xfrm_state.c 85 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * xfrm_state.c
  4. *
  5. * Changes:
  6. * Mitsuru KANDA @USAGI
  7. * Kazunori MIYAZAWA @USAGI
  8. * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
  9. * IPv6 support
  10. * YOSHIFUJI Hideaki @USAGI
  11. * Split up af-specific functions
  12. * Derek Atkins <derek@ihtfp.com>
  13. * Add UDP Encapsulation
  14. *
  15. */
  16. #include <linux/compat.h>
  17. #include <linux/workqueue.h>
  18. #include <net/xfrm.h>
  19. #include <linux/pfkeyv2.h>
  20. #include <linux/ipsec.h>
  21. #include <linux/module.h>
  22. #include <linux/cache.h>
  23. #include <linux/audit.h>
  24. #include <linux/uaccess.h>
  25. #include <linux/ktime.h>
  26. #include <linux/slab.h>
  27. #include <linux/interrupt.h>
  28. #include <linux/kernel.h>
  29. #include <crypto/aead.h>
  30. #include "xfrm_hash.h"
  31. #define xfrm_state_deref_prot(table, net) \
  32. rcu_dereference_protected((table), lockdep_is_held(&(net)->xfrm.xfrm_state_lock))
  33. #define xfrm_state_deref_check(table, net) \
  34. rcu_dereference_check((table), lockdep_is_held(&(net)->xfrm.xfrm_state_lock))
  35. static void xfrm_state_gc_task(struct work_struct *work);
  36. /* Each xfrm_state may be linked to two tables:
  37. 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
  38. 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
  39. destination/tunnel endpoint. (output)
  40. */
  41. static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
  42. static struct kmem_cache *xfrm_state_cache __ro_after_init;
  43. static DECLARE_WORK(xfrm_state_gc_work, xfrm_state_gc_task);
  44. static HLIST_HEAD(xfrm_state_gc_list);
  45. static HLIST_HEAD(xfrm_state_dev_gc_list);
  46. static inline bool xfrm_state_hold_rcu(struct xfrm_state *x)
  47. {
  48. return refcount_inc_not_zero(&x->refcnt);
  49. }
  50. static inline unsigned int xfrm_dst_hash(struct net *net,
  51. const xfrm_address_t *daddr,
  52. const xfrm_address_t *saddr,
  53. u32 reqid,
  54. unsigned short family)
  55. {
  56. lockdep_assert_held(&net->xfrm.xfrm_state_lock);
  57. return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask);
  58. }
  59. static inline unsigned int xfrm_src_hash(struct net *net,
  60. const xfrm_address_t *daddr,
  61. const xfrm_address_t *saddr,
  62. unsigned short family)
  63. {
  64. lockdep_assert_held(&net->xfrm.xfrm_state_lock);
  65. return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
  66. }
  67. static inline unsigned int
  68. xfrm_spi_hash(struct net *net, const xfrm_address_t *daddr,
  69. __be32 spi, u8 proto, unsigned short family)
  70. {
  71. lockdep_assert_held(&net->xfrm.xfrm_state_lock);
  72. return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
  73. }
  74. static unsigned int xfrm_seq_hash(struct net *net, u32 seq)
  75. {
  76. lockdep_assert_held(&net->xfrm.xfrm_state_lock);
  77. return __xfrm_seq_hash(seq, net->xfrm.state_hmask);
  78. }
  79. #define XFRM_STATE_INSERT(by, _n, _h, _type) \
  80. { \
  81. struct xfrm_state *_x = NULL; \
  82. \
  83. if (_type != XFRM_DEV_OFFLOAD_PACKET) { \
  84. hlist_for_each_entry_rcu(_x, _h, by) { \
  85. if (_x->xso.type == XFRM_DEV_OFFLOAD_PACKET) \
  86. continue; \
  87. break; \
  88. } \
  89. } \
  90. \
  91. if (!_x || _x->xso.type == XFRM_DEV_OFFLOAD_PACKET) \
  92. /* SAD is empty or consist from HW SAs only */ \
  93. hlist_add_head_rcu(_n, _h); \
  94. else \
  95. hlist_add_before_rcu(_n, &_x->by); \
  96. }
  97. static void xfrm_hash_transfer(struct hlist_head *list,
  98. struct hlist_head *ndsttable,
  99. struct hlist_head *nsrctable,
  100. struct hlist_head *nspitable,
  101. struct hlist_head *nseqtable,
  102. unsigned int nhashmask)
  103. {
  104. struct hlist_node *tmp;
  105. struct xfrm_state *x;
  106. hlist_for_each_entry_safe(x, tmp, list, bydst) {
  107. unsigned int h;
  108. h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
  109. x->props.reqid, x->props.family,
  110. nhashmask);
  111. XFRM_STATE_INSERT(bydst, &x->bydst, ndsttable + h, x->xso.type);
  112. h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
  113. x->props.family,
  114. nhashmask);
  115. XFRM_STATE_INSERT(bysrc, &x->bysrc, nsrctable + h, x->xso.type);
  116. if (x->id.spi) {
  117. h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
  118. x->id.proto, x->props.family,
  119. nhashmask);
  120. XFRM_STATE_INSERT(byspi, &x->byspi, nspitable + h,
  121. x->xso.type);
  122. }
  123. if (x->km.seq) {
  124. h = __xfrm_seq_hash(x->km.seq, nhashmask);
  125. XFRM_STATE_INSERT(byseq, &x->byseq, nseqtable + h,
  126. x->xso.type);
  127. }
  128. }
  129. }
  130. static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
  131. {
  132. return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
  133. }
  134. static void xfrm_hash_resize(struct work_struct *work)
  135. {
  136. struct net *net = container_of(work, struct net, xfrm.state_hash_work);
  137. struct hlist_head *ndst, *nsrc, *nspi, *nseq, *odst, *osrc, *ospi, *oseq;
  138. unsigned long nsize, osize;
  139. unsigned int nhashmask, ohashmask;
  140. int i;
  141. nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
  142. ndst = xfrm_hash_alloc(nsize);
  143. if (!ndst)
  144. return;
  145. nsrc = xfrm_hash_alloc(nsize);
  146. if (!nsrc) {
  147. xfrm_hash_free(ndst, nsize);
  148. return;
  149. }
  150. nspi = xfrm_hash_alloc(nsize);
  151. if (!nspi) {
  152. xfrm_hash_free(ndst, nsize);
  153. xfrm_hash_free(nsrc, nsize);
  154. return;
  155. }
  156. nseq = xfrm_hash_alloc(nsize);
  157. if (!nseq) {
  158. xfrm_hash_free(ndst, nsize);
  159. xfrm_hash_free(nsrc, nsize);
  160. xfrm_hash_free(nspi, nsize);
  161. return;
  162. }
  163. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  164. write_seqcount_begin(&net->xfrm.xfrm_state_hash_generation);
  165. nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
  166. odst = xfrm_state_deref_prot(net->xfrm.state_bydst, net);
  167. for (i = net->xfrm.state_hmask; i >= 0; i--)
  168. xfrm_hash_transfer(odst + i, ndst, nsrc, nspi, nseq, nhashmask);
  169. osrc = xfrm_state_deref_prot(net->xfrm.state_bysrc, net);
  170. ospi = xfrm_state_deref_prot(net->xfrm.state_byspi, net);
  171. oseq = xfrm_state_deref_prot(net->xfrm.state_byseq, net);
  172. ohashmask = net->xfrm.state_hmask;
  173. rcu_assign_pointer(net->xfrm.state_bydst, ndst);
  174. rcu_assign_pointer(net->xfrm.state_bysrc, nsrc);
  175. rcu_assign_pointer(net->xfrm.state_byspi, nspi);
  176. rcu_assign_pointer(net->xfrm.state_byseq, nseq);
  177. net->xfrm.state_hmask = nhashmask;
  178. write_seqcount_end(&net->xfrm.xfrm_state_hash_generation);
  179. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  180. osize = (ohashmask + 1) * sizeof(struct hlist_head);
  181. synchronize_rcu();
  182. xfrm_hash_free(odst, osize);
  183. xfrm_hash_free(osrc, osize);
  184. xfrm_hash_free(ospi, osize);
  185. xfrm_hash_free(oseq, osize);
  186. }
  187. static DEFINE_SPINLOCK(xfrm_state_afinfo_lock);
  188. static struct xfrm_state_afinfo __rcu *xfrm_state_afinfo[NPROTO];
  189. static DEFINE_SPINLOCK(xfrm_state_gc_lock);
  190. static DEFINE_SPINLOCK(xfrm_state_dev_gc_lock);
  191. int __xfrm_state_delete(struct xfrm_state *x);
  192. int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
  193. static bool km_is_alive(const struct km_event *c);
  194. void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
  195. int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
  196. {
  197. struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
  198. int err = 0;
  199. if (!afinfo)
  200. return -EAFNOSUPPORT;
  201. #define X(afi, T, name) do { \
  202. WARN_ON((afi)->type_ ## name); \
  203. (afi)->type_ ## name = (T); \
  204. } while (0)
  205. switch (type->proto) {
  206. case IPPROTO_COMP:
  207. X(afinfo, type, comp);
  208. break;
  209. case IPPROTO_AH:
  210. X(afinfo, type, ah);
  211. break;
  212. case IPPROTO_ESP:
  213. X(afinfo, type, esp);
  214. break;
  215. case IPPROTO_IPIP:
  216. X(afinfo, type, ipip);
  217. break;
  218. case IPPROTO_DSTOPTS:
  219. X(afinfo, type, dstopts);
  220. break;
  221. case IPPROTO_ROUTING:
  222. X(afinfo, type, routing);
  223. break;
  224. case IPPROTO_IPV6:
  225. X(afinfo, type, ipip6);
  226. break;
  227. default:
  228. WARN_ON(1);
  229. err = -EPROTONOSUPPORT;
  230. break;
  231. }
  232. #undef X
  233. rcu_read_unlock();
  234. return err;
  235. }
  236. EXPORT_SYMBOL(xfrm_register_type);
  237. void xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
  238. {
  239. struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
  240. if (unlikely(afinfo == NULL))
  241. return;
  242. #define X(afi, T, name) do { \
  243. WARN_ON((afi)->type_ ## name != (T)); \
  244. (afi)->type_ ## name = NULL; \
  245. } while (0)
  246. switch (type->proto) {
  247. case IPPROTO_COMP:
  248. X(afinfo, type, comp);
  249. break;
  250. case IPPROTO_AH:
  251. X(afinfo, type, ah);
  252. break;
  253. case IPPROTO_ESP:
  254. X(afinfo, type, esp);
  255. break;
  256. case IPPROTO_IPIP:
  257. X(afinfo, type, ipip);
  258. break;
  259. case IPPROTO_DSTOPTS:
  260. X(afinfo, type, dstopts);
  261. break;
  262. case IPPROTO_ROUTING:
  263. X(afinfo, type, routing);
  264. break;
  265. case IPPROTO_IPV6:
  266. X(afinfo, type, ipip6);
  267. break;
  268. default:
  269. WARN_ON(1);
  270. break;
  271. }
  272. #undef X
  273. rcu_read_unlock();
  274. }
  275. EXPORT_SYMBOL(xfrm_unregister_type);
  276. static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
  277. {
  278. const struct xfrm_type *type = NULL;
  279. struct xfrm_state_afinfo *afinfo;
  280. int modload_attempted = 0;
  281. retry:
  282. afinfo = xfrm_state_get_afinfo(family);
  283. if (unlikely(afinfo == NULL))
  284. return NULL;
  285. switch (proto) {
  286. case IPPROTO_COMP:
  287. type = afinfo->type_comp;
  288. break;
  289. case IPPROTO_AH:
  290. type = afinfo->type_ah;
  291. break;
  292. case IPPROTO_ESP:
  293. type = afinfo->type_esp;
  294. break;
  295. case IPPROTO_IPIP:
  296. type = afinfo->type_ipip;
  297. break;
  298. case IPPROTO_DSTOPTS:
  299. type = afinfo->type_dstopts;
  300. break;
  301. case IPPROTO_ROUTING:
  302. type = afinfo->type_routing;
  303. break;
  304. case IPPROTO_IPV6:
  305. type = afinfo->type_ipip6;
  306. break;
  307. default:
  308. break;
  309. }
  310. if (unlikely(type && !try_module_get(type->owner)))
  311. type = NULL;
  312. rcu_read_unlock();
  313. if (!type && !modload_attempted) {
  314. request_module("xfrm-type-%d-%d", family, proto);
  315. modload_attempted = 1;
  316. goto retry;
  317. }
  318. return type;
  319. }
  320. static void xfrm_put_type(const struct xfrm_type *type)
  321. {
  322. module_put(type->owner);
  323. }
  324. int xfrm_register_type_offload(const struct xfrm_type_offload *type,
  325. unsigned short family)
  326. {
  327. struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
  328. int err = 0;
  329. if (unlikely(afinfo == NULL))
  330. return -EAFNOSUPPORT;
  331. switch (type->proto) {
  332. case IPPROTO_ESP:
  333. WARN_ON(afinfo->type_offload_esp);
  334. afinfo->type_offload_esp = type;
  335. break;
  336. default:
  337. WARN_ON(1);
  338. err = -EPROTONOSUPPORT;
  339. break;
  340. }
  341. rcu_read_unlock();
  342. return err;
  343. }
  344. EXPORT_SYMBOL(xfrm_register_type_offload);
  345. void xfrm_unregister_type_offload(const struct xfrm_type_offload *type,
  346. unsigned short family)
  347. {
  348. struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
  349. if (unlikely(afinfo == NULL))
  350. return;
  351. switch (type->proto) {
  352. case IPPROTO_ESP:
  353. WARN_ON(afinfo->type_offload_esp != type);
  354. afinfo->type_offload_esp = NULL;
  355. break;
  356. default:
  357. WARN_ON(1);
