projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
[linux-block.git] / net / xfrm / xfrm_state.c
CommitLineData
1da177e4
LT		 1/*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
df71837d 13 *
1da177e4
LT		 14 */
15
16#include <linux/workqueue.h>
17#include <net/xfrm.h>
18#include <linux/pfkeyv2.h>
19#include <linux/ipsec.h>
20#include <linux/module.h>
f034b5d4 21#include <linux/cache.h>
68277acc 22#include <linux/audit.h>
b5890d8b 23#include <asm/uaccess.h>
1da177e4 24
44e36b42
DM		 25#include "xfrm_hash.h"
26
1da177e4
LT		 27/* Each xfrm_state may be linked to two tables:
28
29 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
a624c108 30 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
1da177e4
LT		 31 destination/tunnel endpoint. (output)
32 */
33
34static DEFINE_SPINLOCK(xfrm_state_lock);
35
f034b5d4 36static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
9d4a706d 37static unsigned int xfrm_state_genid;
f034b5d4 38
17c2a42a
HX		 39static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
40static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
41
afeb14b4
PM		 42#ifdef CONFIG_AUDITSYSCALL
43static void xfrm_audit_state_replay(struct xfrm_state *x,
44 struct sk_buff *skb, __be32 net_seq);
45#else
46#define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
47#endif /* CONFIG_AUDITSYSCALL */
48
64d0cd00
AD		 49static inline unsigned int xfrm_dst_hash(struct net *net,
50 xfrm_address_t *daddr,
c1969f29
DM		 51 xfrm_address_t *saddr,
52 u32 reqid,
a624c108 53 unsigned short family)
f034b5d4 54{
64d0cd00 55 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask);
f034b5d4
DM		 56}
57
64d0cd00
AD		 58static inline unsigned int xfrm_src_hash(struct net *net,
59 xfrm_address_t *daddr,
667bbcb6 60 xfrm_address_t *saddr,
44e36b42 61 unsigned short family)
f034b5d4 62{
64d0cd00 63 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
f034b5d4
DM		 64}
65
f034b5d4 66static inline unsigned int
64d0cd00 67xfrm_spi_hash(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
f034b5d4 68{
64d0cd00 69 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
f034b5d4
DM		 70}
71
f034b5d4
DM		 72static void xfrm_hash_transfer(struct hlist_head *list,
73 struct hlist_head *ndsttable,
74 struct hlist_head *nsrctable,
75 struct hlist_head *nspitable,
76 unsigned int nhashmask)
77{
78 struct hlist_node *entry, *tmp;
79 struct xfrm_state *x;
80
81 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
82 unsigned int h;
83
c1969f29
DM		 84 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
85 x->props.reqid, x->props.family,
86 nhashmask);
f034b5d4
DM		 87 hlist_add_head(&x->bydst, ndsttable+h);
88
667bbcb6
MN		 89 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
90 x->props.family,
f034b5d4
DM		 91 nhashmask);
92 hlist_add_head(&x->bysrc, nsrctable+h);
93
7b4dc360
MN		 94 if (x->id.spi) {
95 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
96 x->id.proto, x->props.family,
97 nhashmask);
98 hlist_add_head(&x->byspi, nspitable+h);
99 }
f034b5d4
DM		 100 }
101}
102
63082733 103static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
f034b5d4 104{
63082733 105 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
f034b5d4
DM		 106}
107
108static DEFINE_MUTEX(hash_resize_mutex);
109
63082733 110static void xfrm_hash_resize(struct work_struct *work)
f034b5d4 111{
63082733 112 struct net *net = container_of(work, struct net, xfrm.state_hash_work);
f034b5d4
DM		 113 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
114 unsigned long nsize, osize;
115 unsigned int nhashmask, ohashmask;
116 int i;
117
118 mutex_lock(&hash_resize_mutex);
119
63082733 120 nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
44e36b42 121 ndst = xfrm_hash_alloc(nsize);
f034b5d4
DM		 122 if (!ndst)
123 goto out_unlock;
44e36b42 124 nsrc = xfrm_hash_alloc(nsize);
f034b5d4 125 if (!nsrc) {
44e36b42 126 xfrm_hash_free(ndst, nsize);
f034b5d4
DM		 127 goto out_unlock;
128 }
44e36b42 129 nspi = xfrm_hash_alloc(nsize);
f034b5d4 130 if (!nspi) {
44e36b42
DM		 131 xfrm_hash_free(ndst, nsize);
132 xfrm_hash_free(nsrc, nsize);
f034b5d4
DM		 133 goto out_unlock;
134 }
135
136 spin_lock_bh(&xfrm_state_lock);
137
138 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
63082733
AD		 139 for (i = net->xfrm.state_hmask; i >= 0; i--)
140 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi,
f034b5d4
DM		 141 nhashmask);
142
63082733
AD		 143 odst = net->xfrm.state_bydst;
144 osrc = net->xfrm.state_bysrc;
145 ospi = net->xfrm.state_byspi;
146 ohashmask = net->xfrm.state_hmask;
f034b5d4 147
63082733
AD		 148 net->xfrm.state_bydst = ndst;
149 net->xfrm.state_bysrc = nsrc;
150 net->xfrm.state_byspi = nspi;
151 net->xfrm.state_hmask = nhashmask;
f034b5d4
DM		 152
153 spin_unlock_bh(&xfrm_state_lock);
154
155 osize = (ohashmask + 1) * sizeof(struct hlist_head);
44e36b42
DM		 156 xfrm_hash_free(odst, osize);
157 xfrm_hash_free(osrc, osize);
158 xfrm_hash_free(ospi, osize);
f034b5d4
DM		 159
160out_unlock:
161 mutex_unlock(&hash_resize_mutex);
162}
163
1da177e4
LT		 164static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
165static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
166
1da177e4
LT		 167static DEFINE_SPINLOCK(xfrm_state_gc_lock);
168
53bc6b4d 169int __xfrm_state_delete(struct xfrm_state *x);
1da177e4 170
980ebd25 171int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
53bc6b4d 172void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
1da177e4 173
aa5d62cc
HX		 174static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
175{
176 struct xfrm_state_afinfo *afinfo;
177 if (unlikely(family >= NPROTO))
178 return NULL;
179 write_lock_bh(&xfrm_state_afinfo_lock);
180 afinfo = xfrm_state_afinfo[family];
181 if (unlikely(!afinfo))
182 write_unlock_bh(&xfrm_state_afinfo_lock);
183 return afinfo;
184}
185
186static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 187 __releases(xfrm_state_afinfo_lock)
aa5d62cc
HX		 188{
189 write_unlock_bh(&xfrm_state_afinfo_lock);
190}
191
533cb5b0 192int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 193{
194 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 195 const struct xfrm_type **typemap;
aa5d62cc
HX		 196 int err = 0;
197
198 if (unlikely(afinfo == NULL))
199 return -EAFNOSUPPORT;
200 typemap = afinfo->type_map;
201
202 if (likely(typemap[type->proto] == NULL))
203 typemap[type->proto] = type;
204 else
205 err = -EEXIST;
206 xfrm_state_unlock_afinfo(afinfo);
207 return err;
208}
209EXPORT_SYMBOL(xfrm_register_type);
210
533cb5b0 211int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
aa5d62cc
HX		 212{
213 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
533cb5b0 214 const struct xfrm_type **typemap;
aa5d62cc
HX		 215 int err = 0;
216
217 if (unlikely(afinfo == NULL))
218 return -EAFNOSUPPORT;
219 typemap = afinfo->type_map;
220
221 if (unlikely(typemap[type->proto] != type))
222 err = -ENOENT;
223 else
224 typemap[type->proto] = NULL;
225 xfrm_state_unlock_afinfo(afinfo);
226 return err;
227}
228EXPORT_SYMBOL(xfrm_unregister_type);
229
533cb5b0 230static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
aa5d62cc
HX		 231{
232 struct xfrm_state_afinfo *afinfo;
533cb5b0
ED		 233 const struct xfrm_type **typemap;
234 const struct xfrm_type *type;
aa5d62cc
HX		 235 int modload_attempted = 0;
236
237retry:
238 afinfo = xfrm_state_get_afinfo(family);
239 if (unlikely(afinfo == NULL))
240 return NULL;
241 typemap = afinfo->type_map;
242
243 type = typemap[proto];
244 if (unlikely(type && !try_module_get(type->owner)))
245 type = NULL;
246 if (!type && !modload_attempted) {
247 xfrm_state_put_afinfo(afinfo);
248 request_module("xfrm-type-%d-%d", family, proto);
249 modload_attempted = 1;
250 goto retry;
251 }
252
253 xfrm_state_put_afinfo(afinfo);
254 return type;
255}
256
533cb5b0 257static void xfrm_put_type(const struct xfrm_type *type)
aa5d62cc
HX		 258{
259 module_put(type->owner);
260}
261
262int xfrm_register_mode(struct xfrm_mode *mode, int family)
263{
264 struct xfrm_state_afinfo *afinfo;
265 struct xfrm_mode **modemap;
