projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[XFRM]: fix incorrect xfrm_state_afinfo_lock use
[deliverable/linux.git] / net / xfrm / xfrm_state.c
1 /*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
13 *
14 */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <asm/uaccess.h>
22
23 struct sock *xfrm_nl;
24 EXPORT_SYMBOL(xfrm_nl);
25
26 u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
27 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
28
29 u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
30 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
31
32 /* Each xfrm_state may be linked to two tables:
33
34 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
35 2. Hash table by daddr to find what SAs exist for given
36 destination/tunnel endpoint. (output)
37 */
38
39 static DEFINE_SPINLOCK(xfrm_state_lock);
40
41 /* Hash table to find appropriate SA towards given target (endpoint
42 * of tunnel or destination of transport mode) allowed by selector.
43 *
44 * Main use is finding SA after policy selected tunnel or transport mode.
45 * Also, it can be used by ah/esp icmp error handler to find offending SA.
46 */
47 static struct list_head xfrm_state_bydst[XFRM_DST_HSIZE];
48 static struct list_head xfrm_state_byspi[XFRM_DST_HSIZE];
49
50 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
51 EXPORT_SYMBOL(km_waitq);
52
53 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
54 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
55
56 static struct work_struct xfrm_state_gc_work;
57 static struct list_head xfrm_state_gc_list = LIST_HEAD_INIT(xfrm_state_gc_list);
58 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
59
60 static int xfrm_state_gc_flush_bundles;
61
62 int __xfrm_state_delete(struct xfrm_state *x);
63
64 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family);
65 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
66
67 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
68 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
69
70 static void xfrm_state_gc_destroy(struct xfrm_state *x)
71 {
72 if (del_timer(&x->timer))
73 BUG();
74 if (del_timer(&x->rtimer))
75 BUG();
76 kfree(x->aalg);
77 kfree(x->ealg);
78 kfree(x->calg);
79 kfree(x->encap);
80 if (x->type) {
81 x->type->destructor(x);
82 xfrm_put_type(x->type);
83 }
84 security_xfrm_state_free(x);
85 kfree(x);
86 }
87
88 static void xfrm_state_gc_task(void *data)
89 {
90 struct xfrm_state *x;
91 struct list_head *entry, *tmp;
92 struct list_head gc_list = LIST_HEAD_INIT(gc_list);
93
94 if (xfrm_state_gc_flush_bundles) {
95 xfrm_state_gc_flush_bundles = 0;
96 xfrm_flush_bundles();
97 }
98
99 spin_lock_bh(&xfrm_state_gc_lock);
100 list_splice_init(&xfrm_state_gc_list, &gc_list);
101 spin_unlock_bh(&xfrm_state_gc_lock);
102
103 list_for_each_safe(entry, tmp, &gc_list) {
104 x = list_entry(entry, struct xfrm_state, bydst);
105 xfrm_state_gc_destroy(x);
106 }
107 wake_up(&km_waitq);
108 }
109
110 static inline unsigned long make_jiffies(long secs)
111 {
112 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
113 return MAX_SCHEDULE_TIMEOUT-1;
114 else
115 return secs*HZ;
116 }
117
118 static void xfrm_timer_handler(unsigned long data)
119 {
120 struct xfrm_state *x = (struct xfrm_state*)data;
121 unsigned long now = (unsigned long)xtime.tv_sec;
122 long next = LONG_MAX;
123 int warn = 0;
124
125 spin_lock(&x->lock);
126 if (x->km.state == XFRM_STATE_DEAD)
127 goto out;
128 if (x->km.state == XFRM_STATE_EXPIRED)
129 goto expired;
130 if (x->lft.hard_add_expires_seconds) {
131 long tmo = x->lft.hard_add_expires_seconds +