  358. break;
  359. }
  360. rcu_read_unlock();
  361. }
  362. EXPORT_SYMBOL(xfrm_unregister_type_offload);
  363. void xfrm_set_type_offload(struct xfrm_state *x, bool try_load)
  364. {
  365. const struct xfrm_type_offload *type = NULL;
  366. struct xfrm_state_afinfo *afinfo;
  367. retry:
  368. afinfo = xfrm_state_get_afinfo(x->props.family);
  369. if (unlikely(afinfo == NULL))
  370. goto out;
  371. switch (x->id.proto) {
  372. case IPPROTO_ESP:
  373. type = afinfo->type_offload_esp;
  374. break;
  375. default:
  376. break;
  377. }
  378. if ((type && !try_module_get(type->owner)))
  379. type = NULL;
  380. rcu_read_unlock();
  381. if (!type && try_load) {
  382. request_module("xfrm-offload-%d-%d", x->props.family,
  383. x->id.proto);
  384. try_load = false;
  385. goto retry;
  386. }
  387. out:
  388. x->type_offload = type;
  389. }
  390. EXPORT_SYMBOL(xfrm_set_type_offload);
  391. static const struct xfrm_mode xfrm4_mode_map[XFRM_MODE_MAX] = {
  392. [XFRM_MODE_BEET] = {
  393. .encap = XFRM_MODE_BEET,
  394. .flags = XFRM_MODE_FLAG_TUNNEL,
  395. .family = AF_INET,
  396. },
  397. [XFRM_MODE_TRANSPORT] = {
  398. .encap = XFRM_MODE_TRANSPORT,
  399. .family = AF_INET,
  400. },
  401. [XFRM_MODE_TUNNEL] = {
  402. .encap = XFRM_MODE_TUNNEL,
  403. .flags = XFRM_MODE_FLAG_TUNNEL,
  404. .family = AF_INET,
  405. },
  406. [XFRM_MODE_IPTFS] = {
  407. .encap = XFRM_MODE_IPTFS,
  408. .flags = XFRM_MODE_FLAG_TUNNEL,
  409. .family = AF_INET,
  410. },
  411. };
  412. static const struct xfrm_mode xfrm6_mode_map[XFRM_MODE_MAX] = {
  413. [XFRM_MODE_BEET] = {
  414. .encap = XFRM_MODE_BEET,
  415. .flags = XFRM_MODE_FLAG_TUNNEL,
  416. .family = AF_INET6,
  417. },
  418. [XFRM_MODE_ROUTEOPTIMIZATION] = {
  419. .encap = XFRM_MODE_ROUTEOPTIMIZATION,
  420. .family = AF_INET6,
  421. },
  422. [XFRM_MODE_TRANSPORT] = {
  423. .encap = XFRM_MODE_TRANSPORT,
  424. .family = AF_INET6,
  425. },
  426. [XFRM_MODE_TUNNEL] = {
  427. .encap = XFRM_MODE_TUNNEL,
  428. .flags = XFRM_MODE_FLAG_TUNNEL,
  429. .family = AF_INET6,
  430. },
  431. [XFRM_MODE_IPTFS] = {
  432. .encap = XFRM_MODE_IPTFS,
  433. .flags = XFRM_MODE_FLAG_TUNNEL,
  434. .family = AF_INET6,
  435. },
  436. };
  437. static const struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
  438. {
  439. const struct xfrm_mode *mode;
  440. if (unlikely(encap >= XFRM_MODE_MAX))
  441. return NULL;
  442. switch (family) {
  443. case AF_INET:
  444. mode = &xfrm4_mode_map[encap];
  445. if (mode->family == family)
  446. return mode;
  447. break;
  448. case AF_INET6:
  449. mode = &xfrm6_mode_map[encap];
  450. if (mode->family == family)
  451. return mode;
  452. break;
  453. default:
  454. break;
  455. }
  456. return NULL;
  457. }
  458. static const struct xfrm_mode_cbs __rcu *xfrm_mode_cbs_map[XFRM_MODE_MAX];
  459. static DEFINE_SPINLOCK(xfrm_mode_cbs_map_lock);
  460. int xfrm_register_mode_cbs(u8 mode, const struct xfrm_mode_cbs *mode_cbs)
  461. {
  462. if (mode >= XFRM_MODE_MAX)
  463. return -EINVAL;
  464. spin_lock_bh(&xfrm_mode_cbs_map_lock);
  465. rcu_assign_pointer(xfrm_mode_cbs_map[mode], mode_cbs);
  466. spin_unlock_bh(&xfrm_mode_cbs_map_lock);
  467. return 0;
  468. }
  469. EXPORT_SYMBOL(xfrm_register_mode_cbs);
  470. void xfrm_unregister_mode_cbs(u8 mode)
  471. {
  472. if (mode >= XFRM_MODE_MAX)
  473. return;
  474. spin_lock_bh(&xfrm_mode_cbs_map_lock);
  475. RCU_INIT_POINTER(xfrm_mode_cbs_map[mode], NULL);
  476. spin_unlock_bh(&xfrm_mode_cbs_map_lock);
  477. synchronize_rcu();
  478. }
  479. EXPORT_SYMBOL(xfrm_unregister_mode_cbs);
  480. static const struct xfrm_mode_cbs *xfrm_get_mode_cbs(u8 mode)
  481. {
  482. const struct xfrm_mode_cbs *cbs;
  483. bool try_load = true;
  484. if (mode >= XFRM_MODE_MAX)
  485. return NULL;
  486. retry:
  487. rcu_read_lock();
  488. cbs = rcu_dereference(xfrm_mode_cbs_map[mode]);
  489. if (cbs && !try_module_get(cbs->owner))
  490. cbs = NULL;
  491. rcu_read_unlock();
  492. if (mode == XFRM_MODE_IPTFS && !cbs && try_load) {
  493. request_module("xfrm-iptfs");
  494. try_load = false;
  495. goto retry;
  496. }
  497. return cbs;
  498. }
  499. void xfrm_state_free(struct xfrm_state *x)
  500. {
  501. kmem_cache_free(xfrm_state_cache, x);
  502. }
  503. EXPORT_SYMBOL(xfrm_state_free);
  504. static void xfrm_state_delete_tunnel(struct xfrm_state *x);
  505. static void xfrm_state_gc_destroy(struct xfrm_state *x)
  506. {
  507. if (x->mode_cbs && x->mode_cbs->destroy_state)
  508. x->mode_cbs->destroy_state(x);
  509. hrtimer_cancel(&x->mtimer);
  510. timer_delete_sync(&x->rtimer);
  511. kfree_sensitive(x->aead);
  512. kfree_sensitive(x->aalg);
  513. kfree_sensitive(x->ealg);
  514. kfree(x->calg);
  515. kfree(x->encap);
  516. kfree(x->coaddr);
  517. kfree(x->replay_esn);
  518. kfree(x->preplay_esn);
  519. xfrm_unset_type_offload(x);
  520. xfrm_state_delete_tunnel(x);
  521. if (x->type) {
  522. x->type->destructor(x);
  523. xfrm_put_type(x->type);
  524. }
  525. if (x->xfrag.page)
  526. put_page(x->xfrag.page);
  527. xfrm_dev_state_free(x);
  528. security_xfrm_state_free(x);
  529. xfrm_state_free(x);
  530. }
  531. static void xfrm_state_gc_task(struct work_struct *work)
  532. {
  533. struct xfrm_state *x;
  534. struct hlist_node *tmp;
  535. struct hlist_head gc_list;
  536. spin_lock_bh(&xfrm_state_gc_lock);
  537. hlist_move_list(&xfrm_state_gc_list, &gc_list);
  538. spin_unlock_bh(&xfrm_state_gc_lock);
  539. synchronize_rcu();
  540. hlist_for_each_entry_safe(x, tmp, &gc_list, gclist)
  541. xfrm_state_gc_destroy(x);
  542. }
  543. static enum hrtimer_restart xfrm_timer_handler(struct hrtimer *me)
  544. {
  545. struct xfrm_state *x = container_of(me, struct xfrm_state, mtimer);
  546. enum hrtimer_restart ret = HRTIMER_NORESTART;
  547. time64_t now = ktime_get_real_seconds();
  548. time64_t next = TIME64_MAX;
  549. int warn = 0;
  550. int err = 0;
  551. spin_lock(&x->lock);
  552. xfrm_dev_state_update_stats(x);
  553. if (x->km.state == XFRM_STATE_DEAD)
  554. goto out;
  555. if (x->km.state == XFRM_STATE_EXPIRED)
  556. goto expired;
  557. if (x->lft.hard_add_expires_seconds) {
  558. time64_t tmo = x->lft.hard_add_expires_seconds +
  559. x->curlft.add_time - now;
  560. if (tmo <= 0) {
  561. if (x->xflags & XFRM_SOFT_EXPIRE) {
  562. /* enter hard expire without soft expire first?!
  563. * setting a new date could trigger this.
  564. * workaround: fix x->curflt.add_time by below:
  565. */
  566. x->curlft.add_time = now - x->saved_tmo - 1;
  567. tmo = x->lft.hard_add_expires_seconds - x->saved_tmo;
  568. } else
  569. goto expired;
  570. }
  571. if (tmo < next)
  572. next = tmo;
  573. }
  574. if (x->lft.hard_use_expires_seconds) {
  575. time64_t tmo = x->lft.hard_use_expires_seconds +
  576. (READ_ONCE(x->curlft.use_time) ? : now) - now;
  577. if (tmo <= 0)
  578. goto expired;
  579. if (tmo < next)
  580. next = tmo;
  581. }
  582. if (x->km.dying)
  583. goto resched;
  584. if (x->lft.soft_add_expires_seconds) {
  585. time64_t tmo = x->lft.soft_add_expires_seconds +
  586. x->curlft.add_time - now;
  587. if (tmo <= 0) {
  588. warn = 1;
  589. x->xflags &= ~XFRM_SOFT_EXPIRE;
  590. } else if (tmo < next) {
  591. next = tmo;
  592. x->xflags |= XFRM_SOFT_EXPIRE;
  593. x->saved_tmo = tmo;
  594. }
  595. }
  596. if (x->lft.soft_use_expires_seconds) {
  597. time64_t tmo = x->lft.soft_use_expires_seconds +
  598. (READ_ONCE(x->curlft.use_time) ? : now) - now;
  599. if (tmo <= 0)
  600. warn = 1;
  601. else if (tmo < next)
  602. next = tmo;
  603. }
  604. x->km.dying = warn;
  605. if (warn)
  606. km_state_expired(x, 0, 0);
  607. resched:
  608. if (next != TIME64_MAX) {
  609. hrtimer_forward_now(&x->mtimer, ktime_set(next, 0));
  610. ret = HRTIMER_RESTART;
  611. }
  612. goto out;
  613. expired:
  614. if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0)
  615. x->km.state = XFRM_STATE_EXPIRED;
  616. err = __xfrm_state_delete(x);
  617. if (!err)
  618. km_state_expired(x, 1, 0);
  619. xfrm_audit_state_delete(x, err ? 0 : 1, true);
  620. out:
  621. spin_unlock(&x->lock);
  622. return ret;
  623. }
  624. static void xfrm_replay_timer_handler(struct timer_list *t);
  625. struct xfrm_state *xfrm_state_alloc(struct net *net)
  626. {
  627. struct xfrm_state *x;
  628. x = kmem_cache_zalloc(xfrm_state_cache, GFP_ATOMIC);
  629. if (x) {
  630. write_pnet(&x->xs_net, net);
  631. refcount_set(&x->refcnt, 1);
  632. atomic_set(&x->tunnel_users, 0);
  633. INIT_LIST_HEAD(&x->km.all);
  634. INIT_HLIST_NODE(&x->state_cache);
  635. INIT_HLIST_NODE(&x->bydst);
  636. INIT_HLIST_NODE(&x->bysrc);
  637. INIT_HLIST_NODE(&x->byspi);
  638. INIT_HLIST_NODE(&x->byseq);
  639. hrtimer_setup(&x->mtimer, xfrm_timer_handler, CLOCK_BOOTTIME,
  640. HRTIMER_MODE_ABS_SOFT);
  641. timer_setup(&x->rtimer, xfrm_replay_timer_handler, 0);
  642. x->curlft.add_time = ktime_get_real_seconds();
  643. x->lft.soft_byte_limit = XFRM_INF;
  644. x->lft.soft_packet_limit = XFRM_INF;
  645. x->lft.hard_byte_limit = XFRM_INF;
  646. x->lft.hard_packet_limit = XFRM_INF;
  647. x->replay_maxage = 0;
  648. x->replay_maxdiff = 0;
  649. x->pcpu_num = UINT_MAX;
  650. spin_lock_init(&x->lock);
  651. x->mode_data = NULL;
  652. }
  653. return x;
  654. }
  655. EXPORT_SYMBOL(xfrm_state_alloc);
  656. #ifdef CONFIG_XFRM_OFFLOAD
  657. void xfrm_dev_state_delete(struct xfrm_state *x)
  658. {
  659. struct xfrm_dev_offload *xso = &x->xso;
  660. struct net_device *dev = READ_ONCE(xso->dev);
  661. if (dev) {
  662. dev->xfrmdev_ops->xdo_dev_state_delete(dev, x);
  663. spin_lock_bh(&xfrm_state_dev_gc_lock);
  664. hlist_add_head(&x->dev_gclist, &xfrm_state_dev_gc_list);
  665. spin_unlock_bh(&xfrm_state_dev_gc_lock);
  666. }
  667. }
  668. EXPORT_SYMBOL_GPL(xfrm_dev_state_delete);
  669. void xfrm_dev_state_free(struct xfrm_state *x)
  670. {
  671. struct xfrm_dev_offload *xso = &x->xso;
  672. struct net_device *dev = READ_ONCE(xso->dev);
  673. if (dev && dev->xfrmdev_ops) {
  674. spin_lock_bh(&xfrm_state_dev_gc_lock);
  675. if (!hlist_unhashed(&x->dev_gclist))
  676. hlist_del(&x->dev_gclist);
  677. spin_unlock_bh(&xfrm_state_dev_gc_lock);
  678. if (dev->xfrmdev_ops->xdo_dev_state_free)
  679. dev->xfrmdev_ops->xdo_dev_state_free(dev, x);
  680. WRITE_ONCE(xso->dev, NULL);
  681. xso->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
  682. netdev_put(dev, &xso->dev_tracker);
  683. }
  684. }
  685. #endif
  686. void __xfrm_state_destroy(struct xfrm_state *x)
  687. {
  688. WARN_ON(x->km.state != XFRM_STATE_DEAD);
  689. spin_lock_bh(&xfrm_state_gc_lock);
  690. hlist_add_head(&x->gclist, &xfrm_state_gc_list);
  691. spin_unlock_bh(&xfrm_state_gc_lock);
  692. schedule_work(&xfrm_state_gc_work);
  693. }
  694. EXPORT_SYMBOL(__xfrm_state_destroy);
  695. int __xfrm_state_delete(struct xfrm_state *x)
  696. {
  697. struct net *net = xs_net(x);
  698. int err = -ESRCH;
  699. if (x->km.state != XFRM_STATE_DEAD) {
  700. x->km.state = XFRM_STATE_DEAD;
  701. spin_lock(&net->xfrm.xfrm_state_lock);
  702. list_del(&x->km.all);
  703. hlist_del_rcu(&x->bydst);
  704. hlist_del_rcu(&x->bysrc);
  705. if (x->km.seq)
  706. hlist_del_rcu(&x->byseq);
  707. if (!hlist_unhashed(&x->state_cache))
  708. hlist_del_rcu(&x->state_cache);
  709. if (!hlist_unhashed(&x->state_cache_input))
  710. hlist_del_rcu(&x->state_cache_input);
  711. if (x->id.spi)
  712. hlist_del_rcu(&x->byspi);
  713. net->xfrm.state_num--;
  714. xfrm_nat_keepalive_state_updated(x);
  715. spin_unlock(&net->xfrm.xfrm_state_lock);
  716. xfrm_dev_state_delete(x);
  717. xfrm_state_delete_tunnel(x);
  718. /* All xfrm_state objects are created by xfrm_state_alloc.
  719. * The xfrm_state_alloc call gives a reference, and that
  720. * is what we are dropping here.
