMBOL(xfrm_state_walk_init);
1619
abb81c4f
HX		 1620void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1621{
5c182458
HX		 1622 struct list_head *prev;
1623
abb81c4f
HX		 1624 if (walk->state != NULL) {
1625 xfrm_state_put(walk->state);
1626 walk->state = NULL;
abb81c4f 1627 }
5c182458
HX		 1628
1629 prev = walk->list.prev;
1630 list_del(&walk->list);
1631
1632 if (prev != &xfrm_state_walks) {
1633 list_entry(prev, struct xfrm_state_walk, list)->genid =
1634 walk->genid;
1635 return;
1636 }
1637
1638 xfrm_state_walk_completed = walk->genid;
1639
1640 if (!list_empty(&xfrm_state_gc_leftovers))
1641 schedule_work(&xfrm_state_gc_work);
abb81c4f
HX		 1642}
1643EXPORT_SYMBOL(xfrm_state_walk_done);
1644
f8cd5488
JHS		 1645
1646void xfrm_replay_notify(struct xfrm_state *x, int event)
1647{
1648 struct km_event c;
1649 /* we send notify messages in case
1650 * 1. we updated on of the sequence numbers, and the seqno difference
1651 * is at least x->replay_maxdiff, in this case we also update the
1652 * timeout of our timer function
1653 * 2. if x->replay_maxage has elapsed since last update,
1654 * and there were changes
1655 *
1656 * The state structure must be locked!
1657 */
1658
1659 switch (event) {
1660 case XFRM_REPLAY_UPDATE:
1661 if (x->replay_maxdiff &&
1662 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1663 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1664 if (x->xflags & XFRM_TIME_DEFER)
1665 event = XFRM_REPLAY_TIMEOUT;
1666 else
1667 return;
1668 }
f8cd5488
JHS		 1669
1670 break;
1671
1672 case XFRM_REPLAY_TIMEOUT:
1673 if ((x->replay.seq == x->preplay.seq) &&
1674 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1675 (x->replay.oseq == x->preplay.oseq)) {
1676 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1677 return;
2717096a 1678 }
f8cd5488
JHS		 1679
1680 break;
1681 }
1682
1683 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1684 c.event = XFRM_MSG_NEWAE;
1685 c.data.aevent = event;
1686 km_state_notify(x, &c);
1687
f8cd5488 1688 if (x->replay_maxage &&
a47f0ce0 1689 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1690 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488
JHS		 1691}
1692
1693static void xfrm_replay_timer_handler(unsigned long data)
1694{
1695 struct xfrm_state *x = (struct xfrm_state*)data;
1696
1697 spin_lock(&x->lock);
1698
2717096a
JHS		 1699 if (x->km.state == XFRM_STATE_VALID) {
1700 if (xfrm_aevent_is_on())
1701 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1702 else
1703 x->xflags |= XFRM_TIME_DEFER;
1704 }
f8cd5488
JHS		 1705
1706 spin_unlock(&x->lock);
1707}
1708
afeb14b4
PM		 1709int xfrm_replay_check(struct xfrm_state *x,
1710 struct sk_buff *skb, __be32 net_seq)
1da177e4
LT		 1711{
1712 u32 diff;
a252cc23 1713 u32 seq = ntohl(net_seq);
1da177e4
LT		 1714
1715 if (unlikely(seq == 0))
afeb14b4 1716 goto err;
1da177e4
LT		 1717
1718 if (likely(seq > x->replay.seq))
1719 return 0;
1720
1721 diff = x->replay.seq - seq;
4c4d51a7
HX		 1722 if (diff >= min_t(unsigned int, x->props.replay_window,
1723 sizeof(x->replay.bitmap) * 8)) {
1da177e4 1724 x->stats.replay_window++;
afeb14b4 1725 goto err;
1da177e4
LT		 1726 }
1727
1728 if (x->replay.bitmap & (1U << diff)) {
1729 x->stats.replay++;
afeb14b4 1730 goto err;
1da177e4
LT		 1731 }
1732 return 0;
afeb14b4
PM		 1733
1734err:
1735 xfrm_audit_state_replay(x, skb, net_seq);
1736 return -EINVAL;
1da177e4 1737}
1da177e4 1738
61f4627b 1739void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1740{
1741 u32 diff;
61f4627b 1742 u32 seq = ntohl(net_seq);
1da177e4
LT		 1743
1744 if (seq > x->replay.seq) {
1745 diff = seq - x->replay.seq;
1746 if (diff < x->props.replay_window)
1747 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1748 else
1749 x->replay.bitmap = 1;
1750 x->replay.seq = seq;
1751 } else {
1752 diff = x->replay.seq - seq;
1753 x->replay.bitmap |= (1U << diff);
1754 }
f8cd5488
JHS		 1755
1756 if (xfrm_aevent_is_on())
1757 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4 1758}
1da177e4 1759
