Loading...
1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
13 *
14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
21#include <linux/cache.h>
22#include <linux/audit.h>
23#include <asm/uaccess.h>
24#include <linux/ktime.h>
25#include <linux/slab.h>
26#include <linux/interrupt.h>
27#include <linux/kernel.h>
28
29#include "xfrm_hash.h"
30
31/* Each xfrm_state may be linked to two tables:
32
33 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
34 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
35 destination/tunnel endpoint. (output)
36 */
37
38static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
39
40static inline unsigned int xfrm_dst_hash(struct net *net,
41 const xfrm_address_t *daddr,
42 const xfrm_address_t *saddr,
43 u32 reqid,
44 unsigned short family)
45{
46 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask);
47}
48
49static inline unsigned int xfrm_src_hash(struct net *net,
50 const xfrm_address_t *daddr,
51 const xfrm_address_t *saddr,
52 unsigned short family)
53{
54 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
55}
56
57static inline unsigned int
58xfrm_spi_hash(struct net *net, const xfrm_address_t *daddr,
59 __be32 spi, u8 proto, unsigned short family)
60{
61 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
62}
63
64static void xfrm_hash_transfer(struct hlist_head *list,
65 struct hlist_head *ndsttable,
66 struct hlist_head *nsrctable,
67 struct hlist_head *nspitable,
68 unsigned int nhashmask)
69{
70 struct hlist_node *tmp;
71 struct xfrm_state *x;
72
73 hlist_for_each_entry_safe(x, tmp, list, bydst) {
74 unsigned int h;
75
76 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
77 x->props.reqid, x->props.family,
78 nhashmask);
79 hlist_add_head(&x->bydst, ndsttable+h);
80
81 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
82 x->props.family,
83 nhashmask);
84 hlist_add_head(&x->bysrc, nsrctable+h);
85
86 if (x->id.spi) {
87 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
88 x->id.proto, x->props.family,
89 nhashmask);
90 hlist_add_head(&x->byspi, nspitable+h);
91 }
92 }
93}
94
95static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
96{
97 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
98}
99
100static void xfrm_hash_resize(struct work_struct *work)
101{
102 struct net *net = container_of(work, struct net, xfrm.state_hash_work);
103 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
104 unsigned long nsize, osize;
105 unsigned int nhashmask, ohashmask;
106 int i;
107
108 nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
109 ndst = xfrm_hash_alloc(nsize);
110 if (!ndst)
111 return;
112 nsrc = xfrm_hash_alloc(nsize);
113 if (!nsrc) {
114 xfrm_hash_free(ndst, nsize);
115 return;
116 }
117 nspi = xfrm_hash_alloc(nsize);
118 if (!nspi) {
119 xfrm_hash_free(ndst, nsize);
120 xfrm_hash_free(nsrc, nsize);
121 return;
122 }
123
124 spin_lock_bh(&net->xfrm.xfrm_state_lock);
125
126 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
127 for (i = net->xfrm.state_hmask; i >= 0; i--)
128 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi,
129 nhashmask);
130
131 odst = net->xfrm.state_bydst;
132 osrc = net->xfrm.state_bysrc;
133 ospi = net->xfrm.state_byspi;
134 ohashmask = net->xfrm.state_hmask;
135
136 net->xfrm.state_bydst = ndst;
137 net->xfrm.state_bysrc = nsrc;
138 net->xfrm.state_byspi = nspi;
139 net->xfrm.state_hmask = nhashmask;
140
141 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
142
143 osize = (ohashmask + 1) * sizeof(struct hlist_head);
144 xfrm_hash_free(odst, osize);
145 xfrm_hash_free(osrc, osize);
146 xfrm_hash_free(ospi, osize);
147}
148
149static DEFINE_SPINLOCK(xfrm_state_afinfo_lock);
150static struct xfrm_state_afinfo __rcu *xfrm_state_afinfo[NPROTO];
151
152static DEFINE_SPINLOCK(xfrm_state_gc_lock);
153
154int __xfrm_state_delete(struct xfrm_state *x);
155
156int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
157bool km_is_alive(const struct km_event *c);
158void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
159
160static DEFINE_SPINLOCK(xfrm_type_lock);
161int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
162{
163 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
164 const struct xfrm_type **typemap;
165 int err = 0;
166
167 if (unlikely(afinfo == NULL))
168 return -EAFNOSUPPORT;
169 typemap = afinfo->type_map;
170 spin_lock_bh(&xfrm_type_lock);
171
172 if (likely(typemap[type->proto] == NULL))
173 typemap[type->proto] = type;
174 else
175 err = -EEXIST;
176 spin_unlock_bh(&xfrm_type_lock);
177 xfrm_state_put_afinfo(afinfo);
178 return err;
179}
180EXPORT_SYMBOL(xfrm_register_type);
181
182int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
183{
184 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
185 const struct xfrm_type **typemap;
186 int err = 0;
187
188 if (unlikely(afinfo == NULL))
189 return -EAFNOSUPPORT;
190 typemap = afinfo->type_map;
191 spin_lock_bh(&xfrm_type_lock);
192
193 if (unlikely(typemap[type->proto] != type))
194 err = -ENOENT;
195 else
196 typemap[type->proto] = NULL;
197 spin_unlock_bh(&xfrm_type_lock);
198 xfrm_state_put_afinfo(afinfo);
199 return err;
200}
201EXPORT_SYMBOL(xfrm_unregister_type);
202
203static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
204{
205 struct xfrm_state_afinfo *afinfo;
206 const struct xfrm_type **typemap;
207 const struct xfrm_type *type;
208 int modload_attempted = 0;
209
210retry:
211 afinfo = xfrm_state_get_afinfo(family);
212 if (unlikely(afinfo == NULL))
213 return NULL;
214 typemap = afinfo->type_map;
215
216 type = typemap[proto];
217 if (unlikely(type && !try_module_get(type->owner)))
218 type = NULL;
219 if (!type && !modload_attempted) {
220 xfrm_state_put_afinfo(afinfo);
221 request_module("xfrm-type-%d-%d", family, proto);
222 modload_attempted = 1;
223 goto retry;
224 }
225
226 xfrm_state_put_afinfo(afinfo);
227 return type;
228}
229
230static void xfrm_put_type(const struct xfrm_type *type)
231{
232 module_put(type->owner);
233}
234
235static DEFINE_SPINLOCK(xfrm_mode_lock);
236int xfrm_register_mode(struct xfrm_mode *mode, int family)
237{
238 struct xfrm_state_afinfo *afinfo;
239 struct xfrm_mode **modemap;
240 int err;
241
242 if (unlikely(mode->encap >= XFRM_MODE_MAX))
243 return -EINVAL;
244
245 afinfo = xfrm_state_get_afinfo(family);
246 if (unlikely(afinfo == NULL))
247 return -EAFNOSUPPORT;
248
249 err = -EEXIST;
250 modemap = afinfo->mode_map;
251 spin_lock_bh(&xfrm_mode_lock);
252 if (modemap[mode->encap])
253 goto out;
254
255 err = -ENOENT;
256 if (!try_module_get(afinfo->owner))
257 goto out;
258
259 mode->afinfo = afinfo;
260 modemap[mode->encap] = mode;
261 err = 0;
262
263out:
264 spin_unlock_bh(&xfrm_mode_lock);
265 xfrm_state_put_afinfo(afinfo);
266 return err;
267}
268EXPORT_SYMBOL(xfrm_register_mode);
269
270int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
271{
272 struct xfrm_state_afinfo *afinfo;
273 struct xfrm_mode **modemap;
274 int err;
275
276 if (unlikely(mode->encap >= XFRM_MODE_MAX))
277 return -EINVAL;
278
279 afinfo = xfrm_state_get_afinfo(family);
280 if (unlikely(afinfo == NULL))
281 return -EAFNOSUPPORT;
282
283 err = -ENOENT;
284 modemap = afinfo->mode_map;
285 spin_lock_bh(&xfrm_mode_lock);
286 if (likely(modemap[mode->encap] == mode)) {
287 modemap[mode->encap] = NULL;
288 module_put(mode->afinfo->owner);
289 err = 0;
290 }
291
292 spin_unlock_bh(&xfrm_mode_lock);
293 xfrm_state_put_afinfo(afinfo);
294 return err;
295}
296EXPORT_SYMBOL(xfrm_unregister_mode);
297
298static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
299{
300 struct xfrm_state_afinfo *afinfo;
301 struct xfrm_mode *mode;
302 int modload_attempted = 0;
303
304 if (unlikely(encap >= XFRM_MODE_MAX))
305 return NULL;
306
307retry:
308 afinfo = xfrm_state_get_afinfo(family);
309 if (unlikely(afinfo == NULL))
310 return NULL;
311
312 mode = afinfo->mode_map[encap];
313 if (unlikely(mode && !try_module_get(mode->owner)))
314 mode = NULL;
315 if (!mode && !modload_attempted) {
316 xfrm_state_put_afinfo(afinfo);
317 request_module("xfrm-mode-%d-%d", family, encap);
318 modload_attempted = 1;
319 goto retry;
320 }
321
322 xfrm_state_put_afinfo(afinfo);
323 return mode;
324}
325
326static void xfrm_put_mode(struct xfrm_mode *mode)
327{
328 module_put(mode->owner);
329}
330
331static void xfrm_state_gc_destroy(struct xfrm_state *x)
332{
333 tasklet_hrtimer_cancel(&x->mtimer);
334 del_timer_sync(&x->rtimer);
335 kfree(x->aalg);
336 kfree(x->ealg);
337 kfree(x->calg);
338 kfree(x->encap);
339 kfree(x->coaddr);
340 kfree(x->replay_esn);
341 kfree(x->preplay_esn);
342 if (x->inner_mode)
343 xfrm_put_mode(x->inner_mode);
344 if (x->inner_mode_iaf)
345 xfrm_put_mode(x->inner_mode_iaf);
346 if (x->outer_mode)
347 xfrm_put_mode(x->outer_mode);
348 if (x->type) {
349 x->type->destructor(x);
350 xfrm_put_type(x->type);
351 }
352 security_xfrm_state_free(x);
353 kfree(x);
354}
355
356static void xfrm_state_gc_task(struct work_struct *work)
357{
358 struct net *net = container_of(work, struct net, xfrm.state_gc_work);
359 struct xfrm_state *x;
360 struct hlist_node *tmp;
361 struct hlist_head gc_list;
362
363 spin_lock_bh(&xfrm_state_gc_lock);
364 hlist_move_list(&net->xfrm.state_gc_list, &gc_list);
365 spin_unlock_bh(&xfrm_state_gc_lock);
366
367 hlist_for_each_entry_safe(x, tmp, &gc_list, gclist)
368 xfrm_state_gc_destroy(x);
369}
370
371static inline unsigned long make_jiffies(long secs)
372{
373 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
374 return MAX_SCHEDULE_TIMEOUT-1;
375 else
376 return secs*HZ;
377}
378
379static enum hrtimer_restart xfrm_timer_handler(struct hrtimer *me)
380{
381 struct tasklet_hrtimer *thr = container_of(me, struct tasklet_hrtimer, timer);
382 struct xfrm_state *x = container_of(thr, struct xfrm_state, mtimer);
383 unsigned long now = get_seconds();
384 long next = LONG_MAX;
385 int warn = 0;
386 int err = 0;
387
388 spin_lock(&x->lock);
389 if (x->km.state == XFRM_STATE_DEAD)
390 goto out;
391 if (x->km.state == XFRM_STATE_EXPIRED)
392 goto expired;
393 if (x->lft.hard_add_expires_seconds) {
394 long tmo = x->lft.hard_add_expires_seconds +
395 x->curlft.add_time - now;
396 if (tmo <= 0) {
397 if (x->xflags & XFRM_SOFT_EXPIRE) {
398 /* enter hard expire without soft expire first?!
399 * setting a new date could trigger this.
400 * workarbound: fix x->curflt.add_time by below:
401 */
402 x->curlft.add_time = now - x->saved_tmo - 1;
403 tmo = x->lft.hard_add_expires_seconds - x->saved_tmo;
404 } else
405 goto expired;
406 }
407 if (tmo < next)
408 next = tmo;
409 }
410 if (x->lft.hard_use_expires_seconds) {
411 long tmo = x->lft.hard_use_expires_seconds +
412 (x->curlft.use_time ? : now) - now;
413 if (tmo <= 0)
414 goto expired;
415 if (tmo < next)
416 next = tmo;
417 }
418 if (x->km.dying)
419 goto resched;
420 if (x->lft.soft_add_expires_seconds) {
421 long tmo = x->lft.soft_add_expires_seconds +
422 x->curlft.add_time - now;
423 if (tmo <= 0) {
424 warn = 1;
425 x->xflags &= ~XFRM_SOFT_EXPIRE;
426 } else if (tmo < next) {
427 next = tmo;
428 x->xflags |= XFRM_SOFT_EXPIRE;
429 x->saved_tmo = tmo;
430 }
431 }
432 if (x->lft.soft_use_expires_seconds) {
433 long tmo = x->lft.soft_use_expires_seconds +
434 (x->curlft.use_time ? : now) - now;
435 if (tmo <= 0)
436 warn = 1;
437 else if (tmo < next)
438 next = tmo;
439 }
440
441 x->km.dying = warn;
442 if (warn)
443 km_state_expired(x, 0, 0);
444resched:
445 if (next != LONG_MAX) {
446 tasklet_hrtimer_start(&x->mtimer, ktime_set(next, 0), HRTIMER_MODE_REL);
447 }
448
449 goto out;
450
451expired:
452 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0)
453 x->km.state = XFRM_STATE_EXPIRED;
454
455 err = __xfrm_state_delete(x);
456 if (!err)
457 km_state_expired(x, 1, 0);
458
459 xfrm_audit_state_delete(x, err ? 0 : 1, true);
460
461out:
462 spin_unlock(&x->lock);
463 return HRTIMER_NORESTART;
464}
465
466static void xfrm_replay_timer_handler(unsigned long data);
467
468struct xfrm_state *xfrm_state_alloc(struct net *net)
469{
470 struct xfrm_state *x;
471
472 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
473
474 if (x) {
475 write_pnet(&x->xs_net, net);
476 atomic_set(&x->refcnt, 1);
477 atomic_set(&x->tunnel_users, 0);
478 INIT_LIST_HEAD(&x->km.all);
479 INIT_HLIST_NODE(&x->bydst);
480 INIT_HLIST_NODE(&x->bysrc);
481 INIT_HLIST_NODE(&x->byspi);
482 tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler,
483 CLOCK_BOOTTIME, HRTIMER_MODE_ABS);
484 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
485 (unsigned long)x);
486 x->curlft.add_time = get_seconds();
487 x->lft.soft_byte_limit = XFRM_INF;
488 x->lft.soft_packet_limit = XFRM_INF;
489 x->lft.hard_byte_limit = XFRM_INF;
490 x->lft.hard_packet_limit = XFRM_INF;
491 x->replay_maxage = 0;
492 x->replay_maxdiff = 0;
493 x->inner_mode = NULL;
494 x->inner_mode_iaf = NULL;
495 spin_lock_init(&x->lock);
496 }
497 return x;
498}
499EXPORT_SYMBOL(xfrm_state_alloc);
500
501void __xfrm_state_destroy(struct xfrm_state *x)
502{
503 struct net *net = xs_net(x);
504
505 WARN_ON(x->km.state != XFRM_STATE_DEAD);
506
507 spin_lock_bh(&xfrm_state_gc_lock);
508 hlist_add_head(&x->gclist, &net->xfrm.state_gc_list);
509 spin_unlock_bh(&xfrm_state_gc_lock);
510 schedule_work(&net->xfrm.state_gc_work);
511}
512EXPORT_SYMBOL(__xfrm_state_destroy);
513
514int __xfrm_state_delete(struct xfrm_state *x)
515{
516 struct net *net = xs_net(x);
517 int err = -ESRCH;
518
519 if (x->km.state != XFRM_STATE_DEAD) {
520 x->km.state = XFRM_STATE_DEAD;
521 spin_lock(&net->xfrm.xfrm_state_lock);
522 list_del(&x->km.all);
523 hlist_del(&x->bydst);
524 hlist_del(&x->bysrc);
525 if (x->id.spi)
526 hlist_del(&x->byspi);
527 net->xfrm.state_num--;
528 spin_unlock(&net->xfrm.xfrm_state_lock);
529
530 /* All xfrm_state objects are created by xfrm_state_alloc.
531 * The xfrm_state_alloc call gives a reference, and that
532 * is what we are dropping here.
533 */
534 xfrm_state_put(x);
535 err = 0;
536 }
537
538 return err;
539}
540EXPORT_SYMBOL(__xfrm_state_delete);
541
542int xfrm_state_delete(struct xfrm_state *x)
543{
544 int err;
545
546 spin_lock_bh(&x->lock);
547 err = __xfrm_state_delete(x);
548 spin_unlock_bh(&x->lock);
549
550 return err;
551}
552EXPORT_SYMBOL(xfrm_state_delete);
553
554#ifdef CONFIG_SECURITY_NETWORK_XFRM
555static inline int
556xfrm_state_flush_secctx_check(struct net *net, u8 proto, bool task_valid)
557{
558 int i, err = 0;
559
560 for (i = 0; i <= net->xfrm.state_hmask; i++) {
561 struct xfrm_state *x;
562
563 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
564 if (xfrm_id_proto_match(x->id.proto, proto) &&
565 (err = security_xfrm_state_delete(x)) != 0) {
566 xfrm_audit_state_delete(x, 0, task_valid);
567 return err;
568 }
569 }
570 }
571
572 return err;
573}
574#else
575static inline int
576xfrm_state_flush_secctx_check(struct net *net, u8 proto, bool task_valid)
577{
578 return 0;
579}
580#endif
581
582int xfrm_state_flush(struct net *net, u8 proto, bool task_valid)
583{
584 int i, err = 0, cnt = 0;
585
586 spin_lock_bh(&net->xfrm.xfrm_state_lock);
587 err = xfrm_state_flush_secctx_check(net, proto, task_valid);
588 if (err)
589 goto out;
590
591 err = -ESRCH;
592 for (i = 0; i <= net->xfrm.state_hmask; i++) {
593 struct xfrm_state *x;
594restart:
595 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
596 if (!xfrm_state_kern(x) &&
597 xfrm_id_proto_match(x->id.proto, proto)) {
598 xfrm_state_hold(x);
599 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
600
601 err = xfrm_state_delete(x);
602 xfrm_audit_state_delete(x, err ? 0 : 1,
603 task_valid);
604 xfrm_state_put(x);
605 if (!err)
606 cnt++;
607
608 spin_lock_bh(&net->xfrm.xfrm_state_lock);
609 goto restart;
610 }
611 }
612 }
613 if (cnt)
614 err = 0;
615
616out:
617 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
618 return err;
619}
620EXPORT_SYMBOL(xfrm_state_flush);
621
622void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si)
623{
624 spin_lock_bh(&net->xfrm.xfrm_state_lock);
625 si->sadcnt = net->xfrm.state_num;
626 si->sadhcnt = net->xfrm.state_hmask;
627 si->sadhmcnt = xfrm_state_hashmax;
628 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
629}
630EXPORT_SYMBOL(xfrm_sad_getinfo);
631
632static int
633xfrm_init_tempstate(struct xfrm_state *x, const struct flowi *fl,
634 const struct xfrm_tmpl *tmpl,
635 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
636 unsigned short family)
637{
638 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
639 if (!afinfo)
640 return -1;
641 afinfo->init_tempsel(&x->sel, fl);
642
643 if (family != tmpl->encap_family) {
644 xfrm_state_put_afinfo(afinfo);
645 afinfo = xfrm_state_get_afinfo(tmpl->encap_family);
646 if (!afinfo)
647 return -1;
648 }
649 afinfo->init_temprop(x, tmpl, daddr, saddr);
650 xfrm_state_put_afinfo(afinfo);
651 return 0;
652}
653
654static struct xfrm_state *__xfrm_state_lookup(struct net *net, u32 mark,
655 const xfrm_address_t *daddr,
656 __be32 spi, u8 proto,
657 unsigned short family)
658{
659 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
660 struct xfrm_state *x;
661
662 hlist_for_each_entry(x, net->xfrm.state_byspi+h, byspi) {
663 if (x->props.family != family ||
664 x->id.spi != spi ||
665 x->id.proto != proto ||
666 !xfrm_addr_equal(&x->id.daddr, daddr, family))
667 continue;
668
669 if ((mark & x->mark.m) != x->mark.v)
670 continue;
671 xfrm_state_hold(x);
672 return x;
673 }
674
675 return NULL;
676}
677
678static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, u32 mark,
679 const xfrm_address_t *daddr,
680 const xfrm_address_t *saddr,
681 u8 proto, unsigned short family)
682{
683 unsigned int h = xfrm_src_hash(net, daddr, saddr, family);
684 struct xfrm_state *x;
685
686 hlist_for_each_entry(x, net->xfrm.state_bysrc+h, bysrc) {
687 if (x->props.family != family ||
688 x->id.proto != proto ||
689 !xfrm_addr_equal(&x->id.daddr, daddr, family) ||
690 !xfrm_addr_equal(&x->props.saddr, saddr, family))
691 continue;
692
693 if ((mark & x->mark.m) != x->mark.v)
694 continue;
695 xfrm_state_hold(x);
696 return x;
697 }
698
699 return NULL;
700}
701
702static inline struct xfrm_state *
703__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
704{
705 struct net *net = xs_net(x);
706 u32 mark = x->mark.v & x->mark.m;
707
708 if (use_spi)
709 return __xfrm_state_lookup(net, mark, &x->id.daddr,
710 x->id.spi, x->id.proto, family);
711 else
712 return __xfrm_state_lookup_byaddr(net, mark,
713 &x->id.daddr,
714 &x->props.saddr,
715 x->id.proto, family);
716}
717
718static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
719{
720 if (have_hash_collision &&
721 (net->xfrm.state_hmask + 1) < xfrm_state_hashmax &&
722 net->xfrm.state_num > net->xfrm.state_hmask)
723 schedule_work(&net->xfrm.state_hash_work);
724}
725
726static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
727 const struct flowi *fl, unsigned short family,
728 struct xfrm_state **best, int *acq_in_progress,
729 int *error)
730{
731 /* Resolution logic:
732 * 1. There is a valid state with matching selector. Done.