132 x->curlft.add_time - now;
133 if (tmo <= 0)
134 goto expired;
135 if (tmo < next)
136 next = tmo;
137 }
138 if (x->lft.hard_use_expires_seconds) {
139 long tmo = x->lft.hard_use_expires_seconds +
140 (x->curlft.use_time ? : now) - now;
141 if (tmo <= 0)
142 goto expired;
143 if (tmo < next)
144 next = tmo;
145 }
146 if (x->km.dying)
147 goto resched;
148 if (x->lft.soft_add_expires_seconds) {
149 long tmo = x->lft.soft_add_expires_seconds +
150 x->curlft.add_time - now;
151 if (tmo <= 0)
152 warn = 1;
153 else if (tmo < next)
154 next = tmo;
155 }
156 if (x->lft.soft_use_expires_seconds) {
157 long tmo = x->lft.soft_use_expires_seconds +
158 (x->curlft.use_time ? : now) - now;
159 if (tmo <= 0)
160 warn = 1;
161 else if (tmo < next)
162 next = tmo;
163 }
164
165 x->km.dying = warn;
166 if (warn)
167 km_state_expired(x, 0, 0);
168 resched:
169 if (next != LONG_MAX &&
170 !mod_timer(&x->timer, jiffies + make_jiffies(next)))
171 xfrm_state_hold(x);
172 goto out;
173
174 expired:
175 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
176 x->km.state = XFRM_STATE_EXPIRED;
177 wake_up(&km_waitq);
178 next = 2;
179 goto resched;
180 }
181 if (!__xfrm_state_delete(x) && x->id.spi)
182 km_state_expired(x, 1, 0);
183
184 out:
185 spin_unlock(&x->lock);
186 xfrm_state_put(x);
187 }
188
189 static void xfrm_replay_timer_handler(unsigned long data);
190
191 struct xfrm_state *xfrm_state_alloc(void)
192 {
193 struct xfrm_state *x;
194
195 x = kmalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
196
197 if (x) {
198 memset(x, 0, sizeof(struct xfrm_state));
199 atomic_set(&x->refcnt, 1);
200 atomic_set(&x->tunnel_users, 0);
201 INIT_LIST_HEAD(&x->bydst);
202 INIT_LIST_HEAD(&x->byspi);
203 init_timer(&x->timer);
204 x->timer.function = xfrm_timer_handler;
205 x->timer.data = (unsigned long)x;
206 init_timer(&x->rtimer);
207 x->rtimer.function = xfrm_replay_timer_handler;
208 x->rtimer.data = (unsigned long)x;
209 x->curlft.add_time = (unsigned long)xtime.tv_sec;
210 x->lft.soft_byte_limit = XFRM_INF;
211 x->lft.soft_packet_limit = XFRM_INF;
212 x->lft.hard_byte_limit = XFRM_INF;
213 x->lft.hard_packet_limit = XFRM_INF;
214 x->replay_maxage = 0;
215 x->replay_maxdiff = 0;
216 spin_lock_init(&x->lock);
217 }
218 return x;
219 }
220 EXPORT_SYMBOL(xfrm_state_alloc);
221
222 void __xfrm_state_destroy(struct xfrm_state *x)
223 {
224 BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
225
226 spin_lock_bh(&xfrm_state_gc_lock);
227 list_add(&x->bydst, &xfrm_state_gc_list);
228 spin_unlock_bh(&xfrm_state_gc_lock);
229 schedule_work(&xfrm_state_gc_work);
230 }
231 EXPORT_SYMBOL(__xfrm_state_destroy);
232
233 int __xfrm_state_delete(struct xfrm_state *x)
234 {
235 int err = -ESRCH;
236
237 if (x->km.state != XFRM_STATE_DEAD) {
238 x->km.state = XFRM_STATE_DEAD;
239 spin_lock(&xfrm_state_lock);
240 list_del(&x->bydst);
241 __xfrm_state_put(x);
242 if (x->id.spi) {
243 list_del(&x->byspi);
244 __xfrm_state_put(x);
245 }
246 spin_unlock(&xfrm_state_lock);
247 if (del_timer(&x->timer))
248 __xfrm_state_put(x);
249 if (del_timer(&x->rtimer))
250 __xfrm_state_put(x);
251
252 /* The number two in this test is the reference
253 * mentioned in the comment below plus the reference
254 * our caller holds. A larger value means that
255 * there are DSTs attached to this xfrm_state.
256 */
257 if (atomic_read(&x->refcnt) > 2) {
258 xfrm_state_gc_flush_bundles = 1;
259 schedule_work(&xfrm_state_gc_work);
260 }
261
262 /* All xfrm_state objects are created by xfrm_state_alloc.
263 * The xfrm_state_alloc call gives a reference, and that
264 * is what we are dropping here.