df01812e 1760static LIST_HEAD(xfrm_km_list);
1da177e4
LT		 1761static DEFINE_RWLOCK(xfrm_km_lock);
1762
26b15dad 1763void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1764{
1765 struct xfrm_mgr *km;
1766
26b15dad
JHS		 1767 read_lock(&xfrm_km_lock);
1768 list_for_each_entry(km, &xfrm_km_list, list)
1769 if (km->notify_policy)
1770 km->notify_policy(xp, dir, c);
1771 read_unlock(&xfrm_km_lock);
1772}
1da177e4 1773
26b15dad
JHS		 1774void km_state_notify(struct xfrm_state *x, struct km_event *c)
1775{
1776 struct xfrm_mgr *km;
1da177e4
LT		 1777 read_lock(&xfrm_km_lock);
1778 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1779 if (km->notify)
1780 km->notify(x, c);
1da177e4 1781 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1782}
1783
1784EXPORT_SYMBOL(km_policy_notify);
1785EXPORT_SYMBOL(km_state_notify);
1786
53bc6b4d 1787void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad
JHS		 1788{
1789 struct km_event c;
1790
bf08867f 1791 c.data.hard = hard;
53bc6b4d 1792 c.pid = pid;
f60f6b8f 1793 c.event = XFRM_MSG_EXPIRE;
26b15dad 1794 km_state_notify(x, &c);
1da177e4
LT		 1795
1796 if (hard)
1797 wake_up(&km_waitq);
1798}
1799
53bc6b4d 1800EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1801/*
1802 * We send to all registered managers regardless of failure
1803 * We are happy with one success
1804*/
980ebd25 1805int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1806{
26b15dad 1807 int err = -EINVAL, acqret;
1da177e4
LT		 1808 struct xfrm_mgr *km;
1809
1810 read_lock(&xfrm_km_lock);
1811 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1812 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1813 if (!acqret)
1814 err = acqret;
1da177e4
LT		 1815 }
1816 read_unlock(&xfrm_km_lock);
1817 return err;
1818}
980ebd25 1819EXPORT_SYMBOL(km_query);
1da177e4 1820
5d36b180 1821int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1822{
1823 int err = -EINVAL;
1824 struct xfrm_mgr *km;
1825
1826 read_lock(&xfrm_km_lock);
1827 list_for_each_entry(km, &xfrm_km_list, list) {
1828 if (km->new_mapping)
1829 err = km->new_mapping(x, ipaddr, sport);
1830 if (!err)
1831 break;
1832 }
1833 read_unlock(&xfrm_km_lock);
1834 return err;
1835}
1836EXPORT_SYMBOL(km_new_mapping);
1837
6c5c8ca7 1838void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1839{
26b15dad 1840 struct km_event c;
1da177e4 1841
bf08867f 1842 c.data.hard = hard;
6c5c8ca7 1843 c.pid = pid;
f60f6b8f 1844 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1845 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1846
1847 if (hard)
1848 wake_up(&km_waitq);
1849}
a70fcb0b 1850EXPORT_SYMBOL(km_policy_expired);
1da177e4 1851
2d60abc2 1852#ifdef CONFIG_XFRM_MIGRATE
80c9abaa
SS		 1853int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1854 struct xfrm_migrate *m, int num_migrate)
1855{
1856 int err = -EINVAL;
1857 int ret;
1858 struct xfrm_mgr *km;
1859
1860 read_lock(&xfrm_km_lock);
1861 list_for_each_entry(km, &xfrm_km_list, list) {
1862 if (km->migrate) {
1863 ret = km->migrate(sel, dir, type, m, num_migrate);
1864 if (!ret)
1865 err = ret;
1866 }
1867 }
1868 read_unlock(&xfrm_km_lock);
1869 return err;
1870}
1871EXPORT_SYMBOL(km_migrate);
2d60abc2 1872#endif
80c9abaa 1873
97a64b45
MN		 1874int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1875{
1876 int err = -EINVAL;
1877 int ret;
1878 struct xfrm_mgr *km;
1879
1880 read_lock(&xfrm_km_lock);
1881 list_for_each_entry(km, &xfrm_km_list, list) {
1882 if (km->report) {
1883 ret = km->report(proto, sel, addr);
1884 if (!ret)
1885 err = ret;
1886 }
1887 }
1888 read_unlock(&xfrm_km_lock);
1889 return err;
1890}
1891EXPORT_SYMBOL(km_report);
1892
1da177e4
LT		 1893int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1894{
1895 int err;
1896 u8 *data;
1897 struct xfrm_mgr *km;
1898 struct xfrm_policy *pol = NULL;
1899
1900 if (optlen <= 0 || optlen > PAGE_SIZE)
1901 return -EMSGSIZE;
1902
1903 data = kmalloc(optlen, GFP_KERNEL);
1904 if (!data)
1905 return -ENOMEM;
1906
1907 err = -EFAULT;