266 int err;
267
268 if (unlikely(mode->encap >= XFRM_MODE_MAX))
269 return -EINVAL;
270
271 afinfo = xfrm_state_lock_afinfo(family);
272 if (unlikely(afinfo == NULL))
273 return -EAFNOSUPPORT;
274
275 err = -EEXIST;
276 modemap = afinfo->mode_map;
17c2a42a
HX		 277 if (modemap[mode->encap])
278 goto out;
aa5d62cc 279
17c2a42a
HX		 280 err = -ENOENT;
281 if (!try_module_get(afinfo->owner))
282 goto out;
283
284 mode->afinfo = afinfo;
285 modemap[mode->encap] = mode;
286 err = 0;
287
288out:
aa5d62cc
HX		 289 xfrm_state_unlock_afinfo(afinfo);
290 return err;
291}
292EXPORT_SYMBOL(xfrm_register_mode);
293
294int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
295{
296 struct xfrm_state_afinfo *afinfo;
297 struct xfrm_mode **modemap;
298 int err;
299
300 if (unlikely(mode->encap >= XFRM_MODE_MAX))
301 return -EINVAL;
302
303 afinfo = xfrm_state_lock_afinfo(family);
304 if (unlikely(afinfo == NULL))
305 return -EAFNOSUPPORT;
306
307 err = -ENOENT;
308 modemap = afinfo->mode_map;
309 if (likely(modemap[mode->encap] == mode)) {
310 modemap[mode->encap] = NULL;
17c2a42a 311 module_put(mode->afinfo->owner);
aa5d62cc
HX		 312 err = 0;
313 }
314
315 xfrm_state_unlock_afinfo(afinfo);
316 return err;
317}
318EXPORT_SYMBOL(xfrm_unregister_mode);
319
320static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
321{
322 struct xfrm_state_afinfo *afinfo;
323 struct xfrm_mode *mode;
324 int modload_attempted = 0;
325
326 if (unlikely(encap >= XFRM_MODE_MAX))
327 return NULL;
328
329retry:
330 afinfo = xfrm_state_get_afinfo(family);
331 if (unlikely(afinfo == NULL))
332 return NULL;
333
334 mode = afinfo->mode_map[encap];
335 if (unlikely(mode && !try_module_get(mode->owner)))
336 mode = NULL;
337 if (!mode && !modload_attempted) {
338 xfrm_state_put_afinfo(afinfo);
339 request_module("xfrm-mode-%d-%d", family, encap);
340 modload_attempted = 1;
341 goto retry;
342 }
343
344 xfrm_state_put_afinfo(afinfo);
345 return mode;
346}
347
348static void xfrm_put_mode(struct xfrm_mode *mode)
349{
350 module_put(mode->owner);
351}
352
1da177e4
LT		 353static void xfrm_state_gc_destroy(struct xfrm_state *x)
354{
a47f0ce0
DM		 355 del_timer_sync(&x->timer);
356 del_timer_sync(&x->rtimer);
a51482bd
JJ		 357 kfree(x->aalg);
358 kfree(x->ealg);
359 kfree(x->calg);
360 kfree(x->encap);
060f02a3 361 kfree(x->coaddr);
13996378
HX		 362 if (x->inner_mode)
363 xfrm_put_mode(x->inner_mode);
df9dcb45
KM		 364 if (x->inner_mode_iaf)
365 xfrm_put_mode(x->inner_mode_iaf);
13996378
HX		 366 if (x->outer_mode)
367 xfrm_put_mode(x->outer_mode);
1da177e4
LT		 368 if (x->type) {
369 x->type->destructor(x);
370 xfrm_put_type(x->type);
371 }
df71837d 372 security_xfrm_state_free(x);
1da177e4
LT		 373 kfree(x);
374}
375
c7837144 376static void xfrm_state_gc_task(struct work_struct *work)
1da177e4 377{
c7837144 378 struct net *net = container_of(work, struct net, xfrm.state_gc_work);
12a169e7
HX		 379 struct xfrm_state *x;
380 struct hlist_node *entry, *tmp;
381 struct hlist_head gc_list;
1da177e4 382
1da177e4 383 spin_lock_bh(&xfrm_state_gc_lock);
c7837144 384 hlist_move_list(&net->xfrm.state_gc_list, &gc_list);
1da177e4
LT		 385 spin_unlock_bh(&xfrm_state_gc_lock);
386
12a169e7 387 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
1da177e4 388 xfrm_state_gc_destroy(x);
8f126e37 389
50a30657 390 wake_up(&net->xfrm.km_waitq);
1da177e4
LT		 391}
392
393static inline unsigned long make_jiffies(long secs)
394{
395 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
396 return MAX_SCHEDULE_TIMEOUT-1;
397 else
a716c119 398 return secs*HZ;
1da177e4
LT		 399}
400
401static void xfrm_timer_handler(unsigned long data)
402{
403 struct xfrm_state *x = (struct xfrm_state*)data;
98806f75 404 struct net *net = xs_net(x);
9d729f72 405 unsigned long now = get_seconds();
1da177e4
LT		 406 long next = LONG_MAX;
407 int warn = 0;
161a09e7 408 int err = 0;
1da177e4
LT		 409
410 spin_lock(&x->lock);
411 if (x->km.state == XFRM_STATE_DEAD)
412 goto out;
413 if (x->km.state == XFRM_STATE_EXPIRED)
414 goto expired;
415 if (x->lft.hard_add_expires_seconds) {
416 long tmo = x->lft.hard_add_expires_seconds +
417 x->curlft.add_time - now;
418 if (tmo <= 0)
419 goto expired;
420 if (tmo < next)
421 next = tmo;
422 }
423 if (x->lft.hard_use_expires_seconds) {
424 long tmo = x->lft.hard_use_expires_seconds +
425 (x->curlft.use_time ? : now) - now;
426 if (tmo <= 0)
427 goto expired;
428 if (tmo < next)
429 next = tmo;
430 }
431 if (x->km.dying)
432 goto resched;
433 if (x->lft.soft_add_expires_seconds) {
434 long tmo = x->lft.soft_add_expires_seconds +
435 x->curlft.add_time - now;
436 if (tmo <= 0)
437 warn = 1;
438 else if (tmo < next)
439 next = tmo;
440 }
441 if (x->lft.soft_use_expires_seconds) {
442 long tmo = x->lft.soft_use_expires_seconds +
443 (x->curlft.use_time ? : now) - now;
444 if (tmo <= 0)
445 warn = 1;
446 else if (tmo < next)
447 next = tmo;
448 }
449
4666faab 450 x->km.dying = warn;
1da177e4 451 if (warn)
53bc6b4d 452 km_state_expired(x, 0, 0);
1da177e4 453resched:
a47f0ce0
DM		 454 if (next != LONG_MAX)
455 mod_timer(&x->timer, jiffies + make_jiffies(next));
456
1da177e4
LT		 457 goto out;
458
459expired:
460 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
461 x->km.state = XFRM_STATE_EXPIRED;
98806f75 462 wake_up(&net->xfrm.km_waitq);
1da177e4
LT		 463 next = 2;
464 goto resched;
465 }
161a09e7
JL		 466
467 err = __xfrm_state_delete(x);
468 if (!err && x->id.spi)
53bc6b4d 469 km_state_expired(x, 1, 0);
1da177e4 470
ab5f5e8b 471 xfrm_audit_state_delete(x, err ? 0 : 1,
2532386f
EP		 472 audit_get_loginuid(current),
473 audit_get_sessionid(current), 0);
161a09e7 474
1da177e4
LT		 475out:
476 spin_unlock(&x->lock);
1da177e4
LT		 477}
478
0ac84752
DM		 479static void xfrm_replay_timer_handler(unsigned long data);
480
673c09be 481struct xfrm_state *xfrm_state_alloc(struct net *net)
1da177e4
LT		 482{
483 struct xfrm_state *x;
484
0da974f4 485 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
1da177e4
LT		 486
487 if (x) {
673c09be 488 write_pnet(&x->xs_net, net);
1da177e4
LT		 489 atomic_set(&x->refcnt, 1);
490 atomic_set(&x->tunnel_users, 0);
12a169e7 491 INIT_LIST_HEAD(&x->km.all);
8f126e37
DM		 492 INIT_HLIST_NODE(&x->bydst);
493 INIT_HLIST_NODE(&x->bysrc);
494 INIT_HLIST_NODE(&x->byspi);
b24b8a24
PE		 495 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
496 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
497 (unsigned long)x);
9d729f72 498 x->curlft.add_time = get_seconds();
1da177e4
LT		 499 x->lft.soft_byte_limit = XFRM_INF;
500 x->lft.soft_packet_limit = XFRM_INF;
501 x->lft.hard_byte_limit = XFRM_INF;
502 x->lft.hard_packet_limit = XFRM_INF;
f8cd5488
JHS		 503 x->replay_maxage = 0;
504 x->replay_maxdiff = 0;
df9dcb45
KM		 505 x->inner_mode = NULL;
506 x->inner_mode_iaf = NULL;
1da177e4
LT		 507 spin_lock_init(&x->lock);
508 }
509 return x;
510}
511EXPORT_SYMBOL(xfrm_state_alloc);
512
513void __xfrm_state_destroy(struct xfrm_state *x)
514{
98806f75
AD		 515 struct net *net = xs_net(x);
516
547b792c 517 WARN_ON(x->km.state != XFRM_STATE_DEAD);
1da177e4
LT		 518
519 spin_lock_bh(&xfrm_state_gc_lock);
98806f75 520 hlist_add_head(&x->gclist, &net->xfrm.state_gc_list);
1da177e4 521 spin_unlock_bh(&xfrm_state_gc_lock);
98806f75 522 schedule_work(&net->xfrm.state_gc_work);
1da177e4
LT		 523}
524EXPORT_SYMBOL(__xfrm_state_destroy);
525
53bc6b4d 526int __xfrm_state_delete(struct xfrm_state *x)
1da177e4 527{
98806f75 528 struct net *net = xs_net(x);
26b15dad
JHS		 529 int err = -ESRCH;
530
1da177e4
LT		 531 if (x->km.state != XFRM_STATE_DEAD) {
532 x->km.state = XFRM_STATE_DEAD;
533 spin_lock(&xfrm_state_lock);
12a169e7 534 list_del(&x->km.all);
8f126e37 535 hlist_del(&x->bydst);
8f126e37 536 hlist_del(&x->bysrc);
a47f0ce0 537 if (x->id.spi)
8f126e37 538 hlist_del(&x->byspi);
98806f75 539 net->xfrm.state_num--;
1da177e4 540 spin_unlock(&xfrm_state_lock);
1da177e4 541
1da177e4
LT		 542 /* All xfrm_state objects are created by xfrm_state_alloc.
543 * The xfrm_state_alloc call gives a reference, and that
544 * is what we are dropping here.