  721. */
  722. xfrm_state_put(x);
  723. err = 0;
  724. }
  725. return err;
  726. }
  727. EXPORT_SYMBOL(__xfrm_state_delete);
  728. int xfrm_state_delete(struct xfrm_state *x)
  729. {
  730. int err;
  731. spin_lock_bh(&x->lock);
  732. err = __xfrm_state_delete(x);
  733. spin_unlock_bh(&x->lock);
  734. return err;
  735. }
  736. EXPORT_SYMBOL(xfrm_state_delete);
  737. #ifdef CONFIG_SECURITY_NETWORK_XFRM
  738. static inline int
  739. xfrm_state_flush_secctx_check(struct net *net, u8 proto, bool task_valid)
  740. {
  741. int i, err = 0;
  742. for (i = 0; i <= net->xfrm.state_hmask; i++) {
  743. struct xfrm_state *x;
  744. hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_bydst, net) + i, bydst) {
  745. if (xfrm_id_proto_match(x->id.proto, proto) &&
  746. (err = security_xfrm_state_delete(x)) != 0) {
  747. xfrm_audit_state_delete(x, 0, task_valid);
  748. return err;
  749. }
  750. }
  751. }
  752. return err;
  753. }
  754. static inline int
  755. xfrm_dev_state_flush_secctx_check(struct net *net, struct net_device *dev, bool task_valid)
  756. {
  757. int i, err = 0;
  758. for (i = 0; i <= net->xfrm.state_hmask; i++) {
  759. struct xfrm_state *x;
  760. struct xfrm_dev_offload *xso;
  761. hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_bydst, net) + i, bydst) {
  762. xso = &x->xso;
  763. if (xso->dev == dev &&
  764. (err = security_xfrm_state_delete(x)) != 0) {
  765. xfrm_audit_state_delete(x, 0, task_valid);
  766. return err;
  767. }
  768. }
  769. }
  770. return err;
  771. }
  772. #else
  773. static inline int
  774. xfrm_state_flush_secctx_check(struct net *net, u8 proto, bool task_valid)
  775. {
  776. return 0;
  777. }
  778. static inline int
  779. xfrm_dev_state_flush_secctx_check(struct net *net, struct net_device *dev, bool task_valid)
  780. {
  781. return 0;
  782. }
  783. #endif
  784. int xfrm_state_flush(struct net *net, u8 proto, bool task_valid)
  785. {
  786. int i, err = 0, cnt = 0;
  787. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  788. err = xfrm_state_flush_secctx_check(net, proto, task_valid);
  789. if (err)
  790. goto out;
  791. err = -ESRCH;
  792. for (i = 0; i <= net->xfrm.state_hmask; i++) {
  793. struct xfrm_state *x;
  794. restart:
  795. hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_bydst, net) + i, bydst) {
  796. if (!xfrm_state_kern(x) &&
  797. xfrm_id_proto_match(x->id.proto, proto)) {
  798. xfrm_state_hold(x);
  799. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  800. err = xfrm_state_delete(x);
  801. xfrm_audit_state_delete(x, err ? 0 : 1,
  802. task_valid);
  803. xfrm_state_put(x);
  804. if (!err)
  805. cnt++;
  806. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  807. goto restart;
  808. }
  809. }
  810. }
  811. out:
  812. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  813. if (cnt)
  814. err = 0;
  815. return err;
  816. }
  817. EXPORT_SYMBOL(xfrm_state_flush);
  818. int xfrm_dev_state_flush(struct net *net, struct net_device *dev, bool task_valid)
  819. {
  820. struct xfrm_state *x;
  821. struct hlist_node *tmp;
  822. struct xfrm_dev_offload *xso;
  823. int i, err = 0, cnt = 0;
  824. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  825. err = xfrm_dev_state_flush_secctx_check(net, dev, task_valid);
  826. if (err)
  827. goto out;
  828. err = -ESRCH;
  829. for (i = 0; i <= net->xfrm.state_hmask; i++) {
  830. restart:
  831. hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_bydst, net) + i, bydst) {
  832. xso = &x->xso;
  833. if (!xfrm_state_kern(x) && xso->dev == dev) {
  834. xfrm_state_hold(x);
  835. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  836. err = xfrm_state_delete(x);
  837. xfrm_dev_state_free(x);
  838. xfrm_audit_state_delete(x, err ? 0 : 1,
  839. task_valid);
  840. xfrm_state_put(x);
  841. if (!err)
  842. cnt++;
  843. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  844. goto restart;
  845. }
  846. }
  847. }
  848. if (cnt)
  849. err = 0;
  850. out:
  851. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  852. spin_lock_bh(&xfrm_state_dev_gc_lock);
  853. restart_gc:
  854. hlist_for_each_entry_safe(x, tmp, &xfrm_state_dev_gc_list, dev_gclist) {
  855. xso = &x->xso;
  856. if (xso->dev == dev) {
  857. spin_unlock_bh(&xfrm_state_dev_gc_lock);
  858. xfrm_dev_state_free(x);
  859. spin_lock_bh(&xfrm_state_dev_gc_lock);
  860. goto restart_gc;
  861. }
  862. }
  863. spin_unlock_bh(&xfrm_state_dev_gc_lock);
  864. xfrm_flush_gc();
  865. return err;
  866. }
  867. EXPORT_SYMBOL(xfrm_dev_state_flush);
  868. void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si)
  869. {
  870. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  871. si->sadcnt = net->xfrm.state_num;
  872. si->sadhcnt = net->xfrm.state_hmask + 1;
  873. si->sadhmcnt = xfrm_state_hashmax;
  874. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  875. }
  876. EXPORT_SYMBOL(xfrm_sad_getinfo);
  877. static void
  878. __xfrm4_init_tempsel(struct xfrm_selector *sel, const struct flowi *fl)
  879. {
  880. const struct flowi4 *fl4 = &fl->u.ip4;
  881. sel->daddr.a4 = fl4->daddr;
  882. sel->saddr.a4 = fl4->saddr;
  883. sel->dport = xfrm_flowi_dport(fl, &fl4->uli);
  884. sel->dport_mask = htons(0xffff);
  885. sel->sport = xfrm_flowi_sport(fl, &fl4->uli);
  886. sel->sport_mask = htons(0xffff);
  887. sel->family = AF_INET;
  888. sel->prefixlen_d = 32;
  889. sel->prefixlen_s = 32;
  890. sel->proto = fl4->flowi4_proto;
  891. sel->ifindex = fl4->flowi4_oif;
  892. }
  893. static void
  894. __xfrm6_init_tempsel(struct xfrm_selector *sel, const struct flowi *fl)
  895. {
  896. const struct flowi6 *fl6 = &fl->u.ip6;
  897. /* Initialize temporary selector matching only to current session. */
  898. *(struct in6_addr *)&sel->daddr = fl6->daddr;
  899. *(struct in6_addr *)&sel->saddr = fl6->saddr;
  900. sel->dport = xfrm_flowi_dport(fl, &fl6->uli);
  901. sel->dport_mask = htons(0xffff);
  902. sel->sport = xfrm_flowi_sport(fl, &fl6->uli);
  903. sel->sport_mask = htons(0xffff);
  904. sel->family = AF_INET6;
  905. sel->prefixlen_d = 128;
  906. sel->prefixlen_s = 128;
  907. sel->proto = fl6->flowi6_proto;
  908. sel->ifindex = fl6->flowi6_oif;
  909. }
  910. static void
  911. xfrm_init_tempstate(struct xfrm_state *x, const struct flowi *fl,
  912. const struct xfrm_tmpl *tmpl,
  913. const xfrm_address_t *daddr, const xfrm_address_t *saddr,
  914. unsigned short family)
  915. {
  916. switch (family) {
  917. case AF_INET:
  918. __xfrm4_init_tempsel(&x->sel, fl);
  919. break;
  920. case AF_INET6:
  921. __xfrm6_init_tempsel(&x->sel, fl);
  922. break;
  923. }
  924. x->id = tmpl->id;
  925. switch (tmpl->encap_family) {
  926. case AF_INET:
  927. if (x->id.daddr.a4 == 0)
  928. x->id.daddr.a4 = daddr->a4;
  929. x->props.saddr = tmpl->saddr;
  930. if (x->props.saddr.a4 == 0)
  931. x->props.saddr.a4 = saddr->a4;
  932. break;
  933. case AF_INET6:
  934. if (ipv6_addr_any((struct in6_addr *)&x->id.daddr))
  935. memcpy(&x->id.daddr, daddr, sizeof(x->sel.daddr));
  936. memcpy(&x->props.saddr, &tmpl->saddr, sizeof(x->props.saddr));
  937. if (ipv6_addr_any((struct in6_addr *)&x->props.saddr))
  938. memcpy(&x->props.saddr, saddr, sizeof(x->props.saddr));
  939. break;
  940. }
  941. x->props.mode = tmpl->mode;
  942. x->props.reqid = tmpl->reqid;
  943. x->props.family = tmpl->encap_family;
  944. }
  945. struct xfrm_hash_state_ptrs {
  946. const struct hlist_head *bydst;
  947. const struct hlist_head *bysrc;
  948. const struct hlist_head *byspi;
  949. unsigned int hmask;
  950. };
  951. static void xfrm_hash_ptrs_get(const struct net *net, struct xfrm_hash_state_ptrs *ptrs)
  952. {
  953. unsigned int sequence;
  954. do {
  955. sequence = read_seqcount_begin(&net->xfrm.xfrm_state_hash_generation);
  956. ptrs->bydst = xfrm_state_deref_check(net->xfrm.state_bydst, net);
  957. ptrs->bysrc = xfrm_state_deref_check(net->xfrm.state_bysrc, net);
  958. ptrs->byspi = xfrm_state_deref_check(net->xfrm.state_byspi, net);
  959. ptrs->hmask = net->xfrm.state_hmask;
  960. } while (read_seqcount_retry(&net->xfrm.xfrm_state_hash_generation, sequence));
  961. }
  962. static struct xfrm_state *__xfrm_state_lookup_all(const struct xfrm_hash_state_ptrs *state_ptrs,
  963. u32 mark,
  964. const xfrm_address_t *daddr,
  965. __be32 spi, u8 proto,
  966. unsigned short family,
  967. struct xfrm_dev_offload *xdo)
  968. {
  969. unsigned int h = __xfrm_spi_hash(daddr, spi, proto, family, state_ptrs->hmask);
  970. struct xfrm_state *x;
  971. hlist_for_each_entry_rcu(x, state_ptrs->byspi + h, byspi) {
  972. #ifdef CONFIG_XFRM_OFFLOAD
  973. if (xdo->type == XFRM_DEV_OFFLOAD_PACKET) {
  974. if (x->xso.type != XFRM_DEV_OFFLOAD_PACKET)
  975. /* HW states are in the head of list, there is
  976. * no need to iterate further.
  977. */
  978. break;
  979. /* Packet offload: both policy and SA should
  980. * have same device.
  981. */
  982. if (xdo->dev != x->xso.dev)
  983. continue;
  984. } else if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET)
  985. /* Skip HW policy for SW lookups */
  986. continue;
  987. #endif
  988. if (x->props.family != family ||
  989. x->id.spi != spi ||
  990. x->id.proto != proto ||
  991. !xfrm_addr_equal(&x->id.daddr, daddr, family))
  992. continue;
  993. if ((mark & x->mark.m) != x->mark.v)
  994. continue;
  995. if (!xfrm_state_hold_rcu(x))
  996. continue;
  997. return x;
  998. }
  999. return NULL;
  1000. }
  1001. static struct xfrm_state *__xfrm_state_lookup(const struct xfrm_hash_state_ptrs *state_ptrs,
  1002. u32 mark,
  1003. const xfrm_address_t *daddr,
  1004. __be32 spi, u8 proto,
  1005. unsigned short family)
  1006. {
  1007. unsigned int h = __xfrm_spi_hash(daddr, spi, proto, family, state_ptrs->hmask);
  1008. struct xfrm_state *x;
  1009. hlist_for_each_entry_rcu(x, state_ptrs->byspi + h, byspi) {
  1010. if (x->props.family != family ||
  1011. x->id.spi != spi ||
  1012. x->id.proto != proto ||
  1013. !xfrm_addr_equal(&x->id.daddr, daddr, family))
  1014. continue;
  1015. if ((mark & x->mark.m) != x->mark.v)
  1016. continue;
  1017. if (!xfrm_state_hold_rcu(x))
  1018. continue;
  1019. return x;
  1020. }
  1021. return NULL;
  1022. }
  1023. struct xfrm_state *xfrm_input_state_lookup(struct net *net, u32 mark,
  1024. const xfrm_address_t *daddr,
  1025. __be32 spi, u8 proto,
  1026. unsigned short family)
  1027. {
  1028. struct xfrm_hash_state_ptrs state_ptrs;
  1029. struct hlist_head *state_cache_input;
  1030. struct xfrm_state *x = NULL;
  1031. state_cache_input = raw_cpu_ptr(net->xfrm.state_cache_input);
  1032. rcu_read_lock();
  1033. hlist_for_each_entry_rcu(x, state_cache_input, state_cache_input) {
  1034. if (x->props.family != family ||
  1035. x->id.spi != spi ||
  1036. x->id.proto != proto ||
  1037. !xfrm_addr_equal(&x->id.daddr, daddr, family))
  1038. continue;
  1039. if ((mark & x->mark.m) != x->mark.v)
  1040. continue;
  1041. if (!xfrm_state_hold_rcu(x))
  1042. continue;
  1043. goto out;
  1044. }
  1045. xfrm_hash_ptrs_get(net, &state_ptrs);
  1046. x = __xfrm_state_lookup(&state_ptrs, mark, daddr, spi, proto, family);
  1047. if (x && x->km.state == XFRM_STATE_VALID) {
  1048. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  1049. if (hlist_unhashed(&x->state_cache_input)) {
  1050. hlist_add_head_rcu(&x->state_cache_input, state_cache_input);
  1051. } else {
  1052. hlist_del_rcu(&x->state_cache_input);
  1053. hlist_add_head_rcu(&x->state_cache_input, state_cache_input);
  1054. }
  1055. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  1056. }
  1057. out:
  1058. rcu_read_unlock();
  1059. return x;
  1060. }
  1061. EXPORT_SYMBOL(xfrm_input_state_lookup);
  1062. static struct xfrm_state *__xfrm_state_lookup_byaddr(const struct xfrm_hash_state_ptrs *state_ptrs,
  1063. u32 mark,
  1064. const xfrm_address_t *daddr,
  1065. const xfrm_address_t *saddr,
  1066. u8 proto, unsigned short family)
  1067. {
  1068. unsigned int h = __xfrm_src_hash(daddr, saddr, family, state_ptrs->hmask);
  1069. struct xfrm_state *x;
  1070. hlist_for_each_entry_rcu(x, state_ptrs->bysrc + h, bysrc) {
  1071. if (x->props.family != family ||
  1072. x->id.proto != proto ||
  1073. !xfrm_addr_equal(&x->id.daddr, daddr, family) ||
  1074. !xfrm_addr_equal(&x->props.saddr, saddr, family))
  1075. continue;
  1076. if ((mark & x->mark.m) != x->mark.v)
  1077. continue;
  1078. if (!xfrm_state_hold_rcu(x))
  1079. continue;
  1080. return x;
  1081. }
  1082. return NULL;
  1083. }
  1084. static inline struct xfrm_state *
  1085. __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
  1086. {
  1087. struct xfrm_hash_state_ptrs state_ptrs;
  1088. struct net *net = xs_net(x);
  1089. u32 mark = x->mark.v & x->mark.m;
  1090. xfrm_hash_ptrs_get(net, &state_ptrs);
  1091. if (use_spi)
  1092. return __xfrm_state_lookup(&state_ptrs, mark, &x->id.daddr,
  1093. x->id.spi, x->id.proto, family);
  1094. else
  1095. return __xfrm_state_lookup_byaddr(&state_ptrs, mark,
  1096. &x->id.daddr,
  1097. &x->props.saddr,
  1098. x->id.proto, family);
  1099. }
  1100. static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
  1101. {
  1102. if (have_hash_collision &&
  1103. (net->xfrm.state_hmask + 1) < xfrm_state_hashmax &&
  1104. net->xfrm.state_num > net->xfrm.state_hmask)
  1105. schedule_work(&net->xfrm.state_hash_work);
  1106. }
  1107. static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
  1108. const struct flowi *fl, unsigned short family,
  1109. struct xfrm_state **best, int *acq_in_progress,
  1110. int *error, unsigned int pcpu_id)
  1111. {
  1112. /* Resolution logic:
  1113. * 1. There is a valid state with matching selector. Done.
  1114. * 2. Valid state with inappropriate selector. Skip.
  1115. *
  1116. * Entering area of "sysdeps".
  1117. *
  1118. * 3. If state is not valid, selector is temporary, it selects
  1119. * only session which triggered previous resolution. Key
  1120. * manager will do something to install a state with proper
  1121. * selector.