265 */
266 __xfrm_state_put(x);
267 err = 0;
268 }
269
270 return err;
271 }
272 EXPORT_SYMBOL(__xfrm_state_delete);
273
274 int xfrm_state_delete(struct xfrm_state *x)
275 {
276 int err;
277
278 spin_lock_bh(&x->lock);
279 err = __xfrm_state_delete(x);
280 spin_unlock_bh(&x->lock);
281
282 return err;
283 }
284 EXPORT_SYMBOL(xfrm_state_delete);
285
286 void xfrm_state_flush(u8 proto)
287 {
288 int i;
289 struct xfrm_state *x;
290
291 spin_lock_bh(&xfrm_state_lock);
292 for (i = 0; i < XFRM_DST_HSIZE; i++) {
293 restart:
294 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
295 if (!xfrm_state_kern(x) &&
296 (proto == IPSEC_PROTO_ANY || x->id.proto == proto)) {
297 xfrm_state_hold(x);
298 spin_unlock_bh(&xfrm_state_lock);
299
300 xfrm_state_delete(x);
301 xfrm_state_put(x);
302
303 spin_lock_bh(&xfrm_state_lock);
304 goto restart;
305 }
306 }
307 }
308 spin_unlock_bh(&xfrm_state_lock);
309 wake_up(&km_waitq);
310 }
311 EXPORT_SYMBOL(xfrm_state_flush);
312
313 static int
314 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
315 struct xfrm_tmpl *tmpl,
316 xfrm_address_t *daddr, xfrm_address_t *saddr,
317 unsigned short family)
318 {
319 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
320 if (!afinfo)
321 return -1;
322 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
323 xfrm_state_put_afinfo(afinfo);
324 return 0;
325 }
326
327 struct xfrm_state *
328 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
329 struct flowi *fl, struct xfrm_tmpl *tmpl,
330 struct xfrm_policy *pol, int *err,
331 unsigned short family)
332 {
333 unsigned h = xfrm_dst_hash(daddr, family);
334 struct xfrm_state *x, *x0;
335 int acquire_in_progress = 0;
336 int error = 0;
337 struct xfrm_state *best = NULL;
338 struct xfrm_state_afinfo *afinfo;
339
340 afinfo = xfrm_state_get_afinfo(family);
341 if (afinfo == NULL) {
342 *err = -EAFNOSUPPORT;
343 return NULL;
344 }
345
346 spin_lock_bh(&xfrm_state_lock);
347 list_for_each_entry(x, xfrm_state_bydst+h, bydst) {
348 if (x->props.family == family &&
349 x->props.reqid == tmpl->reqid &&
350 xfrm_state_addr_check(x, daddr, saddr, family) &&
351 tmpl->mode == x->props.mode &&
352 tmpl->id.proto == x->id.proto &&
353 (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
354 /* Resolution logic:
355 1. There is a valid state with matching selector.
356 Done.
357 2. Valid state with inappropriate selector. Skip.
358
359 Entering area of "sysdeps".
360
361 3. If state is not valid, selector is temporary,
362 it selects only session which triggered
363 previous resolution. Key manager will do
364 something to install a state with proper
365 selector.
366 */
367 if (x->km.state == XFRM_STATE_VALID) {
368 if (!xfrm_selector_match(&x->sel, fl, family) ||
369 !xfrm_sec_ctx_match(pol->security, x->security))
370 continue;
371 if (!best ||
372 best->km.dying > x->km.dying ||
373 (best->km.dying == x->km.dying &&
374 best->curlft.add_time < x->curlft.add_time))
375 best = x;
376 } else if (x->km.state == XFRM_STATE_ACQ) {
377 acquire_in_progress = 1;
378 } else if (x->km.state == XFRM_STATE_ERROR ||
379 x->km.state == XFRM_STATE_EXPIRED) {
380 if (xfrm_selector_match(&x->sel, fl, family) &&
381 xfrm_sec_ctx_match(pol->security, x->security))
382 error = -ESRCH;
383 }
384 }
385 }
386
387 x = best;
388 if (!x && !error && !acquire_in_progress) {
389 if (tmpl->id.spi &&
390 (x0 = afinfo->state_lookup(daddr, tmpl->id.spi,
391 tmpl->id.proto)) != NULL) {
392 xfrm_state_put(x0);
393 error = -EEXIST;
394 goto out;
395 }
396 x = xfrm_state_alloc();
397 if (x == NULL) {
398 error = -ENOMEM;
399 goto out;
400 }
401 /* Initialize temporary selector matching only
402 * to current session. */
403 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
404
405 if (km_query(x, tmpl, pol) == 0) {
406 x->km.state = XFRM_STATE_ACQ;
407 list_add_tail(&x->bydst, xfrm_state_bydst+h);
408 xfrm_state_hold(x);
409 if (x->id.spi) {