545 */
5dba4797 546 xfrm_state_put(x);
26b15dad 547 err = 0;
1da177e4 548 }
26b15dad
JHS		 549
550 return err;
1da177e4 551}
53bc6b4d 552EXPORT_SYMBOL(__xfrm_state_delete);
1da177e4 553
26b15dad 554int xfrm_state_delete(struct xfrm_state *x)
1da177e4 555{
26b15dad
JHS		 556 int err;
557
1da177e4 558 spin_lock_bh(&x->lock);
26b15dad 559 err = __xfrm_state_delete(x);
1da177e4 560 spin_unlock_bh(&x->lock);
26b15dad
JHS		 561
562 return err;
1da177e4
LT		 563}
564EXPORT_SYMBOL(xfrm_state_delete);
565
4aa2e62c
JL		 566#ifdef CONFIG_SECURITY_NETWORK_XFRM
567static inline int
0e602451 568xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
1da177e4 569{
4aa2e62c
JL		 570 int i, err = 0;
571
0e602451 572 for (i = 0; i <= net->xfrm.state_hmask; i++) {
4aa2e62c
JL		 573 struct hlist_node *entry;
574 struct xfrm_state *x;
575
0e602451 576 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
4aa2e62c
JL		 577 if (xfrm_id_proto_match(x->id.proto, proto) &&
578 (err = security_xfrm_state_delete(x)) != 0) {
ab5f5e8b
JL		 579 xfrm_audit_state_delete(x, 0,
580 audit_info->loginuid,
2532386f 581 audit_info->sessionid,
ab5f5e8b 582 audit_info->secid);
4aa2e62c
JL		 583 return err;
584 }
585 }
586 }
587
588 return err;
589}
590#else
591static inline int
0e602451 592xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
4aa2e62c
JL		 593{
594 return 0;
595}
596#endif
597
0e602451 598int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info)
4aa2e62c
JL		 599{
600 int i, err = 0;
1da177e4
LT		 601
602 spin_lock_bh(&xfrm_state_lock);
0e602451 603 err = xfrm_state_flush_secctx_check(net, proto, audit_info);
4aa2e62c
JL		 604 if (err)
605 goto out;
606
0e602451 607 for (i = 0; i <= net->xfrm.state_hmask; i++) {
8f126e37
DM		 608 struct hlist_node *entry;
609 struct xfrm_state *x;
1da177e4 610restart:
0e602451 611 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
1da177e4 612 if (!xfrm_state_kern(x) &&
5794708f 613 xfrm_id_proto_match(x->id.proto, proto)) {
1da177e4
LT		 614 xfrm_state_hold(x);
615 spin_unlock_bh(&xfrm_state_lock);
616
161a09e7 617 err = xfrm_state_delete(x);
ab5f5e8b
JL		 618 xfrm_audit_state_delete(x, err ? 0 : 1,
619 audit_info->loginuid,
2532386f 620 audit_info->sessionid,
ab5f5e8b 621 audit_info->secid);
1da177e4
LT		 622 xfrm_state_put(x);
623
624 spin_lock_bh(&xfrm_state_lock);
625 goto restart;
626 }
627 }
628 }
4aa2e62c
JL		 629 err = 0;
630
631out:
1da177e4 632 spin_unlock_bh(&xfrm_state_lock);
0e602451 633 wake_up(&net->xfrm.km_waitq);
4aa2e62c 634 return err;
1da177e4
LT		 635}
636EXPORT_SYMBOL(xfrm_state_flush);
637
af11e316 638void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
28d8909b
JHS		 639{
640 spin_lock_bh(&xfrm_state_lock);
0bf7c5b0 641 si->sadcnt = init_net.xfrm.state_num;
529983ec 642 si->sadhcnt = init_net.xfrm.state_hmask;
28d8909b
JHS		 643 si->sadhmcnt = xfrm_state_hashmax;
644 spin_unlock_bh(&xfrm_state_lock);
645}
646EXPORT_SYMBOL(xfrm_sad_getinfo);
647
1da177e4
LT		 648static int
649xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
650 struct xfrm_tmpl *tmpl,
651 xfrm_address_t *daddr, xfrm_address_t *saddr,
652 unsigned short family)
653{
654 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
655 if (!afinfo)
656 return -1;
657 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
658 xfrm_state_put_afinfo(afinfo);
659 return 0;
660}
661
221df1ed 662static struct xfrm_state *__xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
edcd5821 663{
221df1ed 664 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
edcd5821 665 struct xfrm_state *x;
8f126e37 666 struct hlist_node *entry;
edcd5821 667
221df1ed 668 hlist_for_each_entry(x, entry, net->xfrm.state_byspi+h, byspi) {
edcd5821
DM		 669 if (x->props.family != family ||
670 x->id.spi != spi ||
671 x->id.proto != proto)
672 continue;
673
674 switch (family) {
675 case AF_INET:
676 if (x->id.daddr.a4 != daddr->a4)
677 continue;
678 break;
679 case AF_INET6:
680 if (!ipv6_addr_equal((struct in6_addr *)daddr,
681 (struct in6_addr *)
682 x->id.daddr.a6))
683 continue;
684 break;
3ff50b79 685 }
edcd5821
DM		 686
687 xfrm_state_hold(x);
688 return x;
689 }
690
691 return NULL;
692}
693
221df1ed 694static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
edcd5821 695{
221df1ed 696 unsigned int h = xfrm_src_hash(net, daddr, saddr, family);
edcd5821 697 struct xfrm_state *x;
8f126e37 698 struct hlist_node *entry;
edcd5821 699
221df1ed 700 hlist_for_each_entry(x, entry, net->xfrm.state_bysrc+h, bysrc) {
edcd5821
DM		 701 if (x->props.family != family ||
702 x->id.proto != proto)
703 continue;
704
705 switch (family) {
706 case AF_INET:
707 if (x->id.daddr.a4 != daddr->a4 ||
708 x->props.saddr.a4 != saddr->a4)
709 continue;
710 break;
711 case AF_INET6:
712 if (!ipv6_addr_equal((struct in6_addr *)daddr,
713 (struct in6_addr *)
714 x->id.daddr.a6) ||
715 !ipv6_addr_equal((struct in6_addr *)saddr,
716 (struct in6_addr *)
717 x->props.saddr.a6))
718 continue;
719 break;
3ff50b79 720 }
edcd5821
DM		 721
722 xfrm_state_hold(x);
723 return x;
724 }
725
726 return NULL;
727}
728
729static inline struct xfrm_state *
730__xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
731{
221df1ed
AD		 732 struct net *net = xs_net(x);
733
edcd5821 734 if (use_spi)
221df1ed 735 return __xfrm_state_lookup(net, &x->id.daddr, x->id.spi,
edcd5821
DM		 736 x->id.proto, family);
737 else
221df1ed 738 return __xfrm_state_lookup_byaddr(net, &x->id.daddr,
edcd5821
DM		 739 &x->props.saddr,
740 x->id.proto, family);
741}
742
98806f75 743static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
2fab22f2
PM		 744{
745 if (have_hash_collision &&
98806f75
AD		 746 (net->xfrm.state_hmask + 1) < xfrm_state_hashmax &&
747 net->xfrm.state_num > net->xfrm.state_hmask)
748 schedule_work(&net->xfrm.state_hash_work);
2fab22f2
PM		 749}
750
1da177e4 751struct xfrm_state *
a716c119 752xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 753 struct flowi *fl, struct xfrm_tmpl *tmpl,
754 struct xfrm_policy *pol, int *err,
755 unsigned short family)
756{
5447c5e4 757 struct net *net = xp_net(pol);
4bda4f25 758 unsigned int h;
8f126e37 759 struct hlist_node *entry;
37b08e34 760 struct xfrm_state *x, *x0, *to_put;
1da177e4
LT		 761 int acquire_in_progress = 0;
762 int error = 0;
763 struct xfrm_state *best = NULL;
a716c119 764
37b08e34
DM		 765 to_put = NULL;
766
1da177e4 767 spin_lock_bh(&xfrm_state_lock);
5447c5e4
AD		 768 h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, family);
769 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
1da177e4
LT		 770 if (x->props.family == family &&
771 x->props.reqid == tmpl->reqid &&
fbd9a5b4 772 !(x->props.flags & XFRM_STATE_WILDRECV) &&
1da177e4
LT		 773 xfrm_state_addr_check(x, daddr, saddr, family) &&
774 tmpl->mode == x->props.mode &&
775 tmpl->id.proto == x->id.proto &&
776 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
777 /* Resolution logic:
778 1. There is a valid state with matching selector.
779 Done.
780 2. Valid state with inappropriate selector. Skip.
781
782 Entering area of "sysdeps".
783
784 3. If state is not valid, selector is temporary,
785 it selects only session which triggered
786 previous resolution. Key manager will do
787 something to install a state with proper
788 selector.