  1122. */
  1123. if (x->km.state == XFRM_STATE_VALID) {
  1124. if ((x->sel.family &&
  1125. (x->sel.family != family ||
  1126. !xfrm_selector_match(&x->sel, fl, family))) ||
  1127. !security_xfrm_state_pol_flow_match(x, pol,
  1128. &fl->u.__fl_common))
  1129. return;
  1130. if (x->pcpu_num != UINT_MAX && x->pcpu_num != pcpu_id)
  1131. return;
  1132. if (!*best ||
  1133. ((*best)->pcpu_num == UINT_MAX && x->pcpu_num == pcpu_id) ||
  1134. (*best)->km.dying > x->km.dying ||
  1135. ((*best)->km.dying == x->km.dying &&
  1136. (*best)->curlft.add_time < x->curlft.add_time))
  1137. *best = x;
  1138. } else if (x->km.state == XFRM_STATE_ACQ) {
  1139. if (!*best || x->pcpu_num == pcpu_id)
  1140. *acq_in_progress = 1;
  1141. } else if (x->km.state == XFRM_STATE_ERROR ||
  1142. x->km.state == XFRM_STATE_EXPIRED) {
  1143. if ((!x->sel.family ||
  1144. (x->sel.family == family &&
  1145. xfrm_selector_match(&x->sel, fl, family))) &&
  1146. security_xfrm_state_pol_flow_match(x, pol,
  1147. &fl->u.__fl_common))
  1148. *error = -ESRCH;
  1149. }
  1150. }
  1151. struct xfrm_state *
  1152. xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
  1153. const struct flowi *fl, struct xfrm_tmpl *tmpl,
  1154. struct xfrm_policy *pol, int *err,
  1155. unsigned short family, u32 if_id)
  1156. {
  1157. static xfrm_address_t saddr_wildcard = { };
  1158. struct xfrm_hash_state_ptrs state_ptrs;
  1159. struct net *net = xp_net(pol);
  1160. unsigned int h, h_wildcard;
  1161. struct xfrm_state *x, *x0, *to_put;
  1162. int acquire_in_progress = 0;
  1163. int error = 0;
  1164. struct xfrm_state *best = NULL;
  1165. u32 mark = pol->mark.v & pol->mark.m;
  1166. unsigned short encap_family = tmpl->encap_family;
  1167. unsigned int sequence;
  1168. struct km_event c;
  1169. unsigned int pcpu_id;
  1170. bool cached = false;
  1171. /* We need the cpu id just as a lookup key,
  1172. * we don't require it to be stable.
  1173. */
  1174. pcpu_id = raw_smp_processor_id();
  1175. to_put = NULL;
  1176. sequence = read_seqcount_begin(&net->xfrm.xfrm_state_hash_generation);
  1177. rcu_read_lock();
  1178. xfrm_hash_ptrs_get(net, &state_ptrs);
  1179. hlist_for_each_entry_rcu(x, &pol->state_cache_list, state_cache) {
  1180. if (x->props.family == encap_family &&
  1181. x->props.reqid == tmpl->reqid &&
  1182. (mark & x->mark.m) == x->mark.v &&
  1183. x->if_id == if_id &&
  1184. !(x->props.flags & XFRM_STATE_WILDRECV) &&
  1185. xfrm_state_addr_check(x, daddr, saddr, encap_family) &&
  1186. tmpl->mode == x->props.mode &&
  1187. tmpl->id.proto == x->id.proto &&
  1188. (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
  1189. xfrm_state_look_at(pol, x, fl, encap_family,
  1190. &best, &acquire_in_progress, &error, pcpu_id);
  1191. }
  1192. if (best)
  1193. goto cached;
  1194. hlist_for_each_entry_rcu(x, &pol->state_cache_list, state_cache) {
  1195. if (x->props.family == encap_family &&
  1196. x->props.reqid == tmpl->reqid &&
  1197. (mark & x->mark.m) == x->mark.v &&
  1198. x->if_id == if_id &&
  1199. !(x->props.flags & XFRM_STATE_WILDRECV) &&
  1200. xfrm_addr_equal(&x->id.daddr, daddr, encap_family) &&
  1201. tmpl->mode == x->props.mode &&
  1202. tmpl->id.proto == x->id.proto &&
  1203. (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
  1204. xfrm_state_look_at(pol, x, fl, family,
  1205. &best, &acquire_in_progress, &error, pcpu_id);
  1206. }
  1207. cached:
  1208. cached = true;
  1209. if (best)
  1210. goto found;
  1211. else if (error)
  1212. best = NULL;
  1213. else if (acquire_in_progress) /* XXX: acquire_in_progress should not happen */
  1214. WARN_ON(1);
  1215. h = __xfrm_dst_hash(daddr, saddr, tmpl->reqid, encap_family, state_ptrs.hmask);
  1216. hlist_for_each_entry_rcu(x, state_ptrs.bydst + h, bydst) {
  1217. #ifdef CONFIG_XFRM_OFFLOAD
  1218. if (pol->xdo.type == XFRM_DEV_OFFLOAD_PACKET) {
  1219. if (x->xso.type != XFRM_DEV_OFFLOAD_PACKET)
  1220. /* HW states are in the head of list, there is
  1221. * no need to iterate further.
  1222. */
  1223. break;
  1224. /* Packet offload: both policy and SA should
  1225. * have same device.
  1226. */
  1227. if (pol->xdo.dev != x->xso.dev)
  1228. continue;
  1229. } else if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET)
  1230. /* Skip HW policy for SW lookups */
  1231. continue;
  1232. #endif
  1233. if (x->props.family == encap_family &&
  1234. x->props.reqid == tmpl->reqid &&
  1235. (mark & x->mark.m) == x->mark.v &&
  1236. x->if_id == if_id &&
  1237. !(x->props.flags & XFRM_STATE_WILDRECV) &&
  1238. xfrm_state_addr_check(x, daddr, saddr, encap_family) &&
  1239. tmpl->mode == x->props.mode &&
  1240. tmpl->id.proto == x->id.proto &&
  1241. (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
  1242. xfrm_state_look_at(pol, x, fl, family,
  1243. &best, &acquire_in_progress, &error, pcpu_id);
  1244. }
  1245. if (best || acquire_in_progress)
  1246. goto found;
  1247. h_wildcard = __xfrm_dst_hash(daddr, &saddr_wildcard, tmpl->reqid,
  1248. encap_family, state_ptrs.hmask);
  1249. hlist_for_each_entry_rcu(x, state_ptrs.bydst + h_wildcard, bydst) {
  1250. #ifdef CONFIG_XFRM_OFFLOAD
  1251. if (pol->xdo.type == XFRM_DEV_OFFLOAD_PACKET) {
  1252. if (x->xso.type != XFRM_DEV_OFFLOAD_PACKET)
  1253. /* HW states are in the head of list, there is
  1254. * no need to iterate further.
  1255. */
  1256. break;
  1257. /* Packet offload: both policy and SA should
  1258. * have same device.
  1259. */
  1260. if (pol->xdo.dev != x->xso.dev)
  1261. continue;
  1262. } else if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET)
  1263. /* Skip HW policy for SW lookups */
  1264. continue;
  1265. #endif
  1266. if (x->props.family == encap_family &&
  1267. x->props.reqid == tmpl->reqid &&
  1268. (mark & x->mark.m) == x->mark.v &&
  1269. x->if_id == if_id &&
  1270. !(x->props.flags & XFRM_STATE_WILDRECV) &&
  1271. xfrm_addr_equal(&x->id.daddr, daddr, encap_family) &&
  1272. tmpl->mode == x->props.mode &&
  1273. tmpl->id.proto == x->id.proto &&
  1274. (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
  1275. xfrm_state_look_at(pol, x, fl, family,
  1276. &best, &acquire_in_progress, &error, pcpu_id);
  1277. }
  1278. found:
  1279. if (!(pol->flags & XFRM_POLICY_CPU_ACQUIRE) ||
  1280. (best && (best->pcpu_num == pcpu_id)))
  1281. x = best;
  1282. if (!x && !error && !acquire_in_progress) {
  1283. if (tmpl->id.spi &&
  1284. (x0 = __xfrm_state_lookup_all(&state_ptrs, mark, daddr,
  1285. tmpl->id.spi, tmpl->id.proto,
  1286. encap_family,
  1287. &pol->xdo)) != NULL) {
  1288. to_put = x0;
  1289. error = -EEXIST;
  1290. goto out;
  1291. }
  1292. c.net = net;
  1293. /* If the KMs have no listeners (yet...), avoid allocating an SA
  1294. * for each and every packet - garbage collection might not
  1295. * handle the flood.
  1296. */
  1297. if (!km_is_alive(&c)) {
  1298. error = -ESRCH;
  1299. goto out;
  1300. }
  1301. x = xfrm_state_alloc(net);
  1302. if (x == NULL) {
  1303. error = -ENOMEM;
  1304. goto out;
  1305. }
  1306. /* Initialize temporary state matching only
  1307. * to current session. */
  1308. xfrm_init_tempstate(x, fl, tmpl, daddr, saddr, family);
  1309. memcpy(&x->mark, &pol->mark, sizeof(x->mark));
  1310. x->if_id = if_id;
  1311. if ((pol->flags & XFRM_POLICY_CPU_ACQUIRE) && best)
  1312. x->pcpu_num = pcpu_id;
  1313. error = security_xfrm_state_alloc_acquire(x, pol->security, fl->flowi_secid);
  1314. if (error) {
  1315. x->km.state = XFRM_STATE_DEAD;
  1316. to_put = x;
  1317. x = NULL;
  1318. goto out;
  1319. }
  1320. #ifdef CONFIG_XFRM_OFFLOAD
  1321. if (pol->xdo.type == XFRM_DEV_OFFLOAD_PACKET) {
  1322. struct xfrm_dev_offload *xdo = &pol->xdo;
  1323. struct xfrm_dev_offload *xso = &x->xso;
  1324. struct net_device *dev = xdo->dev;
  1325. xso->type = XFRM_DEV_OFFLOAD_PACKET;
  1326. xso->dir = xdo->dir;
  1327. xso->dev = dev;
  1328. xso->flags = XFRM_DEV_OFFLOAD_FLAG_ACQ;
  1329. netdev_hold(dev, &xso->dev_tracker, GFP_ATOMIC);
  1330. error = dev->xfrmdev_ops->xdo_dev_state_add(dev, x,
  1331. NULL);
  1332. if (error) {
  1333. xso->dir = 0;
  1334. netdev_put(dev, &xso->dev_tracker);
  1335. xso->dev = NULL;
  1336. xso->type = XFRM_DEV_OFFLOAD_UNSPECIFIED;
  1337. x->km.state = XFRM_STATE_DEAD;
  1338. to_put = x;
  1339. x = NULL;
  1340. goto out;
  1341. }
  1342. }
  1343. #endif
  1344. if (km_query(x, tmpl, pol) == 0) {
  1345. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  1346. x->km.state = XFRM_STATE_ACQ;
  1347. x->dir = XFRM_SA_DIR_OUT;
  1348. list_add(&x->km.all, &net->xfrm.state_all);
  1349. h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family);
  1350. XFRM_STATE_INSERT(bydst, &x->bydst,
  1351. xfrm_state_deref_prot(net->xfrm.state_bydst, net) + h,
  1352. x->xso.type);
  1353. h = xfrm_src_hash(net, daddr, saddr, encap_family);
  1354. XFRM_STATE_INSERT(bysrc, &x->bysrc,
  1355. xfrm_state_deref_prot(net->xfrm.state_bysrc, net) + h,
  1356. x->xso.type);
  1357. INIT_HLIST_NODE(&x->state_cache);
  1358. if (x->id.spi) {
  1359. h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family);
  1360. XFRM_STATE_INSERT(byspi, &x->byspi,
  1361. xfrm_state_deref_prot(net->xfrm.state_byspi, net) + h,
  1362. x->xso.type);
  1363. }
  1364. if (x->km.seq) {
  1365. h = xfrm_seq_hash(net, x->km.seq);
  1366. XFRM_STATE_INSERT(byseq, &x->byseq,
  1367. xfrm_state_deref_prot(net->xfrm.state_byseq, net) + h,
  1368. x->xso.type);
  1369. }
  1370. x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
  1371. hrtimer_start(&x->mtimer,
  1372. ktime_set(net->xfrm.sysctl_acq_expires, 0),
  1373. HRTIMER_MODE_REL_SOFT);
  1374. net->xfrm.state_num++;
  1375. xfrm_hash_grow_check(net, x->bydst.next != NULL);
  1376. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  1377. } else {
  1378. #ifdef CONFIG_XFRM_OFFLOAD
  1379. struct xfrm_dev_offload *xso = &x->xso;
  1380. if (xso->type == XFRM_DEV_OFFLOAD_PACKET) {
  1381. xfrm_dev_state_delete(x);
  1382. xfrm_dev_state_free(x);
  1383. }
  1384. #endif
  1385. x->km.state = XFRM_STATE_DEAD;
  1386. to_put = x;
  1387. x = NULL;
  1388. error = -ESRCH;
  1389. }
  1390. /* Use the already installed 'fallback' while the CPU-specific
  1391. * SA acquire is handled*/
  1392. if (best)
  1393. x = best;
  1394. }
  1395. out:
  1396. if (x) {
  1397. if (!xfrm_state_hold_rcu(x)) {
  1398. *err = -EAGAIN;
  1399. x = NULL;
  1400. }
  1401. } else {
  1402. *err = acquire_in_progress ? -EAGAIN : error;
  1403. }
  1404. if (x && x->km.state == XFRM_STATE_VALID && !cached &&
  1405. (!(pol->flags & XFRM_POLICY_CPU_ACQUIRE) || x->pcpu_num == pcpu_id)) {
  1406. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  1407. if (hlist_unhashed(&x->state_cache))
  1408. hlist_add_head_rcu(&x->state_cache, &pol->state_cache_list);
  1409. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  1410. }
  1411. rcu_read_unlock();
  1412. if (to_put)
  1413. xfrm_state_put(to_put);
  1414. if (read_seqcount_retry(&net->xfrm.xfrm_state_hash_generation, sequence)) {
  1415. *err = -EAGAIN;
  1416. if (x) {
  1417. xfrm_state_put(x);
  1418. x = NULL;
  1419. }
  1420. }
  1421. return x;
  1422. }
  1423. struct xfrm_state *
  1424. xfrm_stateonly_find(struct net *net, u32 mark, u32 if_id,
  1425. xfrm_address_t *daddr, xfrm_address_t *saddr,
  1426. unsigned short family, u8 mode, u8 proto, u32 reqid)
  1427. {
  1428. unsigned int h;
  1429. struct xfrm_state *rx = NULL, *x = NULL;
  1430. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  1431. h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
  1432. hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_bydst, net) + h, bydst) {
  1433. if (x->props.family == family &&
  1434. x->props.reqid == reqid &&
  1435. (mark & x->mark.m) == x->mark.v &&
  1436. x->if_id == if_id &&
  1437. !(x->props.flags & XFRM_STATE_WILDRECV) &&
  1438. xfrm_state_addr_check(x, daddr, saddr, family) &&
  1439. mode == x->props.mode &&
  1440. proto == x->id.proto &&
  1441. x->km.state == XFRM_STATE_VALID) {
  1442. rx = x;
  1443. break;
  1444. }
  1445. }
  1446. if (rx)
  1447. xfrm_state_hold(rx);
  1448. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  1449. return rx;
  1450. }
  1451. EXPORT_SYMBOL(xfrm_stateonly_find);
  1452. struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi,
  1453. unsigned short family)
  1454. {
  1455. struct xfrm_state *x;
  1456. struct xfrm_state_walk *w;
  1457. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  1458. list_for_each_entry(w, &net->xfrm.state_all, all) {
  1459. x = container_of(w, struct xfrm_state, km);
  1460. if (x->props.family != family ||
  1461. x->id.spi != spi)
  1462. continue;
  1463. xfrm_state_hold(x);
  1464. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  1465. return x;
  1466. }
  1467. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  1468. return NULL;
  1469. }
  1470. EXPORT_SYMBOL(xfrm_state_lookup_byspi);
  1471. static struct xfrm_state *xfrm_state_lookup_spi_proto(struct net *net, __be32 spi, u8 proto)
  1472. {
  1473. struct xfrm_state *x;
  1474. unsigned int i;
  1475. for (i = 0; i <= net->xfrm.state_hmask; i++) {
  1476. hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_byspi, net) + i, byspi) {
  1477. if (x->id.spi == spi && x->id.proto == proto)
  1478. return x;
  1479. }
  1480. }
  1481. return NULL;
  1482. }
  1483. static void __xfrm_state_insert(struct xfrm_state *x)
  1484. {
  1485. struct net *net = xs_net(x);
  1486. unsigned int h;
  1487. list_add(&x->km.all, &net->xfrm.state_all);
  1488. /* Sanitize mark before store */
  1489. x->mark.v &= x->mark.m;
  1490. h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr,
  1491. x->props.reqid, x->props.family);
  1492. XFRM_STATE_INSERT(bydst, &x->bydst,
  1493. xfrm_state_deref_prot(net->xfrm.state_bydst, net) + h,
  1494. x->xso.type);
  1495. h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family);
  1496. XFRM_STATE_INSERT(bysrc, &x->bysrc,
  1497. xfrm_state_deref_prot(net->xfrm.state_bysrc, net) + h,
  1498. x->xso.type);
  1499. if (x->id.spi) {
  1500. h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto,
  1501. x->props.family);
  1502. XFRM_STATE_INSERT(byspi, &x->byspi,
  1503. xfrm_state_deref_prot(net->xfrm.state_byspi, net) + h,
  1504. x->xso.type);
  1505. }
  1506. if (x->km.seq) {
  1507. h = xfrm_seq_hash(net, x->km.seq);
  1508. XFRM_STATE_INSERT(byseq, &x->byseq,
  1509. xfrm_state_deref_prot(net->xfrm.state_byseq, net) + h,
  1510. x->xso.type);
  1511. }
  1512. hrtimer_start(&x->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL_SOFT);
  1513. if (x->replay_maxage)
  1514. mod_timer(&x->rtimer, jiffies + x->replay_maxage);
  1515. net->xfrm.state_num++;
  1516. xfrm_hash_grow_check(net, x->bydst.next != NULL);
  1517. xfrm_nat_keepalive_state_updated(x);
  1518. }
  1519. /* net->xfrm.xfrm_state_lock is held */
  1520. static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