410 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
411 list_add(&x->byspi, xfrm_state_byspi+h);
412 xfrm_state_hold(x);
413 }
414 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
415 xfrm_state_hold(x);
416 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
417 add_timer(&x->timer);
418 } else {
419 x->km.state = XFRM_STATE_DEAD;
420 xfrm_state_put(x);
421 x = NULL;
422 error = -ESRCH;
423 }
424 }
425 out:
426 if (x)
427 xfrm_state_hold(x);
428 else
429 *err = acquire_in_progress ? -EAGAIN : error;
430 spin_unlock_bh(&xfrm_state_lock);
431 xfrm_state_put_afinfo(afinfo);
432 return x;
433 }
434
435 static void __xfrm_state_insert(struct xfrm_state *x)
436 {
437 unsigned h = xfrm_dst_hash(&x->id.daddr, x->props.family);
438
439 list_add(&x->bydst, xfrm_state_bydst+h);
440 xfrm_state_hold(x);
441
442 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
443
444 list_add(&x->byspi, xfrm_state_byspi+h);
445 xfrm_state_hold(x);
446
447 if (!mod_timer(&x->timer, jiffies + HZ))
448 xfrm_state_hold(x);
449
450 if (x->replay_maxage &&
451 !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
452 xfrm_state_hold(x);
453
454 wake_up(&km_waitq);
455 }
456
457 void xfrm_state_insert(struct xfrm_state *x)
458 {
459 spin_lock_bh(&xfrm_state_lock);
460 __xfrm_state_insert(x);
461 spin_unlock_bh(&xfrm_state_lock);
462
463 xfrm_flush_all_bundles();
464 }
465 EXPORT_SYMBOL(xfrm_state_insert);
466
467 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
468
469 int xfrm_state_add(struct xfrm_state *x)
470 {
471 struct xfrm_state_afinfo *afinfo;
472 struct xfrm_state *x1;
473 int family;
474 int err;
475
476 family = x->props.family;
477 afinfo = xfrm_state_get_afinfo(family);
478 if (unlikely(afinfo == NULL))
479 return -EAFNOSUPPORT;
480
481 spin_lock_bh(&xfrm_state_lock);
482
483 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
484 if (x1) {
485 xfrm_state_put(x1);
486 x1 = NULL;
487 err = -EEXIST;
488 goto out;
489 }
490
491 if (x->km.seq) {
492 x1 = __xfrm_find_acq_byseq(x->km.seq);
493 if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
494 xfrm_state_put(x1);
495 x1 = NULL;
496 }
497 }
498
499 if (!x1)
500 x1 = afinfo->find_acq(
501 x->props.mode, x->props.reqid, x->id.proto,
502 &x->id.daddr, &x->props.saddr, 0);
503
504 __xfrm_state_insert(x);
505 err = 0;
506
507 out:
508 spin_unlock_bh(&xfrm_state_lock);
509 xfrm_state_put_afinfo(afinfo);
510
511 if (!err)
512 xfrm_flush_all_bundles();
513
514 if (x1) {
515 xfrm_state_delete(x1);
516 xfrm_state_put(x1);
517 }
518
519 return err;
520 }
521 EXPORT_SYMBOL(xfrm_state_add);
522
523 int xfrm_state_update(struct xfrm_state *x)
524 {
525 struct xfrm_state_afinfo *afinfo;
526 struct xfrm_state *x1;
527 int err;
528
529 afinfo = xfrm_state_get_afinfo(x->props.family);
530 if (unlikely(afinfo == NULL))
531 return -EAFNOSUPPORT;
532
533 spin_lock_bh(&xfrm_state_lock);
534 x1 = afinfo->state_lookup(&x->id.daddr, x->id.spi, x->id.proto);
535
536 err = -ESRCH;
537 if (!x1)
538 goto out;
539
540 if (xfrm_state_kern(x1)) {
541 xfrm_state_put(x1);
542 err = -EEXIST;
543 goto out;
544 }
545
546 if (x1->km.state == XFRM_STATE_ACQ) {
547 __xfrm_state_insert(x);
548 x = NULL;
549 }
550 err = 0;
551
552 out:
553 spin_unlock_bh(&xfrm_state_lock);
554 xfrm_state_put_afinfo(afinfo);
555
556 if (err)
557 return err;
558
559 if (!x) {
560 xfrm_state_delete(x1);
561 xfrm_state_put(x1);
562 return 0;
563 }
564
565 err = -EINVAL;
566 spin_lock_bh(&x1->lock);
567 if (likely(x1->km.state == XFRM_STATE_VALID)) {
568 if (x->encap && x1->encap)
569 memcpy(x1->encap, x->encap, sizeof(*x1->encap));
570 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
571 x1->km.dying = 0;
572
573 if (!mod_timer(&x1->timer, jiffies + HZ))
574 xfrm_state_hold(x1);
575 if (x1->curlft.use_time)
576 xfrm_state_check_expire(x1);
577
578 err = 0;
579 }
580 spin_unlock_bh(&x1->lock);
581
582 xfrm_state_put(x1);
583