733 * 2. Valid state with inappropriate selector. Skip.
734 *
735 * Entering area of "sysdeps".
736 *
737 * 3. If state is not valid, selector is temporary, it selects
738 * only session which triggered previous resolution. Key
739 * manager will do something to install a state with proper
740 * selector.
741 */
742 if (x->km.state == XFRM_STATE_VALID) {
743 if ((x->sel.family &&
744 !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
745 !security_xfrm_state_pol_flow_match(x, pol, fl))
746 return;
747
748 if (!*best ||
749 (*best)->km.dying > x->km.dying ||
750 ((*best)->km.dying == x->km.dying &&
751 (*best)->curlft.add_time < x->curlft.add_time))
752 *best = x;
753 } else if (x->km.state == XFRM_STATE_ACQ) {
754 *acq_in_progress = 1;
755 } else if (x->km.state == XFRM_STATE_ERROR ||
756 x->km.state == XFRM_STATE_EXPIRED) {
757 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
758 security_xfrm_state_pol_flow_match(x, pol, fl))
759 *error = -ESRCH;
760 }
761}
762
763struct xfrm_state *
764xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
765 const struct flowi *fl, struct xfrm_tmpl *tmpl,
766 struct xfrm_policy *pol, int *err,
767 unsigned short family)
768{
769 static xfrm_address_t saddr_wildcard = { };
770 struct net *net = xp_net(pol);
771 unsigned int h, h_wildcard;
772 struct xfrm_state *x, *x0, *to_put;
773 int acquire_in_progress = 0;
774 int error = 0;
775 struct xfrm_state *best = NULL;
776 u32 mark = pol->mark.v & pol->mark.m;
777 unsigned short encap_family = tmpl->encap_family;
778 struct km_event c;
779
780 to_put = NULL;
781
782 spin_lock_bh(&net->xfrm.xfrm_state_lock);
783 h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family);
784 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
785 if (x->props.family == encap_family &&
786 x->props.reqid == tmpl->reqid &&
787 (mark & x->mark.m) == x->mark.v &&
788 !(x->props.flags & XFRM_STATE_WILDRECV) &&
789 xfrm_state_addr_check(x, daddr, saddr, encap_family) &&
790 tmpl->mode == x->props.mode &&
791 tmpl->id.proto == x->id.proto &&
792 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
793 xfrm_state_look_at(pol, x, fl, encap_family,
794 &best, &acquire_in_progress, &error);
795 }
796 if (best || acquire_in_progress)
797 goto found;
798
799 h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, encap_family);
800 hlist_for_each_entry(x, net->xfrm.state_bydst+h_wildcard, bydst) {
801 if (x->props.family == encap_family &&
802 x->props.reqid == tmpl->reqid &&
803 (mark & x->mark.m) == x->mark.v &&
804 !(x->props.flags & XFRM_STATE_WILDRECV) &&
805 xfrm_addr_equal(&x->id.daddr, daddr, encap_family) &&
806 tmpl->mode == x->props.mode &&
807 tmpl->id.proto == x->id.proto &&
808 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
809 xfrm_state_look_at(pol, x, fl, encap_family,
810 &best, &acquire_in_progress, &error);
811 }
812
813found:
814 x = best;
815 if (!x && !error && !acquire_in_progress) {
816 if (tmpl->id.spi &&
817 (x0 = __xfrm_state_lookup(net, mark, daddr, tmpl->id.spi,
818 tmpl->id.proto, encap_family)) != NULL) {
819 to_put = x0;
820 error = -EEXIST;
821 goto out;
822 }
823
824 c.net = net;
825 /* If the KMs have no listeners (yet...), avoid allocating an SA
826 * for each and every packet - garbage collection might not
827 * handle the flood.
828 */
829 if (!km_is_alive(&c)) {
830 error = -ESRCH;
831 goto out;
832 }
833
834 x = xfrm_state_alloc(net);
835 if (x == NULL) {
836 error = -ENOMEM;
837 goto out;
838 }
839 /* Initialize temporary state matching only
840 * to current session. */
841 xfrm_init_tempstate(x, fl, tmpl, daddr, saddr, family);
842 memcpy(&x->mark, &pol->mark, sizeof(x->mark));
843
844 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->flowi_secid);
845 if (error) {
846 x->km.state = XFRM_STATE_DEAD;
847 to_put = x;
848 x = NULL;
849 goto out;
850 }
851
852 if (km_query(x, tmpl, pol) == 0) {
853 x->km.state = XFRM_STATE_ACQ;
854 list_add(&x->km.all, &net->xfrm.state_all);
855 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
856 h = xfrm_src_hash(net, daddr, saddr, encap_family);
857 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
858 if (x->id.spi) {
859 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family);
860 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
861 }
862 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
863 tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
864 net->xfrm.state_num++;
865 xfrm_hash_grow_check(net, x->bydst.next != NULL);
866 } else {
867 x->km.state = XFRM_STATE_DEAD;
868 to_put = x;
869 x = NULL;
870 error = -ESRCH;
871 }
872 }
873out:
874 if (x)
875 xfrm_state_hold(x);
876 else
877 *err = acquire_in_progress ? -EAGAIN : error;
878 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
879 if (to_put)
880 xfrm_state_put(to_put);
881 return x;
882}
883
884struct xfrm_state *
885xfrm_stateonly_find(struct net *net, u32 mark,
886 xfrm_address_t *daddr, xfrm_address_t *saddr,
887 unsigned short family, u8 mode, u8 proto, u32 reqid)
888{
889 unsigned int h;
890 struct xfrm_state *rx = NULL, *x = NULL;
891
892 spin_lock_bh(&net->xfrm.xfrm_state_lock);
893 h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
894 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
895 if (x->props.family == family &&
896 x->props.reqid == reqid &&
897 (mark & x->mark.m) == x->mark.v &&
898 !(x->props.flags & XFRM_STATE_WILDRECV) &&
899 xfrm_state_addr_check(x, daddr, saddr, family) &&
900 mode == x->props.mode &&
901 proto == x->id.proto &&
902 x->km.state == XFRM_STATE_VALID) {
903 rx = x;
904 break;
905 }
906 }
907
908 if (rx)
909 xfrm_state_hold(rx);
910 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
911
912
913 return rx;
914}
915EXPORT_SYMBOL(xfrm_stateonly_find);
916
917struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi,
918 unsigned short family)
919{
920 struct xfrm_state *x;
921 struct xfrm_state_walk *w;
922
923 spin_lock_bh(&net->xfrm.xfrm_state_lock);
924 list_for_each_entry(w, &net->xfrm.state_all, all) {
925 x = container_of(w, struct xfrm_state, km);
926 if (x->props.family != family ||
927 x->id.spi != spi)
928 continue;
929
930 xfrm_state_hold(x);
931 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
932 return x;
933 }
934 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
935 return NULL;
936}
937EXPORT_SYMBOL(xfrm_state_lookup_byspi);
938
939static void __xfrm_state_insert(struct xfrm_state *x)
940{
941 struct net *net = xs_net(x);
942 unsigned int h;
943
944 list_add(&x->km.all, &net->xfrm.state_all);
945
946 h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr,
947 x->props.reqid, x->props.family);
948 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
949
950 h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family);
951 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
952
953 if (x->id.spi) {
954 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto,
955 x->props.family);
956
957 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
958 }
959
960 tasklet_hrtimer_start(&x->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
961 if (x->replay_maxage)
962 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
963
964 net->xfrm.state_num++;
965
966 xfrm_hash_grow_check(net, x->bydst.next != NULL);
967}
968
969/* net->xfrm.xfrm_state_lock is held */
970static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
971{
972 struct net *net = xs_net(xnew);
973 unsigned short family = xnew->props.family;
974 u32 reqid = xnew->props.reqid;
975 struct xfrm_state *x;
976 unsigned int h;
977 u32 mark = xnew->mark.v & xnew->mark.m;
978
979 h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
980 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
981 if (x->props.family == family &&
982 x->props.reqid == reqid &&
983 (mark & x->mark.m) == x->mark.v &&
984 xfrm_addr_equal(&x->id.daddr, &xnew->id.daddr, family) &&
985 xfrm_addr_equal(&x->props.saddr, &xnew->props.saddr, family))
986 x->genid++;
987 }
988}
989
990void xfrm_state_insert(struct xfrm_state *x)
991{
992 struct net *net = xs_net(x);
993
994 spin_lock_bh(&net->xfrm.xfrm_state_lock);
995 __xfrm_state_bump_genids(x);
996 __xfrm_state_insert(x);
997 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
998}
999EXPORT_SYMBOL(xfrm_state_insert);
1000
1001/* net->xfrm.xfrm_state_lock is held */
1002static struct xfrm_state *__find_acq_core(struct net *net,
1003 const struct xfrm_mark *m,
1004 unsigned short family, u8 mode,
1005 u32 reqid, u8 proto,
1006 const xfrm_address_t *daddr,
1007 const xfrm_address_t *saddr,
1008 int create)
1009{
1010 unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
1011 struct xfrm_state *x;
1012 u32 mark = m->v & m->m;
1013
1014 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1015 if (x->props.reqid != reqid ||
1016 x->props.mode != mode ||
1017 x->props.family != family ||
1018 x->km.state != XFRM_STATE_ACQ ||
1019 x->id.spi != 0 ||
1020 x->id.proto != proto ||
1021 (mark & x->mark.m) != x->mark.v ||
1022 !xfrm_addr_equal(&x->id.daddr, daddr, family) ||
1023 !xfrm_addr_equal(&x->props.saddr, saddr, family))
1024 continue;
1025
1026 xfrm_state_hold(x);
1027 return x;
1028 }
1029
1030 if (!create)
1031 return NULL;
1032
1033 x = xfrm_state_alloc(net);
1034 if (likely(x)) {
1035 switch (family) {
1036 case AF_INET:
1037 x->sel.daddr.a4 = daddr->a4;
1038 x->sel.saddr.a4 = saddr->a4;
1039 x->sel.prefixlen_d = 32;
1040 x->sel.prefixlen_s = 32;
1041 x->props.saddr.a4 = saddr->a4;
1042 x->id.daddr.a4 = daddr->a4;
1043 break;
1044
1045 case AF_INET6:
1046 x->sel.daddr.in6 = daddr->in6;
1047 x->sel.saddr.in6 = saddr->in6;
1048 x->sel.prefixlen_d = 128;
1049 x->sel.prefixlen_s = 128;
1050 x->props.saddr.in6 = saddr->in6;
1051 x->id.daddr.in6 = daddr->in6;
1052 break;
1053 }
1054
1055 x->km.state = XFRM_STATE_ACQ;
1056 x->id.proto = proto;
1057 x->props.family = family;
1058 x->props.mode = mode;
1059 x->props.reqid = reqid;
1060 x->mark.v = m->v;
1061 x->mark.m = m->m;
1062 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
1063 xfrm_state_hold(x);
1064 tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
1065 list_add(&x->km.all, &net->xfrm.state_all);
1066 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
1067 h = xfrm_src_hash(net, daddr, saddr, family);
1068 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
1069
1070 net->xfrm.state_num++;
1071
1072 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1073 }
1074
1075 return x;
1076}
1077
1078static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq);
1079
1080int xfrm_state_add(struct xfrm_state *x)
1081{
1082 struct net *net = xs_net(x);
1083 struct xfrm_state *x1, *to_put;
1084 int family;
1085 int err;
1086 u32 mark = x->mark.v & x->mark.m;
1087 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1088
1089 family = x->props.family;
1090
1091 to_put = NULL;
1092
1093 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1094
1095 x1 = __xfrm_state_locate(x, use_spi, family);
1096 if (x1) {
1097 to_put = x1;
1098 x1 = NULL;
1099 err = -EEXIST;
1100 goto out;
1101 }
1102
1103 if (use_spi && x->km.seq) {
1104 x1 = __xfrm_find_acq_byseq(net, mark, x->km.seq);
1105 if (x1 && ((x1->id.proto != x->id.proto) ||
1106 !xfrm_addr_equal(&x1->id.daddr, &x->id.daddr, family))) {
1107 to_put = x1;
1108 x1 = NULL;
1109 }
1110 }
1111
1112 if (use_spi && !x1)
1113 x1 = __find_acq_core(net, &x->mark, family, x->props.mode,
1114 x->props.reqid, x->id.proto,
1115 &x->id.daddr, &x->props.saddr, 0);
1116
1117 __xfrm_state_bump_genids(x);
1118 __xfrm_state_insert(x);
1119 err = 0;
1120
1121out:
1122 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1123
1124 if (x1) {
1125 xfrm_state_delete(x1);
1126 xfrm_state_put(x1);
1127 }
1128
1129 if (to_put)
1130 xfrm_state_put(to_put);
1131
1132 return err;
1133}
1134EXPORT_SYMBOL(xfrm_state_add);
1135
1136#ifdef CONFIG_XFRM_MIGRATE
1137static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
1138{
1139 struct net *net = xs_net(orig);
1140 struct xfrm_state *x = xfrm_state_alloc(net);
1141 if (!x)
1142 goto out;
1143
1144 memcpy(&x->id, &orig->id, sizeof(x->id));
1145 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1146 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1147 x->props.mode = orig->props.mode;
1148 x->props.replay_window = orig->props.replay_window;
1149 x->props.reqid = orig->props.reqid;
1150 x->props.family = orig->props.family;
1151 x->props.saddr = orig->props.saddr;
1152
1153 if (orig->aalg) {
1154 x->aalg = xfrm_algo_auth_clone(orig->aalg);
1155 if (!x->aalg)
1156 goto error;
1157 }
1158 x->props.aalgo = orig->props.aalgo;
1159
1160 if (orig->aead) {
1161 x->aead = xfrm_algo_aead_clone(orig->aead);
1162 if (!x->aead)
1163 goto error;
1164 }
1165 if (orig->ealg) {
1166 x->ealg = xfrm_algo_clone(orig->ealg);
1167 if (!x->ealg)
1168 goto error;
1169 }
1170 x->props.ealgo = orig->props.ealgo;
1171
1172 if (orig->calg) {
1173 x->calg = xfrm_algo_clone(orig->calg);
1174 if (!x->calg)
1175 goto error;
1176 }
1177 x->props.calgo = orig->props.calgo;
1178
1179 if (orig->encap) {
1180 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1181 if (!x->encap)
1182 goto error;
1183 }
1184
1185 if (orig->coaddr) {
1186 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1187 GFP_KERNEL);
1188 if (!x->coaddr)
1189 goto error;
1190 }
1191
1192 if (orig->replay_esn) {
1193 if (xfrm_replay_clone(x, orig))
1194 goto error;
1195 }
1196
1197 memcpy(&x->mark, &orig->mark, sizeof(x->mark));
1198
1199 if (xfrm_init_state(x) < 0)
1200 goto error;
1201
1202 x->props.flags = orig->props.flags;
1203 x->props.extra_flags = orig->props.extra_flags;
1204
1205 x->tfcpad = orig->tfcpad;
1206 x->replay_maxdiff = orig->replay_maxdiff;
1207 x->replay_maxage = orig->replay_maxage;
1208 x->curlft.add_time = orig->curlft.add_time;
1209 x->km.state = orig->km.state;
1210 x->km.seq = orig->km.seq;
1211
1212 return x;
1213
1214 error:
1215 xfrm_state_put(x);
1216out:
1217 return NULL;
1218}
1219
1220struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net)
1221{
1222 unsigned int h;
1223 struct xfrm_state *x = NULL;
1224
1225 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1226
1227 if (m->reqid) {
1228 h = xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr,
1229 m->reqid, m->old_family);
1230 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1231 if (x->props.mode != m->mode ||
1232 x->id.proto != m->proto)
1233 continue;
1234 if (m->reqid && x->props.reqid != m->reqid)
1235 continue;
1236 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr,
1237 m->old_family) ||
1238 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr,
1239 m->old_family))
1240 continue;
1241 xfrm_state_hold(x);
1242 break;
1243 }
1244 } else {
1245 h = xfrm_src_hash(net, &m->old_daddr, &m->old_saddr,
1246 m->old_family);
1247 hlist_for_each_entry(x, net->xfrm.state_bysrc+h, bysrc) {
1248 if (x->props.mode != m->mode ||
1249 x->id.proto != m->proto)
1250 continue;
1251 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr,
1252 m->old_family) ||
1253 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr,
1254 m->old_family))
1255 continue;
1256 xfrm_state_hold(x);
1257 break;
1258 }
1259 }
1260
1261 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1262
1263 return x;
1264}
1265EXPORT_SYMBOL(xfrm_migrate_state_find);
1266
1267struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
1268 struct xfrm_migrate *m)
1269{
1270 struct xfrm_state *xc;
1271
1272 xc = xfrm_state_clone(x);
1273 if (!xc)
1274 return NULL;
1275
1276 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1277 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1278
1279 /* add state */
1280 if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) {
1281 /* a care is needed when the destination address of the
1282 state is to be updated as it is a part of triplet */
1283 xfrm_state_insert(xc);
1284 } else {
1285 if (xfrm_state_add(xc) < 0)
1286 goto error;
1287 }
1288
1289 return xc;
1290error:
1291 xfrm_state_put(xc);
1292 return NULL;
1293}
1294EXPORT_SYMBOL(xfrm_state_migrate);
1295#endif
1296
1297int xfrm_state_update(struct xfrm_state *x)
1298{
1299 struct xfrm_state *x1, *to_put;
1300 int err;
1301 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1302 struct net *net = xs_net(x);
1303
1304 to_put = NULL;
1305
1306 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1307 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1308
1309 err = -ESRCH;
1310 if (!x1)
1311 goto out;
1312
1313 if (xfrm_state_kern(x1)) {
1314 to_put = x1;
1315 err = -EEXIST;
1316 goto out;
1317 }
1318
1319 if (x1->km.state == XFRM_STATE_ACQ) {
1320 __xfrm_state_insert(x);
1321 x = NULL;
1322 }
1323 err = 0;
1324
1325out:
1326 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1327
1328 if (to_put)
1329 xfrm_state_put(to_put);
1330
1331 if (err)
1332 return err;
1333
1334 if (!x) {
1335 xfrm_state_delete(x1);
1336 xfrm_state_put(x1);
1337 return 0;
1338 }
1339
1340 err = -EINVAL;
1341 spin_lock_bh(&x1->lock);
1342 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1343 if (x->encap && x1->encap)
1344 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1345 if (x->coaddr && x1->coaddr) {
1346 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1347 }
1348 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1349 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1350 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1351 x1->km.dying = 0;
1352
1353 tasklet_hrtimer_start(&x1->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
1354 if (x1->curlft.use_time)
1355 xfrm_state_check_expire(x1);
1356
1357 err = 0;
1358 x->km.state = XFRM_STATE_DEAD;
1359 __xfrm_state_put(x);
1360 }
1361 spin_unlock_bh(&x1->lock);
1362
1363 xfrm_state_put(x1);
1364
1365 return err;
1366}
1367EXPORT_SYMBOL(xfrm_state_update);
1368
1369int xfrm_state_check_expire(struct xfrm_state *x)
1370{
1371 if (!x->curlft.use_time)
1372 x->curlft.use_time = get_seconds();
1373
1374 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1375 x->curlft.packets >= x->lft.hard_packet_limit) {
1376 x->km.state = XFRM_STATE_EXPIRED;
1377 tasklet_hrtimer_start(&x->mtimer, ktime_set(0, 0), HRTIMER_MODE_REL);
1378 return -EINVAL;
1379 }
1380
1381 if (!x->km.dying &&
1382 (x->curlft.bytes >= x->lft.soft_byte_limit ||
1383 x->curlft.packets >= x->lft.soft_packet_limit)) {
1384 x->km.dying = 1;
1385 km_state_expired(x, 0, 0);
1386 }
1387 return 0;
1388}
1389EXPORT_SYMBOL(xfrm_state_check_expire);
1390
1391struct xfrm_state *
1392xfrm_state_lookup(struct net *net, u32 mark, const xfrm_address_t *daddr, __be32 spi,
1393 u8 proto, unsigned short family)
1394{
1395 struct xfrm_state *x;
1396
1397 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1398 x = __xfrm_state_lookup(net, mark, daddr, spi, proto, family);
1399 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1400 return x;
1401}
1402EXPORT_SYMBOL(xfrm_state_lookup);
1403
1404struct xfrm_state *
1405xfrm_state_lookup_byaddr(struct net *net, u32 mark,
1406 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
1407 u8 proto, unsigned short family)
1408{