789 */
790 if (x->km.state == XFRM_STATE_VALID) {
df9dcb45 791 if ((x->sel.family && !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
e0d1caa7 792 !security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 793 continue;
794 if (!best ||
795 best->km.dying > x->km.dying ||
796 (best->km.dying == x->km.dying &&
797 best->curlft.add_time < x->curlft.add_time))
798 best = x;
799 } else if (x->km.state == XFRM_STATE_ACQ) {
800 acquire_in_progress = 1;
801 } else if (x->km.state == XFRM_STATE_ERROR ||
802 x->km.state == XFRM_STATE_EXPIRED) {
48b8d783 803 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
e0d1caa7 804 security_xfrm_state_pol_flow_match(x, pol, fl))
1da177e4
LT		 805 error = -ESRCH;
806 }
807 }
808 }
809
810 x = best;
811 if (!x && !error && !acquire_in_progress) {
5c5d281a 812 if (tmpl->id.spi &&
5447c5e4 813 (x0 = __xfrm_state_lookup(net, daddr, tmpl->id.spi,
edcd5821 814 tmpl->id.proto, family)) != NULL) {
37b08e34 815 to_put = x0;
1da177e4
LT		 816 error = -EEXIST;
817 goto out;
818 }
5447c5e4 819 x = xfrm_state_alloc(net);
1da177e4
LT		 820 if (x == NULL) {
821 error = -ENOMEM;
822 goto out;
823 }
824 /* Initialize temporary selector matching only
825 * to current session. */
826 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
827
e0d1caa7
VY		 828 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
829 if (error) {
830 x->km.state = XFRM_STATE_DEAD;
37b08e34 831 to_put = x;
e0d1caa7
VY		 832 x = NULL;
833 goto out;
834 }
835
1da177e4
LT		 836 if (km_query(x, tmpl, pol) == 0) {
837 x->km.state = XFRM_STATE_ACQ;
5447c5e4
AD		 838 list_add(&x->km.all, &net->xfrm.state_all);
839 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
840 h = xfrm_src_hash(net, daddr, saddr, family);
841 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
1da177e4 842 if (x->id.spi) {
5447c5e4
AD		 843 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, family);
844 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
1da177e4 845 }
b27aeadb
AD		 846 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
847 x->timer.expires = jiffies + net->xfrm.sysctl_acq_expires*HZ;
1da177e4 848 add_timer(&x->timer);
5447c5e4
AD		 849 net->xfrm.state_num++;
850 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1da177e4
LT		 851 } else {
852 x->km.state = XFRM_STATE_DEAD;
37b08e34 853 to_put = x;
1da177e4
LT		 854 x = NULL;
855 error = -ESRCH;
856 }
857 }
858out:
859 if (x)
860 xfrm_state_hold(x);
861 else
862 *err = acquire_in_progress ? -EAGAIN : error;
863 spin_unlock_bh(&xfrm_state_lock);
37b08e34
DM		 864 if (to_put)
865 xfrm_state_put(to_put);
1da177e4
LT		 866 return x;
867}
868
628529b6 869struct xfrm_state *
5447c5e4
AD		 870xfrm_stateonly_find(struct net *net,
871 xfrm_address_t *daddr, xfrm_address_t *saddr,
628529b6
JHS		 872 unsigned short family, u8 mode, u8 proto, u32 reqid)
873{
4bda4f25 874 unsigned int h;
628529b6
JHS		 875 struct xfrm_state *rx = NULL, *x = NULL;
876 struct hlist_node *entry;
877
878 spin_lock(&xfrm_state_lock);
5447c5e4
AD		 879 h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
880 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
628529b6
JHS		 881 if (x->props.family == family &&
882 x->props.reqid == reqid &&
883 !(x->props.flags & XFRM_STATE_WILDRECV) &&
884 xfrm_state_addr_check(x, daddr, saddr, family) &&
885 mode == x->props.mode &&
886 proto == x->id.proto &&
887 x->km.state == XFRM_STATE_VALID) {
888 rx = x;
889 break;
890 }
891 }
892
893 if (rx)
894 xfrm_state_hold(rx);
895 spin_unlock(&xfrm_state_lock);
896
897
898 return rx;
899}
900EXPORT_SYMBOL(xfrm_stateonly_find);
901
1da177e4
LT		 902static void __xfrm_state_insert(struct xfrm_state *x)
903{
98806f75 904 struct net *net = xs_net(x);
a624c108 905 unsigned int h;
1da177e4 906
9d4a706d
DM		 907 x->genid = ++xfrm_state_genid;
908
98806f75 909 list_add(&x->km.all, &net->xfrm.state_all);
4c563f76 910
98806f75 911 h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr,
c1969f29 912 x->props.reqid, x->props.family);
98806f75 913 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
1da177e4 914
98806f75
AD		 915 h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family);
916 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
1da177e4 917
7b4dc360 918 if (x->id.spi) {
98806f75 919 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto,
6c44e6b7
MN		 920 x->props.family);
921
98806f75 922 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
6c44e6b7
MN		 923 }
924
a47f0ce0
DM		 925 mod_timer(&x->timer, jiffies + HZ);
926 if (x->replay_maxage)
927 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
f8cd5488 928
98806f75 929 wake_up(&net->xfrm.km_waitq);
f034b5d4 930
98806f75 931 net->xfrm.state_num++;
f034b5d4 932
98806f75 933 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1da177e4
LT		 934}
935
c7f5ea3a
DM		 936/* xfrm_state_lock is held */
937static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
938{
98806f75 939 struct net *net = xs_net(xnew);
c7f5ea3a
DM		 940 unsigned short family = xnew->props.family;
941 u32 reqid = xnew->props.reqid;
942 struct xfrm_state *x;
943 struct hlist_node *entry;
944 unsigned int h;
945
98806f75
AD		 946 h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
947 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
c7f5ea3a
DM		 948 if (x->props.family == family &&
949 x->props.reqid == reqid &&
c1969f29
DM		 950 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
951 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
c7f5ea3a
DM		 952 x->genid = xfrm_state_genid;
953 }
954}
955
1da177e4
LT		 956void xfrm_state_insert(struct xfrm_state *x)
957{
958 spin_lock_bh(&xfrm_state_lock);
c7f5ea3a 959 __xfrm_state_bump_genids(x);
1da177e4
LT		 960 __xfrm_state_insert(x);
961 spin_unlock_bh(&xfrm_state_lock);
962}
963EXPORT_SYMBOL(xfrm_state_insert);
964
2770834c 965/* xfrm_state_lock is held */
5447c5e4 966static struct xfrm_state *__find_acq_core(struct net *net, unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
2770834c 967{
5447c5e4 968 unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
8f126e37 969 struct hlist_node *entry;
2770834c
DM		 970 struct xfrm_state *x;
971
5447c5e4 972 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
2770834c
DM		 973 if (x->props.reqid != reqid ||
974 x->props.mode != mode ||
975 x->props.family != family ||
976 x->km.state != XFRM_STATE_ACQ ||
75e252d9
JL		 977 x->id.spi != 0 ||
978 x->id.proto != proto)
2770834c
DM		 979 continue;
980
981 switch (family) {
982 case AF_INET:
983 if (x->id.daddr.a4 != daddr->a4 ||
984 x->props.saddr.a4 != saddr->a4)
985 continue;
986 break;
987 case AF_INET6:
988 if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
989 (struct in6_addr *)daddr) ||
990 !ipv6_addr_equal((struct in6_addr *)
991 x->props.saddr.a6,
992 (struct in6_addr *)saddr))
993 continue;
994 break;
3ff50b79 995 }
2770834c
DM		 996
997 xfrm_state_hold(x);
998 return x;
999 }
1000
1001 if (!create)
1002 return NULL;
1003
5447c5e4 1004 x = xfrm_state_alloc(net);
2770834c
DM		 1005 if (likely(x)) {
1006 switch (family) {
1007 case AF_INET:
1008 x->sel.daddr.a4 = daddr->a4;
1009 x->sel.saddr.a4 = saddr->a4;
1010 x->sel.prefixlen_d = 32;
1011 x->sel.prefixlen_s = 32;
1012 x->props.saddr.a4 = saddr->a4;
1013 x->id.daddr.a4 = daddr->a4;
1014 break;
1015
1016 case AF_INET6:
1017 ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1018 (struct in6_addr *)daddr);
1019 ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1020 (struct in6_addr *)saddr);
1021 x->sel.prefixlen_d = 128;
1022 x->sel.prefixlen_s = 128;
1023 ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1024 (struct in6_addr *)saddr);
1025 ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1026 (struct in6_addr *)daddr);
1027 break;
3ff50b79 1028 }
2770834c
DM		 1029
1030 x->km.state = XFRM_STATE_ACQ;
1031 x->id.proto = proto;
1032 x->props.family = family;
1033 x->props.mode = mode;
1034 x->props.reqid = reqid;
b27aeadb 1035 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
2770834c 1036 xfrm_state_hold(x);
b27aeadb 1037 x->timer.expires = jiffies + net->xfrm.sysctl_acq_expires*HZ;
2770834c 1038 add_timer(&x->timer);
5447c5e4
AD		 1039 list_add(&x->km.all, &net->xfrm.state_all);
1040 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
1041 h = xfrm_src_hash(net, daddr, saddr, family);
1042 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
918049f0 1043
5447c5e4 1044 net->xfrm.state_num++;
918049f0 1045
5447c5e4 1046 xfrm_hash_grow_check(net, x->bydst.next != NULL);
2770834c
DM		 1047 }
1048
1049 return x;
1050}
1051
5447c5e4 1052static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 seq);
1da177e4
LT		 1053
1054int xfrm_state_add(struct xfrm_state *x)
1055{
5447c5e4 1056 struct net *net = xs_net(x);
37b08e34 1057 struct xfrm_state *x1, *to_put;
1da177e4
LT		 1058 int family;
1059 int err;
eb2971b6 1060 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4
LT		 1061
1062 family = x->props.family;
1da177e4 1063
37b08e34
DM		 1064 to_put = NULL;
1065
1da177e4
LT		 1066 spin_lock_bh(&xfrm_state_lock);
1067