584 return err;
585 }
586 EXPORT_SYMBOL(xfrm_state_update);
587
588 int xfrm_state_check_expire(struct xfrm_state *x)
589 {
590 if (!x->curlft.use_time)
591 x->curlft.use_time = (unsigned long)xtime.tv_sec;
592
593 if (x->km.state != XFRM_STATE_VALID)
594 return -EINVAL;
595
596 if (x->curlft.bytes >= x->lft.hard_byte_limit ||
597 x->curlft.packets >= x->lft.hard_packet_limit) {
598 x->km.state = XFRM_STATE_EXPIRED;
599 if (!mod_timer(&x->timer, jiffies))
600 xfrm_state_hold(x);
601 return -EINVAL;
602 }
603
604 if (!x->km.dying &&
605 (x->curlft.bytes >= x->lft.soft_byte_limit ||
606 x->curlft.packets >= x->lft.soft_packet_limit)) {
607 x->km.dying = 1;
608 km_state_expired(x, 0, 0);
609 }
610 return 0;
611 }
612 EXPORT_SYMBOL(xfrm_state_check_expire);
613
614 static int xfrm_state_check_space(struct xfrm_state *x, struct sk_buff *skb)
615 {
616 int nhead = x->props.header_len + LL_RESERVED_SPACE(skb->dst->dev)
617 - skb_headroom(skb);
618
619 if (nhead > 0)
620 return pskb_expand_head(skb, nhead, 0, GFP_ATOMIC);
621
622 /* Check tail too... */
623 return 0;
624 }
625
626 int xfrm_state_check(struct xfrm_state *x, struct sk_buff *skb)
627 {
628 int err = xfrm_state_check_expire(x);
629 if (err < 0)
630 goto err;
631 err = xfrm_state_check_space(x, skb);
632 err:
633 return err;
634 }
635 EXPORT_SYMBOL(xfrm_state_check);
636
637 struct xfrm_state *
638 xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto,
639 unsigned short family)
640 {
641 struct xfrm_state *x;
642 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
643 if (!afinfo)
644 return NULL;
645
646 spin_lock_bh(&xfrm_state_lock);
647 x = afinfo->state_lookup(daddr, spi, proto);
648 spin_unlock_bh(&xfrm_state_lock);
649 xfrm_state_put_afinfo(afinfo);
650 return x;
651 }
652 EXPORT_SYMBOL(xfrm_state_lookup);
653
654 struct xfrm_state *
655 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
656 xfrm_address_t *daddr, xfrm_address_t *saddr,
657 int create, unsigned short family)
658 {
659 struct xfrm_state *x;
660 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
661 if (!afinfo)
662 return NULL;
663
664 spin_lock_bh(&xfrm_state_lock);
665 x = afinfo->find_acq(mode, reqid, proto, daddr, saddr, create);
666 spin_unlock_bh(&xfrm_state_lock);
667 xfrm_state_put_afinfo(afinfo);
668 return x;
669 }
670 EXPORT_SYMBOL(xfrm_find_acq);
671
672 /* Silly enough, but I'm lazy to build resolution list */
673
674 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
675 {
676 int i;
677 struct xfrm_state *x;
678
679 for (i = 0; i < XFRM_DST_HSIZE; i++) {
680 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
681 if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
682 xfrm_state_hold(x);
683 return x;
684 }
685 }
686 }
687 return NULL;
688 }
689
690 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
691 {
692 struct xfrm_state *x;
693
694 spin_lock_bh(&xfrm_state_lock);
695 x = __xfrm_find_acq_byseq(seq);
696 spin_unlock_bh(&xfrm_state_lock);
697 return x;
698 }
699 EXPORT_SYMBOL(xfrm_find_acq_byseq);
700
701 u32 xfrm_get_acqseq(void)
702 {
703 u32 res;
704 static u32 acqseq;
705 static DEFINE_SPINLOCK(acqseq_lock);
706
707 spin_lock_bh(&acqseq_lock);
708 res = (++acqseq ? : ++acqseq);
709 spin_unlock_bh(&acqseq_lock);
710 return res;
711 }
712 EXPORT_SYMBOL(xfrm_get_acqseq);
713
714 void
715 xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi)
716 {
717 u32 h;
718 struct xfrm_state *x0;
719
720 if (x->id.spi)
721 return;
722
723 if (minspi == maxspi) {
724 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
725 if (x0) {
726 xfrm_state_put(x0);
727 return;
728 }
729 x->id.spi = minspi;
730 } else {
731 u32 spi = 0;
732 minspi = ntohl(minspi);
733 maxspi = ntohl(maxspi);
734 for (h=0; h<maxspi-minspi+1; h++) {
735 spi = minspi + net_random()%(maxspi-minspi+1);
736 x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
737 if (x0 == NULL) {
738 x->id.spi = htonl(spi);