  1521. {
  1522. struct net *net = xs_net(xnew);
  1523. unsigned short family = xnew->props.family;
  1524. u32 reqid = xnew->props.reqid;
  1525. struct xfrm_state *x;
  1526. unsigned int h;
  1527. u32 mark = xnew->mark.v & xnew->mark.m;
  1528. u32 if_id = xnew->if_id;
  1529. u32 cpu_id = xnew->pcpu_num;
  1530. h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
  1531. hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_bydst, net) + h, bydst) {
  1532. if (x->props.family == family &&
  1533. x->props.reqid == reqid &&
  1534. x->if_id == if_id &&
  1535. x->pcpu_num == cpu_id &&
  1536. (mark & x->mark.m) == x->mark.v &&
  1537. xfrm_addr_equal(&x->id.daddr, &xnew->id.daddr, family) &&
  1538. xfrm_addr_equal(&x->props.saddr, &xnew->props.saddr, family))
  1539. x->genid++;
  1540. }
  1541. }
  1542. void xfrm_state_insert(struct xfrm_state *x)
  1543. {
  1544. struct net *net = xs_net(x);
  1545. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  1546. __xfrm_state_bump_genids(x);
  1547. __xfrm_state_insert(x);
  1548. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  1549. }
  1550. EXPORT_SYMBOL(xfrm_state_insert);
  1551. /* net->xfrm.xfrm_state_lock is held */
  1552. static struct xfrm_state *__find_acq_core(struct net *net,
  1553. const struct xfrm_mark *m,
  1554. unsigned short family, u8 mode,
  1555. u32 reqid, u32 if_id, u32 pcpu_num, u8 proto,
  1556. const xfrm_address_t *daddr,
  1557. const xfrm_address_t *saddr,
  1558. int create)
  1559. {
  1560. unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
  1561. struct xfrm_state *x;
  1562. u32 mark = m->v & m->m;
  1563. hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_bydst, net) + h, bydst) {
  1564. if (x->props.reqid != reqid ||
  1565. x->props.mode != mode ||
  1566. x->props.family != family ||
  1567. x->km.state != XFRM_STATE_ACQ ||
  1568. x->id.spi != 0 ||
  1569. x->id.proto != proto ||
  1570. (mark & x->mark.m) != x->mark.v ||
  1571. x->pcpu_num != pcpu_num ||
  1572. !xfrm_addr_equal(&x->id.daddr, daddr, family) ||
  1573. !xfrm_addr_equal(&x->props.saddr, saddr, family))
  1574. continue;
  1575. xfrm_state_hold(x);
  1576. return x;
  1577. }
  1578. if (!create)
  1579. return NULL;
  1580. x = xfrm_state_alloc(net);
  1581. if (likely(x)) {
  1582. switch (family) {
  1583. case AF_INET:
  1584. x->sel.daddr.a4 = daddr->a4;
  1585. x->sel.saddr.a4 = saddr->a4;
  1586. x->sel.prefixlen_d = 32;
  1587. x->sel.prefixlen_s = 32;
  1588. x->props.saddr.a4 = saddr->a4;
  1589. x->id.daddr.a4 = daddr->a4;
  1590. break;
  1591. case AF_INET6:
  1592. x->sel.daddr.in6 = daddr->in6;
  1593. x->sel.saddr.in6 = saddr->in6;
  1594. x->sel.prefixlen_d = 128;
  1595. x->sel.prefixlen_s = 128;
  1596. x->props.saddr.in6 = saddr->in6;
  1597. x->id.daddr.in6 = daddr->in6;
  1598. break;
  1599. }
  1600. x->pcpu_num = pcpu_num;
  1601. x->km.state = XFRM_STATE_ACQ;
  1602. x->id.proto = proto;
  1603. x->props.family = family;
  1604. x->props.mode = mode;
  1605. x->props.reqid = reqid;
  1606. x->if_id = if_id;
  1607. x->mark.v = m->v;
  1608. x->mark.m = m->m;
  1609. x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
  1610. xfrm_state_hold(x);
  1611. hrtimer_start(&x->mtimer,
  1612. ktime_set(net->xfrm.sysctl_acq_expires, 0),
  1613. HRTIMER_MODE_REL_SOFT);
  1614. list_add(&x->km.all, &net->xfrm.state_all);
  1615. XFRM_STATE_INSERT(bydst, &x->bydst,
  1616. xfrm_state_deref_prot(net->xfrm.state_bydst, net) + h,
  1617. x->xso.type);
  1618. h = xfrm_src_hash(net, daddr, saddr, family);
  1619. XFRM_STATE_INSERT(bysrc, &x->bysrc,
  1620. xfrm_state_deref_prot(net->xfrm.state_bysrc, net) + h,
  1621. x->xso.type);
  1622. net->xfrm.state_num++;
  1623. xfrm_hash_grow_check(net, x->bydst.next != NULL);
  1624. }
  1625. return x;
  1626. }
  1627. static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq, u32 pcpu_num);
  1628. int xfrm_state_add(struct xfrm_state *x)
  1629. {
  1630. struct net *net = xs_net(x);
  1631. struct xfrm_state *x1, *to_put;
  1632. int family;
  1633. int err;
  1634. u32 mark = x->mark.v & x->mark.m;
  1635. int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
  1636. family = x->props.family;
  1637. to_put = NULL;
  1638. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  1639. x1 = __xfrm_state_locate(x, use_spi, family);
  1640. if (x1) {
  1641. to_put = x1;
  1642. x1 = NULL;
  1643. err = -EEXIST;
  1644. goto out;
  1645. }
  1646. if (use_spi && x->km.seq) {
  1647. x1 = __xfrm_find_acq_byseq(net, mark, x->km.seq, x->pcpu_num);
  1648. if (x1 && ((x1->id.proto != x->id.proto) ||
  1649. !xfrm_addr_equal(&x1->id.daddr, &x->id.daddr, family))) {
  1650. to_put = x1;
  1651. x1 = NULL;
  1652. }
  1653. }
  1654. if (use_spi && !x1)
  1655. x1 = __find_acq_core(net, &x->mark, family, x->props.mode,
  1656. x->props.reqid, x->if_id, x->pcpu_num, x->id.proto,
  1657. &x->id.daddr, &x->props.saddr, 0);
  1658. __xfrm_state_bump_genids(x);
  1659. __xfrm_state_insert(x);
  1660. err = 0;
  1661. out:
  1662. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  1663. if (x1) {
  1664. xfrm_state_delete(x1);
  1665. xfrm_state_put(x1);
  1666. }
  1667. if (to_put)
  1668. xfrm_state_put(to_put);
  1669. return err;
  1670. }
  1671. EXPORT_SYMBOL(xfrm_state_add);
  1672. #ifdef CONFIG_XFRM_MIGRATE
  1673. static inline int clone_security(struct xfrm_state *x, struct xfrm_sec_ctx *security)
  1674. {
  1675. struct xfrm_user_sec_ctx *uctx;
  1676. int size = sizeof(*uctx) + security->ctx_len;
  1677. int err;
  1678. uctx = kmalloc(size, GFP_KERNEL);
  1679. if (!uctx)
  1680. return -ENOMEM;
  1681. uctx->exttype = XFRMA_SEC_CTX;
  1682. uctx->len = size;
  1683. uctx->ctx_doi = security->ctx_doi;
  1684. uctx->ctx_alg = security->ctx_alg;
  1685. uctx->ctx_len = security->ctx_len;
  1686. memcpy(uctx + 1, security->ctx_str, security->ctx_len);
  1687. err = security_xfrm_state_alloc(x, uctx);
  1688. kfree(uctx);
  1689. if (err)
  1690. return err;
  1691. return 0;
  1692. }
  1693. static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *orig,
  1694. struct xfrm_encap_tmpl *encap,
  1695. struct xfrm_migrate *m)
  1696. {
  1697. struct net *net = xs_net(orig);
  1698. struct xfrm_state *x = xfrm_state_alloc(net);
  1699. if (!x)
  1700. goto out;
  1701. memcpy(&x->id, &orig->id, sizeof(x->id));
  1702. memcpy(&x->sel, &orig->sel, sizeof(x->sel));
  1703. memcpy(&x->lft, &orig->lft, sizeof(x->lft));
  1704. x->props.mode = orig->props.mode;
  1705. x->props.replay_window = orig->props.replay_window;
  1706. x->props.reqid = orig->props.reqid;
  1707. x->props.family = orig->props.family;
  1708. x->props.saddr = orig->props.saddr;
  1709. if (orig->aalg) {
  1710. x->aalg = xfrm_algo_auth_clone(orig->aalg);
  1711. if (!x->aalg)
  1712. goto error;
  1713. }
  1714. x->props.aalgo = orig->props.aalgo;
  1715. if (orig->aead) {
  1716. x->aead = xfrm_algo_aead_clone(orig->aead);
  1717. x->geniv = orig->geniv;
  1718. if (!x->aead)
  1719. goto error;
  1720. }
  1721. if (orig->ealg) {
  1722. x->ealg = xfrm_algo_clone(orig->ealg);
  1723. if (!x->ealg)
  1724. goto error;
  1725. }
  1726. x->props.ealgo = orig->props.ealgo;
  1727. if (orig->calg) {
  1728. x->calg = xfrm_algo_clone(orig->calg);
  1729. if (!x->calg)
  1730. goto error;
  1731. }
  1732. x->props.calgo = orig->props.calgo;
  1733. if (encap || orig->encap) {
  1734. if (encap)
  1735. x->encap = kmemdup(encap, sizeof(*x->encap),
  1736. GFP_KERNEL);
  1737. else
  1738. x->encap = kmemdup(orig->encap, sizeof(*x->encap),
  1739. GFP_KERNEL);
  1740. if (!x->encap)
  1741. goto error;
  1742. }
  1743. if (orig->security)
  1744. if (clone_security(x, orig->security))
  1745. goto error;
  1746. if (orig->coaddr) {
  1747. x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
  1748. GFP_KERNEL);
  1749. if (!x->coaddr)
  1750. goto error;
  1751. }
  1752. if (orig->replay_esn) {
  1753. if (xfrm_replay_clone(x, orig))
  1754. goto error;
  1755. }
  1756. memcpy(&x->mark, &orig->mark, sizeof(x->mark));
  1757. memcpy(&x->props.smark, &orig->props.smark, sizeof(x->props.smark));
  1758. x->props.flags = orig->props.flags;
  1759. x->props.extra_flags = orig->props.extra_flags;
  1760. x->pcpu_num = orig->pcpu_num;
  1761. x->if_id = orig->if_id;
  1762. x->tfcpad = orig->tfcpad;
  1763. x->replay_maxdiff = orig->replay_maxdiff;
  1764. x->replay_maxage = orig->replay_maxage;
  1765. memcpy(&x->curlft, &orig->curlft, sizeof(x->curlft));
  1766. x->km.state = orig->km.state;
  1767. x->km.seq = orig->km.seq;
  1768. x->replay = orig->replay;
  1769. x->preplay = orig->preplay;
  1770. x->mapping_maxage = orig->mapping_maxage;
  1771. x->lastused = orig->lastused;
  1772. x->new_mapping = 0;
  1773. x->new_mapping_sport = 0;
  1774. x->dir = orig->dir;
  1775. x->mode_cbs = orig->mode_cbs;
  1776. if (x->mode_cbs && x->mode_cbs->clone_state) {
  1777. if (x->mode_cbs->clone_state(x, orig))
  1778. goto error;
  1779. }
  1780. x->props.family = m->new_family;
  1781. memcpy(&x->id.daddr, &m->new_daddr, sizeof(x->id.daddr));
  1782. memcpy(&x->props.saddr, &m->new_saddr, sizeof(x->props.saddr));
  1783. return x;
  1784. error:
  1785. x->km.state = XFRM_STATE_DEAD;
  1786. xfrm_state_put(x);
  1787. out:
  1788. return NULL;
  1789. }
  1790. struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net,
  1791. u32 if_id)
  1792. {
  1793. unsigned int h;
  1794. struct xfrm_state *x = NULL;
  1795. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  1796. if (m->reqid) {
  1797. h = xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr,
  1798. m->reqid, m->old_family);
  1799. hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_bydst, net) + h, bydst) {
  1800. if (x->props.mode != m->mode ||
  1801. x->id.proto != m->proto)
  1802. continue;
  1803. if (m->reqid && x->props.reqid != m->reqid)
  1804. continue;
  1805. if (if_id != 0 && x->if_id != if_id)
  1806. continue;
  1807. if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr,
  1808. m->old_family) ||
  1809. !xfrm_addr_equal(&x->props.saddr, &m->old_saddr,
  1810. m->old_family))
  1811. continue;
  1812. xfrm_state_hold(x);
  1813. break;
  1814. }
  1815. } else {
  1816. h = xfrm_src_hash(net, &m->old_daddr, &m->old_saddr,
  1817. m->old_family);
  1818. hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_bysrc, net) + h, bysrc) {
  1819. if (x->props.mode != m->mode ||
  1820. x->id.proto != m->proto)
  1821. continue;
  1822. if (if_id != 0 && x->if_id != if_id)
  1823. continue;
  1824. if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr,
  1825. m->old_family) ||
  1826. !xfrm_addr_equal(&x->props.saddr, &m->old_saddr,
  1827. m->old_family))
  1828. continue;
  1829. xfrm_state_hold(x);
  1830. break;
  1831. }
  1832. }
  1833. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  1834. return x;
  1835. }
  1836. EXPORT_SYMBOL(xfrm_migrate_state_find);
  1837. struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
  1838. struct xfrm_migrate *m,
  1839. struct xfrm_encap_tmpl *encap,
  1840. struct net *net,
  1841. struct xfrm_user_offload *xuo,
  1842. struct netlink_ext_ack *extack)
  1843. {
  1844. struct xfrm_state *xc;
  1845. xc = xfrm_state_clone_and_setup(x, encap, m);
  1846. if (!xc)
  1847. return NULL;
  1848. if (xfrm_init_state(xc) < 0)
  1849. goto error;
  1850. /* configure the hardware if offload is requested */
  1851. if (xuo && xfrm_dev_state_add(net, xc, xuo, extack))
  1852. goto error;
  1853. /* add state */
  1854. if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) {
  1855. /* a care is needed when the destination address of the
  1856. state is to be updated as it is a part of triplet */
  1857. xfrm_state_insert(xc);
  1858. } else {
  1859. if (xfrm_state_add(xc) < 0)
  1860. goto error_add;
  1861. }
  1862. return xc;
  1863. error_add:
  1864. if (xuo)
  1865. xfrm_dev_state_delete(xc);
  1866. error:
  1867. xc->km.state = XFRM_STATE_DEAD;
  1868. xfrm_state_put(xc);
  1869. return NULL;
  1870. }
  1871. EXPORT_SYMBOL(xfrm_state_migrate);
  1872. #endif
  1873. int xfrm_state_update(struct xfrm_state *x)
  1874. {
  1875. struct xfrm_state *x1, *to_put;
  1876. int err;
  1877. int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
  1878. struct net *net = xs_net(x);
  1879. to_put = NULL;
  1880. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  1881. x1 = __xfrm_state_locate(x, use_spi, x->props.family);
  1882. err = -ESRCH;
  1883. if (!x1)
  1884. goto out;
  1885. if (xfrm_state_kern(x1)) {
  1886. to_put = x1;
  1887. err = -EEXIST;
  1888. goto out;
  1889. }
  1890. if (x1->km.state == XFRM_STATE_ACQ) {
  1891. if (x->dir && x1->dir != x->dir) {
  1892. to_put = x1;
  1893. goto out;
  1894. }
  1895. __xfrm_state_insert(x);
  1896. x = NULL;
  1897. } else {
  1898. if (x1->dir != x->dir) {
  1899. to_put = x1;
  1900. goto out;
  1901. }
  1902. }
  1903. err = 0;
  1904. out:
  1905. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  1906. if (to_put)
  1907. xfrm_state_put(to_put);
  1908. if (err)
  1909. return err;
  1910. if (!x) {
  1911. xfrm_state_delete(x1);
  1912. xfrm_state_put(x1);
  1913. return 0;
  1914. }
  1915. err = -EINVAL;
  1916. spin_lock_bh(&x1->lock);
  1917. if (likely(x1->km.state == XFRM_STATE_VALID)) {
  1918. if (x->encap && x1->encap &&
  1919. x->encap->encap_type == x1->encap->encap_type)
  1920. memcpy(x1->encap, x->encap, sizeof(*x1->encap));
  1921. else if (x->encap || x1->encap)
  1922. goto fail;
  1923. if (x->coaddr && x1->coaddr) {
  1924. memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
  1925. }
  1926. if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
  1927. memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
  1928. memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
  1929. x1->km.dying = 0;
  1930. hrtimer_start(&x1->mtimer, ktime_set(1, 0),
  1931. HRTIMER_MODE_REL_SOFT);
  1932. if (READ_ONCE(x1->curlft.use_time))
  1933. xfrm_state_check_expire(x1);
  1934. if (x->props.smark.m || x->props.smark.v || x->if_id) {
  1935. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  1936. if (x->props.smark.m || x->props.smark.v)
  1937. x1->props.smark = x->props.smark;
  1938. if (x->if_id)
  1939. x1->if_id = x->if_id;
  1940. __xfrm_state_bump_genids(x1);
  1941. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  1942. }
  1943. err = 0;
  1944. x->km.state = XFRM_STATE_DEAD;
  1945. xfrm_dev_state_delete(x);
  1946. __xfrm_state_put(x);
  1947. }
  1948. fail:
  1949. spin_unlock_bh(&x1->lock);
  1950. xfrm_state_put(x1);
  1951. return err;
  1952. }
  1953. EXPORT_SYMBOL(xfrm_state_update);
  1954. int xfrm_state_check_expire(struct xfrm_state *x)
  1955. {
  1956. /* All counters which are needed to decide if state is expired
  1957. * are handled by SW for non-packet offload modes. Simply skip
  1958. * the following update and save extra boilerplate in drivers.