edcd5821 1068 x1 = __xfrm_state_locate(x, use_spi, family);
1da177e4 1069 if (x1) {
37b08e34 1070 to_put = x1;
1da177e4
LT		 1071 x1 = NULL;
1072 err = -EEXIST;
1073 goto out;
1074 }
1075
eb2971b6 1076 if (use_spi && x->km.seq) {
5447c5e4 1077 x1 = __xfrm_find_acq_byseq(net, x->km.seq);
75e252d9
JL		 1078 if (x1 && ((x1->id.proto != x->id.proto) ||
1079 xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
37b08e34 1080 to_put = x1;
1da177e4
LT		 1081 x1 = NULL;
1082 }
1083 }
1084
eb2971b6 1085 if (use_spi && !x1)
5447c5e4 1086 x1 = __find_acq_core(net, family, x->props.mode, x->props.reqid,
2770834c
DM		 1087 x->id.proto,
1088 &x->id.daddr, &x->props.saddr, 0);
1da177e4 1089
c7f5ea3a 1090 __xfrm_state_bump_genids(x);
1da177e4
LT		 1091 __xfrm_state_insert(x);
1092 err = 0;
1093
1094out:
1095 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1096
1097 if (x1) {
1098 xfrm_state_delete(x1);
1099 xfrm_state_put(x1);
1100 }
1101
37b08e34
DM		 1102 if (to_put)
1103 xfrm_state_put(to_put);
1104
1da177e4
LT		 1105 return err;
1106}
1107EXPORT_SYMBOL(xfrm_state_add);
1108
80c9abaa 1109#ifdef CONFIG_XFRM_MIGRATE
6666351d 1110static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
80c9abaa 1111{
98806f75 1112 struct net *net = xs_net(orig);
80c9abaa 1113 int err = -ENOMEM;
98806f75 1114 struct xfrm_state *x = xfrm_state_alloc(net);
80c9abaa
SS		 1115 if (!x)
1116 goto error;
1117
1118 memcpy(&x->id, &orig->id, sizeof(x->id));
1119 memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1120 memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1121 x->props.mode = orig->props.mode;
1122 x->props.replay_window = orig->props.replay_window;
1123 x->props.reqid = orig->props.reqid;
1124 x->props.family = orig->props.family;
1125 x->props.saddr = orig->props.saddr;
1126
1127 if (orig->aalg) {
1128 x->aalg = xfrm_algo_clone(orig->aalg);
1129 if (!x->aalg)
1130 goto error;
1131 }
1132 x->props.aalgo = orig->props.aalgo;
1133
1134 if (orig->ealg) {
1135 x->ealg = xfrm_algo_clone(orig->ealg);
1136 if (!x->ealg)
1137 goto error;
1138 }
1139 x->props.ealgo = orig->props.ealgo;
1140
1141 if (orig->calg) {
1142 x->calg = xfrm_algo_clone(orig->calg);
1143 if (!x->calg)
1144 goto error;
1145 }
1146 x->props.calgo = orig->props.calgo;
1147
a716c119 1148 if (orig->encap) {
80c9abaa
SS		 1149 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1150 if (!x->encap)
1151 goto error;
1152 }
1153
1154 if (orig->coaddr) {
1155 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1156 GFP_KERNEL);
1157 if (!x->coaddr)
1158 goto error;
1159 }
1160
1161 err = xfrm_init_state(x);
1162 if (err)
1163 goto error;
1164
1165 x->props.flags = orig->props.flags;
1166
1167 x->curlft.add_time = orig->curlft.add_time;
1168 x->km.state = orig->km.state;
1169 x->km.seq = orig->km.seq;
1170
1171 return x;
1172
1173 error:
1174 if (errp)
1175 *errp = err;
1176 if (x) {
1177 kfree(x->aalg);
1178 kfree(x->ealg);
1179 kfree(x->calg);
1180 kfree(x->encap);
1181 kfree(x->coaddr);
1182 }
1183 kfree(x);
1184 return NULL;
1185}
80c9abaa
SS		 1186
1187/* xfrm_state_lock is held */
1188struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1189{
1190 unsigned int h;
1191 struct xfrm_state *x;
1192 struct hlist_node *entry;
1193
1194 if (m->reqid) {
64d0cd00 1195 h = xfrm_dst_hash(&init_net, &m->old_daddr, &m->old_saddr,
80c9abaa 1196 m->reqid, m->old_family);
73d189dc 1197 hlist_for_each_entry(x, entry, init_net.xfrm.state_bydst+h, bydst) {
80c9abaa
SS		 1198 if (x->props.mode != m->mode ||
1199 x->id.proto != m->proto)
1200 continue;
1201 if (m->reqid && x->props.reqid != m->reqid)
1202 continue;
1203 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1204 m->old_family) ||
1205 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1206 m->old_family))
1207 continue;
1208 xfrm_state_hold(x);
1209 return x;
1210 }
1211 } else {
64d0cd00 1212 h = xfrm_src_hash(&init_net, &m->old_daddr, &m->old_saddr,
80c9abaa 1213 m->old_family);
d320bbb3 1214 hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) {
80c9abaa
SS		 1215 if (x->props.mode != m->mode ||
1216 x->id.proto != m->proto)
1217 continue;
1218 if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1219 m->old_family) ||
1220 xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1221 m->old_family))
1222 continue;
1223 xfrm_state_hold(x);
1224 return x;
1225 }
1226 }
1227
a716c119 1228 return NULL;
80c9abaa
SS		 1229}
1230EXPORT_SYMBOL(xfrm_migrate_state_find);
1231
1232struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1233 struct xfrm_migrate *m)
1234{
1235 struct xfrm_state *xc;
1236 int err;
1237
1238 xc = xfrm_state_clone(x, &err);
1239 if (!xc)
1240 return NULL;
1241
1242 memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1243 memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1244
1245 /* add state */
1246 if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1247 /* a care is needed when the destination address of the
1248 state is to be updated as it is a part of triplet */
1249 xfrm_state_insert(xc);
1250 } else {
1251 if ((err = xfrm_state_add(xc)) < 0)
1252 goto error;
1253 }
1254
1255 return xc;
1256error:
1257 kfree(xc);
1258 return NULL;
1259}
1260EXPORT_SYMBOL(xfrm_state_migrate);
1261#endif
1262
1da177e4
LT		 1263int xfrm_state_update(struct xfrm_state *x)
1264{
37b08e34 1265 struct xfrm_state *x1, *to_put;
1da177e4 1266 int err;
eb2971b6 1267 int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1da177e4 1268
37b08e34
DM		 1269 to_put = NULL;
1270
1da177e4 1271 spin_lock_bh(&xfrm_state_lock);
edcd5821 1272 x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1da177e4
LT		 1273
1274 err = -ESRCH;
1275 if (!x1)
1276 goto out;
1277
1278 if (xfrm_state_kern(x1)) {
37b08e34 1279 to_put = x1;
1da177e4
LT		 1280 err = -EEXIST;
1281 goto out;
1282 }
1283
1284 if (x1->km.state == XFRM_STATE_ACQ) {
1285 __xfrm_state_insert(x);
1286 x = NULL;
1287 }
1288 err = 0;
1289
1290out:
1291 spin_unlock_bh(&xfrm_state_lock);
1da177e4 1292
37b08e34
DM		 1293 if (to_put)
1294 xfrm_state_put(to_put);
1295
1da177e4
LT		 1296 if (err)
1297 return err;
1298
1299 if (!x) {
1300 xfrm_state_delete(x1);
1301 xfrm_state_put(x1);
1302 return 0;
1303 }
1304
1305 err = -EINVAL;
1306 spin_lock_bh(&x1->lock);
1307 if (likely(x1->km.state == XFRM_STATE_VALID)) {
1308 if (x->encap && x1->encap)
1309 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
060f02a3
NT		 1310 if (x->coaddr && x1->coaddr) {
1311 memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1312 }
1313 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1314 memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1da177e4
LT		 1315 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1316 x1->km.dying = 0;
1317
a47f0ce0 1318 mod_timer(&x1->timer, jiffies + HZ);
1da177e4
LT		 1319 if (x1->curlft.use_time)
1320 xfrm_state_check_expire(x1);
1321
1322 err = 0;
1323 }
1324 spin_unlock_bh(&x1->lock);
1325
1326 xfrm_state_put(x1);
1327
1328 return err;
1329}
1330EXPORT_SYMBOL(xfrm_state_update);
1331
1332int xfrm_state_check_expire(struct xfrm_state *x)
1333{
1334 if (!x->curlft.use_time)
9d729f72 1335 x->curlft.use_time = get_seconds();
1da177e4
LT		 1336
1337 if (x->km.state != XFRM_STATE_VALID)
1338 return -EINVAL;
1339
1340 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1341 x->curlft.packets >= x->lft.hard_packet_limit) {
4666faab 1342 x->km.state = XFRM_STATE_EXPIRED;
a47f0ce0 1343 mod_timer(&x->timer, jiffies);
1da177e4
LT		 1344 return -EINVAL;
1345 }
1346
1347 if (!x->km.dying &&
1348 (x->curlft.bytes >= x->lft.soft_byte_limit ||
4666faab
HX		 1349 x->curlft.packets >= x->lft.soft_packet_limit)) {
1350 x->km.dying = 1;
53bc6b4d 1351 km_state_expired(x, 0, 0);
4666faab 1352 }
1da177e4
LT		 1353 return 0;
1354}
1355EXPORT_SYMBOL(xfrm_state_check_expire);
1356
1da177e4 1357struct xfrm_state *
221df1ed 1358xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto,
1da177e4
LT		 1359 unsigned short family)
1360{
1361 struct xfrm_state *x;
1da177e4
LT		 1362
1363 spin_lock_bh(&xfrm_state_lock);
221df1ed 1364 x = __xfrm_state_lookup(net, daddr, spi, proto, family);
1da177e4 1365 spin_unlock_bh(&xfrm_state_lock);
1da177e4
LT		 1366 return x;
1367}
1368EXPORT_SYMBOL(xfrm_state_lookup);
1369
1370struct xfrm_state *
221df1ed
AD		 1371xfrm_state_lookup_byaddr(struct net *net,
1372 xfrm_address_t *daddr, xfrm_address_t *saddr,
eb2971b6
MN		 1373 u8 proto, unsigned short family)
1374{
1375 struct xfrm_state *x;
eb2971b6
MN		 1376
1377 spin_lock_bh(&xfrm_state_lock);
221df1ed 1378 x = __xfrm_state_lookup_byaddr(net, daddr, saddr, proto, family);
eb2971b6 1379 spin_unlock_bh(&xfrm_state_lock);
eb2971b6
MN		 1380 return x;
1381}
1382EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1383
1384struct xfrm_state *
5447c5e4 1385xfrm_find_acq(struct net *net, u8 mode, u32 reqid, u8 proto,
a716c119 1386 xfrm_address_t *daddr, xfrm_address_t *saddr,
1da177e4
LT		 1387 int create, unsigned short family)
1388{
1389 struct xfrm_state *x;
1da177e4
LT		 1390
1391 spin_lock_bh(&xfrm_state_lock);