739 break;
740 }
741 xfrm_state_put(x0);
742 }
743 }
744 if (x->id.spi) {
745 spin_lock_bh(&xfrm_state_lock);
746 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
747 list_add(&x->byspi, xfrm_state_byspi+h);
748 xfrm_state_hold(x);
749 spin_unlock_bh(&xfrm_state_lock);
750 wake_up(&km_waitq);
751 }
752 }
753 EXPORT_SYMBOL(xfrm_alloc_spi);
754
755 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
756 void *data)
757 {
758 int i;
759 struct xfrm_state *x;
760 int count = 0;
761 int err = 0;
762
763 spin_lock_bh(&xfrm_state_lock);
764 for (i = 0; i < XFRM_DST_HSIZE; i++) {
765 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
766 if (proto == IPSEC_PROTO_ANY || x->id.proto == proto)
767 count++;
768 }
769 }
770 if (count == 0) {
771 err = -ENOENT;
772 goto out;
773 }
774
775 for (i = 0; i < XFRM_DST_HSIZE; i++) {
776 list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
777 if (proto != IPSEC_PROTO_ANY && x->id.proto != proto)
778 continue;
779 err = func(x, --count, data);
780 if (err)
781 goto out;
782 }
783 }
784 out:
785 spin_unlock_bh(&xfrm_state_lock);
786 return err;
787 }
788 EXPORT_SYMBOL(xfrm_state_walk);
789
790
791 void xfrm_replay_notify(struct xfrm_state *x, int event)
792 {
793 struct km_event c;
794 /* we send notify messages in case
795 * 1. we updated on of the sequence numbers, and the seqno difference
796 * is at least x->replay_maxdiff, in this case we also update the
797 * timeout of our timer function
798 * 2. if x->replay_maxage has elapsed since last update,
799 * and there were changes
800 *
801 * The state structure must be locked!
802 */
803
804 switch (event) {
805 case XFRM_REPLAY_UPDATE:
806 if (x->replay_maxdiff &&
807 (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
808 (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
809 if (x->xflags & XFRM_TIME_DEFER)
810 event = XFRM_REPLAY_TIMEOUT;
811 else
812 return;
813 }
814
815 break;
816
817 case XFRM_REPLAY_TIMEOUT:
818 if ((x->replay.seq == x->preplay.seq) &&
819 (x->replay.bitmap == x->preplay.bitmap) &&
820 (x->replay.oseq == x->preplay.oseq)) {
821 x->xflags |= XFRM_TIME_DEFER;
822 return;
823 }
824
825 break;
826 }
827
828 memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
829 c.event = XFRM_MSG_NEWAE;
830 c.data.aevent = event;
831 km_state_notify(x, &c);
832
833 if (x->replay_maxage &&
834 !mod_timer(&x->rtimer, jiffies + x->replay_maxage)) {
835 xfrm_state_hold(x);
836 x->xflags &= ~XFRM_TIME_DEFER;
837 }
838 }
839 EXPORT_SYMBOL(xfrm_replay_notify);
840
841 static void xfrm_replay_timer_handler(unsigned long data)
842 {
843 struct xfrm_state *x = (struct xfrm_state*)data;
844
845 spin_lock(&x->lock);
846
847 if (x->km.state == XFRM_STATE_VALID) {
848 if (xfrm_aevent_is_on())
849 xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
850 else
851 x->xflags |= XFRM_TIME_DEFER;
852 }
853
854 spin_unlock(&x->lock);
855 xfrm_state_put(x);
856 }
857
858 int xfrm_replay_check(struct xfrm_state *x, u32 seq)
859 {
860 u32 diff;
861
862 seq = ntohl(seq);
863
864 if (unlikely(seq == 0))
865 return -EINVAL;
866
867 if (likely(seq > x->replay.seq))
868 return 0;
869
870 diff = x->replay.seq - seq;
871 if (diff >= x->props.replay_window) {
872 x->stats.replay_window++;
873 return -EINVAL;
874 }
875
876 if (x->replay.bitmap & (1U << diff)) {
877 x->stats.replay++;
878 return -EINVAL;
879 }
880 return 0;
881 }
882 EXPORT_SYMBOL(xfrm_replay_check);
883
884 void xfrm_replay_advance(struct xfrm_state *x, u32 seq)
885 {
886 u32 diff;
887
888 seq = ntohl(seq);
889
890 if (seq > x->replay.seq) {
891 diff = seq - x->replay.seq;
892 if (diff < x->props.replay_window)
893 x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
894 else
895 x->replay.bitmap = 1;
896 x->replay.seq = seq;
897 } else {
898 diff = x->replay.seq - seq;
899 x->replay.bitmap |= (1U << diff);
900 }
901
902 if (xfrm_aevent_is_on())