1409 struct xfrm_state *x;
1410
1411 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1412 x = __xfrm_state_lookup_byaddr(net, mark, daddr, saddr, proto, family);
1413 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1414 return x;
1415}
1416EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1417
1418struct xfrm_state *
1419xfrm_find_acq(struct net *net, const struct xfrm_mark *mark, u8 mode, u32 reqid,
1420 u8 proto, const xfrm_address_t *daddr,
1421 const xfrm_address_t *saddr, int create, unsigned short family)
1422{
1423 struct xfrm_state *x;
1424
1425 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1426 x = __find_acq_core(net, mark, family, mode, reqid, proto, daddr, saddr, create);
1427 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1428
1429 return x;
1430}
1431EXPORT_SYMBOL(xfrm_find_acq);
1432
1433#ifdef CONFIG_XFRM_SUB_POLICY
1434int
1435xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1436 unsigned short family, struct net *net)
1437{
1438 int err = 0;
1439 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1440 if (!afinfo)
1441 return -EAFNOSUPPORT;
1442
1443 spin_lock_bh(&net->xfrm.xfrm_state_lock); /*FIXME*/
1444 if (afinfo->tmpl_sort)
1445 err = afinfo->tmpl_sort(dst, src, n);
1446 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1447 xfrm_state_put_afinfo(afinfo);
1448 return err;
1449}
1450EXPORT_SYMBOL(xfrm_tmpl_sort);
1451
1452int
1453xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1454 unsigned short family)
1455{
1456 int err = 0;
1457 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1458 struct net *net = xs_net(*src);
1459
1460 if (!afinfo)
1461 return -EAFNOSUPPORT;
1462
1463 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1464 if (afinfo->state_sort)
1465 err = afinfo->state_sort(dst, src, n);
1466 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1467 xfrm_state_put_afinfo(afinfo);
1468 return err;
1469}
1470EXPORT_SYMBOL(xfrm_state_sort);
1471#endif
1472
1473/* Silly enough, but I'm lazy to build resolution list */
1474
1475static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
1476{
1477 int i;
1478
1479 for (i = 0; i <= net->xfrm.state_hmask; i++) {
1480 struct xfrm_state *x;
1481
1482 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
1483 if (x->km.seq == seq &&
1484 (mark & x->mark.m) == x->mark.v &&
1485 x->km.state == XFRM_STATE_ACQ) {
1486 xfrm_state_hold(x);
1487 return x;
1488 }
1489 }
1490 }
1491 return NULL;
1492}
1493
1494struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
1495{
1496 struct xfrm_state *x;
1497
1498 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1499 x = __xfrm_find_acq_byseq(net, mark, seq);
1500 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1501 return x;
1502}
1503EXPORT_SYMBOL(xfrm_find_acq_byseq);
1504
1505u32 xfrm_get_acqseq(void)
1506{
1507 u32 res;
1508 static atomic_t acqseq;
1509
1510 do {
1511 res = atomic_inc_return(&acqseq);
1512 } while (!res);
1513
1514 return res;
1515}
1516EXPORT_SYMBOL(xfrm_get_acqseq);
1517
1518int verify_spi_info(u8 proto, u32 min, u32 max)
1519{
1520 switch (proto) {
1521 case IPPROTO_AH:
1522 case IPPROTO_ESP:
1523 break;
1524
1525 case IPPROTO_COMP:
1526 /* IPCOMP spi is 16-bits. */
1527 if (max >= 0x10000)
1528 return -EINVAL;
1529 break;
1530
1531 default:
1532 return -EINVAL;
1533 }
1534
1535 if (min > max)
1536 return -EINVAL;
1537
1538 return 0;
1539}
1540EXPORT_SYMBOL(verify_spi_info);
1541
1542int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1543{
1544 struct net *net = xs_net(x);
1545 unsigned int h;
1546 struct xfrm_state *x0;
1547 int err = -ENOENT;
1548 __be32 minspi = htonl(low);
1549 __be32 maxspi = htonl(high);
1550 u32 mark = x->mark.v & x->mark.m;
1551
1552 spin_lock_bh(&x->lock);
1553 if (x->km.state == XFRM_STATE_DEAD)
1554 goto unlock;
1555
1556 err = 0;
1557 if (x->id.spi)
1558 goto unlock;
1559
1560 err = -ENOENT;
1561
1562 if (minspi == maxspi) {
1563 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, minspi, x->id.proto, x->props.family);
1564 if (x0) {
1565 xfrm_state_put(x0);
1566 goto unlock;
1567 }
1568 x->id.spi = minspi;
1569 } else {
1570 u32 spi = 0;
1571 for (h = 0; h < high-low+1; h++) {
1572 spi = low + prandom_u32()%(high-low+1);
1573 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1574 if (x0 == NULL) {
1575 x->id.spi = htonl(spi);
1576 break;
1577 }
1578 xfrm_state_put(x0);
1579 }
1580 }
1581 if (x->id.spi) {
1582 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1583 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1584 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
1585 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1586
1587 err = 0;
1588 }
1589
1590unlock:
1591 spin_unlock_bh(&x->lock);
1592
1593 return err;
1594}
1595EXPORT_SYMBOL(xfrm_alloc_spi);
1596
1597static bool __xfrm_state_filter_match(struct xfrm_state *x,
1598 struct xfrm_address_filter *filter)
1599{
1600 if (filter) {
1601 if ((filter->family == AF_INET ||
1602 filter->family == AF_INET6) &&
1603 x->props.family != filter->family)
1604 return false;
1605
1606 return addr_match(&x->props.saddr, &filter->saddr,
1607 filter->splen) &&
1608 addr_match(&x->id.daddr, &filter->daddr,
1609 filter->dplen);
1610 }
1611 return true;
1612}
1613
1614int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
1615 int (*func)(struct xfrm_state *, int, void*),
1616 void *data)
1617{
1618 struct xfrm_state *state;
1619 struct xfrm_state_walk *x;
1620 int err = 0;
1621
1622 if (walk->seq != 0 && list_empty(&walk->all))
1623 return 0;
1624
1625 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1626 if (list_empty(&walk->all))
1627 x = list_first_entry(&net->xfrm.state_all, struct xfrm_state_walk, all);
1628 else
1629 x = list_first_entry(&walk->all, struct xfrm_state_walk, all);
1630 list_for_each_entry_from(x, &net->xfrm.state_all, all) {
1631 if (x->state == XFRM_STATE_DEAD)
1632 continue;
1633 state = container_of(x, struct xfrm_state, km);
1634 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
1635 continue;
1636 if (!__xfrm_state_filter_match(state, walk->filter))
1637 continue;
1638 err = func(state, walk->seq, data);
1639 if (err) {
1640 list_move_tail(&walk->all, &x->all);
1641 goto out;
1642 }
1643 walk->seq++;
1644 }
1645 if (walk->seq == 0) {
1646 err = -ENOENT;
1647 goto out;
1648 }
1649 list_del_init(&walk->all);
1650out:
1651 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1652 return err;
1653}
1654EXPORT_SYMBOL(xfrm_state_walk);
1655
1656void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto,
1657 struct xfrm_address_filter *filter)
1658{
1659 INIT_LIST_HEAD(&walk->all);
1660 walk->proto = proto;
1661 walk->state = XFRM_STATE_DEAD;
1662 walk->seq = 0;
1663 walk->filter = filter;
1664}
1665EXPORT_SYMBOL(xfrm_state_walk_init);
1666
1667void xfrm_state_walk_done(struct xfrm_state_walk *walk, struct net *net)
1668{
1669 kfree(walk->filter);
1670
1671 if (list_empty(&walk->all))
1672 return;
1673
1674 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1675 list_del(&walk->all);
1676 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1677}
1678EXPORT_SYMBOL(xfrm_state_walk_done);
1679
1680static void xfrm_replay_timer_handler(unsigned long data)
1681{
1682 struct xfrm_state *x = (struct xfrm_state *)data;
1683
1684 spin_lock(&x->lock);
1685
1686 if (x->km.state == XFRM_STATE_VALID) {
1687 if (xfrm_aevent_is_on(xs_net(x)))
1688 x->repl->notify(x, XFRM_REPLAY_TIMEOUT);
1689 else
1690 x->xflags |= XFRM_TIME_DEFER;
1691 }
1692
1693 spin_unlock(&x->lock);
1694}
1695
1696static LIST_HEAD(xfrm_km_list);
1697
1698void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
1699{
1700 struct xfrm_mgr *km;
1701
1702 rcu_read_lock();
1703 list_for_each_entry_rcu(km, &xfrm_km_list, list)
1704 if (km->notify_policy)
1705 km->notify_policy(xp, dir, c);
1706 rcu_read_unlock();
1707}
1708
1709void km_state_notify(struct xfrm_state *x, const struct km_event *c)
1710{
1711 struct xfrm_mgr *km;
1712 rcu_read_lock();
1713 list_for_each_entry_rcu(km, &xfrm_km_list, list)
1714 if (km->notify)
1715 km->notify(x, c);
1716 rcu_read_unlock();
1717}
1718
1719EXPORT_SYMBOL(km_policy_notify);
1720EXPORT_SYMBOL(km_state_notify);
1721
1722void km_state_expired(struct xfrm_state *x, int hard, u32 portid)
1723{
1724 struct km_event c;
1725
1726 c.data.hard = hard;
1727 c.portid = portid;
1728 c.event = XFRM_MSG_EXPIRE;
1729 km_state_notify(x, &c);
1730}
1731
1732EXPORT_SYMBOL(km_state_expired);
1733/*
1734 * We send to all registered managers regardless of failure
1735 * We are happy with one success
1736*/
1737int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1738{
1739 int err = -EINVAL, acqret;
1740 struct xfrm_mgr *km;
1741
1742 rcu_read_lock();
1743 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1744 acqret = km->acquire(x, t, pol);
1745 if (!acqret)
1746 err = acqret;
1747 }
1748 rcu_read_unlock();
1749 return err;
1750}
1751EXPORT_SYMBOL(km_query);
1752
1753int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1754{
1755 int err = -EINVAL;
1756 struct xfrm_mgr *km;
1757
1758 rcu_read_lock();
1759 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1760 if (km->new_mapping)
1761 err = km->new_mapping(x, ipaddr, sport);
1762 if (!err)
1763 break;
1764 }
1765 rcu_read_unlock();
1766 return err;
1767}
1768EXPORT_SYMBOL(km_new_mapping);
1769
1770void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid)
1771{
1772 struct km_event c;
1773
1774 c.data.hard = hard;
1775 c.portid = portid;
1776 c.event = XFRM_MSG_POLEXPIRE;
1777 km_policy_notify(pol, dir, &c);
1778}
1779EXPORT_SYMBOL(km_policy_expired);
1780
1781#ifdef CONFIG_XFRM_MIGRATE
1782int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
1783 const struct xfrm_migrate *m, int num_migrate,
1784 const struct xfrm_kmaddress *k)
1785{
1786 int err = -EINVAL;
1787 int ret;
1788 struct xfrm_mgr *km;
1789
1790 rcu_read_lock();
1791 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1792 if (km->migrate) {
1793 ret = km->migrate(sel, dir, type, m, num_migrate, k);
1794 if (!ret)
1795 err = ret;
1796 }
1797 }
1798 rcu_read_unlock();
1799 return err;
1800}
1801EXPORT_SYMBOL(km_migrate);
1802#endif
1803
1804int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1805{
1806 int err = -EINVAL;
1807 int ret;
1808 struct xfrm_mgr *km;
1809
1810 rcu_read_lock();
1811 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1812 if (km->report) {
1813 ret = km->report(net, proto, sel, addr);
1814 if (!ret)
1815 err = ret;
1816 }
1817 }
1818 rcu_read_unlock();
1819 return err;
1820}
1821EXPORT_SYMBOL(km_report);
1822
1823bool km_is_alive(const struct km_event *c)
1824{
1825 struct xfrm_mgr *km;
1826 bool is_alive = false;
1827
1828 rcu_read_lock();
1829 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1830 if (km->is_alive && km->is_alive(c)) {
1831 is_alive = true;
1832 break;
1833 }
1834 }
1835 rcu_read_unlock();
1836
1837 return is_alive;
1838}
1839EXPORT_SYMBOL(km_is_alive);
1840
1841int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1842{
1843 int err;
1844 u8 *data;
1845 struct xfrm_mgr *km;
1846 struct xfrm_policy *pol = NULL;
1847
1848 if (optlen <= 0 || optlen > PAGE_SIZE)
1849 return -EMSGSIZE;
1850
1851 data = kmalloc(optlen, GFP_KERNEL);
1852 if (!data)
1853 return -ENOMEM;
1854
1855 err = -EFAULT;
1856 if (copy_from_user(data, optval, optlen))
1857 goto out;
1858
1859 err = -EINVAL;
1860 rcu_read_lock();
1861 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1862 pol = km->compile_policy(sk, optname, data,
1863 optlen, &err);
1864 if (err >= 0)
1865 break;
1866 }
1867 rcu_read_unlock();
1868
1869 if (err >= 0) {
1870 xfrm_sk_policy_insert(sk, err, pol);
1871 xfrm_pol_put(pol);
1872 err = 0;
1873 }
1874
1875out:
1876 kfree(data);
1877 return err;
1878}
1879EXPORT_SYMBOL(xfrm_user_policy);
1880
1881static DEFINE_SPINLOCK(xfrm_km_lock);
1882
1883int xfrm_register_km(struct xfrm_mgr *km)
1884{
1885 spin_lock_bh(&xfrm_km_lock);
1886 list_add_tail_rcu(&km->list, &xfrm_km_list);
1887 spin_unlock_bh(&xfrm_km_lock);
1888 return 0;
1889}
1890EXPORT_SYMBOL(xfrm_register_km);
1891
1892int xfrm_unregister_km(struct xfrm_mgr *km)
1893{
1894 spin_lock_bh(&xfrm_km_lock);
1895 list_del_rcu(&km->list);
1896 spin_unlock_bh(&xfrm_km_lock);
1897 synchronize_rcu();
1898 return 0;
1899}
1900EXPORT_SYMBOL(xfrm_unregister_km);
1901
1902int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1903{
1904 int err = 0;
1905 if (unlikely(afinfo == NULL))
1906 return -EINVAL;
1907 if (unlikely(afinfo->family >= NPROTO))
1908 return -EAFNOSUPPORT;
1909 spin_lock_bh(&xfrm_state_afinfo_lock);
1910 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1911 err = -EEXIST;
1912 else
1913 rcu_assign_pointer(xfrm_state_afinfo[afinfo->family], afinfo);
1914 spin_unlock_bh(&xfrm_state_afinfo_lock);
1915 return err;
1916}
1917EXPORT_SYMBOL(xfrm_state_register_afinfo);
1918
1919int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1920{
1921 int err = 0;
1922 if (unlikely(afinfo == NULL))
1923 return -EINVAL;
1924 if (unlikely(afinfo->family >= NPROTO))
1925 return -EAFNOSUPPORT;
1926 spin_lock_bh(&xfrm_state_afinfo_lock);
1927 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1928 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1929 err = -EINVAL;
1930 else
1931 RCU_INIT_POINTER(xfrm_state_afinfo[afinfo->family], NULL);
1932 }
1933 spin_unlock_bh(&xfrm_state_afinfo_lock);
1934 synchronize_rcu();
1935 return err;
1936}
1937EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1938
1939struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1940{
1941 struct xfrm_state_afinfo *afinfo;
1942 if (unlikely(family >= NPROTO))
1943 return NULL;
1944 rcu_read_lock();
1945 afinfo = rcu_dereference(xfrm_state_afinfo[family]);
1946 if (unlikely(!afinfo))
1947 rcu_read_unlock();
1948 return afinfo;
1949}
1950
1951void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1952{
1953 rcu_read_unlock();
1954}
1955
1956/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1957void xfrm_state_delete_tunnel(struct xfrm_state *x)
1958{
1959 if (x->tunnel) {
1960 struct xfrm_state *t = x->tunnel;
1961
1962 if (atomic_read(&t->tunnel_users) == 2)
1963 xfrm_state_delete(t);
1964 atomic_dec(&t->tunnel_users);
1965 xfrm_state_put(t);
1966 x->tunnel = NULL;
1967 }
1968}
1969EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1970
1971int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1972{
1973 int res;
1974
1975 spin_lock_bh(&x->lock);
1976 if (x->km.state == XFRM_STATE_VALID &&
1977 x->type && x->type->get_mtu)
1978 res = x->type->get_mtu(x, mtu);
1979 else
1980 res = mtu - x->props.header_len;
1981 spin_unlock_bh(&x->lock);
1982 return res;
1983}
1984
1985int __xfrm_init_state(struct xfrm_state *x, bool init_replay)
1986{
1987 struct xfrm_state_afinfo *afinfo;
1988 struct xfrm_mode *inner_mode;
1989 int family = x->props.family;
1990 int err;
1991
1992 err = -EAFNOSUPPORT;
1993 afinfo = xfrm_state_get_afinfo(family);
1994 if (!afinfo)
1995 goto error;
1996
1997 err = 0;
1998 if (afinfo->init_flags)
1999 err = afinfo->init_flags(x);
2000
2001 xfrm_state_put_afinfo(afinfo);
2002
2003 if (err)
2004 goto error;
2005
2006 err = -EPROTONOSUPPORT;
2007
2008 if (x->sel.family != AF_UNSPEC) {
2009 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2010 if (inner_mode == NULL)
2011 goto error;
2012
2013 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2014 family != x->sel.family) {
2015 xfrm_put_mode(inner_mode);
2016 goto error;
2017 }
2018
2019 x->inner_mode = inner_mode;
2020 } else {
2021 struct xfrm_mode *inner_mode_iaf;
2022 int iafamily = AF_INET;
2023
2024 inner_mode = xfrm_get_mode(x->props.mode, x->props.family);
2025 if (inner_mode == NULL)
2026 goto error;
2027
2028 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2029 xfrm_put_mode(inner_mode);
2030 goto error;
2031 }
2032 x->inner_mode = inner_mode;
2033
2034 if (x->props.family == AF_INET)
2035 iafamily = AF_INET6;
2036
2037 inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily);
2038 if (inner_mode_iaf) {
2039 if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)
2040 x->inner_mode_iaf = inner_mode_iaf;
2041 else
2042 xfrm_put_mode(inner_mode_iaf);
2043 }
2044 }
2045
2046 x->type = xfrm_get_type(x->id.proto, family);
2047 if (x->type == NULL)
2048 goto error;
2049
2050 err = x->type->init_state(x);
2051 if (err)
2052 goto error;
2053
2054 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2055 if (x->outer_mode == NULL) {
2056 err = -EPROTONOSUPPORT;
2057 goto error;
2058 }
2059
2060 if (init_replay) {
2061 err = xfrm_init_replay(x);
2062 if (err)
2063 goto error;
2064 }
2065
2066 x->km.state = XFRM_STATE_VALID;
2067
2068error:
2069 return err;
2070}
2071
2072EXPORT_SYMBOL(__xfrm_init_state);
2073
2074int xfrm_init_state(struct xfrm_state *x)
2075{
2076 return __xfrm_init_state(x, true);
2077}
2078
2079EXPORT_SYMBOL(xfrm_init_state);
2080
2081int __net_init xfrm_state_init(struct net *net)
2082{
2083 unsigned int sz;
2084
2085 INIT_LIST_HEAD(&net->xfrm.state_all);
2086
2087 sz = sizeof(struct hlist_head) * 8;
2088
2089 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2090 if (!net->xfrm.state_bydst)
2091 goto out_bydst;
2092 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2093 if (!net->xfrm.state_bysrc)
2094 goto out_bysrc;
2095 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2096 if (!net->xfrm.state_byspi)
2097 goto out_byspi;
2098 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2099
2100 net->xfrm.state_num = 0;
2101 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
2102 INIT_HLIST_HEAD(&net->xfrm.state_gc_list);
2103 INIT_WORK(&net->xfrm.state_gc_work, xfrm_state_gc_task);
2104 spin_lock_init(&net->xfrm.xfrm_state_lock);
2105 return 0;
2106
2107out_byspi:
2108 xfrm_hash_free(net->xfrm.state_bysrc, sz);
2109out_bysrc:
2110 xfrm_hash_free(net->xfrm.state_bydst, sz);
2111out_bydst:
2112 return -ENOMEM;
2113}
2114
2115void xfrm_state_fini(struct net *net)
2116{
2117 unsigned int sz;
2118
2119 flush_work(&net->xfrm.state_hash_work);
2120 xfrm_state_flush(net, IPSEC_PROTO_ANY, false);
2121 flush_work(&net->xfrm.state_gc_work);
2122
2123 WARN_ON(!list_empty(&net->xfrm.state_all));
2124
2125 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
2126 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2127 xfrm_hash_free(net->xfrm.state_byspi, sz);
2128 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2129 xfrm_hash_free(net->xfrm.state_bysrc, sz);
2130 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2131 xfrm_hash_free(net->xfrm.state_bydst, sz);
2132}
2133
2134#ifdef CONFIG_AUDITSYSCALL
2135static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2136 struct audit_buffer *audit_buf)
2137{
2138 struct xfrm_sec_ctx *ctx = x->security;
2139 u32 spi = ntohl(x->id.spi);
2140
2141 if (ctx)
2142 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2143 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2144
2145 switch (x->props.family) {
2146 case AF_INET:
2147 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2148 &x->props.saddr.a4, &x->id.daddr.a4);
2149 break;
2150 case AF_INET6:
2151 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2152 x->props.saddr.a6, x->id.daddr.a6);
2153 break;
2154 }
2155
2156 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2157}
2158
2159static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2160 struct audit_buffer *audit_buf)
2161{
2162 const struct iphdr *iph4;
2163 const struct ipv6hdr *iph6;
2164
2165 switch (family) {
2166 case AF_INET:
2167 iph4 = ip_hdr(skb);
2168 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2169 &iph4->saddr, &iph4->daddr);
2170 break;
2171 case AF_INET6:
2172 iph6 = ipv6_hdr(skb);
2173 audit_log_format(audit_buf,
2174 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2175 &iph6->saddr, &iph6->daddr,
2176 iph6->flow_lbl[0] & 0x0f,
2177 iph6->flow_lbl[1],
2178 iph6->flow_lbl[2]);
2179 break;
2180 }
2181}
2182
2183void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid)
2184{
2185 struct audit_buffer *audit_buf;
2186
2187 audit_buf = xfrm_audit_start("SAD-add");
2188 if (audit_buf == NULL)
2189 return;
2190 xfrm_audit_helper_usrinfo(task_valid, audit_buf);
2191 xfrm_audit_helper_sainfo(x, audit_buf);
2192 audit_log_format(audit_buf, " res=%u", result);
2193 audit_log_end(audit_buf);
2194}
2195EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2196
2197void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid)
2198{
2199 struct audit_buffer *audit_buf;
2200
2201 audit_buf = xfrm_audit_start("SAD-delete");
2202 if (audit_buf == NULL)
2203 return;
2204 xfrm_audit_helper_usrinfo(task_valid, audit_buf);
2205 xfrm_audit_helper_sainfo(x, audit_buf);
2206 audit_log_format(audit_buf, " res=%u", result);
2207 audit_log_end(audit_buf);
2208}
2209EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2210
2211void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2212 struct sk_buff *skb)
2213{
2214 struct audit_buffer *audit_buf;
2215 u32 spi;
2216
2217 audit_buf = xfrm_audit_start("SA-replay-overflow");
2218 if (audit_buf == NULL)
2219 return;
2220 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2221 /* don't record the sequence number because it's inherent in this kind
2222 * of audit message */
2223 spi = ntohl(x->id.spi);
2224 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2225 audit_log_end(audit_buf);
2226}
2227EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2228
2229void xfrm_audit_state_replay(struct xfrm_state *x,
2230 struct sk_buff *skb, __be32 net_seq)
2231{
2232 struct audit_buffer *audit_buf;
2233 u32 spi;
2234
2235 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2236 if (audit_buf == NULL)
2237 return;
2238 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2239 spi = ntohl(x->id.spi);
2240 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2241 spi, spi, ntohl(net_seq));
2242 audit_log_end(audit_buf);
2243}
2244EXPORT_SYMBOL_GPL(xfrm_audit_state_replay);
2245
2246void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2247{
2248 struct audit_buffer *audit_buf;
2249
2250 audit_buf = xfrm_audit_start("SA-notfound");
2251 if (audit_buf == NULL)
2252 return;
2253 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2254 audit_log_end(audit_buf);
2255}
2256EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2257
2258void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2259 __be32 net_spi, __be32 net_seq)
2260{
2261 struct audit_buffer *audit_buf;
2262 u32 spi;
2263
2264 audit_buf = xfrm_audit_start("SA-notfound");
2265 if (audit_buf == NULL)
2266 return;
2267 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2268 spi = ntohl(net_spi);
2269 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2270 spi, spi, ntohl(net_seq));
2271 audit_log_end(audit_buf);
2272}
2273EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2274
2275void xfrm_audit_state_icvfail(struct xfrm_state *x,
2276 struct sk_buff *skb, u8 proto)
2277{
2278 struct audit_buffer *audit_buf;
2279 __be32 net_spi;
2280 __be32 net_seq;
2281
2282 audit_buf = xfrm_audit_start("SA-icv-failure");
2283 if (audit_buf == NULL)
2284 return;
2285 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2286 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2287 u32 spi = ntohl(net_spi);
2288 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2289 spi, spi, ntohl(net_seq));
2290 }
2291 audit_log_end(audit_buf);
2292}
2293EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2294#endif /* CONFIG_AUDITSYSCALL */
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * xfrm_state.c
4 *
5 * Changes:
6 * Mitsuru KANDA @USAGI
7 * Kazunori MIYAZAWA @USAGI
8 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
9 * IPv6 support
10 * YOSHIFUJI Hideaki @USAGI
11 * Split up af-specific functions
12 * Derek Atkins <derek@ihtfp.com>
13 * Add UDP Encapsulation
14 *
15 */
16
17#include <linux/compat.h>
18#include <linux/workqueue.h>
19#include <net/xfrm.h>
20#include <linux/pfkeyv2.h>
21#include <linux/ipsec.h>
22#include <linux/module.h>
23#include <linux/cache.h>
24#include <linux/audit.h>
25#include <linux/uaccess.h>
26#include <linux/ktime.h>
27#include <linux/slab.h>
28#include <linux/interrupt.h>
29#include <linux/kernel.h>
30
31#include <crypto/aead.h>
32
33#include "xfrm_hash.h"
34
35#define xfrm_state_deref_prot(table, net) \
36 rcu_dereference_protected((table), lockdep_is_held(&(net)->xfrm.xfrm_state_lock))
37
38static void xfrm_state_gc_task(struct work_struct *work);
39
40/* Each xfrm_state may be linked to two tables:
41
42 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
43 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
44 destination/tunnel endpoint. (output)
45 */
46
47static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
48static struct kmem_cache *xfrm_state_cache __ro_after_init;
49
50static DECLARE_WORK(xfrm_state_gc_work, xfrm_state_gc_task);
51static HLIST_HEAD(xfrm_state_gc_list);
52
53static inline bool xfrm_state_hold_rcu(struct xfrm_state __rcu *x)
54{
55 return refcount_inc_not_zero(&x->refcnt);
56}
57
58static inline unsigned int xfrm_dst_hash(struct net *net,
59 const xfrm_address_t *daddr,
60 const xfrm_address_t *saddr,
61 u32 reqid,
62 unsigned short family)
63{
64 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask);
65}
66
67static inline unsigned int xfrm_src_hash(struct net *net,
68 const xfrm_address_t *daddr,
69 const xfrm_address_t *saddr,
70 unsigned short family)
71{
72 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
73}
74
75static inline unsigned int
76xfrm_spi_hash(struct net *net, const xfrm_address_t *daddr,
77 __be32 spi, u8 proto, unsigned short family)
78{
79 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
80}
81
82static unsigned int xfrm_seq_hash(struct net *net, u32 seq)
83{
84 return __xfrm_seq_hash(seq, net->xfrm.state_hmask);
85}
86
87#define XFRM_STATE_INSERT(by, _n, _h, _type) \
88 { \
89 struct xfrm_state *_x = NULL; \
90 \
91 if (_type != XFRM_DEV_OFFLOAD_PACKET) { \
92 hlist_for_each_entry_rcu(_x, _h, by) { \
93 if (_x->xso.type == XFRM_DEV_OFFLOAD_PACKET) \
94 continue; \
95 break; \
96 } \
97 } \
98 \
99 if (!_x || _x->xso.type == XFRM_DEV_OFFLOAD_PACKET) \
100 /* SAD is empty or consist from HW SAs only */ \
101 hlist_add_head_rcu(_n, _h); \
102 else \
103 hlist_add_before_rcu(_n, &_x->by); \
104 }
105
106static void xfrm_hash_transfer(struct hlist_head *list,
107 struct hlist_head *ndsttable,
108 struct hlist_head *nsrctable,
109 struct hlist_head *nspitable,
110 struct hlist_head *nseqtable,
111 unsigned int nhashmask)
112{
113 struct hlist_node *tmp;
114 struct xfrm_state *x;
115
116 hlist_for_each_entry_safe(x, tmp, list, bydst) {
117 unsigned int h;
118
119 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
120 x->props.reqid, x->props.family,
121 nhashmask);
122 XFRM_STATE_INSERT(bydst, &x->bydst, ndsttable + h, x->xso.type);
123
124 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
125 x->props.family,
126 nhashmask);
127 XFRM_STATE_INSERT(bysrc, &x->bysrc, nsrctable + h, x->xso.type);
128
129 if (x->id.spi) {
130 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
131 x->id.proto, x->props.family,
132 nhashmask);
133 XFRM_STATE_INSERT(byspi, &x->byspi, nspitable + h,
134 x->xso.type);
135 }
136
137 if (x->km.seq) {
138 h = __xfrm_seq_hash(x->km.seq, nhashmask);
139 XFRM_STATE_INSERT(byseq, &x->byseq, nseqtable + h,
140 x->xso.type);
141 }
142 }
143}
144
145static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
146{
147 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
148}
149
150static void xfrm_hash_resize(struct work_struct *work)
151{
152 struct net *net = container_of(work, struct net, xfrm.state_hash_work);
153 struct hlist_head *ndst, *nsrc, *nspi, *nseq, *odst, *osrc, *ospi, *oseq;
154 unsigned long nsize, osize;
155 unsigned int nhashmask, ohashmask;
156 int i;
157
158 nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
159 ndst = xfrm_hash_alloc(nsize);
160 if (!ndst)
161 return;
162 nsrc = xfrm_hash_alloc(nsize);
163 if (!nsrc) {
164 xfrm_hash_free(ndst, nsize);
165 return;
166 }
167 nspi = xfrm_hash_alloc(nsize);
168 if (!nspi) {
169 xfrm_hash_free(ndst, nsize);
170 xfrm_hash_free(nsrc, nsize);
171 return;
172 }
173 nseq = xfrm_hash_alloc(nsize);
174 if (!nseq) {
175 xfrm_hash_free(ndst, nsize);
176 xfrm_hash_free(nsrc, nsize);
177 xfrm_hash_free(nspi, nsize);
178 return;
179 }
180
181 spin_lock_bh(&net->xfrm.xfrm_state_lock);
182 write_seqcount_begin(&net->xfrm.xfrm_state_hash_generation);
183
184 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
185 odst = xfrm_state_deref_prot(net->xfrm.state_bydst, net);
186 for (i = net->xfrm.state_hmask; i >= 0; i--)
187 xfrm_hash_transfer(odst + i, ndst, nsrc, nspi, nseq, nhashmask);
188
189 osrc = xfrm_state_deref_prot(net->xfrm.state_bysrc, net);
190 ospi = xfrm_state_deref_prot(net->xfrm.state_byspi, net);
191 oseq = xfrm_state_deref_prot(net->xfrm.state_byseq, net);
192 ohashmask = net->xfrm.state_hmask;
193
194 rcu_assign_pointer(net->xfrm.state_bydst, ndst);
195 rcu_assign_pointer(net->xfrm.state_bysrc, nsrc);
196 rcu_assign_pointer(net->xfrm.state_byspi, nspi);
197 rcu_assign_pointer(net->xfrm.state_byseq, nseq);
198 net->xfrm.state_hmask = nhashmask;
199
200 write_seqcount_end(&net->xfrm.xfrm_state_hash_generation);
201 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
202
203 osize = (ohashmask + 1) * sizeof(struct hlist_head);
204
205 synchronize_rcu();
206
207 xfrm_hash_free(odst, osize);
208 xfrm_hash_free(osrc, osize);
209 xfrm_hash_free(ospi, osize);
210 xfrm_hash_free(oseq, osize);
211}
212
213static DEFINE_SPINLOCK(xfrm_state_afinfo_lock);
214static struct xfrm_state_afinfo __rcu *xfrm_state_afinfo[NPROTO];
215
216static DEFINE_SPINLOCK(xfrm_state_gc_lock);
217
218int __xfrm_state_delete(struct xfrm_state *x);
219
220int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
221static bool km_is_alive(const struct km_event *c);
222void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
223
224int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
225{
226 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
227 int err = 0;
228
229 if (!afinfo)
230 return -EAFNOSUPPORT;
231
232#define X(afi, T, name) do { \
233 WARN_ON((afi)->type_ ## name); \
234 (afi)->type_ ## name = (T); \
235 } while (0)
236
237 switch (type->proto) {
238 case IPPROTO_COMP:
239 X(afinfo, type, comp);
240 break;
241 case IPPROTO_AH:
242 X(afinfo, type, ah);
243 break;
244 case IPPROTO_ESP:
245 X(afinfo, type, esp);
246 break;
247 case IPPROTO_IPIP:
248 X(afinfo, type, ipip);
249 break;
250 case IPPROTO_DSTOPTS:
251 X(afinfo, type, dstopts);
252 break;
253 case IPPROTO_ROUTING:
254 X(afinfo, type, routing);
255 break;
256 case IPPROTO_IPV6:
257 X(afinfo, type, ipip6);
258 break;
259 default:
260 WARN_ON(1);
261 err = -EPROTONOSUPPORT;
262 break;
263 }
264#undef X
265 rcu_read_unlock();
266 return err;
267}
268EXPORT_SYMBOL(xfrm_register_type);
269
270void xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
271{
272 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
273
274 if (unlikely(afinfo == NULL))
275 return;
276
277#define X(afi, T, name) do { \
278 WARN_ON((afi)->type_ ## name != (T)); \
279 (afi)->type_ ## name = NULL; \
280 } while (0)
281
282 switch (type->proto) {
283 case IPPROTO_COMP:
284 X(afinfo, type, comp);
285 break;
286 case IPPROTO_AH:
287 X(afinfo, type, ah);
288 break;
289 case IPPROTO_ESP:
290 X(afinfo, type, esp);
291 break;
292 case IPPROTO_IPIP:
293 X(afinfo, type, ipip);
294 break;
295 case IPPROTO_DSTOPTS:
296 X(afinfo, type, dstopts);
297 break;
298 case IPPROTO_ROUTING:
299 X(afinfo, type, routing);
300 break;
301 case IPPROTO_IPV6:
302 X(afinfo, type, ipip6);
303 break;
304 default:
305 WARN_ON(1);
306 break;
307 }
308#undef X
309 rcu_read_unlock();
310}
311EXPORT_SYMBOL(xfrm_unregister_type);
312
313static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
314{
315 const struct xfrm_type *type = NULL;
316 struct xfrm_state_afinfo *afinfo;
317 int modload_attempted = 0;
318
319retry:
320 afinfo = xfrm_state_get_afinfo(family);
321 if (unlikely(afinfo == NULL))
322 return NULL;
323
324 switch (proto) {
325 case IPPROTO_COMP:
326 type = afinfo->type_comp;
327 break;
328 case IPPROTO_AH:
329 type = afinfo->type_ah;
330 break;
331 case IPPROTO_ESP:
332 type = afinfo->type_esp;
333 break;
334 case IPPROTO_IPIP:
335 type = afinfo->type_ipip;
336 break;
337 case IPPROTO_DSTOPTS:
338 type = afinfo->type_dstopts;
339 break;
340 case IPPROTO_ROUTING:
341 type = afinfo->type_routing;
342 break;
343 case IPPROTO_IPV6:
344 type = afinfo->type_ipip6;
345 break;
346 default:
347 break;
348 }
349
350 if (unlikely(type && !try_module_get(type->owner)))
351 type = NULL;
352
353 rcu_read_unlock();
354
355 if (!type && !modload_attempted) {
356 request_module("xfrm-type-%d-%d", family, proto);
357 modload_attempted = 1;
358 goto retry;
359 }
360
361 return type;
362}
363
364static void xfrm_put_type(const struct xfrm_type *type)
365{
366 module_put(type->owner);
367}
368
369int xfrm_register_type_offload(const struct xfrm_type_offload *type,
370 unsigned short family)
371{
372 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
373 int err = 0;
374
375 if (unlikely(afinfo == NULL))
376 return -EAFNOSUPPORT;
377
378 switch (type->proto) {
379 case IPPROTO_ESP:
380 WARN_ON(afinfo->type_offload_esp);
381 afinfo->type_offload_esp = type;
382 break;
383 default:
384 WARN_ON(1);
385 err = -EPROTONOSUPPORT;
386 break;
387 }
388
389 rcu_read_unlock();
390 return err;
391}
392EXPORT_SYMBOL(xfrm_register_type_offload);
393
394void xfrm_unregister_type_offload(const struct xfrm_type_offload *type,
395 unsigned short family)
396{
397 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
398
399 if (unlikely(afinfo == NULL))
400 return;
401
402 switch (type->proto) {
403 case IPPROTO_ESP:
404 WARN_ON(afinfo->type_offload_esp != type);
405 afinfo->type_offload_esp = NULL;
406 break;
407 default:
408 WARN_ON(1);
409 break;
410 }
411 rcu_read_unlock();
412}
413EXPORT_SYMBOL(xfrm_unregister_type_offload);
414
415static const struct xfrm_type_offload *
416xfrm_get_type_offload(u8 proto, unsigned short family, bool try_load)
417{
418 const struct xfrm_type_offload *type = NULL;
419 struct xfrm_state_afinfo *afinfo;
420
421retry:
422 afinfo = xfrm_state_get_afinfo(family);
423 if (unlikely(afinfo == NULL))
424 return NULL;
425
426 switch (proto) {
427 case IPPROTO_ESP:
428 type = afinfo->type_offload_esp;
429 break;
430 default:
431 break;
432 }
433
434 if ((type && !try_module_get(type->owner)))
435 type = NULL;
436
437 rcu_read_unlock();
438
439 if (!type && try_load) {
440 request_module("xfrm-offload-%d-%d", family, proto);
441 try_load = false;
442 goto retry;
443 }
444
445 return type;
446}
447
448static void xfrm_put_type_offload(const struct xfrm_type_offload *type)
449{
450 module_put(type->owner);
451}
452
453static const struct xfrm_mode xfrm4_mode_map[XFRM_MODE_MAX] = {
454 [XFRM_MODE_BEET] = {
455 .encap = XFRM_MODE_BEET,
456 .flags = XFRM_MODE_FLAG_TUNNEL,
457 .family = AF_INET,
458 },
459 [XFRM_MODE_TRANSPORT] = {
460 .encap = XFRM_MODE_TRANSPORT,
461 .family = AF_INET,
462 },
463 [XFRM_MODE_TUNNEL] = {
464 .encap = XFRM_MODE_TUNNEL,
465 .flags = XFRM_MODE_FLAG_TUNNEL,
466 .family = AF_INET,
467 },
468};
469
470static const struct xfrm_mode xfrm6_mode_map[XFRM_MODE_MAX] = {
471 [XFRM_MODE_BEET] = {
472 .encap = XFRM_MODE_BEET,
473 .flags = XFRM_MODE_FLAG_TUNNEL,
474 .family = AF_INET6,
475 },
476 [XFRM_MODE_ROUTEOPTIMIZATION] = {
477 .encap = XFRM_MODE_ROUTEOPTIMIZATION,
478 .family = AF_INET6,
479 },
480 [XFRM_MODE_TRANSPORT] = {
481 .encap = XFRM_MODE_TRANSPORT,
482 .family = AF_INET6,
483 },
484 [XFRM_MODE_TUNNEL] = {
485 .encap = XFRM_MODE_TUNNEL,
486 .flags = XFRM_MODE_FLAG_TUNNEL,
487 .family = AF_INET6,
488 },
489};
490
491static const struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
492{
493 const struct xfrm_mode *mode;
494
495 if (unlikely(encap >= XFRM_MODE_MAX))
496 return NULL;
497
498 switch (family) {
499 case AF_INET:
500 mode = &xfrm4_mode_map[encap];
501 if (mode->family == family)
502 return mode;
503 break;
504 case AF_INET6:
505 mode = &xfrm6_mode_map[encap];
506 if (mode->family == family)
507 return mode;
508 break;
509 default:
510 break;
511 }
512
513 return NULL;
514}
515
516void xfrm_state_free(struct xfrm_state *x)
517{
518 kmem_cache_free(xfrm_state_cache, x);
519}
520EXPORT_SYMBOL(xfrm_state_free);
521
522static void ___xfrm_state_destroy(struct xfrm_state *x)
523{
524 hrtimer_cancel(&x->mtimer);
525 del_timer_sync(&x->rtimer);
526 kfree(x->aead);
527 kfree(x->aalg);
528 kfree(x->ealg);
529 kfree(x->calg);
530 kfree(x->encap);
531 kfree(x->coaddr);
532 kfree(x->replay_esn);
533 kfree(x->preplay_esn);
534 if (x->type_offload)
535 xfrm_put_type_offload(x->type_offload);
536 if (x->type) {
537 x->type->destructor(x);
538 xfrm_put_type(x->type);
539 }
540 if (x->xfrag.page)
541 put_page(x->xfrag.page);
542 xfrm_dev_state_free(x);
543 security_xfrm_state_free(x);
544 xfrm_state_free(x);
545}
546
547static void xfrm_state_gc_task(struct work_struct *work)
548{
549 struct xfrm_state *x;
550 struct hlist_node *tmp;
551 struct hlist_head gc_list;
552
553 spin_lock_bh(&xfrm_state_gc_lock);
554 hlist_move_list(&xfrm_state_gc_list, &gc_list);
555 spin_unlock_bh(&xfrm_state_gc_lock);
556
557 synchronize_rcu();
558
559 hlist_for_each_entry_safe(x, tmp, &gc_list, gclist)
560 ___xfrm_state_destroy(x);
561}
562
563static enum hrtimer_restart xfrm_timer_handler(struct hrtimer *me)
564{
565 struct xfrm_state *x = container_of(me, struct xfrm_state, mtimer);
566 enum hrtimer_restart ret = HRTIMER_NORESTART;
567 time64_t now = ktime_get_real_seconds();
568 time64_t next = TIME64_MAX;
569 int warn = 0;
570 int err = 0;
571
572 spin_lock(&x->lock);
573 xfrm_dev_state_update_stats(x);
574
575 if (x->km.state == XFRM_STATE_DEAD)
576 goto out;
577 if (x->km.state == XFRM_STATE_EXPIRED)
578 goto expired;
579 if (x->lft.hard_add_expires_seconds) {
580 time64_t tmo = x->lft.hard_add_expires_seconds +
581 x->curlft.add_time - now;
582 if (tmo <= 0) {
583 if (x->xflags & XFRM_SOFT_EXPIRE) {
584 /* enter hard expire without soft expire first?!