5447c5e4 1392 x = __find_acq_core(net, family, mode, reqid, proto, daddr, saddr, create);
1da177e4 1393 spin_unlock_bh(&xfrm_state_lock);
2770834c 1394
1da177e4
LT		 1395 return x;
1396}
1397EXPORT_SYMBOL(xfrm_find_acq);
1398
41a49cc3
MN		 1399#ifdef CONFIG_XFRM_SUB_POLICY
1400int
1401xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1402 unsigned short family)
1403{
1404 int err = 0;
1405 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1406 if (!afinfo)
1407 return -EAFNOSUPPORT;
1408
1409 spin_lock_bh(&xfrm_state_lock);
1410 if (afinfo->tmpl_sort)
1411 err = afinfo->tmpl_sort(dst, src, n);
1412 spin_unlock_bh(&xfrm_state_lock);
1413 xfrm_state_put_afinfo(afinfo);
1414 return err;
1415}
1416EXPORT_SYMBOL(xfrm_tmpl_sort);
1417
1418int
1419xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1420 unsigned short family)
1421{
1422 int err = 0;
1423 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1424 if (!afinfo)
1425 return -EAFNOSUPPORT;
1426
1427 spin_lock_bh(&xfrm_state_lock);
1428 if (afinfo->state_sort)
1429 err = afinfo->state_sort(dst, src, n);
1430 spin_unlock_bh(&xfrm_state_lock);
1431 xfrm_state_put_afinfo(afinfo);
1432 return err;
1433}
1434EXPORT_SYMBOL(xfrm_state_sort);
1435#endif
1436
1da177e4
LT		 1437/* Silly enough, but I'm lazy to build resolution list */
1438
5447c5e4 1439static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 seq)
1da177e4
LT		 1440{
1441 int i;
1da177e4 1442
5447c5e4 1443 for (i = 0; i <= net->xfrm.state_hmask; i++) {
8f126e37
DM		 1444 struct hlist_node *entry;
1445 struct xfrm_state *x;
1446
5447c5e4 1447 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
8f126e37
DM		 1448 if (x->km.seq == seq &&
1449 x->km.state == XFRM_STATE_ACQ) {
1da177e4
LT		 1450 xfrm_state_hold(x);
1451 return x;
1452 }
1453 }
1454 }
1455 return NULL;
1456}
1457
5447c5e4 1458struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 seq)
1da177e4
LT		 1459{
1460 struct xfrm_state *x;
1461
1462 spin_lock_bh(&xfrm_state_lock);
5447c5e4 1463 x = __xfrm_find_acq_byseq(net, seq);
1da177e4
LT		 1464 spin_unlock_bh(&xfrm_state_lock);
1465 return x;
1466}
1467EXPORT_SYMBOL(xfrm_find_acq_byseq);
1468
1469u32 xfrm_get_acqseq(void)
1470{
1471 u32 res;
1472 static u32 acqseq;
1473 static DEFINE_SPINLOCK(acqseq_lock);
1474
1475 spin_lock_bh(&acqseq_lock);
1476 res = (++acqseq ? : ++acqseq);
1477 spin_unlock_bh(&acqseq_lock);
1478 return res;
1479}
1480EXPORT_SYMBOL(xfrm_get_acqseq);
1481
658b219e 1482int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1da177e4 1483{
221df1ed 1484 struct net *net = xs_net(x);
f034b5d4 1485 unsigned int h;
1da177e4 1486 struct xfrm_state *x0;
658b219e
HX		 1487 int err = -ENOENT;
1488 __be32 minspi = htonl(low);
1489 __be32 maxspi = htonl(high);
1da177e4 1490
658b219e
HX		 1491 spin_lock_bh(&x->lock);
1492 if (x->km.state == XFRM_STATE_DEAD)
1493 goto unlock;
1494
1495 err = 0;
1da177e4 1496 if (x->id.spi)
658b219e
HX		 1497 goto unlock;
1498
1499 err = -ENOENT;
1da177e4
LT		 1500
1501 if (minspi == maxspi) {
221df1ed 1502 x0 = xfrm_state_lookup(net, &x->id.daddr, minspi, x->id.proto, x->props.family);
1da177e4
LT		 1503 if (x0) {
1504 xfrm_state_put(x0);
658b219e 1505 goto unlock;
1da177e4
LT		 1506 }
1507 x->id.spi = minspi;
1508 } else {
1509 u32 spi = 0;
26977b4e
AV		 1510 for (h=0; h<high-low+1; h++) {
1511 spi = low + net_random()%(high-low+1);
221df1ed 1512 x0 = xfrm_state_lookup(net, &x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1da177e4
LT		 1513 if (x0 == NULL) {
1514 x->id.spi = htonl(spi);
1515 break;
1516 }
1517 xfrm_state_put(x0);
1518 }
1519 }
1520 if (x->id.spi) {
1521 spin_lock_bh(&xfrm_state_lock);
12604d8a
AD		 1522 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1523 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
1da177e4 1524 spin_unlock_bh(&xfrm_state_lock);
658b219e
HX		 1525
1526 err = 0;
1da177e4 1527 }
658b219e
HX		 1528
1529unlock:
1530 spin_unlock_bh(&x->lock);
1531
1532 return err;
1da177e4
LT		 1533}
1534EXPORT_SYMBOL(xfrm_alloc_spi);
1535
284fa7da 1536int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
4c563f76 1537 int (*func)(struct xfrm_state *, int, void*),
1da177e4
LT		 1538 void *data)
1539{
12a169e7
HX		 1540 struct xfrm_state *state;
1541 struct xfrm_state_walk *x;
1da177e4
LT		 1542 int err = 0;
1543
12a169e7 1544 if (walk->seq != 0 && list_empty(&walk->all))
4c563f76
TT		 1545 return 0;
1546
1da177e4 1547 spin_lock_bh(&xfrm_state_lock);
12a169e7 1548 if (list_empty(&walk->all))
284fa7da 1549 x = list_first_entry(&net->xfrm.state_all, struct xfrm_state_walk, all);
12a169e7
HX		 1550 else
1551 x = list_entry(&walk->all, struct xfrm_state_walk, all);
284fa7da 1552 list_for_each_entry_from(x, &net->xfrm.state_all, all) {
12a169e7 1553 if (x->state == XFRM_STATE_DEAD)
4c563f76 1554 continue;
12a169e7
HX		 1555 state = container_of(x, struct xfrm_state, km);
1556 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
4c563f76 1557 continue;
12a169e7
HX		 1558 err = func(state, walk->seq, data);
1559 if (err) {
1560 list_move_tail(&walk->all, &x->all);
1561 goto out;
1da177e4 1562 }
12a169e7 1563 walk->seq++;
1da177e4 1564 }
12a169e7 1565 if (walk->seq == 0) {
1da177e4
LT		 1566 err = -ENOENT;
1567 goto out;
1568 }
12a169e7 1569 list_del_init(&walk->all);
1da177e4
LT		 1570out:
1571 spin_unlock_bh(&xfrm_state_lock);
1572 return err;
1573}
1574EXPORT_SYMBOL(xfrm_state_walk);
1575
5c182458
HX		 1576void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto)
1577{
12a169e7 1578 INIT_LIST_HEAD(&walk->all);
5c182458 1579 walk->proto = proto;
12a169e7
HX		 1580 walk->state = XFRM_STATE_DEAD;
1581 walk->seq = 0;
5c182458
HX		 1582}
1583EXPORT_SYMBOL(xfrm_state_walk_init);
1584
abb81c4f
HX		 1585void xfrm_state_walk_done(struct xfrm_state_walk *walk)
1586{
12a169e7 1587 if (list_empty(&walk->all))
5c182458 1588 return;
5c182458 1589
12a169e7
HX		 1590 spin_lock_bh(&xfrm_state_lock);
1591 list_del(&walk->all);
1592 spin_lock_bh(&xfrm_state_lock);
abb81c4f
HX		 1593}
1594EXPORT_SYMBOL(xfrm_state_walk_done);
1595
f8cd5488
JHS		 1596
1597void xfrm_replay_notify(struct xfrm_state *x, int event)
1598{
1599 struct km_event c;
1600 /* we send notify messages in case
1601 * 1. we updated on of the sequence numbers, and the seqno difference
1602 * is at least x->replay_maxdiff, in this case we also update the
1603 * timeout of our timer function
1604 * 2. if x->replay_maxage has elapsed since last update,
1605 * and there were changes
1606 *
1607 * The state structure must be locked!
1608 */
1609
1610 switch (event) {
1611 case XFRM_REPLAY_UPDATE:
1612 if (x->replay_maxdiff &&
1613 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
2717096a
JHS		 1614 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1615 if (x->xflags & XFRM_TIME_DEFER)
1616 event = XFRM_REPLAY_TIMEOUT;
1617 else
1618 return;
1619 }
f8cd5488
JHS		 1620
1621 break;
1622
1623 case XFRM_REPLAY_TIMEOUT:
1624 if ((x->replay.seq == x->preplay.seq) &&
1625 (x->replay.bitmap == x->preplay.bitmap) &&
2717096a
JHS		 1626 (x->replay.oseq == x->preplay.oseq)) {
1627 x->xflags |= XFRM_TIME_DEFER;
f8cd5488 1628 return;
2717096a 1629 }
f8cd5488
JHS		 1630
1631 break;
1632 }
1633
1634 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1635 c.event = XFRM_MSG_NEWAE;
1636 c.data.aevent = event;
1637 km_state_notify(x, &c);
1638
f8cd5488 1639 if (x->replay_maxage &&
a47f0ce0 1640 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
2717096a 1641 x->xflags &= ~XFRM_TIME_DEFER;
f8cd5488
JHS		 1642}
1643
1644static void xfrm_replay_timer_handler(unsigned long data)
1645{
1646 struct xfrm_state *x = (struct xfrm_state*)data;
1647
1648 spin_lock(&x->lock);
1649
2717096a 1650 if (x->km.state == XFRM_STATE_VALID) {
a6483b79 1651 if (xfrm_aevent_is_on(xs_net(x)))
2717096a
JHS		 1652 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1653 else
1654 x->xflags |= XFRM_TIME_DEFER;
1655 }
f8cd5488
JHS		 1656
1657 spin_unlock(&x->lock);
1658}
1659
afeb14b4
PM		 1660int xfrm_replay_check(struct xfrm_state *x,
1661 struct sk_buff *skb, __be32 net_seq)
1da177e4
LT		 1662{
1663 u32 diff;
a252cc23 1664 u32 seq = ntohl(net_seq);
1da177e4
LT		 1665
1666 if (unlikely(seq == 0))
afeb14b4 1667 goto err;
1da177e4
LT		 1668
1669 if (likely(seq > x->replay.seq))
1670 return 0;
1671
1672 diff = x->replay.seq - seq;
4c4d51a7
HX		 1673 if (diff >= min_t(unsigned int, x->props.replay_window,
1674 sizeof(x->replay.bitmap) * 8)) {
1da177e4 1675 x->stats.replay_window++;
afeb14b4 1676 goto err;
1da177e4
LT		 1677 }
1678
1679 if (x->replay.bitmap & (1U << diff)) {
1680 x->stats.replay++;
afeb14b4 1681 goto err;
1da177e4
LT		 1682 }
1683 return 0;
afeb14b4
PM		 1684
1685err:
1686 xfrm_audit_state_replay(x, skb, net_seq);
1687 return -EINVAL;
1da177e4 1688}
1da177e4 1689
61f4627b 1690void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1da177e4
LT		 1691{
1692 u32 diff;
61f4627b 1693 u32 seq = ntohl(net_seq);
1da177e4
LT		 1694
1695 if (seq > x->replay.seq) {
1696 diff = seq - x->replay.seq;
1697 if (diff < x->props.replay_window)
1698 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1699 else