1908 if (copy_from_user(data, optval, optlen))
1909 goto out;
1910
1911 err = -EINVAL;
1912 read_lock(&xfrm_km_lock);
1913 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1914 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1915 optlen, &err);
1916 if (err >= 0)
1917 break;
1918 }
1919 read_unlock(&xfrm_km_lock);
1920
1921 if (err >= 0) {
1922 xfrm_sk_policy_insert(sk, err, pol);
1923 xfrm_pol_put(pol);
1924 err = 0;
1925 }
1926
1927out:
1928 kfree(data);
1929 return err;
1930}
1931EXPORT_SYMBOL(xfrm_user_policy);
1932
1933int xfrm_register_km(struct xfrm_mgr *km)
1934{
1935 write_lock_bh(&xfrm_km_lock);
1936 list_add_tail(&km->list, &xfrm_km_list);
1937 write_unlock_bh(&xfrm_km_lock);
1938 return 0;
1939}
1940EXPORT_SYMBOL(xfrm_register_km);
1941
1942int xfrm_unregister_km(struct xfrm_mgr *km)
1943{
1944 write_lock_bh(&xfrm_km_lock);
1945 list_del(&km->list);
1946 write_unlock_bh(&xfrm_km_lock);
1947 return 0;
1948}
1949EXPORT_SYMBOL(xfrm_unregister_km);
1950
1951int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1952{
1953 int err = 0;
1954 if (unlikely(afinfo == NULL))
1955 return -EINVAL;
1956 if (unlikely(afinfo->family >= NPROTO))
1957 return -EAFNOSUPPORT;
f3111502 1958 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1959 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1960 err = -ENOBUFS;
edcd5821 1961 else
1da177e4 1962 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1963 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1964 return err;
1965}
1966EXPORT_SYMBOL(xfrm_state_register_afinfo);
1967
1968int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1969{
1970 int err = 0;
1971 if (unlikely(afinfo == NULL))
1972 return -EINVAL;
1973 if (unlikely(afinfo->family >= NPROTO))
1974 return -EAFNOSUPPORT;
f3111502 1975 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1976 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1977 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1978 err = -EINVAL;
edcd5821 1979 else
1da177e4 1980 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1981 }
f3111502 1982 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1983 return err;
1984}
1985EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1986
17c2a42a 1987static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1da177e4
LT		 1988{
1989 struct xfrm_state_afinfo *afinfo;
1990 if (unlikely(family >= NPROTO))
1991 return NULL;
1992 read_lock(&xfrm_state_afinfo_lock);
1993 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1994 if (unlikely(!afinfo))
1995 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1996 return afinfo;
1997}
1998
17c2a42a 1999static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 2000 __releases(xfrm_state_afinfo_lock)
1da177e4 2001{
546be240 2002 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 2003}
2004
2005/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
2006void xfrm_state_delete_tunnel(struct xfrm_state *x)
2007{
2008 if (x->tunnel) {
2009 struct xfrm_state *t = x->tunnel;
2010
2011 if (atomic_read(&t->tunnel_users) == 2)
2012 xfrm_state_delete(t);
2013 atomic_dec(&t->tunnel_users);
2014 xfrm_state_put(t);
2015 x->tunnel = NULL;
2016 }
2017}
2018EXPORT_SYMBOL(xfrm_state_delete_tunnel);
2019
2020int xfrm_state_mtu(struct xfrm_state *x, int mtu)
2021{
c5c25238 2022 int res;
1da177e4 2023
c5c25238
PM		 2024 spin_lock_bh(&x->lock);
2025 if (x->km.state == XFRM_STATE_VALID &&
2026 x->type && x->type->get_mtu)
2027 res = x->type->get_mtu(x, mtu);
2028 else
28121617 2029 res = mtu - x->props.header_len;
c5c25238 2030 spin_unlock_bh(&x->lock);
1da177e4
LT		 2031 return res;
2032}
2033
72cb6962
HX		 2034int xfrm_init_state(struct xfrm_state *x)
2035{
d094cd83 2036 struct xfrm_state_afinfo *afinfo;
df9dcb45 2037 struct xfrm_mode *inner_mode;
d094cd83 2038 int family = x->props.family;
72cb6962
HX		 2039 int err;
2040
d094cd83
HX		 2041 err = -EAFNOSUPPORT;
2042 afinfo = xfrm_state_get_afinfo(family);
2043 if (!afinfo)
2044 goto error;
2045
2046 err = 0;