585 * setting a new date could trigger this.
586 * workaround: fix x->curflt.add_time by below:
587 */
588 x->curlft.add_time = now - x->saved_tmo - 1;
589 tmo = x->lft.hard_add_expires_seconds - x->saved_tmo;
590 } else
591 goto expired;
592 }
593 if (tmo < next)
594 next = tmo;
595 }
596 if (x->lft.hard_use_expires_seconds) {
597 time64_t tmo = x->lft.hard_use_expires_seconds +
598 (READ_ONCE(x->curlft.use_time) ? : now) - now;
599 if (tmo <= 0)
600 goto expired;
601 if (tmo < next)
602 next = tmo;
603 }
604 if (x->km.dying)
605 goto resched;
606 if (x->lft.soft_add_expires_seconds) {
607 time64_t tmo = x->lft.soft_add_expires_seconds +
608 x->curlft.add_time - now;
609 if (tmo <= 0) {
610 warn = 1;
611 x->xflags &= ~XFRM_SOFT_EXPIRE;
612 } else if (tmo < next) {
613 next = tmo;
614 x->xflags |= XFRM_SOFT_EXPIRE;
615 x->saved_tmo = tmo;
616 }
617 }
618 if (x->lft.soft_use_expires_seconds) {
619 time64_t tmo = x->lft.soft_use_expires_seconds +
620 (READ_ONCE(x->curlft.use_time) ? : now) - now;
621 if (tmo <= 0)
622 warn = 1;
623 else if (tmo < next)
624 next = tmo;
625 }
626
627 x->km.dying = warn;
628 if (warn)
629 km_state_expired(x, 0, 0);
630resched:
631 if (next != TIME64_MAX) {
632 hrtimer_forward_now(&x->mtimer, ktime_set(next, 0));
633 ret = HRTIMER_RESTART;
634 }
635
636 goto out;
637
638expired:
639 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0)
640 x->km.state = XFRM_STATE_EXPIRED;
641
642 err = __xfrm_state_delete(x);
643 if (!err)
644 km_state_expired(x, 1, 0);
645
646 xfrm_audit_state_delete(x, err ? 0 : 1, true);
647
648out:
649 spin_unlock(&x->lock);
650 return ret;
651}
652
653static void xfrm_replay_timer_handler(struct timer_list *t);
654
655struct xfrm_state *xfrm_state_alloc(struct net *net)
656{
657 struct xfrm_state *x;
658
659 x = kmem_cache_zalloc(xfrm_state_cache, GFP_ATOMIC);
660
661 if (x) {
662 write_pnet(&x->xs_net, net);
663 refcount_set(&x->refcnt, 1);
664 atomic_set(&x->tunnel_users, 0);
665 INIT_LIST_HEAD(&x->km.all);
666 INIT_HLIST_NODE(&x->bydst);
667 INIT_HLIST_NODE(&x->bysrc);
668 INIT_HLIST_NODE(&x->byspi);
669 INIT_HLIST_NODE(&x->byseq);
670 hrtimer_init(&x->mtimer, CLOCK_BOOTTIME, HRTIMER_MODE_ABS_SOFT);
671 x->mtimer.function = xfrm_timer_handler;
672 timer_setup(&x->rtimer, xfrm_replay_timer_handler, 0);
673 x->curlft.add_time = ktime_get_real_seconds();
674 x->lft.soft_byte_limit = XFRM_INF;
675 x->lft.soft_packet_limit = XFRM_INF;
676 x->lft.hard_byte_limit = XFRM_INF;
677 x->lft.hard_packet_limit = XFRM_INF;
678 x->replay_maxage = 0;
679 x->replay_maxdiff = 0;
680 spin_lock_init(&x->lock);
681 }
682 return x;
683}
684EXPORT_SYMBOL(xfrm_state_alloc);
685
686void __xfrm_state_destroy(struct xfrm_state *x, bool sync)
687{
688 WARN_ON(x->km.state != XFRM_STATE_DEAD);
689
690 if (sync) {
691 synchronize_rcu();
692 ___xfrm_state_destroy(x);
693 } else {
694 spin_lock_bh(&xfrm_state_gc_lock);
695 hlist_add_head(&x->gclist, &xfrm_state_gc_list);
696 spin_unlock_bh(&xfrm_state_gc_lock);
697 schedule_work(&xfrm_state_gc_work);
698 }
699}
700EXPORT_SYMBOL(__xfrm_state_destroy);
701
702int __xfrm_state_delete(struct xfrm_state *x)
703{
704 struct net *net = xs_net(x);
705 int err = -ESRCH;
706
707 if (x->km.state != XFRM_STATE_DEAD) {
708 x->km.state = XFRM_STATE_DEAD;
709 spin_lock(&net->xfrm.xfrm_state_lock);
710 list_del(&x->km.all);
711 hlist_del_rcu(&x->bydst);
712 hlist_del_rcu(&x->bysrc);
713 if (x->km.seq)
714 hlist_del_rcu(&x->byseq);
715 if (x->id.spi)
716 hlist_del_rcu(&x->byspi);
717 net->xfrm.state_num--;
718 spin_unlock(&net->xfrm.xfrm_state_lock);
719
720 if (x->encap_sk)
721 sock_put(rcu_dereference_raw(x->encap_sk));
722
723 xfrm_dev_state_delete(x);
724
725 /* All xfrm_state objects are created by xfrm_state_alloc.
726 * The xfrm_state_alloc call gives a reference, and that
727 * is what we are dropping here.
728 */
729 xfrm_state_put(x);
730 err = 0;
731 }
732
733 return err;
734}
735EXPORT_SYMBOL(__xfrm_state_delete);
736
737int xfrm_state_delete(struct xfrm_state *x)
738{
739 int err;
740
741 spin_lock_bh(&x->lock);
742 err = __xfrm_state_delete(x);
743 spin_unlock_bh(&x->lock);
744
745 return err;
746}
747EXPORT_SYMBOL(xfrm_state_delete);
748
749#ifdef CONFIG_SECURITY_NETWORK_XFRM
750static inline int
751xfrm_state_flush_secctx_check(struct net *net, u8 proto, bool task_valid)
752{
753 int i, err = 0;
754
755 for (i = 0; i <= net->xfrm.state_hmask; i++) {
756 struct xfrm_state *x;
757
758 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
759 if (xfrm_id_proto_match(x->id.proto, proto) &&
760 (err = security_xfrm_state_delete(x)) != 0) {
761 xfrm_audit_state_delete(x, 0, task_valid);
762 return err;
763 }
764 }
765 }
766
767 return err;
768}
769
770static inline int
771xfrm_dev_state_flush_secctx_check(struct net *net, struct net_device *dev, bool task_valid)
772{
773 int i, err = 0;
774
775 for (i = 0; i <= net->xfrm.state_hmask; i++) {
776 struct xfrm_state *x;
777 struct xfrm_dev_offload *xso;
778
779 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
780 xso = &x->xso;
781
782 if (xso->dev == dev &&
783 (err = security_xfrm_state_delete(x)) != 0) {
784 xfrm_audit_state_delete(x, 0, task_valid);
785 return err;
786 }
787 }
788 }
789
790 return err;
791}
792#else
793static inline int
794xfrm_state_flush_secctx_check(struct net *net, u8 proto, bool task_valid)
795{
796 return 0;
797}
798
799static inline int
800xfrm_dev_state_flush_secctx_check(struct net *net, struct net_device *dev, bool task_valid)
801{
802 return 0;
803}
804#endif
805
806int xfrm_state_flush(struct net *net, u8 proto, bool task_valid, bool sync)
807{
808 int i, err = 0, cnt = 0;
809
810 spin_lock_bh(&net->xfrm.xfrm_state_lock);
811 err = xfrm_state_flush_secctx_check(net, proto, task_valid);
812 if (err)
813 goto out;
814
815 err = -ESRCH;
816 for (i = 0; i <= net->xfrm.state_hmask; i++) {
817 struct xfrm_state *x;
818restart:
819 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
820 if (!xfrm_state_kern(x) &&
821 xfrm_id_proto_match(x->id.proto, proto)) {
822 xfrm_state_hold(x);
823 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
824
825 err = xfrm_state_delete(x);
826 xfrm_audit_state_delete(x, err ? 0 : 1,
827 task_valid);
828 if (sync)
829 xfrm_state_put_sync(x);
830 else
831 xfrm_state_put(x);
832 if (!err)
833 cnt++;
834
835 spin_lock_bh(&net->xfrm.xfrm_state_lock);
836 goto restart;
837 }
838 }
839 }
840out:
841 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
842 if (cnt)
843 err = 0;
844
845 return err;
846}
847EXPORT_SYMBOL(xfrm_state_flush);
848
849int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_valid)
850{
851 int i, err = 0, cnt = 0;
852
853 spin_lock_bh(&net->xfrm.xfrm_state_lock);
854 err = xfrm_dev_state_flush_secctx_check(net, dev, task_valid);
855 if (err)
856 goto out;
857
858 err = -ESRCH;
859 for (i = 0; i <= net->xfrm.state_hmask; i++) {
860 struct xfrm_state *x;
861 struct xfrm_dev_offload *xso;
862restart:
863 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
864 xso = &x->xso;
865
866 if (!xfrm_state_kern(x) && xso->dev == dev) {
867 xfrm_state_hold(x);
868 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
869
870 err = xfrm_state_delete(x);
871 xfrm_audit_state_delete(x, err ? 0 : 1,
872 task_valid);
873 xfrm_state_put(x);
874 if (!err)
875 cnt++;
876
877 spin_lock_bh(&net->xfrm.xfrm_state_lock);
878 goto restart;
879 }
880 }
881 }
882 if (cnt)
883 err = 0;
884
885out:
886 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
887 return err;
888}
889EXPORT_SYMBOL(xfrm_dev_state_flush);
890
891void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si)
892{
893 spin_lock_bh(&net->xfrm.xfrm_state_lock);
894 si->sadcnt = net->xfrm.state_num;
895 si->sadhcnt = net->xfrm.state_hmask + 1;
896 si->sadhmcnt = xfrm_state_hashmax;
897 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
898}
899EXPORT_SYMBOL(xfrm_sad_getinfo);
900
901static void
902__xfrm4_init_tempsel(struct xfrm_selector *sel, const struct flowi *fl)
903{
904 const struct flowi4 *fl4 = &fl->u.ip4;
905
906 sel->daddr.a4 = fl4->daddr;
907 sel->saddr.a4 = fl4->saddr;
908 sel->dport = xfrm_flowi_dport(fl, &fl4->uli);
909 sel->dport_mask = htons(0xffff);
910 sel->sport = xfrm_flowi_sport(fl, &fl4->uli);
911 sel->sport_mask = htons(0xffff);
912 sel->family = AF_INET;
913 sel->prefixlen_d = 32;
914 sel->prefixlen_s = 32;
915 sel->proto = fl4->flowi4_proto;
916 sel->ifindex = fl4->flowi4_oif;
917}
918
919static void
920__xfrm6_init_tempsel(struct xfrm_selector *sel, const struct flowi *fl)
921{
922 const struct flowi6 *fl6 = &fl->u.ip6;
923
924 /* Initialize temporary selector matching only to current session. */
925 *(struct in6_addr *)&sel->daddr = fl6->daddr;
926 *(struct in6_addr *)&sel->saddr = fl6->saddr;
927 sel->dport = xfrm_flowi_dport(fl, &fl6->uli);
928 sel->dport_mask = htons(0xffff);
929 sel->sport = xfrm_flowi_sport(fl, &fl6->uli);
930 sel->sport_mask = htons(0xffff);
931 sel->family = AF_INET6;
932 sel->prefixlen_d = 128;
933 sel->prefixlen_s = 128;
934 sel->proto = fl6->flowi6_proto;
935 sel->ifindex = fl6->flowi6_oif;
936}
937
938static void
939xfrm_init_tempstate(struct xfrm_state *x, const struct flowi *fl,
940 const struct xfrm_tmpl *tmpl,
941 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
942 unsigned short family)
943{
944 switch (family) {
945 case AF_INET:
946 __xfrm4_init_tempsel(&x->sel, fl);
947 break;
948 case AF_INET6:
949 __xfrm6_init_tempsel(&x->sel, fl);
950 break;
951 }
952
953 x->id = tmpl->id;
954
955 switch (tmpl->encap_family) {
956 case AF_INET:
957 if (x->id.daddr.a4 == 0)
958 x->id.daddr.a4 = daddr->a4;
959 x->props.saddr = tmpl->saddr;
960 if (x->props.saddr.a4 == 0)
961 x->props.saddr.a4 = saddr->a4;
962 break;
963 case AF_INET6:
964 if (ipv6_addr_any((struct in6_addr *)&x->id.daddr))
965 memcpy(&x->id.daddr, daddr, sizeof(x->sel.daddr));
966 memcpy(&x->props.saddr, &tmpl->saddr, sizeof(x->props.saddr));
967 if (ipv6_addr_any((struct in6_addr *)&x->props.saddr))
968 memcpy(&x->props.saddr, saddr, sizeof(x->props.saddr));
969 break;
970 }
971
972 x->props.mode = tmpl->mode;
973 x->props.reqid = tmpl->reqid;
974 x->props.family = tmpl->encap_family;
975}
976
977static struct xfrm_state *__xfrm_state_lookup_all(struct net *net, u32 mark,
978 const xfrm_address_t *daddr,
979 __be32 spi, u8 proto,
980 unsigned short family,
981 struct xfrm_dev_offload *xdo)
982{
983 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
984 struct xfrm_state *x;
985
986 hlist_for_each_entry_rcu(x, net->xfrm.state_byspi + h, byspi) {
987#ifdef CONFIG_XFRM_OFFLOAD
988 if (xdo->type == XFRM_DEV_OFFLOAD_PACKET) {
989 if (x->xso.type != XFRM_DEV_OFFLOAD_PACKET)
990 /* HW states are in the head of list, there is
991 * no need to iterate further.
992 */
993 break;
994
995 /* Packet offload: both policy and SA should
996 * have same device.
997 */
998 if (xdo->dev != x->xso.dev)
999 continue;
1000 } else if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET)
1001 /* Skip HW policy for SW lookups */
1002 continue;
1003#endif
1004 if (x->props.family != family ||
1005 x->id.spi != spi ||
1006 x->id.proto != proto ||
1007 !xfrm_addr_equal(&x->id.daddr, daddr, family))
1008 continue;
1009
1010 if ((mark & x->mark.m) != x->mark.v)
1011 continue;
1012 if (!xfrm_state_hold_rcu(x))
1013 continue;
1014 return x;
1015 }
1016
1017 return NULL;
1018}
1019
1020static struct xfrm_state *__xfrm_state_lookup(struct net *net, u32 mark,
1021 const xfrm_address_t *daddr,
1022 __be32 spi, u8 proto,
1023 unsigned short family)
1024{
1025 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
1026 struct xfrm_state *x;
1027
1028 hlist_for_each_entry_rcu(x, net->xfrm.state_byspi + h, byspi) {
1029 if (x->props.family != family ||
1030 x->id.spi != spi ||
1031 x->id.proto != proto ||
1032 !xfrm_addr_equal(&x->id.daddr, daddr, family))
1033 continue;
1034
1035 if ((mark & x->mark.m) != x->mark.v)
1036 continue;
1037 if (!xfrm_state_hold_rcu(x))
1038 continue;
1039 return x;
1040 }
1041
1042 return NULL;
1043}
1044
1045static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, u32 mark,
1046 const xfrm_address_t *daddr,
1047 const xfrm_address_t *saddr,
1048 u8 proto, unsigned short family)
1049{
1050 unsigned int h = xfrm_src_hash(net, daddr, saddr, family);
1051 struct xfrm_state *x;
1052
1053 hlist_for_each_entry_rcu(x, net->xfrm.state_bysrc + h, bysrc) {
1054 if (x->props.family != family ||
1055 x->id.proto != proto ||
1056 !xfrm_addr_equal(&x->id.daddr, daddr, family) ||
1057 !xfrm_addr_equal(&x->props.saddr, saddr, family))
1058 continue;
1059
1060 if ((mark & x->mark.m) != x->mark.v)
1061 continue;
1062 if (!xfrm_state_hold_rcu(x))
1063 continue;
1064 return x;
1065 }
1066
1067 return NULL;
1068}
1069
1070static inline struct xfrm_state *
1071__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
1072{
1073 struct net *net = xs_net(x);
1074 u32 mark = x->mark.v & x->mark.m;
1075
1076 if (use_spi)
1077 return __xfrm_state_lookup(net, mark, &x->id.daddr,
1078 x->id.spi, x->id.proto, family);
1079 else
1080 return __xfrm_state_lookup_byaddr(net, mark,
1081 &x->id.daddr,
1082 &x->props.saddr,
1083 x->id.proto, family);
1084}
1085
1086static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
1087{
1088 if (have_hash_collision &&
1089 (net->xfrm.state_hmask + 1) < xfrm_state_hashmax &&
1090 net->xfrm.state_num > net->xfrm.state_hmask)
1091 schedule_work(&net->xfrm.state_hash_work);
1092}
1093
1094static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
1095 const struct flowi *fl, unsigned short family,
1096 struct xfrm_state **best, int *acq_in_progress,
1097 int *error)
1098{
1099 /* Resolution logic:
1100 * 1. There is a valid state with matching selector. Done.
1101 * 2. Valid state with inappropriate selector. Skip.
1102 *
1103 * Entering area of "sysdeps".
1104 *
1105 * 3. If state is not valid, selector is temporary, it selects
1106 * only session which triggered previous resolution. Key
1107 * manager will do something to install a state with proper
1108 * selector.
1109 */
1110 if (x->km.state == XFRM_STATE_VALID) {
1111 if ((x->sel.family &&
1112 (x->sel.family != family ||
1113 !xfrm_selector_match(&x->sel, fl, family))) ||
1114 !security_xfrm_state_pol_flow_match(x, pol,
1115 &fl->u.__fl_common))
1116 return;
1117
1118 if (!*best ||
1119 (*best)->km.dying > x->km.dying ||
1120 ((*best)->km.dying == x->km.dying &&
1121 (*best)->curlft.add_time < x->curlft.add_time))
1122 *best = x;
1123 } else if (x->km.state == XFRM_STATE_ACQ) {
1124 *acq_in_progress = 1;
1125 } else if (x->km.state == XFRM_STATE_ERROR ||
1126 x->km.state == XFRM_STATE_EXPIRED) {
1127 if ((!x->sel.family ||
1128 (x->sel.family == family &&
1129 xfrm_selector_match(&x->sel, fl, family))) &&
1130 security_xfrm_state_pol_flow_match(x, pol,
1131 &fl->u.__fl_common))
1132 *error = -ESRCH;
1133 }
1134}
1135
1136struct xfrm_state *
1137xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
1138 const struct flowi *fl, struct xfrm_tmpl *tmpl,
1139 struct xfrm_policy *pol, int *err,
1140 unsigned short family, u32 if_id)
1141{
1142 static xfrm_address_t saddr_wildcard = { };
1143 struct net *net = xp_net(pol);
1144 unsigned int h, h_wildcard;
1145 struct xfrm_state *x, *x0, *to_put;
1146 int acquire_in_progress = 0;
1147 int error = 0;
1148 struct xfrm_state *best = NULL;
1149 u32 mark = pol->mark.v & pol->mark.m;
1150 unsigned short encap_family = tmpl->encap_family;
1151 unsigned int sequence;
1152 struct km_event c;
1153
1154 to_put = NULL;
1155
1156 sequence = read_seqcount_begin(&net->xfrm.xfrm_state_hash_generation);
1157
1158 rcu_read_lock();
1159 h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family);
1160 hlist_for_each_entry_rcu(x, net->xfrm.state_bydst + h, bydst) {
1161#ifdef CONFIG_XFRM_OFFLOAD
1162 if (pol->xdo.type == XFRM_DEV_OFFLOAD_PACKET) {
1163 if (x->xso.type != XFRM_DEV_OFFLOAD_PACKET)
1164 /* HW states are in the head of list, there is
1165 * no need to iterate further.