903 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
904 }
905 EXPORT_SYMBOL(xfrm_replay_advance);
906
907 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
908 static DEFINE_RWLOCK(xfrm_km_lock);
909
910 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
911 {
912 struct xfrm_mgr *km;
913
914 read_lock(&xfrm_km_lock);
915 list_for_each_entry(km, &xfrm_km_list, list)
916 if (km->notify_policy)
917 km->notify_policy(xp, dir, c);
918 read_unlock(&xfrm_km_lock);
919 }
920
921 void km_state_notify(struct xfrm_state *x, struct km_event *c)
922 {
923 struct xfrm_mgr *km;
924 read_lock(&xfrm_km_lock);
925 list_for_each_entry(km, &xfrm_km_list, list)
926 if (km->notify)
927 km->notify(x, c);
928 read_unlock(&xfrm_km_lock);
929 }
930
931 EXPORT_SYMBOL(km_policy_notify);
932 EXPORT_SYMBOL(km_state_notify);
933
934 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
935 {
936 struct km_event c;
937
938 c.data.hard = hard;
939 c.pid = pid;
940 c.event = XFRM_MSG_EXPIRE;
941 km_state_notify(x, &c);
942
943 if (hard)
944 wake_up(&km_waitq);
945 }
946
947 EXPORT_SYMBOL(km_state_expired);
948 /*
949 * We send to all registered managers regardless of failure
950 * We are happy with one success
951 */
952 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
953 {
954 int err = -EINVAL, acqret;
955 struct xfrm_mgr *km;
956
957 read_lock(&xfrm_km_lock);
958 list_for_each_entry(km, &xfrm_km_list, list) {
959 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
960 if (!acqret)
961 err = acqret;
962 }
963 read_unlock(&xfrm_km_lock);
964 return err;
965 }
966 EXPORT_SYMBOL(km_query);
967
968 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport)
969 {
970 int err = -EINVAL;
971 struct xfrm_mgr *km;
972
973 read_lock(&xfrm_km_lock);
974 list_for_each_entry(km, &xfrm_km_list, list) {
975 if (km->new_mapping)
976 err = km->new_mapping(x, ipaddr, sport);
977 if (!err)
978 break;
979 }
980 read_unlock(&xfrm_km_lock);
981 return err;
982 }
983 EXPORT_SYMBOL(km_new_mapping);
984
985 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
986 {
987 struct km_event c;
988
989 c.data.hard = hard;
990 c.pid = pid;
991 c.event = XFRM_MSG_POLEXPIRE;
992 km_policy_notify(pol, dir, &c);
993
994 if (hard)
995 wake_up(&km_waitq);
996 }
997 EXPORT_SYMBOL(km_policy_expired);
998
999 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1000 {
1001 int err;
1002 u8 *data;
1003 struct xfrm_mgr *km;
1004 struct xfrm_policy *pol = NULL;
1005
1006 if (optlen <= 0 || optlen > PAGE_SIZE)
1007 return -EMSGSIZE;
1008
1009 data = kmalloc(optlen, GFP_KERNEL);
1010 if (!data)
1011 return -ENOMEM;
1012
1013 err = -EFAULT;
1014 if (copy_from_user(data, optval, optlen))
1015 goto out;
1016
1017 err = -EINVAL;
1018 read_lock(&xfrm_km_lock);
1019 list_for_each_entry(km, &xfrm_km_list, list) {
1020 pol = km->compile_policy(sk->sk_family, optname, data,
1021 optlen, &err);
1022 if (err >= 0)
1023 break;
1024 }
1025 read_unlock(&xfrm_km_lock);
1026
1027 if (err >= 0) {
1028 xfrm_sk_policy_insert(sk, err, pol);
1029 xfrm_pol_put(pol);
1030 err = 0;
1031 }
1032
1033 out:
1034 kfree(data);
1035 return err;
1036 }
1037 EXPORT_SYMBOL(xfrm_user_policy);
1038
1039 int xfrm_register_km(struct xfrm_mgr *km)
1040 {
1041 write_lock_bh(&xfrm_km_lock);
1042 list_add_tail(&km->list, &xfrm_km_list);
1043 write_unlock_bh(&xfrm_km_lock);
1044 return 0;
1045 }
1046 EXPORT_SYMBOL(xfrm_register_km);
1047
1048 int xfrm_unregister_km(struct xfrm_mgr *km)
1049 {
1050 write_lock_bh(&xfrm_km_lock);
1051 list_del(&km->list);
1052 write_unlock_bh(&xfrm_km_lock);
1053 return 0;
1054 }
1055 EXPORT_SYMBOL(xfrm_unregister_km);
1056
1057 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1058 {
1059 int err = 0;
1060 if (unlikely(afinfo == NULL))
1061 return -EINVAL;
1062 if (unlikely(afinfo->family >= NPROTO))
1063 return -EAFNOSUPPORT;
1064 write_lock_bh(&xfrm_state_afinfo_lock);
1065 if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1066 err = -ENOBUFS;