2047 if (afinfo->init_flags)
2048 err = afinfo->init_flags(x);
2049
2050 xfrm_state_put_afinfo(afinfo);
2051
2052 if (err)
2053 goto error;
2054
2055 err = -EPROTONOSUPPORT;
13996378 2056
df9dcb45
KM		 2057 if (x->sel.family != AF_UNSPEC) {
2058 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2059 if (inner_mode == NULL)
2060 goto error;
2061
2062 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2063 family != x->sel.family) {
2064 xfrm_put_mode(inner_mode);
2065 goto error;
2066 }
2067
2068 x->inner_mode = inner_mode;
2069 } else {
2070 struct xfrm_mode *inner_mode_iaf;
2071
2072 inner_mode = xfrm_get_mode(x->props.mode, AF_INET);
2073 if (inner_mode == NULL)
2074 goto error;
2075
2076 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2077 xfrm_put_mode(inner_mode);
2078 goto error;
2079 }
2080
2081 inner_mode_iaf = xfrm_get_mode(x->props.mode, AF_INET6);
2082 if (inner_mode_iaf == NULL)
2083 goto error;
2084
2085 if (!(inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)) {
2086 xfrm_put_mode(inner_mode_iaf);
2087 goto error;
2088 }
2089
2090 if (x->props.family == AF_INET) {
2091 x->inner_mode = inner_mode;
2092 x->inner_mode_iaf = inner_mode_iaf;
2093 } else {
2094 x->inner_mode = inner_mode_iaf;
2095 x->inner_mode_iaf = inner_mode;
2096 }
2097 }
13996378 2098
d094cd83 2099 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 2100 if (x->type == NULL)
2101 goto error;
2102
2103 err = x->type->init_state(x);
2104 if (err)
2105 goto error;
2106
13996378
HX		 2107 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2108 if (x->outer_mode == NULL)
b59f45d0
HX		 2109 goto error;
2110
72cb6962
HX		 2111 x->km.state = XFRM_STATE_VALID;
2112
2113error:
2114 return err;
2115}
2116
2117EXPORT_SYMBOL(xfrm_init_state);
a716c119 2118
1da177e4
LT		 2119void __init xfrm_state_init(void)
2120{
f034b5d4
DM		 2121 unsigned int sz;
2122
2123 sz = sizeof(struct hlist_head) * 8;
2124
44e36b42
DM		 2125 xfrm_state_bydst = xfrm_hash_alloc(sz);
2126 xfrm_state_bysrc = xfrm_hash_alloc(sz);
2127 xfrm_state_byspi = xfrm_hash_alloc(sz);
f034b5d4
DM		 2128 if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
2129 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
2130 xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 2131
c4028958 2132 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
1da177e4
LT		 2133}
2134
ab5f5e8b 2135#ifdef CONFIG_AUDITSYSCALL
cf35f43e
IJ		 2136static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2137 struct audit_buffer *audit_buf)
ab5f5e8b 2138{
68277acc
PM		 2139 struct xfrm_sec_ctx *ctx = x->security;
2140 u32 spi = ntohl(x->id.spi);
2141
2142 if (ctx)
ab5f5e8b 2143 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
68277acc 2144 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
ab5f5e8b
JL		 2145
2146 switch(x->props.family) {
2147 case AF_INET:
68277acc
PM		 2148 audit_log_format(audit_buf,
2149 " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
ab5f5e8b
JL		 2150 NIPQUAD(x->props.saddr.a4),
2151 NIPQUAD(x->id.daddr.a4));
2152 break;
2153 case AF_INET6:
68277acc
PM		 2154 audit_log_format(audit_buf,
2155 " src=" NIP6_FMT " dst=" NIP6_FMT,
2156 NIP6(*(struct in6_addr *)x->props.saddr.a6),
2157 NIP6(*(struct in6_addr *)x->id.daddr.a6));
ab5f5e8b
JL		 2158 break;
2159 }
68277acc
PM		 2160
2161 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
ab5f5e8b
JL		 2162}
2163
cf35f43e
IJ		 2164static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2165 struct audit_buffer *audit_buf)
afeb14b4
PM		 2166{
2167 struct iphdr *iph4;
2168 struct ipv6hdr *iph6;
2169
2170 switch (family) {
2171 case AF_INET:
2172 iph4 = ip_hdr(skb);
2173 audit_log_format(audit_buf,
2174 " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2175 NIPQUAD(iph4->saddr),
2176 NIPQUAD(iph4->daddr));
2177 break;
2178 case AF_INET6:
2179 iph6 = ipv6_hdr(skb);
2180 audit_log_format(audit_buf,
2181 " src=" NIP6_FMT " dst=" NIP6_FMT
5e2c433d 2182 " flowlbl=0x%x%02x%02x",
afeb14b4
PM		 2183 NIP6(iph6->saddr),