1700 x->replay.bitmap = 1;
1701 x->replay.seq = seq;
1702 } else {
1703 diff = x->replay.seq - seq;
1704 x->replay.bitmap |= (1U << diff);
1705 }
f8cd5488 1706
a6483b79 1707 if (xfrm_aevent_is_on(xs_net(x)))
f8cd5488 1708 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1da177e4 1709}
1da177e4 1710
df01812e 1711static LIST_HEAD(xfrm_km_list);
1da177e4
LT		 1712static DEFINE_RWLOCK(xfrm_km_lock);
1713
26b15dad 1714void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1da177e4
LT		 1715{
1716 struct xfrm_mgr *km;
1717
26b15dad
JHS		 1718 read_lock(&xfrm_km_lock);
1719 list_for_each_entry(km, &xfrm_km_list, list)
1720 if (km->notify_policy)
1721 km->notify_policy(xp, dir, c);
1722 read_unlock(&xfrm_km_lock);
1723}
1da177e4 1724
26b15dad
JHS		 1725void km_state_notify(struct xfrm_state *x, struct km_event *c)
1726{
1727 struct xfrm_mgr *km;
1da177e4
LT		 1728 read_lock(&xfrm_km_lock);
1729 list_for_each_entry(km, &xfrm_km_list, list)
26b15dad
JHS		 1730 if (km->notify)
1731 km->notify(x, c);
1da177e4 1732 read_unlock(&xfrm_km_lock);
26b15dad
JHS		 1733}
1734
1735EXPORT_SYMBOL(km_policy_notify);
1736EXPORT_SYMBOL(km_state_notify);
1737
53bc6b4d 1738void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
26b15dad 1739{
98806f75 1740 struct net *net = xs_net(x);
26b15dad
JHS		 1741 struct km_event c;
1742
bf08867f 1743 c.data.hard = hard;
53bc6b4d 1744 c.pid = pid;
f60f6b8f 1745 c.event = XFRM_MSG_EXPIRE;
26b15dad 1746 km_state_notify(x, &c);
1da177e4
LT		 1747
1748 if (hard)
98806f75 1749 wake_up(&net->xfrm.km_waitq);
1da177e4
LT		 1750}
1751
53bc6b4d 1752EXPORT_SYMBOL(km_state_expired);
26b15dad
JHS		 1753/*
1754 * We send to all registered managers regardless of failure
1755 * We are happy with one success
1756*/
980ebd25 1757int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1da177e4 1758{
26b15dad 1759 int err = -EINVAL, acqret;
1da177e4
LT		 1760 struct xfrm_mgr *km;
1761
1762 read_lock(&xfrm_km_lock);
1763 list_for_each_entry(km, &xfrm_km_list, list) {
26b15dad
JHS		 1764 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1765 if (!acqret)
1766 err = acqret;
1da177e4
LT		 1767 }
1768 read_unlock(&xfrm_km_lock);
1769 return err;
1770}
980ebd25 1771EXPORT_SYMBOL(km_query);
1da177e4 1772
5d36b180 1773int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1da177e4
LT		 1774{
1775 int err = -EINVAL;
1776 struct xfrm_mgr *km;
1777
1778 read_lock(&xfrm_km_lock);
1779 list_for_each_entry(km, &xfrm_km_list, list) {
1780 if (km->new_mapping)
1781 err = km->new_mapping(x, ipaddr, sport);
1782 if (!err)
1783 break;
1784 }
1785 read_unlock(&xfrm_km_lock);
1786 return err;
1787}
1788EXPORT_SYMBOL(km_new_mapping);
1789
6c5c8ca7 1790void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1da177e4 1791{
98806f75 1792 struct net *net = xp_net(pol);
26b15dad 1793 struct km_event c;
1da177e4 1794
bf08867f 1795 c.data.hard = hard;
6c5c8ca7 1796 c.pid = pid;
f60f6b8f 1797 c.event = XFRM_MSG_POLEXPIRE;
26b15dad 1798 km_policy_notify(pol, dir, &c);
1da177e4
LT		 1799
1800 if (hard)
98806f75 1801 wake_up(&net->xfrm.km_waitq);
1da177e4 1802}
a70fcb0b 1803EXPORT_SYMBOL(km_policy_expired);
1da177e4 1804
2d60abc2 1805#ifdef CONFIG_XFRM_MIGRATE
80c9abaa 1806int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
13c1d189
AE		 1807 struct xfrm_migrate *m, int num_migrate,
1808 struct xfrm_kmaddress *k)
80c9abaa
SS		 1809{
1810 int err = -EINVAL;
1811 int ret;
1812 struct xfrm_mgr *km;
1813
1814 read_lock(&xfrm_km_lock);
1815 list_for_each_entry(km, &xfrm_km_list, list) {
1816 if (km->migrate) {
13c1d189 1817 ret = km->migrate(sel, dir, type, m, num_migrate, k);
80c9abaa
SS		 1818 if (!ret)
1819 err = ret;
1820 }
1821 }
1822 read_unlock(&xfrm_km_lock);
1823 return err;
1824}
1825EXPORT_SYMBOL(km_migrate);
2d60abc2 1826#endif
80c9abaa 1827
db983c11 1828int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
97a64b45
MN		 1829{
1830 int err = -EINVAL;
1831 int ret;
1832 struct xfrm_mgr *km;
1833
1834 read_lock(&xfrm_km_lock);
1835 list_for_each_entry(km, &xfrm_km_list, list) {
1836 if (km->report) {
db983c11 1837 ret = km->report(net, proto, sel, addr);
97a64b45
MN		 1838 if (!ret)
1839 err = ret;
1840 }
1841 }
1842 read_unlock(&xfrm_km_lock);
1843 return err;
1844}
1845EXPORT_SYMBOL(km_report);
1846
1da177e4
LT		 1847int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1848{
1849 int err;
1850 u8 *data;
1851 struct xfrm_mgr *km;
1852 struct xfrm_policy *pol = NULL;
1853
1854 if (optlen <= 0 || optlen > PAGE_SIZE)
1855 return -EMSGSIZE;
1856
1857 data = kmalloc(optlen, GFP_KERNEL);
1858 if (!data)
1859 return -ENOMEM;
1860
1861 err = -EFAULT;
1862 if (copy_from_user(data, optval, optlen))
1863 goto out;
1864
1865 err = -EINVAL;
1866 read_lock(&xfrm_km_lock);
1867 list_for_each_entry(km, &xfrm_km_list, list) {
cb969f07 1868 pol = km->compile_policy(sk, optname, data,
1da177e4
LT		 1869 optlen, &err);
1870 if (err >= 0)
1871 break;
1872 }
1873 read_unlock(&xfrm_km_lock);
1874
1875 if (err >= 0) {
1876 xfrm_sk_policy_insert(sk, err, pol);
1877 xfrm_pol_put(pol);
1878 err = 0;
1879 }
1880
1881out:
1882 kfree(data);
1883 return err;
1884}
1885EXPORT_SYMBOL(xfrm_user_policy);
1886
1887int xfrm_register_km(struct xfrm_mgr *km)
1888{
1889 write_lock_bh(&xfrm_km_lock);
1890 list_add_tail(&km->list, &xfrm_km_list);
1891 write_unlock_bh(&xfrm_km_lock);
1892 return 0;
1893}
1894EXPORT_SYMBOL(xfrm_register_km);
1895
1896int xfrm_unregister_km(struct xfrm_mgr *km)
1897{
1898 write_lock_bh(&xfrm_km_lock);
1899 list_del(&km->list);
1900 write_unlock_bh(&xfrm_km_lock);
1901 return 0;
1902}
1903EXPORT_SYMBOL(xfrm_unregister_km);
1904
1905int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1906{
1907 int err = 0;
1908 if (unlikely(afinfo == NULL))
1909 return -EINVAL;
1910 if (unlikely(afinfo->family >= NPROTO))
1911 return -EAFNOSUPPORT;
f3111502 1912 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1913 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1914 err = -ENOBUFS;
edcd5821 1915 else
1da177e4 1916 xfrm_state_afinfo[afinfo->family] = afinfo;
f3111502 1917 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1918 return err;
1919}
1920EXPORT_SYMBOL(xfrm_state_register_afinfo);
1921
1922int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1923{
1924 int err = 0;
1925 if (unlikely(afinfo == NULL))
1926 return -EINVAL;
1927 if (unlikely(afinfo->family >= NPROTO))
1928 return -EAFNOSUPPORT;
f3111502 1929 write_lock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1930 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1931 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1932 err = -EINVAL;
edcd5821 1933 else
1da177e4 1934 xfrm_state_afinfo[afinfo->family] = NULL;
1da177e4 1935 }
f3111502 1936 write_unlock_bh(&xfrm_state_afinfo_lock);
1da177e4
LT		 1937 return err;
1938}
1939EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1940
17c2a42a 1941static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1da177e4
LT		 1942{
1943 struct xfrm_state_afinfo *afinfo;
1944 if (unlikely(family >= NPROTO))
1945 return NULL;
1946 read_lock(&xfrm_state_afinfo_lock);
1947 afinfo = xfrm_state_afinfo[family];
546be240
HX		 1948 if (unlikely(!afinfo))
1949 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1950 return afinfo;
1951}
1952
17c2a42a 1953static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
9a429c49 1954 __releases(xfrm_state_afinfo_lock)
1da177e4 1955{
546be240 1956 read_unlock(&xfrm_state_afinfo_lock);
1da177e4
LT		 1957}
1958
1959/* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1960void xfrm_state_delete_tunnel(struct xfrm_state *x)
1961{
1962 if (x->tunnel) {
1963 struct xfrm_state *t = x->tunnel;
1964
1965 if (atomic_read(&t->tunnel_users) == 2)
1966 xfrm_state_delete(t);
1967 atomic_dec(&t->tunnel_users);
1968 xfrm_state_put(t);
1969 x->tunnel = NULL;
1970 }
1971}
1972EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1973
1974int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1975{
c5c25238 1976 int res;
1da177e4 1977
c5c25238
PM		 1978 spin_lock_bh(&x->lock);
1979 if (x->km.state == XFRM_STATE_VALID &&
1980 x->type && x->type->get_mtu)
1981 res = x->type->get_mtu(x, mtu);
1982 else
28121617 1983 res = mtu - x->props.header_len;
c5c25238 1984 spin_unlock_bh(&x->lock);
1da177e4
LT		 1985 return res;
1986}
1987
72cb6962
HX		 1988int xfrm_init_state(struct xfrm_state *x)
1989{
d094cd83 1990 struct xfrm_state_afinfo *afinfo;
df9dcb45 1991 struct xfrm_mode *inner_mode;
d094cd83 1992 int family = x->props.family;
72cb6962
HX		 1993 int err;
1994
d094cd83
HX		 1995 err = -EAFNOSUPPORT;
1996 afinfo = xfrm_state_get_afinfo(family);
1997 if (!afinfo)
1998 goto error;
1999
2000 err = 0;
2001 if (afinfo->init_flags)
2002 err = afinfo->init_flags(x);
2003
2004 xfrm_state_put_afinfo(afinfo);
2005
2006 if (err)
2007 goto error;
2008
2009 err = -EPROTONOSUPPORT;
13996378 2010
df9dcb45
KM		 2011 if (x->sel.family != AF_UNSPEC) {
2012 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2013 if (inner_mode == NULL)
2014 goto error;
2015
2016 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2017 family != x->sel.family) {