1166 */
1167 break;
1168
1169 /* Packet offload: both policy and SA should
1170 * have same device.
1171 */
1172 if (pol->xdo.dev != x->xso.dev)
1173 continue;
1174 } else if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET)
1175 /* Skip HW policy for SW lookups */
1176 continue;
1177#endif
1178 if (x->props.family == encap_family &&
1179 x->props.reqid == tmpl->reqid &&
1180 (mark & x->mark.m) == x->mark.v &&
1181 x->if_id == if_id &&
1182 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1183 xfrm_state_addr_check(x, daddr, saddr, encap_family) &&
1184 tmpl->mode == x->props.mode &&
1185 tmpl->id.proto == x->id.proto &&
1186 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
1187 xfrm_state_look_at(pol, x, fl, family,
1188 &best, &acquire_in_progress, &error);
1189 }
1190 if (best || acquire_in_progress)
1191 goto found;
1192
1193 h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, encap_family);
1194 hlist_for_each_entry_rcu(x, net->xfrm.state_bydst + h_wildcard, bydst) {
1195#ifdef CONFIG_XFRM_OFFLOAD
1196 if (pol->xdo.type == XFRM_DEV_OFFLOAD_PACKET) {
1197 if (x->xso.type != XFRM_DEV_OFFLOAD_PACKET)
1198 /* HW states are in the head of list, there is
1199 * no need to iterate further.
1200 */
1201 break;
1202
1203 /* Packet offload: both policy and SA should
1204 * have same device.
1205 */
1206 if (pol->xdo.dev != x->xso.dev)
1207 continue;
1208 } else if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET)
1209 /* Skip HW policy for SW lookups */
1210 continue;
1211#endif
1212 if (x->props.family == encap_family &&
1213 x->props.reqid == tmpl->reqid &&
1214 (mark & x->mark.m) == x->mark.v &&
1215 x->if_id == if_id &&
1216 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1217 xfrm_addr_equal(&x->id.daddr, daddr, encap_family) &&
1218 tmpl->mode == x->props.mode &&
1219 tmpl->id.proto == x->id.proto &&
1220 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
1221 xfrm_state_look_at(pol, x, fl, family,
1222 &best, &acquire_in_progress, &error);
1223 }
1224
1225found:
1226 x = best;
1227 if (!x && !error && !acquire_in_progress) {
1228 if (tmpl->id.spi &&
1229 (x0 = __xfrm_state_lookup_all(net, mark, daddr,
1230 tmpl->id.spi, tmpl->id.proto,
1231 encap_family,
1232 &pol->xdo)) != NULL) {
1233 to_put = x0;
1234 error = -EEXIST;
1235 goto out;
1236 }
1237
1238 c.net = net;
1239 /* If the KMs have no listeners (yet...), avoid allocating an SA
1240 * for each and every packet - garbage collection might not
1241 * handle the flood.
1242 */
1243 if (!km_is_alive(&c)) {
1244 error = -ESRCH;
1245 goto out;
1246 }
1247
1248 x = xfrm_state_alloc(net);
1249 if (x == NULL) {
1250 error = -ENOMEM;
1251 goto out;
1252 }
1253 /* Initialize temporary state matching only
1254 * to current session. */
1255 xfrm_init_tempstate(x, fl, tmpl, daddr, saddr, family);
1256 memcpy(&x->mark, &pol->mark, sizeof(x->mark));
1257 x->if_id = if_id;
1258
1259 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->flowi_secid);
1260 if (error) {
1261 x->km.state = XFRM_STATE_DEAD;
1262 to_put = x;
1263 x = NULL;
1264 goto out;
1265 }
1266#ifdef CONFIG_XFRM_OFFLOAD
1267 if (pol->xdo.type == XFRM_DEV_OFFLOAD_PACKET) {
1268 struct xfrm_dev_offload *xdo = &pol->xdo;
1269 struct xfrm_dev_offload *xso = &x->xso;
1270
1271 xso->type = XFRM_DEV_OFFLOAD_PACKET;
1272 xso->dir = xdo->dir;
1273 xso->dev = xdo->dev;
1274 xso->real_dev = xdo->real_dev;
1275 xso->flags = XFRM_DEV_OFFLOAD_FLAG_ACQ;
1276 netdev_tracker_alloc(xso->dev, &xso->dev_tracker,
1277 GFP_ATOMIC);
1278 error = xso->dev->xfrmdev_ops->xdo_dev_state_add(x, NULL);
1279 if (error) {
1280 xso->dir = 0;
1281 netdev_put(xso->dev, &xso->dev_tracker);
1282 xso->dev = NULL;
1283 xso->real_dev = NULL;
1284 xso->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
1285 x->km.state = XFRM_STATE_DEAD;
1286 to_put = x;
1287 x = NULL;
1288 goto out;
1289 }
1290 }
1291#endif
1292 if (km_query(x, tmpl, pol) == 0) {
1293 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1294 x->km.state = XFRM_STATE_ACQ;
1295 list_add(&x->km.all, &net->xfrm.state_all);
1296 XFRM_STATE_INSERT(bydst, &x->bydst,
1297 net->xfrm.state_bydst + h,
1298 x->xso.type);
1299 h = xfrm_src_hash(net, daddr, saddr, encap_family);
1300 XFRM_STATE_INSERT(bysrc, &x->bysrc,
1301 net->xfrm.state_bysrc + h,
1302 x->xso.type);
1303 if (x->id.spi) {
1304 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family);
1305 XFRM_STATE_INSERT(byspi, &x->byspi,
1306 net->xfrm.state_byspi + h,
1307 x->xso.type);
1308 }
1309 if (x->km.seq) {
1310 h = xfrm_seq_hash(net, x->km.seq);
1311 XFRM_STATE_INSERT(byseq, &x->byseq,
1312 net->xfrm.state_byseq + h,
1313 x->xso.type);
1314 }
1315 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
1316 hrtimer_start(&x->mtimer,
1317 ktime_set(net->xfrm.sysctl_acq_expires, 0),
1318 HRTIMER_MODE_REL_SOFT);
1319 net->xfrm.state_num++;
1320 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1321 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1322 } else {
1323#ifdef CONFIG_XFRM_OFFLOAD
1324 struct xfrm_dev_offload *xso = &x->xso;
1325
1326 if (xso->type == XFRM_DEV_OFFLOAD_PACKET) {
1327 xfrm_dev_state_delete(x);
1328 xfrm_dev_state_free(x);
1329 }
1330#endif
1331 x->km.state = XFRM_STATE_DEAD;
1332 to_put = x;
1333 x = NULL;
1334 error = -ESRCH;
1335 }
1336 }
1337out:
1338 if (x) {
1339 if (!xfrm_state_hold_rcu(x)) {
1340 *err = -EAGAIN;
1341 x = NULL;
1342 }
1343 } else {
1344 *err = acquire_in_progress ? -EAGAIN : error;
1345 }
1346 rcu_read_unlock();
1347 if (to_put)
1348 xfrm_state_put(to_put);
1349
1350 if (read_seqcount_retry(&net->xfrm.xfrm_state_hash_generation, sequence)) {
1351 *err = -EAGAIN;
1352 if (x) {
1353 xfrm_state_put(x);
1354 x = NULL;
1355 }
1356 }
1357
1358 return x;
1359}
1360
1361struct xfrm_state *
1362xfrm_stateonly_find(struct net *net, u32 mark, u32 if_id,
1363 xfrm_address_t *daddr, xfrm_address_t *saddr,
1364 unsigned short family, u8 mode, u8 proto, u32 reqid)
1365{
1366 unsigned int h;
1367 struct xfrm_state *rx = NULL, *x = NULL;
1368
1369 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1370 h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
1371 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1372 if (x->props.family == family &&
1373 x->props.reqid == reqid &&
1374 (mark & x->mark.m) == x->mark.v &&
1375 x->if_id == if_id &&
1376 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1377 xfrm_state_addr_check(x, daddr, saddr, family) &&
1378 mode == x->props.mode &&
1379 proto == x->id.proto &&
1380 x->km.state == XFRM_STATE_VALID) {
1381 rx = x;
1382 break;
1383 }
1384 }
1385
1386 if (rx)
1387 xfrm_state_hold(rx);
1388 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1389
1390
1391 return rx;
1392}
1393EXPORT_SYMBOL(xfrm_stateonly_find);
1394
1395struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi,
1396 unsigned short family)
1397{
1398 struct xfrm_state *x;
1399 struct xfrm_state_walk *w;
1400
1401 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1402 list_for_each_entry(w, &net->xfrm.state_all, all) {
1403 x = container_of(w, struct xfrm_state, km);
1404 if (x->props.family != family ||
1405 x->id.spi != spi)
1406 continue;
1407
1408 xfrm_state_hold(x);
1409 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1410 return x;
1411 }
1412 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1413 return NULL;
1414}
1415EXPORT_SYMBOL(xfrm_state_lookup_byspi);
1416
1417static void __xfrm_state_insert(struct xfrm_state *x)
1418{
1419 struct net *net = xs_net(x);
1420 unsigned int h;
1421
1422 list_add(&x->km.all, &net->xfrm.state_all);
1423
1424 h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr,
1425 x->props.reqid, x->props.family);
1426 XFRM_STATE_INSERT(bydst, &x->bydst, net->xfrm.state_bydst + h,
1427 x->xso.type);
1428
1429 h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family);
1430 XFRM_STATE_INSERT(bysrc, &x->bysrc, net->xfrm.state_bysrc + h,
1431 x->xso.type);
1432
1433 if (x->id.spi) {
1434 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto,
1435 x->props.family);
1436
1437 XFRM_STATE_INSERT(byspi, &x->byspi, net->xfrm.state_byspi + h,
1438 x->xso.type);
1439 }
1440
1441 if (x->km.seq) {
1442 h = xfrm_seq_hash(net, x->km.seq);
1443
1444 XFRM_STATE_INSERT(byseq, &x->byseq, net->xfrm.state_byseq + h,
1445 x->xso.type);
1446 }
1447
1448 hrtimer_start(&x->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL_SOFT);
1449 if (x->replay_maxage)
1450 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
1451
1452 net->xfrm.state_num++;
1453
1454 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1455}
1456
1457/* net->xfrm.xfrm_state_lock is held */
1458static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
1459{
1460 struct net *net = xs_net(xnew);
1461 unsigned short family = xnew->props.family;
1462 u32 reqid = xnew->props.reqid;
1463 struct xfrm_state *x;
1464 unsigned int h;
1465 u32 mark = xnew->mark.v & xnew->mark.m;
1466 u32 if_id = xnew->if_id;
1467
1468 h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
1469 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1470 if (x->props.family == family &&
1471 x->props.reqid == reqid &&
1472 x->if_id == if_id &&
1473 (mark & x->mark.m) == x->mark.v &&
1474 xfrm_addr_equal(&x->id.daddr, &xnew->id.daddr, family) &&
1475 xfrm_addr_equal(&x->props.saddr, &xnew->props.saddr, family))
1476 x->genid++;
1477 }
1478}
1479
1480void xfrm_state_insert(struct xfrm_state *x)
1481{
1482 struct net *net = xs_net(x);
1483
1484 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1485 __xfrm_state_bump_genids(x);
1486 __xfrm_state_insert(x);
1487 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1488}
1489EXPORT_SYMBOL(xfrm_state_insert);
1490
1491/* net->xfrm.xfrm_state_lock is held */
1492static struct xfrm_state *__find_acq_core(struct net *net,
1493 const struct xfrm_mark *m,
1494 unsigned short family, u8 mode,
1495 u32 reqid, u32 if_id, u8 proto,
1496 const xfrm_address_t *daddr,
1497 const xfrm_address_t *saddr,
1498 int create)
1499{
1500 unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
1501 struct xfrm_state *x;
1502 u32 mark = m->v & m->m;
1503
1504 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1505 if (x->props.reqid != reqid ||
1506 x->props.mode != mode ||
1507 x->props.family != family ||
1508 x->km.state != XFRM_STATE_ACQ ||
1509 x->id.spi != 0 ||
1510 x->id.proto != proto ||
1511 (mark & x->mark.m) != x->mark.v ||
1512 !xfrm_addr_equal(&x->id.daddr, daddr, family) ||
1513 !xfrm_addr_equal(&x->props.saddr, saddr, family))
1514 continue;
1515
1516 xfrm_state_hold(x);
1517 return x;
1518 }
1519
1520 if (!create)
1521 return NULL;
1522
1523 x = xfrm_state_alloc(net);
1524 if (likely(x)) {
1525 switch (family) {
1526 case AF_INET:
1527 x->sel.daddr.a4 = daddr->a4;
1528 x->sel.saddr.a4 = saddr->a4;
1529 x->sel.prefixlen_d = 32;
1530 x->sel.prefixlen_s = 32;
1531 x->props.saddr.a4 = saddr->a4;
1532 x->id.daddr.a4 = daddr->a4;
1533 break;
1534
1535 case AF_INET6:
1536 x->sel.daddr.in6 = daddr->in6;
1537 x->sel.saddr.in6 = saddr->in6;
1538 x->sel.prefixlen_d = 128;
1539 x->sel.prefixlen_s = 128;
1540 x->props.saddr.in6 = saddr->in6;
1541 x->id.daddr.in6 = daddr->in6;
1542 break;
1543 }
1544
1545 x->km.state = XFRM_STATE_ACQ;
1546 x->id.proto = proto;
1547 x->props.family = family;
1548 x->props.mode = mode;
1549 x->props.reqid = reqid;
1550 x->if_id = if_id;
1551 x->mark.v = m->v;
1552 x->mark.m = m->m;
1553 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
1554 xfrm_state_hold(x);
1555 hrtimer_start(&x->mtimer,
1556 ktime_set(net->xfrm.sysctl_acq_expires, 0),
1557 HRTIMER_MODE_REL_SOFT);
1558 list_add(&x->km.all, &net->xfrm.state_all);
1559 XFRM_STATE_INSERT(bydst, &x->bydst, net->xfrm.state_bydst + h,
1560 x->xso.type);
1561 h = xfrm_src_hash(net, daddr, saddr, family);
1562 XFRM_STATE_INSERT(bysrc, &x->bysrc, net->xfrm.state_bysrc + h,
1563 x->xso.type);
1564
1565 net->xfrm.state_num++;
1566
1567 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1568 }
1569
1570 return x;
1571}
1572
1573static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq);
1574
1575int xfrm_state_add(struct xfrm_state *x)
1576{
1577 struct net *net = xs_net(x);
1578 struct xfrm_state *x1, *to_put;
1579 int family;
1580 int err;
1581 u32 mark = x->mark.v & x->mark.m;
1582 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1583
1584 family = x->props.family;
1585
1586 to_put = NULL;
1587
1588 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1589
1590 x1 = __xfrm_state_locate(x, use_spi, family);
1591 if (x1) {
1592 to_put = x1;
1593 x1 = NULL;
1594 err = -EEXIST;
1595 goto out;
1596 }
1597
1598 if (use_spi && x->km.seq) {
1599 x1 = __xfrm_find_acq_byseq(net, mark, x->km.seq);
1600 if (x1 && ((x1->id.proto != x->id.proto) ||
1601 !xfrm_addr_equal(&x1->id.daddr, &x->id.daddr, family))) {
1602 to_put = x1;
1603 x1 = NULL;
1604 }
1605 }
1606
1607 if (use_spi && !x1)
1608 x1 = __find_acq_core(net, &x->mark, family, x->props.mode,
1609 x->props.reqid, x->if_id, x->id.proto,
1610 &x->id.daddr, &x->props.saddr, 0);
1611
1612 __xfrm_state_bump_genids(x);
1613 __xfrm_state_insert(x);
1614 err = 0;
1615
1616out:
1617 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1618
1619 if (x1) {
1620 xfrm_state_delete(x1);
1621 xfrm_state_put(x1);
1622 }
1623
1624 if (to_put)
1625 xfrm_state_put(to_put);
1626
1627 return err;
1628}
1629EXPORT_SYMBOL(xfrm_state_add);
1630
1631#ifdef CONFIG_XFRM_MIGRATE
1632static inline int clone_security(struct xfrm_state *x, struct xfrm_sec_ctx *security)
1633{
1634 struct xfrm_user_sec_ctx *uctx;
1635 int size = sizeof(*uctx) + security->ctx_len;
1636 int err;
1637
1638 uctx = kmalloc(size, GFP_KERNEL);
1639 if (!uctx)
1640 return -ENOMEM;
1641
1642 uctx->exttype = XFRMA_SEC_CTX;
1643 uctx->len = size;
1644 uctx->ctx_doi = security->ctx_doi;
1645 uctx->ctx_alg = security->ctx_alg;
1646 uctx->ctx_len = security->ctx_len;
1647 memcpy(uctx + 1, security->ctx_str, security->ctx_len);
1648 err = security_xfrm_state_alloc(x, uctx);
1649 kfree(uctx);
1650 if (err)
1651 return err;
1652
1653 return 0;
1654}
1655
1656static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig,
1657 struct xfrm_encap_tmpl *encap)
1658{
1659 struct net *net = xs_net(orig);
1660 struct xfrm_state *x = xfrm_state_alloc(net);
1661 if (!x)
1662 goto out;
1663
1664 memcpy(&x->id, &orig->id, sizeof(x->id));
1665 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1666 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1667 x->props.mode = orig->props.mode;
1668 x->props.replay_window = orig->props.replay_window;
1669 x->props.reqid = orig->props.reqid;
1670 x->props.family = orig->props.family;
1671 x->props.saddr = orig->props.saddr;
1672
1673 if (orig->aalg) {
1674 x->aalg = xfrm_algo_auth_clone(orig->aalg);
1675 if (!x->aalg)
1676 goto error;
1677 }
1678 x->props.aalgo = orig->props.aalgo;
1679
1680 if (orig->aead) {
1681 x->aead = xfrm_algo_aead_clone(orig->aead);
1682 x->geniv = orig->geniv;
1683 if (!x->aead)
1684 goto error;
1685 }
1686 if (orig->ealg) {
1687 x->ealg = xfrm_algo_clone(orig->ealg);
1688 if (!x->ealg)
1689 goto error;
1690 }
1691 x->props.ealgo = orig->props.ealgo;
1692
1693 if (orig->calg) {
1694 x->calg = xfrm_algo_clone(orig->calg);
1695 if (!x->calg)
1696 goto error;
1697 }
1698 x->props.calgo = orig->props.calgo;
1699
1700 if (encap || orig->encap) {
1701 if (encap)
1702 x->encap = kmemdup(encap, sizeof(*x->encap),
1703 GFP_KERNEL);
1704 else
1705 x->encap = kmemdup(orig->encap, sizeof(*x->encap),
1706 GFP_KERNEL);
1707
1708 if (!x->encap)
1709 goto error;
1710 }
1711
1712 if (orig->security)
1713 if (clone_security(x, orig->security))
1714 goto error;
1715
1716 if (orig->coaddr) {
1717 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1718 GFP_KERNEL);
1719 if (!x->coaddr)
1720 goto error;
1721 }
1722
1723 if (orig->replay_esn) {
1724 if (xfrm_replay_clone(x, orig))
1725 goto error;
1726 }
1727
1728 memcpy(&x->mark, &orig->mark, sizeof(x->mark));
1729 memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark));
1730
1731 x->props.flags = orig->props.flags;
1732 x->props.extra_flags = orig->props.extra_flags;
1733
1734 x->if_id = orig->if_id;
1735 x->tfcpad = orig->tfcpad;
1736 x->replay_maxdiff = orig->replay_maxdiff;
1737 x->replay_maxage = orig->replay_maxage;
1738 memcpy(&x->curlft, &orig->curlft, sizeof(x->curlft));
1739 x->km.state = orig->km.state;
1740 x->km.seq = orig->km.seq;
1741 x->replay = orig->replay;
1742 x->preplay = orig->preplay;
1743 x->mapping_maxage = orig->mapping_maxage;
1744 x->lastused = orig->lastused;
1745 x->new_mapping = 0;
1746 x->new_mapping_sport = 0;
1747
1748 return x;
1749
1750 error:
1751 xfrm_state_put(x);
1752out:
1753 return NULL;
1754}
1755
1756struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net,
1757 u32 if_id)
1758{
1759 unsigned int h;
1760 struct xfrm_state *x = NULL;
1761
1762 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1763
1764 if (m->reqid) {
1765 h = xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr,
1766 m->reqid, m->old_family);
1767 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1768 if (x->props.mode != m->mode ||
1769 x->id.proto != m->proto)
1770 continue;
1771 if (m->reqid && x->props.reqid != m->reqid)
1772 continue;
1773 if (if_id != 0 && x->if_id != if_id)
1774 continue;
1775 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr,
1776 m->old_family) ||
1777 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr,
1778 m->old_family))
1779 continue;
1780 xfrm_state_hold(x);
1781 break;
1782 }
1783 } else {
1784 h = xfrm_src_hash(net, &m->old_daddr, &m->old_saddr,
1785 m->old_family);