2184 NIP6(iph6->daddr),
2185 iph6->flow_lbl[0] & 0x0f,
2186 iph6->flow_lbl[1],
2187 iph6->flow_lbl[2]);
2188 break;
2189 }
2190}
2191
68277acc 2192void xfrm_audit_state_add(struct xfrm_state *x, int result,
2532386f 2193 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2194{
2195 struct audit_buffer *audit_buf;
ab5f5e8b 2196
afeb14b4 2197 audit_buf = xfrm_audit_start("SAD-add");
ab5f5e8b
JL		 2198 if (audit_buf == NULL)
2199 return;
2532386f 2200 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2201 xfrm_audit_helper_sainfo(x, audit_buf);
2202 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2203 audit_log_end(audit_buf);
2204}
2205EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2206
68277acc 2207void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2532386f 2208 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2209{
2210 struct audit_buffer *audit_buf;
ab5f5e8b 2211
afeb14b4 2212 audit_buf = xfrm_audit_start("SAD-delete");
ab5f5e8b
JL		 2213 if (audit_buf == NULL)
2214 return;
2532386f 2215 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2216 xfrm_audit_helper_sainfo(x, audit_buf);
2217 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2218 audit_log_end(audit_buf);
2219}
2220EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
afeb14b4
PM		 2221
2222void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2223 struct sk_buff *skb)
2224{
2225 struct audit_buffer *audit_buf;
2226 u32 spi;
2227
2228 audit_buf = xfrm_audit_start("SA-replay-overflow");
2229 if (audit_buf == NULL)
2230 return;
2231 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2232 /* don't record the sequence number because it's inherent in this kind
2233 * of audit message */
2234 spi = ntohl(x->id.spi);
2235 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2236 audit_log_end(audit_buf);
2237}
2238EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2239
2240static void xfrm_audit_state_replay(struct xfrm_state *x,
2241 struct sk_buff *skb, __be32 net_seq)
2242{
2243 struct audit_buffer *audit_buf;
2244 u32 spi;
2245
2246 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2247 if (audit_buf == NULL)
2248 return;
2249 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2250 spi = ntohl(x->id.spi);
2251 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2252 spi, spi, ntohl(net_seq));
2253 audit_log_end(audit_buf);
2254}
2255
2256void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2257{
2258 struct audit_buffer *audit_buf;
2259
2260 audit_buf = xfrm_audit_start("SA-notfound");
2261 if (audit_buf == NULL)
2262 return;
2263 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2264 audit_log_end(audit_buf);
2265}
2266EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2267
2268void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2269 __be32 net_spi, __be32 net_seq)
2270{
2271 struct audit_buffer *audit_buf;
2272 u32 spi;
2273
2274 audit_buf = xfrm_audit_start("SA-notfound");
2275 if (audit_buf == NULL)
2276 return;
2277 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2278 spi = ntohl(net_spi);
2279 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2280 spi, spi, ntohl(net_seq));
2281 audit_log_end(audit_buf);
2282}
2283EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2284
2285void xfrm_audit_state_icvfail(struct xfrm_state *x,
2286 struct sk_buff *skb, u8 proto)
2287{
2288 struct audit_buffer *audit_buf;
2289 __be32 net_spi;
2290 __be32 net_seq;
2291
2292 audit_buf = xfrm_audit_start("SA-icv-failure");
2293 if (audit_buf == NULL)
2294 return;
2295 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2296 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2297 u32 spi = ntohl(net_spi);
2298 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2299 spi, spi, ntohl(net_seq));
2300 }
2301 audit_log_end(audit_buf);
2302}
2303EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
ab5f5e8b 2304#endif /* CONFIG_AUDITSYSCALL */
Linux kernel - Deliverables
This page took 0.75833 seconds and 5 git commands to generate.