2018 xfrm_put_mode(inner_mode);
2019 goto error;
2020 }
2021
2022 x->inner_mode = inner_mode;
2023 } else {
2024 struct xfrm_mode *inner_mode_iaf;
d81d2285 2025 int iafamily = AF_INET;
df9dcb45 2026
d81d2285 2027 inner_mode = xfrm_get_mode(x->props.mode, x->props.family);
df9dcb45
KM		 2028 if (inner_mode == NULL)
2029 goto error;
2030
2031 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2032 xfrm_put_mode(inner_mode);
2033 goto error;
2034 }
d81d2285 2035 x->inner_mode = inner_mode;
df9dcb45 2036
d81d2285
MW		 2037 if (x->props.family == AF_INET)
2038 iafamily = AF_INET6;
df9dcb45 2039
d81d2285
MW		 2040 inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily);
2041 if (inner_mode_iaf) {
2042 if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)
2043 x->inner_mode_iaf = inner_mode_iaf;
2044 else
2045 xfrm_put_mode(inner_mode_iaf);
df9dcb45
KM		 2046 }
2047 }
13996378 2048
d094cd83 2049 x->type = xfrm_get_type(x->id.proto, family);
72cb6962
HX		 2050 if (x->type == NULL)
2051 goto error;
2052
2053 err = x->type->init_state(x);
2054 if (err)
2055 goto error;
2056
13996378
HX		 2057 x->outer_mode = xfrm_get_mode(x->props.mode, family);
2058 if (x->outer_mode == NULL)
b59f45d0
HX		 2059 goto error;
2060
72cb6962
HX		 2061 x->km.state = XFRM_STATE_VALID;
2062
2063error:
2064 return err;
2065}
2066
2067EXPORT_SYMBOL(xfrm_init_state);
a716c119 2068
d62ddc21 2069int __net_init xfrm_state_init(struct net *net)
1da177e4 2070{
f034b5d4
DM		 2071 unsigned int sz;
2072
9d4139c7
AD		 2073 INIT_LIST_HEAD(&net->xfrm.state_all);
2074
f034b5d4
DM		 2075 sz = sizeof(struct hlist_head) * 8;
2076
73d189dc
AD		 2077 net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2078 if (!net->xfrm.state_bydst)
2079 goto out_bydst;
d320bbb3
AD		 2080 net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2081 if (!net->xfrm.state_bysrc)
2082 goto out_bysrc;
b754a4fd
AD		 2083 net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2084 if (!net->xfrm.state_byspi)
2085 goto out_byspi;
529983ec 2086 net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1da177e4 2087
0bf7c5b0 2088 net->xfrm.state_num = 0;
63082733 2089 INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
b8a0ae20 2090 INIT_HLIST_HEAD(&net->xfrm.state_gc_list);
c7837144 2091 INIT_WORK(&net->xfrm.state_gc_work, xfrm_state_gc_task);
50a30657 2092 init_waitqueue_head(&net->xfrm.km_waitq);
d62ddc21 2093 return 0;
73d189dc 2094
b754a4fd
AD		 2095out_byspi:
2096 xfrm_hash_free(net->xfrm.state_bysrc, sz);
d320bbb3
AD		 2097out_bysrc:
2098 xfrm_hash_free(net->xfrm.state_bydst, sz);
73d189dc
AD		 2099out_bydst:
2100 return -ENOMEM;
d62ddc21
AD		 2101}
2102
2103void xfrm_state_fini(struct net *net)
2104{
7c2776ee 2105 struct xfrm_audit audit_info;
73d189dc
AD		 2106 unsigned int sz;
2107
7c2776ee
AD		 2108 flush_work(&net->xfrm.state_hash_work);
2109 audit_info.loginuid = -1;
2110 audit_info.sessionid = -1;
2111 audit_info.secid = 0;
2112 xfrm_state_flush(net, IPSEC_PROTO_ANY, &audit_info);
2113 flush_work(&net->xfrm.state_gc_work);
2114
9d4139c7 2115 WARN_ON(!list_empty(&net->xfrm.state_all));
73d189dc 2116
529983ec 2117 sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
b754a4fd
AD		 2118 WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2119 xfrm_hash_free(net->xfrm.state_byspi, sz);
d320bbb3
AD		 2120 WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2121 xfrm_hash_free(net->xfrm.state_bysrc, sz);
73d189dc
AD		 2122 WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2123 xfrm_hash_free(net->xfrm.state_bydst, sz);
1da177e4
LT		 2124}
2125
ab5f5e8b 2126#ifdef CONFIG_AUDITSYSCALL
cf35f43e
IJ		 2127static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2128 struct audit_buffer *audit_buf)
ab5f5e8b 2129{
68277acc
PM		 2130 struct xfrm_sec_ctx *ctx = x->security;
2131 u32 spi = ntohl(x->id.spi);
2132
2133 if (ctx)
ab5f5e8b 2134 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
68277acc 2135 ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
ab5f5e8b
JL		 2136
2137 switch(x->props.family) {
2138 case AF_INET:
21454aaa
HH		 2139 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2140 &x->props.saddr.a4, &x->id.daddr.a4);
ab5f5e8b
JL		 2141 break;
2142 case AF_INET6:
5b095d98 2143 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
fdb46ee7 2144 x->props.saddr.a6, x->id.daddr.a6);
ab5f5e8b
JL		 2145 break;
2146 }
68277acc
PM		 2147
2148 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
ab5f5e8b
JL		 2149}
2150
cf35f43e
IJ		 2151static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2152 struct audit_buffer *audit_buf)
afeb14b4
PM		 2153{
2154 struct iphdr *iph4;
2155 struct ipv6hdr *iph6;
2156
2157 switch (family) {
2158 case AF_INET:
2159 iph4 = ip_hdr(skb);
21454aaa
HH		 2160 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2161 &iph4->saddr, &iph4->daddr);
afeb14b4
PM		 2162 break;
2163 case AF_INET6:
2164 iph6 = ipv6_hdr(skb);
2165 audit_log_format(audit_buf,
5b095d98 2166 " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
fdb46ee7 2167 &iph6->saddr,&iph6->daddr,
afeb14b4
PM		 2168 iph6->flow_lbl[0] & 0x0f,
2169 iph6->flow_lbl[1],
2170 iph6->flow_lbl[2]);
2171 break;
2172 }
2173}
2174
68277acc 2175void xfrm_audit_state_add(struct xfrm_state *x, int result,
2532386f 2176 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2177{
2178 struct audit_buffer *audit_buf;
ab5f5e8b 2179
afeb14b4 2180 audit_buf = xfrm_audit_start("SAD-add");
ab5f5e8b
JL		 2181 if (audit_buf == NULL)
2182 return;
2532386f 2183 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2184 xfrm_audit_helper_sainfo(x, audit_buf);
2185 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2186 audit_log_end(audit_buf);
2187}
2188EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2189
68277acc 2190void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2532386f 2191 uid_t auid, u32 sessionid, u32 secid)
ab5f5e8b
JL		 2192{
2193 struct audit_buffer *audit_buf;
ab5f5e8b 2194
afeb14b4 2195 audit_buf = xfrm_audit_start("SAD-delete");
ab5f5e8b
JL		 2196 if (audit_buf == NULL)
2197 return;
2532386f 2198 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
afeb14b4
PM		 2199 xfrm_audit_helper_sainfo(x, audit_buf);
2200 audit_log_format(audit_buf, " res=%u", result);
ab5f5e8b
JL		 2201 audit_log_end(audit_buf);
2202}
2203EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
afeb14b4
PM		 2204
2205void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2206 struct sk_buff *skb)
2207{
2208 struct audit_buffer *audit_buf;
2209 u32 spi;
2210
2211 audit_buf = xfrm_audit_start("SA-replay-overflow");
2212 if (audit_buf == NULL)
2213 return;
2214 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2215 /* don't record the sequence number because it's inherent in this kind
2216 * of audit message */
2217 spi = ntohl(x->id.spi);
2218 audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2219 audit_log_end(audit_buf);
2220}
2221EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2222
2223static void xfrm_audit_state_replay(struct xfrm_state *x,
2224 struct sk_buff *skb, __be32 net_seq)
2225{
2226 struct audit_buffer *audit_buf;
2227 u32 spi;
2228
2229 audit_buf = xfrm_audit_start("SA-replayed-pkt");
2230 if (audit_buf == NULL)
2231 return;
2232 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2233 spi = ntohl(x->id.spi);
2234 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2235 spi, spi, ntohl(net_seq));
2236 audit_log_end(audit_buf);
2237}
2238
2239void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2240{
2241 struct audit_buffer *audit_buf;
2242
2243 audit_buf = xfrm_audit_start("SA-notfound");
2244 if (audit_buf == NULL)
2245 return;
2246 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2247 audit_log_end(audit_buf);
2248}
2249EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2250
2251void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2252 __be32 net_spi, __be32 net_seq)
2253{
2254 struct audit_buffer *audit_buf;
2255 u32 spi;
2256
2257 audit_buf = xfrm_audit_start("SA-notfound");
2258 if (audit_buf == NULL)
2259 return;
2260 xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2261 spi = ntohl(net_spi);
2262 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2263 spi, spi, ntohl(net_seq));
2264 audit_log_end(audit_buf);
2265}
2266EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2267
2268void xfrm_audit_state_icvfail(struct xfrm_state *x,
2269 struct sk_buff *skb, u8 proto)
2270{
2271 struct audit_buffer *audit_buf;
2272 __be32 net_spi;
2273 __be32 net_seq;
2274
2275 audit_buf = xfrm_audit_start("SA-icv-failure");
2276 if (audit_buf == NULL)
2277 return;
2278 xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2279 if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2280 u32 spi = ntohl(net_spi);
2281 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2282 spi, spi, ntohl(net_seq));
2283 }
2284 audit_log_end(audit_buf);
2285}
2286EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
ab5f5e8b 2287#endif /* CONFIG_AUDITSYSCALL */
Linux 6.x block layer and io_uring tree(s)