1786 hlist_for_each_entry(x, net->xfrm.state_bysrc+h, bysrc) {
1787 if (x->props.mode != m->mode ||
1788 x->id.proto != m->proto)
1789 continue;
1790 if (if_id != 0 && x->if_id != if_id)
1791 continue;
1792 if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr,
1793 m->old_family) ||
1794 !xfrm_addr_equal(&x->props.saddr, &m->old_saddr,
1795 m->old_family))
1796 continue;
1797 xfrm_state_hold(x);
1798 break;
1799 }
1800 }
1801
1802 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1803
1804 return x;
1805}
1806EXPORT_SYMBOL(xfrm_migrate_state_find);
1807
1808struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
1809 struct xfrm_migrate *m,
1810 struct xfrm_encap_tmpl *encap)
1811{
1812 struct xfrm_state *xc;
1813
1814 xc = xfrm_state_clone(x, encap);
1815 if (!xc)
1816 return NULL;
1817
1818 xc->props.family = m->new_family;
1819
1820 if (xfrm_init_state(xc) < 0)
1821 goto error;
1822
1823 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1824 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1825
1826 /* add state */
1827 if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) {
1828 /* a care is needed when the destination address of the
1829 state is to be updated as it is a part of triplet */
1830 xfrm_state_insert(xc);
1831 } else {
1832 if (xfrm_state_add(xc) < 0)
1833 goto error;
1834 }
1835
1836 return xc;
1837error:
1838 xfrm_state_put(xc);
1839 return NULL;
1840}
1841EXPORT_SYMBOL(xfrm_state_migrate);
1842#endif
1843
1844int xfrm_state_update(struct xfrm_state *x)
1845{
1846 struct xfrm_state *x1, *to_put;
1847 int err;
1848 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1849 struct net *net = xs_net(x);
1850
1851 to_put = NULL;
1852
1853 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1854 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1855
1856 err = -ESRCH;
1857 if (!x1)
1858 goto out;
1859
1860 if (xfrm_state_kern(x1)) {
1861 to_put = x1;
1862 err = -EEXIST;
1863 goto out;
1864 }
1865
1866 if (x1->km.state == XFRM_STATE_ACQ) {
1867 __xfrm_state_insert(x);
1868 x = NULL;
1869 }
1870 err = 0;
1871
1872out:
1873 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1874
1875 if (to_put)
1876 xfrm_state_put(to_put);
1877
1878 if (err)
1879 return err;
1880
1881 if (!x) {
1882 xfrm_state_delete(x1);
1883 xfrm_state_put(x1);
1884 return 0;
1885 }
1886
1887 err = -EINVAL;
1888 spin_lock_bh(&x1->lock);
1889 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1890 if (x->encap && x1->encap &&
1891 x->encap->encap_type == x1->encap->encap_type)
1892 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1893 else if (x->encap || x1->encap)
1894 goto fail;
1895
1896 if (x->coaddr && x1->coaddr) {
1897 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1898 }
1899 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1900 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1901 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1902 x1->km.dying = 0;
1903
1904 hrtimer_start(&x1->mtimer, ktime_set(1, 0),
1905 HRTIMER_MODE_REL_SOFT);
1906 if (READ_ONCE(x1->curlft.use_time))
1907 xfrm_state_check_expire(x1);
1908
1909 if (x->props.smark.m || x->props.smark.v || x->if_id) {
1910 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1911
1912 if (x->props.smark.m || x->props.smark.v)
1913 x1->props.smark = x->props.smark;
1914
1915 if (x->if_id)
1916 x1->if_id = x->if_id;
1917
1918 __xfrm_state_bump_genids(x1);
1919 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1920 }
1921
1922 err = 0;
1923 x->km.state = XFRM_STATE_DEAD;
1924 __xfrm_state_put(x);
1925 }
1926
1927fail:
1928 spin_unlock_bh(&x1->lock);
1929
1930 xfrm_state_put(x1);
1931
1932 return err;
1933}
1934EXPORT_SYMBOL(xfrm_state_update);
1935
1936int xfrm_state_check_expire(struct xfrm_state *x)
1937{
1938 xfrm_dev_state_update_stats(x);
1939
1940 if (!READ_ONCE(x->curlft.use_time))
1941 WRITE_ONCE(x->curlft.use_time, ktime_get_real_seconds());
1942
1943 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1944 x->curlft.packets >= x->lft.hard_packet_limit) {
1945 x->km.state = XFRM_STATE_EXPIRED;
1946 hrtimer_start(&x->mtimer, 0, HRTIMER_MODE_REL_SOFT);
1947 return -EINVAL;
1948 }
1949
1950 if (!x->km.dying &&
1951 (x->curlft.bytes >= x->lft.soft_byte_limit ||
1952 x->curlft.packets >= x->lft.soft_packet_limit)) {
1953 x->km.dying = 1;
1954 km_state_expired(x, 0, 0);
1955 }
1956 return 0;
1957}
1958EXPORT_SYMBOL(xfrm_state_check_expire);
1959
1960void xfrm_state_update_stats(struct net *net)
1961{
1962 struct xfrm_state *x;
1963 int i;
1964
1965 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1966 for (i = 0; i <= net->xfrm.state_hmask; i++) {
1967 hlist_for_each_entry(x, net->xfrm.state_bydst + i, bydst)
1968 xfrm_dev_state_update_stats(x);
1969 }
1970 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1971}
1972
1973struct xfrm_state *
1974xfrm_state_lookup(struct net *net, u32 mark, const xfrm_address_t *daddr, __be32 spi,
1975 u8 proto, unsigned short family)
1976{
1977 struct xfrm_state *x;
1978
1979 rcu_read_lock();
1980 x = __xfrm_state_lookup(net, mark, daddr, spi, proto, family);
1981 rcu_read_unlock();
1982 return x;
1983}
1984EXPORT_SYMBOL(xfrm_state_lookup);
1985
1986struct xfrm_state *
1987xfrm_state_lookup_byaddr(struct net *net, u32 mark,
1988 const xfrm_address_t *daddr, const xfrm_address_t *saddr,
1989 u8 proto, unsigned short family)
1990{
1991 struct xfrm_state *x;
1992
1993 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1994 x = __xfrm_state_lookup_byaddr(net, mark, daddr, saddr, proto, family);
1995 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1996 return x;
1997}
1998EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1999
2000struct xfrm_state *
2001xfrm_find_acq(struct net *net, const struct xfrm_mark *mark, u8 mode, u32 reqid,
2002 u32 if_id, u8 proto, const xfrm_address_t *daddr,
2003 const xfrm_address_t *saddr, int create, unsigned short family)
2004{
2005 struct xfrm_state *x;
2006
2007 spin_lock_bh(&net->xfrm.xfrm_state_lock);
2008 x = __find_acq_core(net, mark, family, mode, reqid, if_id, proto, daddr, saddr, create);
2009 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
2010
2011 return x;
2012}
2013EXPORT_SYMBOL(xfrm_find_acq);
2014
2015#ifdef CONFIG_XFRM_SUB_POLICY
2016#if IS_ENABLED(CONFIG_IPV6)
2017/* distribution counting sort function for xfrm_state and xfrm_tmpl */
2018static void
2019__xfrm6_sort(void **dst, void **src, int n,
2020 int (*cmp)(const void *p), int maxclass)
2021{
2022 int count[XFRM_MAX_DEPTH] = { };
2023 int class[XFRM_MAX_DEPTH];
2024 int i;
2025
2026 for (i = 0; i < n; i++) {
2027 int c = cmp(src[i]);
2028
2029 class[i] = c;
2030 count[c]++;
2031 }
2032
2033 for (i = 2; i < maxclass; i++)
2034 count[i] += count[i - 1];
2035
2036 for (i = 0; i < n; i++) {
2037 dst[count[class[i] - 1]++] = src[i];
2038 src[i] = NULL;
2039 }
2040}
2041
2042/* Rule for xfrm_state:
2043 *
2044 * rule 1: select IPsec transport except AH
2045 * rule 2: select MIPv6 RO or inbound trigger
2046 * rule 3: select IPsec transport AH
2047 * rule 4: select IPsec tunnel
2048 * rule 5: others
2049 */
2050static int __xfrm6_state_sort_cmp(const void *p)
2051{
2052 const struct xfrm_state *v = p;
2053
2054 switch (v->props.mode) {
2055 case XFRM_MODE_TRANSPORT:
2056 if (v->id.proto != IPPROTO_AH)
2057 return 1;
2058 else
2059 return 3;
2060#if IS_ENABLED(CONFIG_IPV6_MIP6)
2061 case XFRM_MODE_ROUTEOPTIMIZATION:
2062 case XFRM_MODE_IN_TRIGGER:
2063 return 2;
2064#endif
2065 case XFRM_MODE_TUNNEL:
2066 case XFRM_MODE_BEET:
2067 return 4;
2068 }
2069 return 5;
2070}
2071
2072/* Rule for xfrm_tmpl:
2073 *
2074 * rule 1: select IPsec transport
2075 * rule 2: select MIPv6 RO or inbound trigger
2076 * rule 3: select IPsec tunnel
2077 * rule 4: others
2078 */
2079static int __xfrm6_tmpl_sort_cmp(const void *p)
2080{
2081 const struct xfrm_tmpl *v = p;
2082
2083 switch (v->mode) {
2084 case XFRM_MODE_TRANSPORT:
2085 return 1;
2086#if IS_ENABLED(CONFIG_IPV6_MIP6)
2087 case XFRM_MODE_ROUTEOPTIMIZATION:
2088 case XFRM_MODE_IN_TRIGGER:
2089 return 2;
2090#endif
2091 case XFRM_MODE_TUNNEL:
2092 case XFRM_MODE_BEET:
2093 return 3;
2094 }
2095 return 4;
2096}
2097#else
2098static inline int __xfrm6_state_sort_cmp(const void *p) { return 5; }
2099static inline int __xfrm6_tmpl_sort_cmp(const void *p) { return 4; }
2100
2101static inline void
2102__xfrm6_sort(void **dst, void **src, int n,
2103 int (*cmp)(const void *p), int maxclass)
2104{
2105 int i;
2106
2107 for (i = 0; i < n; i++)
2108 dst[i] = src[i];
2109}
2110#endif /* CONFIG_IPV6 */
2111
2112void
2113xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
2114 unsigned short family)
2115{
2116 int i;
2117
2118 if (family == AF_INET6)
2119 __xfrm6_sort((void **)dst, (void **)src, n,
2120 __xfrm6_tmpl_sort_cmp, 5);
2121 else
2122 for (i = 0; i < n; i++)
2123 dst[i] = src[i];
2124}
2125
2126void
2127xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
2128 unsigned short family)
2129{
2130 int i;
2131
2132 if (family == AF_INET6)
2133 __xfrm6_sort((void **)dst, (void **)src, n,
2134 __xfrm6_state_sort_cmp, 6);
2135 else
2136 for (i = 0; i < n; i++)
2137 dst[i] = src[i];
2138}
2139#endif
2140
2141/* Silly enough, but I'm lazy to build resolution list */
2142
2143static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
2144{
2145 unsigned int h = xfrm_seq_hash(net, seq);
2146 struct xfrm_state *x;
2147
2148 hlist_for_each_entry_rcu(x, net->xfrm.state_byseq + h, byseq) {
2149 if (x->km.seq == seq &&
2150 (mark & x->mark.m) == x->mark.v &&
2151 x->km.state == XFRM_STATE_ACQ) {
2152 xfrm_state_hold(x);
2153 return x;
2154 }
2155 }
2156
2157 return NULL;
2158}
2159
2160struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
2161{
2162 struct xfrm_state *x;
2163
2164 spin_lock_bh(&net->xfrm.xfrm_state_lock);
2165 x = __xfrm_find_acq_byseq(net, mark, seq);
2166 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
2167 return x;
2168}
2169EXPORT_SYMBOL(xfrm_find_acq_byseq);
2170
2171u32 xfrm_get_acqseq(void)
2172{
2173 u32 res;
2174 static atomic_t acqseq;
2175
2176 do {
2177 res = atomic_inc_return(&acqseq);
2178 } while (!res);
2179
2180 return res;
2181}
2182EXPORT_SYMBOL(xfrm_get_acqseq);
2183
2184int verify_spi_info(u8 proto, u32 min, u32 max, struct netlink_ext_ack *extack)
2185{
2186 switch (proto) {
2187 case IPPROTO_AH:
2188 case IPPROTO_ESP:
2189 break;
2190
2191 case IPPROTO_COMP:
2192 /* IPCOMP spi is 16-bits. */
2193 if (max >= 0x10000) {
2194 NL_SET_ERR_MSG(extack, "IPCOMP SPI must be <= 65535");
2195 return -EINVAL;
2196 }
2197 break;
2198
2199 default:
2200 NL_SET_ERR_MSG(extack, "Invalid protocol, must be one of AH, ESP, IPCOMP");
2201 return -EINVAL;
2202 }
2203
2204 if (min > max) {
2205 NL_SET_ERR_MSG(extack, "Invalid SPI range: min > max");
2206 return -EINVAL;
2207 }
2208
2209 return 0;
2210}
2211EXPORT_SYMBOL(verify_spi_info);
2212
2213int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high,
2214 struct netlink_ext_ack *extack)
2215{
2216 struct net *net = xs_net(x);
2217 unsigned int h;
2218 struct xfrm_state *x0;
2219 int err = -ENOENT;
2220 __be32 minspi = htonl(low);
2221 __be32 maxspi = htonl(high);
2222 __be32 newspi = 0;
2223 u32 mark = x->mark.v & x->mark.m;
2224
2225 spin_lock_bh(&x->lock);
2226 if (x->km.state == XFRM_STATE_DEAD) {
2227 NL_SET_ERR_MSG(extack, "Target ACQUIRE is in DEAD state");
2228 goto unlock;
2229 }
2230
2231 err = 0;
2232 if (x->id.spi)
2233 goto unlock;
2234
2235 err = -ENOENT;
2236
2237 if (minspi == maxspi) {
2238 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, minspi, x->id.proto, x->props.family);
2239 if (x0) {
2240 NL_SET_ERR_MSG(extack, "Requested SPI is already in use");
2241 xfrm_state_put(x0);
2242 goto unlock;
2243 }
2244 newspi = minspi;
2245 } else {
2246 u32 spi = 0;
2247 for (h = 0; h < high-low+1; h++) {
2248 spi = get_random_u32_inclusive(low, high);
2249 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, htonl(spi), x->id.proto, x->props.family);
2250 if (x0 == NULL) {
2251 newspi = htonl(spi);
2252 break;
2253 }
2254 xfrm_state_put(x0);
2255 }
2256 }
2257 if (newspi) {
2258 spin_lock_bh(&net->xfrm.xfrm_state_lock);
2259 x->id.spi = newspi;
2260 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family);
2261 XFRM_STATE_INSERT(byspi, &x->byspi, net->xfrm.state_byspi + h,
2262 x->xso.type);
2263 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
2264
2265 err = 0;
2266 } else {
2267 NL_SET_ERR_MSG(extack, "No SPI available in the requested range");
2268 }
2269
2270unlock:
2271 spin_unlock_bh(&x->lock);
2272
2273 return err;
2274}
2275EXPORT_SYMBOL(xfrm_alloc_spi);
2276
2277static bool __xfrm_state_filter_match(struct xfrm_state *x,
2278 struct xfrm_address_filter *filter)
2279{
2280 if (filter) {
2281 if ((filter->family == AF_INET ||
2282 filter->family == AF_INET6) &&
2283 x->props.family != filter->family)
2284 return false;
2285
2286 return addr_match(&x->props.saddr, &filter->saddr,
2287 filter->splen) &&
2288 addr_match(&x->id.daddr, &filter->daddr,
2289 filter->dplen);
2290 }
2291 return true;
2292}
2293
2294int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
2295 int (*func)(struct xfrm_state *, int, void*),
2296 void *data)
2297{
2298 struct xfrm_state *state;
2299 struct xfrm_state_walk *x;
2300 int err = 0;
2301
2302 if (walk->seq != 0 && list_empty(&walk->all))
2303 return 0;
2304
2305 spin_lock_bh(&net->xfrm.xfrm_state_lock);
2306 if (list_empty(&walk->all))
2307 x = list_first_entry(&net->xfrm.state_all, struct xfrm_state_walk, all);
2308 else
2309 x = list_first_entry(&walk->all, struct xfrm_state_walk, all);
2310 list_for_each_entry_from(x, &net->xfrm.state_all, all) {
2311 if (x->state == XFRM_STATE_DEAD)
2312 continue;
2313 state = container_of(x, struct xfrm_state, km);
2314 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
2315 continue;
2316 if (!__xfrm_state_filter_match(state, walk->filter))
2317 continue;
2318 err = func(state, walk->seq, data);
2319 if (err) {
2320 list_move_tail(&walk->all, &x->all);
2321 goto out;
2322 }
2323 walk->seq++;
2324 }
2325 if (walk->seq == 0) {
2326 err = -ENOENT;
2327 goto out;
2328 }
2329 list_del_init(&walk->all);
2330out:
2331 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
2332 return err;
2333}
2334EXPORT_SYMBOL(xfrm_state_walk);
2335
2336void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto,
2337 struct xfrm_address_filter *filter)
2338{
2339 INIT_LIST_HEAD(&walk->all);
2340 walk->proto = proto;
2341 walk->state = XFRM_STATE_DEAD;
2342 walk->seq = 0;
2343 walk->filter = filter;
2344}
2345EXPORT_SYMBOL(xfrm_state_walk_init);
2346
2347void xfrm_state_walk_done(struct xfrm_state_walk *walk, struct net *net)
2348{
2349 kfree(walk->filter);
2350
2351 if (list_empty(&walk->all))
2352 return;
2353
2354 spin_lock_bh(&net->xfrm.xfrm_state_lock);
2355 list_del(&walk->all);
2356 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
2357}
2358EXPORT_SYMBOL(xfrm_state_walk_done);
2359
2360static void xfrm_replay_timer_handler(struct timer_list *t)
2361{
2362 struct xfrm_state *x = from_timer(x, t, rtimer);
2363
2364 spin_lock(&x->lock);
2365
2366 if (x->km.state == XFRM_STATE_VALID) {
2367 if (xfrm_aevent_is_on(xs_net(x)))
2368 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
2369 else
2370 x->xflags |= XFRM_TIME_DEFER;
2371 }
2372
2373 spin_unlock(&x->lock);
2374}
2375
2376static LIST_HEAD(xfrm_km_list);
2377
2378void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
2379{
2380 struct xfrm_mgr *km;
2381
2382 rcu_read_lock();
2383 list_for_each_entry_rcu(km, &xfrm_km_list, list)
2384 if (km->notify_policy)
2385 km->notify_policy(xp, dir, c);
2386 rcu_read_unlock();
2387}
2388
2389void km_state_notify(struct xfrm_state *x, const struct km_event *c)
2390{
2391 struct xfrm_mgr *km;
2392 rcu_read_lock();
2393 list_for_each_entry_rcu(km, &xfrm_km_list, list)
2394 if (km->notify)
2395 km->notify(x, c);
2396 rcu_read_unlock();
2397}
2398
2399EXPORT_SYMBOL(km_policy_notify);
2400EXPORT_SYMBOL(km_state_notify);
2401
2402void km_state_expired(struct xfrm_state *x, int hard, u32 portid)
2403{
2404 struct km_event c;
2405
2406 c.data.hard = hard;
2407 c.portid = portid;
2408 c.event = XFRM_MSG_EXPIRE;
2409 km_state_notify(x, &c);
2410}
2411
2412EXPORT_SYMBOL(km_state_expired);
2413/*
2414 * We send to all registered managers regardless of failure
2415 * We are happy with one success
2416*/
2417int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
2418{
2419 int err = -EINVAL, acqret;
2420 struct xfrm_mgr *km;
2421
2422 rcu_read_lock();
2423 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
2424 acqret = km->acquire(x, t, pol);
2425 if (!acqret)
2426 err = acqret;
2427 }
2428 rcu_read_unlock();
2429 return err;
2430}
2431EXPORT_SYMBOL(km_query);
2432
2433static int __km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
2434{
2435 int err = -EINVAL;
2436 struct xfrm_mgr *km;
2437
2438 rcu_read_lock();
2439 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
2440 if (km->new_mapping)
2441 err = km->new_mapping(x, ipaddr, sport);
2442 if (!err)
2443 break;
2444 }
2445 rcu_read_unlock();
2446 return err;
2447}
2448
2449int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
2450{
2451 int ret = 0;
2452
2453 if (x->mapping_maxage) {
2454 if ((jiffies / HZ - x->new_mapping) > x->mapping_maxage ||
2455 x->new_mapping_sport != sport) {
2456 x->new_mapping_sport = sport;
2457 x->new_mapping = jiffies / HZ;
2458 ret = __km_new_mapping(x, ipaddr, sport);
2459 }
2460 } else {
2461 ret = __km_new_mapping(x, ipaddr, sport);
2462 }
2463
2464 return ret;
2465}
2466EXPORT_SYMBOL(km_new_mapping);
2467