1067 else {
1068 afinfo->state_bydst = xfrm_state_bydst;
1069 afinfo->state_byspi = xfrm_state_byspi;
1070 xfrm_state_afinfo[afinfo->family] = afinfo;
1071 }
1072 write_unlock_bh(&xfrm_state_afinfo_lock);
1073 return err;
1074 }
1075 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1076
1077 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1078 {
1079 int err = 0;
1080 if (unlikely(afinfo == NULL))
1081 return -EINVAL;
1082 if (unlikely(afinfo->family >= NPROTO))
1083 return -EAFNOSUPPORT;
1084 write_lock_bh(&xfrm_state_afinfo_lock);
1085 if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1086 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1087 err = -EINVAL;
1088 else {
1089 xfrm_state_afinfo[afinfo->family] = NULL;
1090 afinfo->state_byspi = NULL;
1091 afinfo->state_bydst = NULL;
1092 }
1093 }
1094 write_unlock_bh(&xfrm_state_afinfo_lock);
1095 return err;
1096 }
1097 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1098
1099 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1100 {
1101 struct xfrm_state_afinfo *afinfo;
1102 if (unlikely(family >= NPROTO))
1103 return NULL;
1104 read_lock(&xfrm_state_afinfo_lock);
1105 afinfo = xfrm_state_afinfo[family];
1106 if (likely(afinfo != NULL))
1107 read_lock(&afinfo->lock);
1108 read_unlock(&xfrm_state_afinfo_lock);
1109 return afinfo;
1110 }
1111
1112 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1113 {
1114 if (unlikely(afinfo == NULL))
1115 return;
1116 read_unlock(&afinfo->lock);
1117 }
1118
1119 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1120 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1121 {
1122 if (x->tunnel) {
1123 struct xfrm_state *t = x->tunnel;
1124
1125 if (atomic_read(&t->tunnel_users) == 2)
1126 xfrm_state_delete(t);
1127 atomic_dec(&t->tunnel_users);
1128 xfrm_state_put(t);
1129 x->tunnel = NULL;
1130 }
1131 }
1132 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1133
1134 /*
1135 * This function is NOT optimal. For example, with ESP it will give an
1136 * MTU that's usually two bytes short of being optimal. However, it will
1137 * usually give an answer that's a multiple of 4 provided the input is
1138 * also a multiple of 4.
1139 */
1140 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1141 {
1142 int res = mtu;
1143
1144 res -= x->props.header_len;
1145
1146 for (;;) {
1147 int m = res;
1148
1149 if (m < 68)
1150 return 68;
1151
1152 spin_lock_bh(&x->lock);
1153 if (x->km.state == XFRM_STATE_VALID &&
1154 x->type && x->type->get_max_size)
1155 m = x->type->get_max_size(x, m);
1156 else
1157 m += x->props.header_len;
1158 spin_unlock_bh(&x->lock);
1159
1160 if (m <= mtu)
1161 break;
1162 res -= (m - mtu);
1163 }
1164
1165 return res;
1166 }
1167
1168 EXPORT_SYMBOL(xfrm_state_mtu);
1169
1170 int xfrm_init_state(struct xfrm_state *x)
1171 {
1172 struct xfrm_state_afinfo *afinfo;
1173 int family = x->props.family;
1174 int err;
1175
1176 err = -EAFNOSUPPORT;
1177 afinfo = xfrm_state_get_afinfo(family);
1178 if (!afinfo)
1179 goto error;
1180
1181 err = 0;
1182 if (afinfo->init_flags)
1183 err = afinfo->init_flags(x);
1184
1185 xfrm_state_put_afinfo(afinfo);
1186
1187 if (err)
1188 goto error;
1189
1190 err = -EPROTONOSUPPORT;
1191 x->type = xfrm_get_type(x->id.proto, family);
1192 if (x->type == NULL)
1193 goto error;
1194
1195 err = x->type->init_state(x);
1196 if (err)
1197 goto error;
1198
1199 x->km.state = XFRM_STATE_VALID;
1200
1201 error:
1202 return err;
1203 }
1204
1205 EXPORT_SYMBOL(xfrm_init_state);
1206
1207 void __init xfrm_state_init(void)
1208 {
1209 int i;
1210
1211 for (i=0; i<XFRM_DST_HSIZE; i++) {
1212 INIT_LIST_HEAD(&xfrm_state_bydst[i]);
1213 INIT_LIST_HEAD(&xfrm_state_byspi[i]);
1214 }
1215 INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task, NULL);
1216 }
1217
Linux kernel - Deliverables
This page took 0.062334 seconds and 5 git commands to generate.