  1959. */
  1960. if (x->xso.type == XFRM_DEV_OFFLOAD_PACKET)
  1961. xfrm_dev_state_update_stats(x);
  1962. if (!READ_ONCE(x->curlft.use_time))
  1963. WRITE_ONCE(x->curlft.use_time, ktime_get_real_seconds());
  1964. if (x->curlft.bytes >= x->lft.hard_byte_limit ||
  1965. x->curlft.packets >= x->lft.hard_packet_limit) {
  1966. x->km.state = XFRM_STATE_EXPIRED;
  1967. hrtimer_start(&x->mtimer, 0, HRTIMER_MODE_REL_SOFT);
  1968. return -EINVAL;
  1969. }
  1970. if (!x->km.dying &&
  1971. (x->curlft.bytes >= x->lft.soft_byte_limit ||
  1972. x->curlft.packets >= x->lft.soft_packet_limit)) {
  1973. x->km.dying = 1;
  1974. km_state_expired(x, 0, 0);
  1975. }
  1976. return 0;
  1977. }
  1978. EXPORT_SYMBOL(xfrm_state_check_expire);
  1979. void xfrm_state_update_stats(struct net *net)
  1980. {
  1981. struct xfrm_state *x;
  1982. int i;
  1983. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  1984. for (i = 0; i <= net->xfrm.state_hmask; i++) {
  1985. hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_bydst, net) + i, bydst)
  1986. xfrm_dev_state_update_stats(x);
  1987. }
  1988. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  1989. }
  1990. struct xfrm_state *
  1991. xfrm_state_lookup(struct net *net, u32 mark, const xfrm_address_t *daddr, __be32 spi,
  1992. u8 proto, unsigned short family)
  1993. {
  1994. struct xfrm_hash_state_ptrs state_ptrs;
  1995. struct xfrm_state *x;
  1996. rcu_read_lock();
  1997. xfrm_hash_ptrs_get(net, &state_ptrs);
  1998. x = __xfrm_state_lookup(&state_ptrs, mark, daddr, spi, proto, family);
  1999. rcu_read_unlock();
  2000. return x;
  2001. }
  2002. EXPORT_SYMBOL(xfrm_state_lookup);
  2003. struct xfrm_state *
  2004. xfrm_state_lookup_byaddr(struct net *net, u32 mark,
  2005. const xfrm_address_t *daddr, const xfrm_address_t *saddr,
  2006. u8 proto, unsigned short family)
  2007. {
  2008. struct xfrm_hash_state_ptrs state_ptrs;
  2009. struct xfrm_state *x;
  2010. rcu_read_lock();
  2011. xfrm_hash_ptrs_get(net, &state_ptrs);
  2012. x = __xfrm_state_lookup_byaddr(&state_ptrs, mark, daddr, saddr, proto, family);
  2013. rcu_read_unlock();
  2014. return x;
  2015. }
  2016. EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
  2017. struct xfrm_state *
  2018. xfrm_find_acq(struct net *net, const struct xfrm_mark *mark, u8 mode, u32 reqid,
  2019. u32 if_id, u32 pcpu_num, u8 proto, const xfrm_address_t *daddr,
  2020. const xfrm_address_t *saddr, int create, unsigned short family)
  2021. {
  2022. struct xfrm_state *x;
  2023. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  2024. x = __find_acq_core(net, mark, family, mode, reqid, if_id, pcpu_num,
  2025. proto, daddr, saddr, create);
  2026. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  2027. return x;
  2028. }
  2029. EXPORT_SYMBOL(xfrm_find_acq);
  2030. #ifdef CONFIG_XFRM_SUB_POLICY
  2031. #if IS_ENABLED(CONFIG_IPV6)
  2032. /* distribution counting sort function for xfrm_state and xfrm_tmpl */
  2033. static void
  2034. __xfrm6_sort(void **dst, void **src, int n,
  2035. int (*cmp)(const void *p), int maxclass)
  2036. {
  2037. int count[XFRM_MAX_DEPTH] = { };
  2038. int class[XFRM_MAX_DEPTH];
  2039. int i;
  2040. for (i = 0; i < n; i++) {
  2041. int c = cmp(src[i]);
  2042. class[i] = c;
  2043. count[c]++;
  2044. }
  2045. for (i = 2; i < maxclass; i++)
  2046. count[i] += count[i - 1];
  2047. for (i = 0; i < n; i++) {
  2048. dst[count[class[i] - 1]++] = src[i];
  2049. src[i] = NULL;
  2050. }
  2051. }
  2052. /* Rule for xfrm_state:
  2053. *
  2054. * rule 1: select IPsec transport except AH
  2055. * rule 2: select MIPv6 RO or inbound trigger
  2056. * rule 3: select IPsec transport AH
  2057. * rule 4: select IPsec tunnel
  2058. * rule 5: others
  2059. */
  2060. static int __xfrm6_state_sort_cmp(const void *p)
  2061. {
  2062. const struct xfrm_state *v = p;
  2063. switch (v->props.mode) {
  2064. case XFRM_MODE_TRANSPORT:
  2065. if (v->id.proto != IPPROTO_AH)
  2066. return 1;
  2067. else
  2068. return 3;
  2069. #if IS_ENABLED(CONFIG_IPV6_MIP6)
  2070. case XFRM_MODE_ROUTEOPTIMIZATION:
  2071. case XFRM_MODE_IN_TRIGGER:
  2072. return 2;
  2073. #endif
  2074. case XFRM_MODE_TUNNEL:
  2075. case XFRM_MODE_BEET:
  2076. case XFRM_MODE_IPTFS:
  2077. return 4;
  2078. }
  2079. return 5;
  2080. }
  2081. /* Rule for xfrm_tmpl:
  2082. *
  2083. * rule 1: select IPsec transport
  2084. * rule 2: select MIPv6 RO or inbound trigger
  2085. * rule 3: select IPsec tunnel
  2086. * rule 4: others
  2087. */
  2088. static int __xfrm6_tmpl_sort_cmp(const void *p)
  2089. {
  2090. const struct xfrm_tmpl *v = p;
  2091. switch (v->mode) {
  2092. case XFRM_MODE_TRANSPORT:
  2093. return 1;
  2094. #if IS_ENABLED(CONFIG_IPV6_MIP6)
  2095. case XFRM_MODE_ROUTEOPTIMIZATION:
  2096. case XFRM_MODE_IN_TRIGGER:
  2097. return 2;
  2098. #endif
  2099. case XFRM_MODE_TUNNEL:
  2100. case XFRM_MODE_BEET:
  2101. case XFRM_MODE_IPTFS:
  2102. return 3;
  2103. }
  2104. return 4;
  2105. }
  2106. #else
  2107. static inline int __xfrm6_state_sort_cmp(const void *p) { return 5; }
  2108. static inline int __xfrm6_tmpl_sort_cmp(const void *p) { return 4; }
  2109. static inline void
  2110. __xfrm6_sort(void **dst, void **src, int n,
  2111. int (*cmp)(const void *p), int maxclass)
  2112. {
  2113. int i;
  2114. for (i = 0; i < n; i++)
  2115. dst[i] = src[i];
  2116. }
  2117. #endif /* CONFIG_IPV6 */
  2118. void
  2119. xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
  2120. unsigned short family)
  2121. {
  2122. int i;
  2123. if (family == AF_INET6)
  2124. __xfrm6_sort((void **)dst, (void **)src, n,
  2125. __xfrm6_tmpl_sort_cmp, 5);
  2126. else
  2127. for (i = 0; i < n; i++)
  2128. dst[i] = src[i];
  2129. }
  2130. void
  2131. xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
  2132. unsigned short family)
  2133. {
  2134. int i;
  2135. if (family == AF_INET6)
  2136. __xfrm6_sort((void **)dst, (void **)src, n,
  2137. __xfrm6_state_sort_cmp, 6);
  2138. else
  2139. for (i = 0; i < n; i++)
  2140. dst[i] = src[i];
  2141. }
  2142. #endif
  2143. /* Silly enough, but I'm lazy to build resolution list */
  2144. static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq, u32 pcpu_num)
  2145. {
  2146. unsigned int h = xfrm_seq_hash(net, seq);
  2147. struct xfrm_state *x;
  2148. hlist_for_each_entry(x, xfrm_state_deref_prot(net->xfrm.state_byseq, net) + h, byseq) {
  2149. if (x->km.seq == seq &&
  2150. (mark & x->mark.m) == x->mark.v &&
  2151. x->pcpu_num == pcpu_num &&
  2152. x->km.state == XFRM_STATE_ACQ) {
  2153. xfrm_state_hold(x);
  2154. return x;
  2155. }
  2156. }
  2157. return NULL;
  2158. }
  2159. struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq, u32 pcpu_num)
  2160. {
  2161. struct xfrm_state *x;
  2162. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  2163. x = __xfrm_find_acq_byseq(net, mark, seq, pcpu_num);
  2164. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  2165. return x;
  2166. }
  2167. EXPORT_SYMBOL(xfrm_find_acq_byseq);
  2168. u32 xfrm_get_acqseq(void)
  2169. {
  2170. u32 res;
  2171. static atomic_t acqseq;
  2172. do {
  2173. res = atomic_inc_return(&acqseq);
  2174. } while (!res);
  2175. return res;
  2176. }
  2177. EXPORT_SYMBOL(xfrm_get_acqseq);
  2178. int verify_spi_info(u8 proto, u32 min, u32 max, struct netlink_ext_ack *extack)
  2179. {
  2180. switch (proto) {
  2181. case IPPROTO_AH:
  2182. case IPPROTO_ESP:
  2183. break;
  2184. case IPPROTO_COMP:
  2185. /* IPCOMP spi is 16-bits. */
  2186. if (max >= 0x10000) {
  2187. NL_SET_ERR_MSG(extack, "IPCOMP SPI must be <= 65535");
  2188. return -EINVAL;
  2189. }
  2190. break;
  2191. default:
  2192. NL_SET_ERR_MSG(extack, "Invalid protocol, must be one of AH, ESP, IPCOMP");
  2193. return -EINVAL;
  2194. }
  2195. if (min > max) {
  2196. NL_SET_ERR_MSG(extack, "Invalid SPI range: min > max");
  2197. return -EINVAL;
  2198. }
  2199. return 0;
  2200. }
  2201. EXPORT_SYMBOL(verify_spi_info);
  2202. int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high,
  2203. struct netlink_ext_ack *extack)
  2204. {
  2205. struct net *net = xs_net(x);
  2206. unsigned int h;
  2207. struct xfrm_state *x0;
  2208. int err = -ENOENT;
  2209. u32 range = high - low + 1;
  2210. __be32 newspi = 0;
  2211. spin_lock_bh(&x->lock);
  2212. if (x->km.state == XFRM_STATE_DEAD) {
  2213. NL_SET_ERR_MSG(extack, "Target ACQUIRE is in DEAD state");
  2214. goto unlock;
  2215. }
  2216. err = 0;
  2217. if (x->id.spi)
  2218. goto unlock;
  2219. err = -ENOENT;
  2220. for (h = 0; h < range; h++) {
  2221. u32 spi = (low == high) ? low : get_random_u32_inclusive(low, high);
  2222. if (spi == 0)
  2223. goto next;
  2224. newspi = htonl(spi);
  2225. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  2226. x0 = xfrm_state_lookup_spi_proto(net, newspi, x->id.proto);
  2227. if (!x0) {
  2228. x->id.spi = newspi;
  2229. h = xfrm_spi_hash(net, &x->id.daddr, newspi, x->id.proto, x->props.family);
  2230. XFRM_STATE_INSERT(byspi, &x->byspi,
  2231. xfrm_state_deref_prot(net->xfrm.state_byspi, net) + h,
  2232. x->xso.type);
  2233. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  2234. err = 0;
  2235. goto unlock;
  2236. }
  2237. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  2238. next:
  2239. if (signal_pending(current)) {
  2240. err = -ERESTARTSYS;
  2241. goto unlock;
  2242. }
  2243. if (low == high)
  2244. break;
  2245. }
  2246. if (err)
  2247. NL_SET_ERR_MSG(extack, "No SPI available in the requested range");
  2248. unlock:
  2249. spin_unlock_bh(&x->lock);
  2250. return err;
  2251. }
  2252. EXPORT_SYMBOL(xfrm_alloc_spi);
  2253. static bool __xfrm_state_filter_match(struct xfrm_state *x,
  2254. struct xfrm_address_filter *filter)
  2255. {
  2256. if (filter) {
  2257. if ((filter->family == AF_INET ||
  2258. filter->family == AF_INET6) &&
  2259. x->props.family != filter->family)
  2260. return false;
  2261. return addr_match(&x->props.saddr, &filter->saddr,
  2262. filter->splen) &&
  2263. addr_match(&x->id.daddr, &filter->daddr,
  2264. filter->dplen);
  2265. }
  2266. return true;
  2267. }
  2268. int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
  2269. int (*func)(struct xfrm_state *, int, void*),
  2270. void *data)
  2271. {
  2272. struct xfrm_state *state;
  2273. struct xfrm_state_walk *x;
  2274. int err = 0;
  2275. if (walk->seq != 0 && list_empty(&walk->all))
  2276. return 0;
  2277. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  2278. if (list_empty(&walk->all))
  2279. x = list_first_entry(&net->xfrm.state_all, struct xfrm_state_walk, all);
  2280. else
  2281. x = list_first_entry(&walk->all, struct xfrm_state_walk, all);
  2282. list_for_each_entry_from(x, &net->xfrm.state_all, all) {
  2283. if (x->state == XFRM_STATE_DEAD)
  2284. continue;
  2285. state = container_of(x, struct xfrm_state, km);
  2286. if (!xfrm_id_proto_match(state->id.proto, walk->proto))
  2287. continue;
  2288. if (!__xfrm_state_filter_match(state, walk->filter))
  2289. continue;
  2290. err = func(state, walk->seq, data);
  2291. if (err) {
  2292. list_move_tail(&walk->all, &x->all);
  2293. goto out;
  2294. }
  2295. walk->seq++;
  2296. }
  2297. if (walk->seq == 0) {
  2298. err = -ENOENT;
  2299. goto out;
  2300. }
  2301. list_del_init(&walk->all);
  2302. out:
  2303. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  2304. return err;
  2305. }
  2306. EXPORT_SYMBOL(xfrm_state_walk);
  2307. void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto,
  2308. struct xfrm_address_filter *filter)
  2309. {
  2310. INIT_LIST_HEAD(&walk->all);
  2311. walk->proto = proto;
  2312. walk->state = XFRM_STATE_DEAD;