2468void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid)
2469{
2470 struct km_event c;
2471
2472 c.data.hard = hard;
2473 c.portid = portid;
2474 c.event = XFRM_MSG_POLEXPIRE;
2475 km_policy_notify(pol, dir, &c);
2476}
2477EXPORT_SYMBOL(km_policy_expired);
2478
2479#ifdef CONFIG_XFRM_MIGRATE
2480int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
2481 const struct xfrm_migrate *m, int num_migrate,
2482 const struct xfrm_kmaddress *k,
2483 const struct xfrm_encap_tmpl *encap)
2484{
2485 int err = -EINVAL;
2486 int ret;
2487 struct xfrm_mgr *km;
2488
2489 rcu_read_lock();
2490 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
2491 if (km->migrate) {
2492 ret = km->migrate(sel, dir, type, m, num_migrate, k,
2493 encap);
2494 if (!ret)
2495 err = ret;
2496 }
2497 }
2498 rcu_read_unlock();
2499 return err;
2500}
2501EXPORT_SYMBOL(km_migrate);
2502#endif
2503
2504int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
2505{
2506 int err = -EINVAL;
2507 int ret;
2508 struct xfrm_mgr *km;
2509
2510 rcu_read_lock();
2511 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
2512 if (km->report) {
2513 ret = km->report(net, proto, sel, addr);
2514 if (!ret)
2515 err = ret;
2516 }
2517 }
2518 rcu_read_unlock();
2519 return err;
2520}
2521EXPORT_SYMBOL(km_report);
2522
2523static bool km_is_alive(const struct km_event *c)
2524{
2525 struct xfrm_mgr *km;
2526 bool is_alive = false;
2527
2528 rcu_read_lock();
2529 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
2530 if (km->is_alive && km->is_alive(c)) {
2531 is_alive = true;
2532 break;
2533 }
2534 }
2535 rcu_read_unlock();
2536
2537 return is_alive;
2538}
2539
2540#if IS_ENABLED(CONFIG_XFRM_USER_COMPAT)
2541static DEFINE_SPINLOCK(xfrm_translator_lock);
2542static struct xfrm_translator __rcu *xfrm_translator;
2543
2544struct xfrm_translator *xfrm_get_translator(void)
2545{
2546 struct xfrm_translator *xtr;
2547
2548 rcu_read_lock();
2549 xtr = rcu_dereference(xfrm_translator);
2550 if (unlikely(!xtr))
2551 goto out;
2552 if (!try_module_get(xtr->owner))
2553 xtr = NULL;
2554out:
2555 rcu_read_unlock();
2556 return xtr;
2557}
2558EXPORT_SYMBOL_GPL(xfrm_get_translator);
2559
2560void xfrm_put_translator(struct xfrm_translator *xtr)
2561{
2562 module_put(xtr->owner);
2563}
2564EXPORT_SYMBOL_GPL(xfrm_put_translator);
2565
2566int xfrm_register_translator(struct xfrm_translator *xtr)
2567{
2568 int err = 0;
2569
2570 spin_lock_bh(&xfrm_translator_lock);
2571 if (unlikely(xfrm_translator != NULL))
2572 err = -EEXIST;
2573 else
2574 rcu_assign_pointer(xfrm_translator, xtr);
2575 spin_unlock_bh(&xfrm_translator_lock);
2576
2577 return err;
2578}
2579EXPORT_SYMBOL_GPL(xfrm_register_translator);
2580
2581int xfrm_unregister_translator(struct xfrm_translator *xtr)
2582{
2583 int err = 0;
2584
2585 spin_lock_bh(&xfrm_translator_lock);
2586 if (likely(xfrm_translator != NULL)) {
2587 if (rcu_access_pointer(xfrm_translator) != xtr)
2588 err = -EINVAL;
2589 else
2590 RCU_INIT_POINTER(xfrm_translator, NULL);
2591 }
2592 spin_unlock_bh(&xfrm_translator_lock);
2593 synchronize_rcu();
2594
2595 return err;
2596}
2597EXPORT_SYMBOL_GPL(xfrm_unregister_translator);
2598#endif
2599
2600int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval, int optlen)
2601{
2602 int err;
2603 u8 *data;
2604 struct xfrm_mgr *km;
2605 struct xfrm_policy *pol = NULL;
2606
2607 if (sockptr_is_null(optval) && !optlen) {
2608 xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL);
2609 xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL);
2610 __sk_dst_reset(sk);
2611 return 0;
2612 }
2613
2614 if (optlen <= 0 || optlen > PAGE_SIZE)
2615 return -EMSGSIZE;
2616
2617 data = memdup_sockptr(optval, optlen);
2618 if (IS_ERR(data))
2619 return PTR_ERR(data);
2620
2621 if (in_compat_syscall()) {
2622 struct xfrm_translator *xtr = xfrm_get_translator();
2623
2624 if (!xtr) {
2625 kfree(data);
2626 return -EOPNOTSUPP;
2627 }
2628
2629 err = xtr->xlate_user_policy_sockptr(&data, optlen);
2630 xfrm_put_translator(xtr);
2631 if (err) {
2632 kfree(data);
2633 return err;
2634 }
2635 }
2636
2637 err = -EINVAL;
2638 rcu_read_lock();
2639 list_for_each_entry_rcu(km, &xfrm_km_list, list) {
2640 pol = km->compile_policy(sk, optname, data,
2641 optlen, &err);
2642 if (err >= 0)
2643 break;
2644 }
2645 rcu_read_unlock();
2646
2647 if (err >= 0) {
2648 xfrm_sk_policy_insert(sk, err, pol);
2649 xfrm_pol_put(pol);
2650 __sk_dst_reset(sk);
2651 err = 0;
2652 }
2653
2654 kfree(data);
2655 return err;
2656}
2657EXPORT_SYMBOL(xfrm_user_policy);
2658
2659static DEFINE_SPINLOCK(xfrm_km_lock);
2660
2661void xfrm_register_km(struct xfrm_mgr *km)
2662{
2663 spin_lock_bh(&xfrm_km_lock);
2664 list_add_tail_rcu(&km->list, &xfrm_km_list);
2665 spin_unlock_bh(&xfrm_km_lock);
2666}
2667EXPORT_SYMBOL(xfrm_register_km);
2668
2669void xfrm_unregister_km(struct xfrm_mgr *km)
2670{
2671 spin_lock_bh(&xfrm_km_lock);
2672 list_del_rcu(&km->list);
2673 spin_unlock_bh(&xfrm_km_lock);
2674 synchronize_rcu();
2675}
2676EXPORT_SYMBOL(xfrm_unregister_km);
2677
2678int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
2679{
2680 int err = 0;
2681
2682 if (WARN_ON(afinfo->family >= NPROTO))
2683 return -EAFNOSUPPORT;
2684
2685 spin_lock_bh(&xfrm_state_afinfo_lock);
2686 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
2687 err = -EEXIST;
2688 else
2689 rcu_assign_pointer(xfrm_state_afinfo[afinfo->family], afinfo);
2690 spin_unlock_bh(&xfrm_state_afinfo_lock);
2691 return err;
2692}
2693EXPORT_SYMBOL(xfrm_state_register_afinfo);
2694
2695int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
2696{
2697 int err = 0, family = afinfo->family;
2698
2699 if (WARN_ON(family >= NPROTO))
2700 return -EAFNOSUPPORT;
2701
2702 spin_lock_bh(&xfrm_state_afinfo_lock);
2703 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
2704 if (rcu_access_pointer(xfrm_state_afinfo[family]) != afinfo)
2705 err = -EINVAL;
2706 else
2707 RCU_INIT_POINTER(xfrm_state_afinfo[afinfo->family], NULL);
2708 }
2709 spin_unlock_bh(&xfrm_state_afinfo_lock);
2710 synchronize_rcu();
2711 return err;
2712}
2713EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
2714
2715struct xfrm_state_afinfo *xfrm_state_afinfo_get_rcu(unsigned int family)
2716{
2717 if (unlikely(family >= NPROTO))
2718 return NULL;
2719
2720 return rcu_dereference(xfrm_state_afinfo[family]);
2721}
2722EXPORT_SYMBOL_GPL(xfrm_state_afinfo_get_rcu);
2723
2724struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
2725{
2726 struct xfrm_state_afinfo *afinfo;
2727 if (unlikely(family >= NPROTO))
2728 return NULL;
2729 rcu_read_lock();
2730 afinfo = rcu_dereference(xfrm_state_afinfo[family]);
2731 if (unlikely(!afinfo))
2732 rcu_read_unlock();
2733 return afinfo;
2734}
2735
2736void xfrm_flush_gc(void)
2737{
2738 flush_work(&xfrm_state_gc_work);
2739}
2740EXPORT_SYMBOL(xfrm_flush_gc);
2741
2742/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
2743void xfrm_state_delete_tunnel(struct xfrm_state *x)
2744{
2745 if (x->tunnel) {
2746 struct xfrm_state *t = x->tunnel;
2747
2748 if (atomic_read(&t->tunnel_users) == 2)
2749 xfrm_state_delete(t);
2750 atomic_dec(&t->tunnel_users);
2751 xfrm_state_put_sync(t);
2752 x->tunnel = NULL;
2753 }
2754}
2755EXPORT_SYMBOL(xfrm_state_delete_tunnel);
2756
2757u32 xfrm_state_mtu(struct xfrm_state *x, int mtu)
2758{
2759 const struct xfrm_type *type = READ_ONCE(x->type);
2760 struct crypto_aead *aead;
2761 u32 blksize, net_adj = 0;
2762
2763 if (x->km.state != XFRM_STATE_VALID ||
2764 !type || type->proto != IPPROTO_ESP)
2765 return mtu - x->props.header_len;
2766
2767 aead = x->data;
2768 blksize = ALIGN(crypto_aead_blocksize(aead), 4);
2769
2770 switch (x->props.mode) {
2771 case XFRM_MODE_TRANSPORT:
2772 case XFRM_MODE_BEET:
2773 if (x->props.family == AF_INET)
2774 net_adj = sizeof(struct iphdr);
2775 else if (x->props.family == AF_INET6)
2776 net_adj = sizeof(struct ipv6hdr);
2777 break;
2778 case XFRM_MODE_TUNNEL:
2779 break;
2780 default:
2781 WARN_ON_ONCE(1);
2782 break;
2783 }
2784
2785 return ((mtu - x->props.header_len - crypto_aead_authsize(aead) -
2786 net_adj) & ~(blksize - 1)) + net_adj - 2;
2787}
2788EXPORT_SYMBOL_GPL(xfrm_state_mtu);
2789
2790int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload,
2791 struct netlink_ext_ack *extack)
2792{
2793 const struct xfrm_mode *inner_mode;
2794 const struct xfrm_mode *outer_mode;
2795 int family = x->props.family;
2796 int err;
2797
2798 if (family == AF_INET &&
2799 READ_ONCE(xs_net(x)->ipv4.sysctl_ip_no_pmtu_disc))
2800 x->props.flags |= XFRM_STATE_NOPMTUDISC;
2801
2802 err = -EPROTONOSUPPORT;
2803
2804 if (x->sel.family != AF_UNSPEC) {
2805 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2806 if (inner_mode == NULL) {
2807 NL_SET_ERR_MSG(extack, "Requested mode not found");
2808 goto error;
2809 }
2810
2811 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2812 family != x->sel.family) {
2813 NL_SET_ERR_MSG(extack, "Only tunnel modes can accommodate a change of family");
2814 goto error;
2815 }
2816
2817 x->inner_mode = *inner_mode;
2818 } else {
2819 const struct xfrm_mode *inner_mode_iaf;
2820 int iafamily = AF_INET;
2821
2822 inner_mode = xfrm_get_mode(x->props.mode, x->props.family);
2823 if (inner_mode == NULL) {
2824 NL_SET_ERR_MSG(extack, "Requested mode not found");
2825 goto error;
2826 }
2827
2828 x->inner_mode = *inner_mode;
2829
2830 if (x->props.family == AF_INET)
2831 iafamily = AF_INET6;
2832
2833 inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily);
2834 if (inner_mode_iaf) {
2835 if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)
2836 x->inner_mode_iaf = *inner_mode_iaf;
2837 }
2838 }
2839
2840 x->type = xfrm_get_type(x->id.proto, family);
2841 if (x->type == NULL) {
2842 NL_SET_ERR_MSG(extack, "Requested type not found");
2843 goto error;
2844 }
2845
2846 x->type_offload = xfrm_get_type_offload(x->id.proto, family, offload);
2847
2848 err = x->type->init_state(x, extack);
2849 if (err)
2850 goto error;
2851
2852 outer_mode = xfrm_get_mode(x->props.mode, family);
2853 if (!outer_mode) {
2854 NL_SET_ERR_MSG(extack, "Requested mode not found");
2855 err = -EPROTONOSUPPORT;
2856 goto error;
2857 }
2858
2859 x->outer_mode = *outer_mode;
2860 if (init_replay) {
2861 err = xfrm_init_replay(x, extack);
2862 if (err)
2863 goto error;
2864 }
2865
2866error:
2867 return err;
2868}
2869
2870EXPORT_SYMBOL(__xfrm_init_state);
2871
2872int xfrm_init_state(struct xfrm_state *x)
2873{
2874 int err;
2875
2876 err = __xfrm_init_state(x, true, false, NULL);
2877 if (!err)
2878 x->km.state = XFRM_STATE_VALID;
2879
2880 return err;
2881}
2882
2883EXPORT_SYMBOL(xfrm_init_state);
2884
2885int __net_init xfrm_state_init(struct net *net)
2886{
2887 unsigned int sz;
2888
2889 if (net_eq(net, &init_net))
2890 xfrm_state_cache = KMEM_CACHE(xfrm_state,
2891 SLAB_HWCACHE_ALIGN | SLAB_PANIC);
2892
2893 INIT_LIST_HEAD(&net->xfrm.state_all);
2894
2895 sz = sizeof(struct hlist_head) * 8;
2896
2897 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2898 if (!net->xfrm.state_bydst)
2899 goto out_bydst;
2900 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2901 if (!net->xfrm.state_bysrc)
2902 goto out_bysrc;
2903 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2904 if (!net->xfrm.state_byspi)
2905 goto out_byspi;
2906 net->xfrm.state_byseq = xfrm_hash_alloc(sz);
2907 if (!net->xfrm.state_byseq)
2908 goto out_byseq;
2909 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2910
2911 net->xfrm.state_num = 0;
2912 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
2913 spin_lock_init(&net->xfrm.xfrm_state_lock);
2914 seqcount_spinlock_init(&net->xfrm.xfrm_state_hash_generation,
2915 &net->xfrm.xfrm_state_lock);
2916 return 0;
2917
2918out_byseq:
2919 xfrm_hash_free(net->xfrm.state_byspi, sz);
2920out_byspi:
2921 xfrm_hash_free(net->xfrm.state_bysrc, sz);
2922out_bysrc:
2923 xfrm_hash_free(net->xfrm.state_bydst, sz);
2924out_bydst:
2925 return -ENOMEM;
2926}
2927
2928void xfrm_state_fini(struct net *net)
2929{
2930 unsigned int sz;
2931
2932 flush_work(&net->xfrm.state_hash_work);
2933 flush_work(&xfrm_state_gc_work);
2934 xfrm_state_flush(net, 0, false, true);
2935
2936 WARN_ON(!list_empty(&net->xfrm.state_all));
2937
2938 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
2939 WARN_ON(!hlist_empty(net->xfrm.state_byseq));
2940 xfrm_hash_free(net->xfrm.state_byseq, sz);
2941 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2942 xfrm_hash_free(net->xfrm.state_byspi, sz);
2943 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2944 xfrm_hash_free(net->xfrm.state_bysrc, sz);
2945 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2946 xfrm_hash_free(net->xfrm.state_bydst, sz);
2947}
2948
2949#ifdef CONFIG_AUDITSYSCALL
2950static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2951 struct audit_buffer *audit_buf)
2952{
2953 struct xfrm_sec_ctx *ctx = x->security;
2954 u32 spi = ntohl(x->id.spi);
2955
2956 if (ctx)
2957 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2958 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2959
2960 switch (x->props.family) {
2961 case AF_INET:
2962 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2963 &x->props.saddr.a4, &x->id.daddr.a4);
2964 break;
2965 case AF_INET6:
2966 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2967 x->props.saddr.a6, x->id.daddr.a6);
2968 break;
2969 }
2970
2971 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2972}
2973
2974static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2975 struct audit_buffer *audit_buf)
2976{
2977 const struct iphdr *iph4;
2978 const struct ipv6hdr *iph6;
2979
2980 switch (family) {
2981 case AF_INET:
2982 iph4 = ip_hdr(skb);
2983 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2984 &iph4->saddr, &iph4->daddr);
2985 break;
2986 case AF_INET6:
2987 iph6 = ipv6_hdr(skb);
2988 audit_log_format(audit_buf,
2989 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2990 &iph6->saddr, &iph6->daddr,
2991 iph6->flow_lbl[0] & 0x0f,
2992 iph6->flow_lbl[1],
2993 iph6->flow_lbl[2]);
2994 break;
2995 }
2996}
2997
2998void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid)
2999{
3000 struct audit_buffer *audit_buf;
3001
3002 audit_buf = xfrm_audit_start("SAD-add");
3003 if (audit_buf == NULL)
3004 return;
3005 xfrm_audit_helper_usrinfo(task_valid, audit_buf);
3006 xfrm_audit_helper_sainfo(x, audit_buf);
3007 audit_log_format(audit_buf, " res=%u", result);
3008 audit_log_end(audit_buf);
3009}
3010EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
3011
3012void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid)
3013{
3014 struct audit_buffer *audit_buf;
3015
3016 audit_buf = xfrm_audit_start("SAD-delete");
3017 if (audit_buf == NULL)
3018 return;
3019 xfrm_audit_helper_usrinfo(task_valid, audit_buf);
3020 xfrm_audit_helper_sainfo(x, audit_buf);
3021 audit_log_format(audit_buf, " res=%u", result);
3022 audit_log_end(audit_buf);
3023}
3024EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
3025
3026void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
3027 struct sk_buff *skb)
3028{
3029 struct audit_buffer *audit_buf;
3030 u32 spi;
3031
3032 audit_buf = xfrm_audit_start("SA-replay-overflow");
3033 if (audit_buf == NULL)
3034 return;
3035 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
3036 /* don't record the sequence number because it's inherent in this kind
3037 * of audit message */
3038 spi = ntohl(x->id.spi);
3039 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
3040 audit_log_end(audit_buf);
3041}
3042EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
3043
3044void xfrm_audit_state_replay(struct xfrm_state *x,
3045 struct sk_buff *skb, __be32 net_seq)
3046{
3047 struct audit_buffer *audit_buf;
3048 u32 spi;
3049
3050 audit_buf = xfrm_audit_start("SA-replayed-pkt");
3051 if (audit_buf == NULL)
3052 return;
3053 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
3054 spi = ntohl(x->id.spi);
3055 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
3056 spi, spi, ntohl(net_seq));
3057 audit_log_end(audit_buf);
3058}
3059EXPORT_SYMBOL_GPL(xfrm_audit_state_replay);
3060
3061void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
3062{
3063 struct audit_buffer *audit_buf;
3064
3065 audit_buf = xfrm_audit_start("SA-notfound");
3066 if (audit_buf == NULL)
3067 return;
3068 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
3069 audit_log_end(audit_buf);
3070}
3071EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
3072
3073void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
3074 __be32 net_spi, __be32 net_seq)
3075{
3076 struct audit_buffer *audit_buf;
3077 u32 spi;
3078
3079 audit_buf = xfrm_audit_start("SA-notfound");
3080 if (audit_buf == NULL)
3081 return;
3082 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
3083 spi = ntohl(net_spi);
3084 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
3085 spi, spi, ntohl(net_seq));
3086 audit_log_end(audit_buf);
3087}
3088EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
3089
3090void xfrm_audit_state_icvfail(struct xfrm_state *x,
3091 struct sk_buff *skb, u8 proto)
3092{
3093 struct audit_buffer *audit_buf;
3094 __be32 net_spi;
3095 __be32 net_seq;
3096
3097 audit_buf = xfrm_audit_start("SA-icv-failure");
3098 if (audit_buf == NULL)
3099 return;
3100 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
3101 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
3102 u32 spi = ntohl(net_spi);
3103 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
3104 spi, spi, ntohl(net_seq));
3105 }
3106 audit_log_end(audit_buf);
3107}
3108EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
3109#endif /* CONFIG_AUDITSYSCALL */