  2313. walk->seq = 0;
  2314. walk->filter = filter;
  2315. }
  2316. EXPORT_SYMBOL(xfrm_state_walk_init);
  2317. void xfrm_state_walk_done(struct xfrm_state_walk *walk, struct net *net)
  2318. {
  2319. kfree(walk->filter);
  2320. if (list_empty(&walk->all))
  2321. return;
  2322. spin_lock_bh(&net->xfrm.xfrm_state_lock);
  2323. list_del(&walk->all);
  2324. spin_unlock_bh(&net->xfrm.xfrm_state_lock);
  2325. }
  2326. EXPORT_SYMBOL(xfrm_state_walk_done);
  2327. static void xfrm_replay_timer_handler(struct timer_list *t)
  2328. {
  2329. struct xfrm_state *x = timer_container_of(x, t, rtimer);
  2330. spin_lock(&x->lock);
  2331. if (x->km.state == XFRM_STATE_VALID) {
  2332. if (xfrm_aevent_is_on(xs_net(x)))
  2333. xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
  2334. else
  2335. x->xflags |= XFRM_TIME_DEFER;
  2336. }
  2337. spin_unlock(&x->lock);
  2338. }
  2339. static LIST_HEAD(xfrm_km_list);
  2340. void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
  2341. {
  2342. struct xfrm_mgr *km;
  2343. rcu_read_lock();
  2344. list_for_each_entry_rcu(km, &xfrm_km_list, list)
  2345. if (km->notify_policy)
  2346. km->notify_policy(xp, dir, c);
  2347. rcu_read_unlock();
  2348. }
  2349. void km_state_notify(struct xfrm_state *x, const struct km_event *c)
  2350. {
  2351. struct xfrm_mgr *km;
  2352. rcu_read_lock();
  2353. list_for_each_entry_rcu(km, &xfrm_km_list, list)
  2354. if (km->notify)
  2355. km->notify(x, c);
  2356. rcu_read_unlock();
  2357. }
  2358. EXPORT_SYMBOL(km_policy_notify);
  2359. EXPORT_SYMBOL(km_state_notify);
  2360. void km_state_expired(struct xfrm_state *x, int hard, u32 portid)
  2361. {
  2362. struct km_event c;
  2363. c.data.hard = hard;
  2364. c.portid = portid;
  2365. c.event = XFRM_MSG_EXPIRE;
  2366. km_state_notify(x, &c);
  2367. }
  2368. EXPORT_SYMBOL(km_state_expired);
  2369. /*
  2370. * We send to all registered managers regardless of failure
  2371. * We are happy with one success
  2372. */
  2373. int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
  2374. {
  2375. int err = -EINVAL, acqret;
  2376. struct xfrm_mgr *km;
  2377. rcu_read_lock();
  2378. list_for_each_entry_rcu(km, &xfrm_km_list, list) {
  2379. acqret = km->acquire(x, t, pol);
  2380. if (!acqret)
  2381. err = acqret;
  2382. }
  2383. rcu_read_unlock();
  2384. return err;
  2385. }
  2386. EXPORT_SYMBOL(km_query);
  2387. static int __km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
  2388. {
  2389. int err = -EINVAL;
  2390. struct xfrm_mgr *km;
  2391. rcu_read_lock();
  2392. list_for_each_entry_rcu(km, &xfrm_km_list, list) {
  2393. if (km->new_mapping)
  2394. err = km->new_mapping(x, ipaddr, sport);
  2395. if (!err)
  2396. break;
  2397. }
  2398. rcu_read_unlock();
  2399. return err;
  2400. }
  2401. int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
  2402. {
  2403. int ret = 0;
  2404. if (x->mapping_maxage) {
  2405. if ((jiffies / HZ - x->new_mapping) > x->mapping_maxage ||
  2406. x->new_mapping_sport != sport) {
  2407. x->new_mapping_sport = sport;
  2408. x->new_mapping = jiffies / HZ;
  2409. ret = __km_new_mapping(x, ipaddr, sport);
  2410. }
  2411. } else {
  2412. ret = __km_new_mapping(x, ipaddr, sport);
  2413. }
  2414. return ret;
  2415. }
  2416. EXPORT_SYMBOL(km_new_mapping);
  2417. void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid)
  2418. {
  2419. struct km_event c;
  2420. c.data.hard = hard;
  2421. c.portid = portid;
  2422. c.event = XFRM_MSG_POLEXPIRE;
  2423. km_policy_notify(pol, dir, &c);
  2424. }
  2425. EXPORT_SYMBOL(km_policy_expired);
  2426. #ifdef CONFIG_XFRM_MIGRATE
  2427. int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
  2428. const struct xfrm_migrate *m, int num_migrate,
  2429. const struct xfrm_kmaddress *k,
  2430. const struct xfrm_encap_tmpl *encap)
  2431. {
  2432. int err = -EINVAL;
  2433. int ret;
  2434. struct xfrm_mgr *km;
  2435. rcu_read_lock();
  2436. list_for_each_entry_rcu(km, &xfrm_km_list, list) {
  2437. if (km->migrate) {
  2438. ret = km->migrate(sel, dir, type, m, num_migrate, k,
  2439. encap);
  2440. if (!ret)
  2441. err = ret;
  2442. }
  2443. }
  2444. rcu_read_unlock();
  2445. return err;
  2446. }
  2447. EXPORT_SYMBOL(km_migrate);
  2448. #endif
  2449. int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
  2450. {
  2451. int err = -EINVAL;
  2452. int ret;
  2453. struct xfrm_mgr *km;
  2454. rcu_read_lock();
  2455. list_for_each_entry_rcu(km, &xfrm_km_list, list) {
  2456. if (km->report) {
  2457. ret = km->report(net, proto, sel, addr);
  2458. if (!ret)
  2459. err = ret;
  2460. }
  2461. }
  2462. rcu_read_unlock();
  2463. return err;
  2464. }
  2465. EXPORT_SYMBOL(km_report);
  2466. static bool km_is_alive(const struct km_event *c)
  2467. {
  2468. struct xfrm_mgr *km;
  2469. bool is_alive = false;
  2470. rcu_read_lock();
  2471. list_for_each_entry_rcu(km, &xfrm_km_list, list) {
  2472. if (km->is_alive && km->is_alive(c)) {
  2473. is_alive = true;
  2474. break;
  2475. }
  2476. }
  2477. rcu_read_unlock();
  2478. return is_alive;
  2479. }
  2480. #if IS_ENABLED(CONFIG_XFRM_USER_COMPAT)
  2481. static DEFINE_SPINLOCK(xfrm_translator_lock);
  2482. static struct xfrm_translator __rcu *xfrm_translator;
  2483. struct xfrm_translator *xfrm_get_translator(void)
  2484. {
  2485. struct xfrm_translator *xtr;
  2486. rcu_read_lock();
  2487. xtr = rcu_dereference(xfrm_translator);
  2488. if (unlikely(!xtr))
  2489. goto out;
  2490. if (!try_module_get(xtr->owner))
  2491. xtr = NULL;
  2492. out:
  2493. rcu_read_unlock();
  2494. return xtr;
  2495. }
  2496. EXPORT_SYMBOL_GPL(xfrm_get_translator);
  2497. void xfrm_put_translator(struct xfrm_translator *xtr)
  2498. {
  2499. module_put(xtr->owner);
  2500. }
  2501. EXPORT_SYMBOL_GPL(xfrm_put_translator);
  2502. int xfrm_register_translator(struct xfrm_translator *xtr)
  2503. {
  2504. int err = 0;
  2505. spin_lock_bh(&xfrm_translator_lock);
  2506. if (unlikely(xfrm_translator != NULL))
  2507. err = -EEXIST;
  2508. else
  2509. rcu_assign_pointer(xfrm_translator, xtr);
  2510. spin_unlock_bh(&xfrm_translator_lock);
  2511. return err;
  2512. }
  2513. EXPORT_SYMBOL_GPL(xfrm_register_translator);
  2514. int xfrm_unregister_translator(struct xfrm_translator *xtr)
  2515. {
  2516. int err = 0;
  2517. spin_lock_bh(&xfrm_translator_lock);
  2518. if (likely(xfrm_translator != NULL)) {
  2519. if (rcu_access_pointer(xfrm_translator) != xtr)
  2520. err = -EINVAL;
  2521. else
  2522. RCU_INIT_POINTER(xfrm_translator, NULL);
  2523. }
  2524. spin_unlock_bh(&xfrm_translator_lock);
  2525. synchronize_rcu();
  2526. return err;
  2527. }
  2528. EXPORT_SYMBOL_GPL(xfrm_unregister_translator);
  2529. #endif
  2530. int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval, int optlen)
  2531. {
  2532. int err;
  2533. u8 *data;
  2534. struct xfrm_mgr *km;
  2535. struct xfrm_policy *pol = NULL;
  2536. if (sockptr_is_null(optval) && !optlen) {
  2537. xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL);
  2538. xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL);
  2539. __sk_dst_reset(sk);
  2540. return 0;
  2541. }
  2542. if (optlen <= 0 || optlen > PAGE_SIZE)
  2543. return -EMSGSIZE;
  2544. data = memdup_sockptr(optval, optlen);
  2545. if (IS_ERR(data))
  2546. return PTR_ERR(data);
  2547. if (in_compat_syscall()) {
  2548. struct xfrm_translator *xtr = xfrm_get_translator();
  2549. if (!xtr) {
  2550. kfree(data);
  2551. return -EOPNOTSUPP;
  2552. }
  2553. err = xtr->xlate_user_policy_sockptr(&data, optlen);
  2554. xfrm_put_translator(xtr);
  2555. if (err) {
  2556. kfree(data);
  2557. return err;
  2558. }
  2559. }
  2560. err = -EINVAL;
  2561. rcu_read_lock();
  2562. list_for_each_entry_rcu(km, &xfrm_km_list, list) {
  2563. pol = km->compile_policy(sk, optname, data,
  2564. optlen, &err);
  2565. if (err >= 0)
  2566. break;
  2567. }
  2568. rcu_read_unlock();
  2569. if (err >= 0) {
  2570. xfrm_sk_policy_insert(sk, err, pol);
  2571. xfrm_pol_put(pol);
  2572. __sk_dst_reset(sk);
  2573. err = 0;
  2574. }
  2575. kfree(data);
  2576. return err;
  2577. }
  2578. EXPORT_SYMBOL(xfrm_user_policy);
  2579. static DEFINE_SPINLOCK(xfrm_km_lock);
  2580. void xfrm_register_km(struct xfrm_mgr *km)
  2581. {
  2582. spin_lock_bh(&xfrm_km_lock);
  2583. list_add_tail_rcu(&km->list, &xfrm_km_list);
  2584. spin_unlock_bh(&xfrm_km_lock);
  2585. }
  2586. EXPORT_SYMBOL(xfrm_register_km);
  2587. void xfrm_unregister_km(struct xfrm_mgr *km)
  2588. {
  2589. spin_lock_bh(&xfrm_km_lock);
  2590. list_del_rcu(&km->list);
  2591. spin_unlock_bh(&xfrm_km_lock);
  2592. synchronize_rcu();
  2593. }
  2594. EXPORT_SYMBOL(xfrm_unregister_km);
  2595. int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
  2596. {
  2597. int err = 0;
  2598. if (WARN_ON(afinfo->family >= NPROTO))
  2599. return -EAFNOSUPPORT;
  2600. spin_lock_bh(&xfrm_state_afinfo_lock);
  2601. if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
  2602. err = -EEXIST;
  2603. else
  2604. rcu_assign_pointer(xfrm_state_afinfo[afinfo->family], afinfo);
  2605. spin_unlock_bh(&xfrm_state_afinfo_lock);
  2606. return err;
  2607. }
  2608. EXPORT_SYMBOL(xfrm_state_register_afinfo);
  2609. int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
  2610. {
  2611. int err = 0, family = afinfo->family;
  2612. if (WARN_ON(family >= NPROTO))
  2613. return -EAFNOSUPPORT;
  2614. spin_lock_bh(&xfrm_state_afinfo_lock);
  2615. if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
  2616. if (rcu_access_pointer(xfrm_state_afinfo[family]) != afinfo)
  2617. err = -EINVAL;
  2618. else
  2619. RCU_INIT_POINTER(xfrm_state_afinfo[afinfo->family], NULL);
  2620. }
  2621. spin_unlock_bh(&xfrm_state_afinfo_lock);
  2622. synchronize_rcu();
  2623. return err;
  2624. }
  2625. EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
  2626. struct xfrm_state_afinfo *xfrm_state_afinfo_get_rcu(unsigned int family)
  2627. {
  2628. if (unlikely(family >= NPROTO))
  2629. return NULL;
  2630. return rcu_dereference(xfrm_state_afinfo[family]);
  2631. }
  2632. EXPORT_SYMBOL_GPL(xfrm_state_afinfo_get_rcu);
  2633. struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
  2634. {
  2635. struct xfrm_state_afinfo *afinfo;
  2636. if (unlikely(family >= NPROTO))
  2637. return NULL;
  2638. rcu_read_lock();
  2639. afinfo = rcu_dereference(xfrm_state_afinfo[family]);
  2640. if (unlikely(!afinfo))
  2641. rcu_read_unlock();
  2642. return afinfo;
  2643. }
  2644. void xfrm_flush_gc(void)
  2645. {
  2646. flush_work(&xfrm_state_gc_work);
  2647. }
  2648. EXPORT_SYMBOL(xfrm_flush_gc);
  2649. static void xfrm_state_delete_tunnel(struct xfrm_state *x)
  2650. {
  2651. if (x->tunnel) {
  2652. struct xfrm_state *t = x->tunnel;
  2653. if (atomic_dec_return(&t->tunnel_users) == 1)
  2654. xfrm_state_delete(t);
  2655. xfrm_state_put(t);
  2656. x->tunnel = NULL;
  2657. }
  2658. }
  2659. u32 xfrm_state_mtu(struct xfrm_state *x, int mtu)
  2660. {
  2661. const struct xfrm_type *type = READ_ONCE(x->type);
  2662. struct crypto_aead *aead;
  2663. u32 blksize, net_adj = 0;
  2664. if (x->km.state != XFRM_STATE_VALID ||
  2665. !type || type->proto != IPPROTO_ESP)
  2666. return mtu - x->props.header_len;
  2667. aead = x->data;
  2668. blksize = ALIGN(crypto_aead_blocksize(aead), 4);
  2669. switch (x->props.mode) {
  2670. case XFRM_MODE_TRANSPORT:
  2671. case XFRM_MODE_BEET:
  2672. if (x->props.family == AF_INET)
  2673. net_adj = sizeof(struct iphdr);
  2674. else if (x->props.family == AF_INET6)
  2675. net_adj = sizeof(struct ipv6hdr);
  2676. break;
  2677. case XFRM_MODE_TUNNEL:
  2678. break;
  2679. default:
  2680. if (x->mode_cbs && x->mode_cbs->get_inner_mtu)
  2681. return x->mode_cbs->get_inner_mtu(x, mtu);
  2682. WARN_ON_ONCE(1);
  2683. break;
  2684. }
  2685. return ((mtu - x->props.header_len - crypto_aead_authsize(aead) -
  2686. net_adj) & ~(blksize - 1)) + net_adj - 2;
  2687. }
  2688. EXPORT_SYMBOL_GPL(xfrm_state_mtu);
  2689. int __xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
  2690. {
  2691. const struct xfrm_mode *inner_mode;
  2692. const struct xfrm_mode *outer_mode;
  2693. int family = x->props.family;
  2694. int err;
  2695. if (family == AF_INET &&
  2696. (!x->dir || x->dir == XFRM_SA_DIR_OUT) &&
  2697. READ_ONCE(xs_net(x)->ipv4.sysctl_ip_no_pmtu_disc))
  2698. x->props.flags |= XFRM_STATE_NOPMTUDISC;
  2699. err = -EPROTONOSUPPORT;
  2700. if (x->sel.family != AF_UNSPEC) {
  2701. inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
  2702. if (inner_mode == NULL) {
  2703. NL_SET_ERR_MSG(extack, "Requested mode not found");
  2704. goto error;
  2705. }
  2706. if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
  2707. family != x->sel.family) {
  2708. NL_SET_ERR_MSG(extack, "Only tunnel modes can accommodate a change of family");
  2709. goto error;
  2710. }
  2711. x->inner_mode = *inner_mode;
  2712. } else {
  2713. const struct xfrm_mode *inner_mode_iaf;
  2714. int iafamily = AF_INET;
  2715. inner_mode = xfrm_get_mode(x->props.mode, x->props.family);
  2716. if (inner_mode == NULL) {
  2717. NL_SET_ERR_MSG(extack, "Requested mode not found");
  2718. goto error;
  2719. }
  2720. x->inner_mode = *inner_mode;
  2721. if (x->props.family == AF_INET)
  2722. iafamily = AF_INET6;
  2723. inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily);
  2724. if (inner_mode_iaf) {
  2725. if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)
  2726. x->inner_mode_iaf = *inner_mode_iaf;
  2727. }
  2728. }
  2729. x->type = xfrm_get_type(x->id.proto, family);
  2730. if (x->type == NULL) {
  2731. NL_SET_ERR_MSG(extack, "Requested type not found");
  2732. goto error;
  2733. }
  2734. err = x->type->init_state(x, extack);
  2735. if (err)
  2736. goto error;
  2737. outer_mode = xfrm_get_mode(x->props.mode, family);
  2738. if (!outer_mode) {
  2739. NL_SET_ERR_MSG(extack, "Requested mode not found");
  2740. err = -EPROTONOSUPPORT;
  2741. goto error;
  2742. }
  2743. x->outer_mode = *outer_mode;
  2744. if (x->nat_keepalive_interval) {
  2745. if (x->dir != XFRM_SA_DIR_OUT) {
  2746. NL_SET_ERR_MSG(extack, "NAT keepalive is only supported for outbound SAs");
  2747. err = -EINVAL;
  2748. goto error;
  2749. }
  2750. if (!x->encap || x->encap->encap_type != UDP_ENCAP_ESPINUDP) {
  2751. NL_SET_ERR_MSG(extack,
  2752. "NAT keepalive is only supported for UDP encapsulation");
  2753. err = -EINVAL;
  2754. goto error;
  2755. }
  2756. }
  2757. x->mode_cbs = xfrm_get_mode_cbs(x->props.mode);
  2758. if (x->mode_cbs) {
  2759. if (x->mode_cbs->init_state)
  2760. err = x->mode_cbs->init_state(x);
  2761. module_put(x->mode_cbs->owner);
  2762. }
  2763. error:
  2764. return err;
  2765. }
  2766. EXPORT_SYMBOL(__xfrm_init_state);
  2767. int xfrm_init_state(struct xfrm_state *x)
  2768. {
  2769. int err;
  2770. err = __xfrm_init_state(x, NULL);
  2771. if (err)
  2772. return err;
  2773. err = xfrm_init_replay(x, NULL);
  2774. if (err)
  2775. return err;
  2776. x->km.state = XFRM_STATE_VALID;
  2777. return 0;
  2778. }
  2779. EXPORT_SYMBOL(xfrm_init_state);
  2780. int __net_init xfrm_state_init(struct net *net)
  2781. {
  2782. struct hlist_head *ndst, *nsrc, *nspi, *nseq;
  2783. unsigned int sz;
  2784. if (net_eq(net, &init_net))
  2785. xfrm_state_cache = KMEM_CACHE(xfrm_state,
  2786. SLAB_HWCACHE_ALIGN | SLAB_PANIC);
  2787. INIT_LIST_HEAD(&net->xfrm.state_all);
  2788. sz = sizeof(struct hlist_head) * 8;
  2789. ndst = xfrm_hash_alloc(sz);
  2790. if (!ndst)
  2791. goto out_bydst;
  2792. rcu_assign_pointer(net->xfrm.state_bydst, ndst);
  2793. nsrc = xfrm_hash_alloc(sz);
  2794. if (!nsrc)
  2795. goto out_bysrc;
  2796. rcu_assign_pointer(net->xfrm.state_bysrc, nsrc);
  2797. nspi = xfrm_hash_alloc(sz);
  2798. if (!nspi)
  2799. goto out_byspi;
  2800. rcu_assign_pointer(net->xfrm.state_byspi, nspi);
  2801. nseq = xfrm_hash_alloc(sz);
  2802. if (!nseq)
  2803. goto out_byseq;
  2804. rcu_assign_pointer(net->xfrm.state_byseq, nseq);
  2805. net->xfrm.state_cache_input = alloc_percpu(struct hlist_head);
  2806. if (!net->xfrm.state_cache_input)
  2807. goto out_state_cache_input;
  2808. net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
  2809. net->xfrm.state_num = 0;
  2810. INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
  2811. spin_lock_init(&net->xfrm.xfrm_state_lock);
  2812. seqcount_spinlock_init(&net->xfrm.xfrm_state_hash_generation,
  2813. &net->xfrm.xfrm_state_lock);
  2814. return 0;
  2815. out_state_cache_input:
  2816. xfrm_hash_free(nseq, sz);
  2817. out_byseq:
  2818. xfrm_hash_free(nspi, sz);
  2819. out_byspi:
  2820. xfrm_hash_free(nsrc, sz);
  2821. out_bysrc:
  2822. xfrm_hash_free(ndst, sz);
  2823. out_bydst:
  2824. return -ENOMEM;
  2825. }
  2826. #define xfrm_state_deref_netexit(table) \
  2827. rcu_dereference_protected((table), true /* netns is going away */)
  2828. void xfrm_state_fini(struct net *net)
  2829. {
  2830. unsigned int sz;
  2831. int i;
  2832. flush_work(&net->xfrm.state_hash_work);
  2833. xfrm_state_flush(net, 0, false);
  2834. flush_work(&xfrm_state_gc_work);
  2835. WARN_ON(!list_empty(&net->xfrm.state_all));
  2836. for (i = 0; i <= net->xfrm.state_hmask; i++) {
  2837. WARN_ON(!hlist_empty(xfrm_state_deref_netexit(net->xfrm.state_byseq) + i));
  2838. WARN_ON(!hlist_empty(xfrm_state_deref_netexit(net->xfrm.state_byspi) + i));
  2839. WARN_ON(!hlist_empty(xfrm_state_deref_netexit(net->xfrm.state_bysrc) + i));
  2840. WARN_ON(!hlist_empty(xfrm_state_deref_netexit(net->xfrm.state_bydst) + i));
  2841. }
  2842. sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
  2843. xfrm_hash_free(xfrm_state_deref_netexit(net->xfrm.state_byseq), sz);
  2844. xfrm_hash_free(xfrm_state_deref_netexit(net->xfrm.state_byspi), sz);
  2845. xfrm_hash_free(xfrm_state_deref_netexit(net->xfrm.state_bysrc), sz);
  2846. xfrm_hash_free(xfrm_state_deref_netexit(net->xfrm.state_bydst), sz);
  2847. free_percpu(net->xfrm.state_cache_input);
  2848. }
  2849. #ifdef CONFIG_AUDITSYSCALL
  2850. static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
  2851. struct audit_buffer *audit_buf)
  2852. {
  2853. struct xfrm_sec_ctx *ctx = x->security;
  2854. u32 spi = ntohl(x->id.spi);
  2855. if (ctx)
  2856. audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
  2857. ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
  2858. switch (x->props.family) {
  2859. case AF_INET:
  2860. audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
  2861. &x->props.saddr.a4, &x->id.daddr.a4);
  2862. break;
  2863. case AF_INET6:
  2864. audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
  2865. x->props.saddr.a6, x->id.daddr.a6);
  2866. break;
  2867. }
  2868. audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
  2869. }
  2870. static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
  2871. struct audit_buffer *audit_buf)
  2872. {
  2873. const struct iphdr *iph4;
  2874. const struct ipv6hdr *iph6;
  2875. switch (family) {
  2876. case AF_INET:
  2877. iph4 = ip_hdr(skb);
  2878. audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
  2879. &iph4->saddr, &iph4->daddr);
  2880. break;
  2881. case AF_INET6:
  2882. iph6 = ipv6_hdr(skb);
  2883. audit_log_format(audit_buf,
  2884. " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
  2885. &iph6->saddr, &iph6->daddr,
  2886. iph6->flow_lbl[0] & 0x0f,
  2887. iph6->flow_lbl[1],
  2888. iph6->flow_lbl[2]);
  2889. break;
  2890. }
  2891. }
  2892. void xfrm_audit_state_add(struct xfrm_state *x, int result, bool task_valid)
  2893. {
  2894. struct audit_buffer *audit_buf;
  2895. audit_buf = xfrm_audit_start("SAD-add");
  2896. if (audit_buf == NULL)
  2897. return;
  2898. xfrm_audit_helper_usrinfo(task_valid, audit_buf);
  2899. xfrm_audit_helper_sainfo(x, audit_buf);
  2900. audit_log_format(audit_buf, " res=%u", result);
  2901. audit_log_end(audit_buf);
  2902. }
  2903. EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
  2904. void xfrm_audit_state_delete(struct xfrm_state *x, int result, bool task_valid)
  2905. {
  2906. struct audit_buffer *audit_buf;
  2907. audit_buf = xfrm_audit_start("SAD-delete");
  2908. if (audit_buf == NULL)
  2909. return;
  2910. xfrm_audit_helper_usrinfo(task_valid, audit_buf);
  2911. xfrm_audit_helper_sainfo(x, audit_buf);
  2912. audit_log_format(audit_buf, " res=%u", result);
  2913. audit_log_end(audit_buf);
  2914. }
  2915. EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
  2916. void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
  2917. struct sk_buff *skb)
  2918. {
  2919. struct audit_buffer *audit_buf;
  2920. u32 spi;
  2921. audit_buf = xfrm_audit_start("SA-replay-overflow");
  2922. if (audit_buf == NULL)
  2923. return;
  2924. xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
  2925. /* don't record the sequence number because it's inherent in this kind
  2926. * of audit message */
  2927. spi = ntohl(x->id.spi);
  2928. audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
  2929. audit_log_end(audit_buf);
  2930. }
  2931. EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
  2932. void xfrm_audit_state_replay(struct xfrm_state *x,
  2933. struct sk_buff *skb, __be32 net_seq)
  2934. {
  2935. struct audit_buffer *audit_buf;
  2936. u32 spi;
  2937. audit_buf = xfrm_audit_start("SA-replayed-pkt");
  2938. if (audit_buf == NULL)
  2939. return;
  2940. xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
  2941. spi = ntohl(x->id.spi);
  2942. audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
  2943. spi, spi, ntohl(net_seq));
  2944. audit_log_end(audit_buf);
  2945. }
  2946. EXPORT_SYMBOL_GPL(xfrm_audit_state_replay);
  2947. void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
  2948. {
  2949. struct audit_buffer *audit_buf;
  2950. audit_buf = xfrm_audit_start("SA-notfound");
  2951. if (audit_buf == NULL)
  2952. return;
  2953. xfrm_audit_helper_pktinfo(skb, family, audit_buf);
  2954. audit_log_end(audit_buf);
  2955. }
  2956. EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
  2957. void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
  2958. __be32 net_spi, __be32 net_seq)
  2959. {
  2960. struct audit_buffer *audit_buf;
  2961. u32 spi;
  2962. audit_buf = xfrm_audit_start("SA-notfound");
  2963. if (audit_buf == NULL)
  2964. return;
  2965. xfrm_audit_helper_pktinfo(skb, family, audit_buf);
  2966. spi = ntohl(net_spi);
  2967. audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
  2968. spi, spi, ntohl(net_seq));
  2969. audit_log_end(audit_buf);
  2970. }
  2971. EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
  2972. void xfrm_audit_state_icvfail(struct xfrm_state *x,
  2973. struct sk_buff *skb, u8 proto)
  2974. {
  2975. struct audit_buffer *audit_buf;
  2976. __be32 net_spi;
  2977. __be32 net_seq;
  2978. audit_buf = xfrm_audit_start("SA-icv-failure");
  2979. if (audit_buf == NULL)
  2980. return;
  2981. xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
  2982. if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
  2983. u32 spi = ntohl(net_spi);
  2984. audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
  2985. spi, spi, ntohl(net_seq));
  2986. }
  2987. audit_log_end(audit_buf);
  2988. }
  2989. EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
  2990. #endif /* CONFIG_AUDITSYSCALL */