Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
xfrm_user.c
Go to the documentation of this file.
1 /* xfrm_user.c: User interface to configure xfrm engine.
2  *
3  * Copyright (C) 2002 David S. Miller ([email protected])
4  *
5  * Changes:
6  * Mitsuru KANDA @USAGI
7  * Kazunori MIYAZAWA @USAGI
8  * Kunihiro Ishiguro <[email protected]>
9  * IPv6 support
10  *
11  */
12 
13 #include <linux/crypto.h>
14 #include <linux/module.h>
15 #include <linux/kernel.h>
16 #include <linux/types.h>
17 #include <linux/slab.h>
18 #include <linux/socket.h>
19 #include <linux/string.h>
20 #include <linux/net.h>
21 #include <linux/skbuff.h>
22 #include <linux/pfkeyv2.h>
23 #include <linux/ipsec.h>
24 #include <linux/init.h>
25 #include <linux/security.h>
26 #include <net/sock.h>
27 #include <net/xfrm.h>
28 #include <net/netlink.h>
29 #include <net/ah.h>
30 #include <asm/uaccess.h>
31 #if IS_ENABLED(CONFIG_IPV6)
32 #include <linux/in6.h>
33 #endif
34 
35 static inline int aead_len(struct xfrm_algo_aead *alg)
36 {
37  return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
38 }
39 
40 static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type)
41 {
42  struct nlattr *rt = attrs[type];
43  struct xfrm_algo *algp;
44 
45  if (!rt)
46  return 0;
47 
48  algp = nla_data(rt);
49  if (nla_len(rt) < xfrm_alg_len(algp))
50  return -EINVAL;
51 
52  switch (type) {
53  case XFRMA_ALG_AUTH:
54  case XFRMA_ALG_CRYPT:
55  case XFRMA_ALG_COMP:
56  break;
57 
58  default:
59  return -EINVAL;
60  }
61 
62  algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0';
63  return 0;
64 }
65 
66 static int verify_auth_trunc(struct nlattr **attrs)
67 {
68  struct nlattr *rt = attrs[XFRMA_ALG_AUTH_TRUNC];
69  struct xfrm_algo_auth *algp;
70 
71  if (!rt)
72  return 0;
73 
74  algp = nla_data(rt);
75  if (nla_len(rt) < xfrm_alg_auth_len(algp))
76  return -EINVAL;
77 
78  algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0';
79  return 0;
80 }
81 
82 static int verify_aead(struct nlattr **attrs)
83 {
84  struct nlattr *rt = attrs[XFRMA_ALG_AEAD];
85  struct xfrm_algo_aead *algp;
86 
87  if (!rt)
88  return 0;
89 
90  algp = nla_data(rt);
91  if (nla_len(rt) < aead_len(algp))
92  return -EINVAL;
93 
94  algp->alg_name[CRYPTO_MAX_ALG_NAME - 1] = '\0';
95  return 0;
96 }
97 
98 static void verify_one_addr(struct nlattr **attrs, enum xfrm_attr_type_t type,
99  xfrm_address_t **addrp)
100 {
101  struct nlattr *rt = attrs[type];
102 
103  if (rt && addrp)
104  *addrp = nla_data(rt);
105 }
106 
107 static inline int verify_sec_ctx_len(struct nlattr **attrs)
108 {
109  struct nlattr *rt = attrs[XFRMA_SEC_CTX];
110  struct xfrm_user_sec_ctx *uctx;
111 
112  if (!rt)
113  return 0;
114 
115  uctx = nla_data(rt);
116  if (uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len))
117  return -EINVAL;
118 
119  return 0;
120 }
121 
122 static inline int verify_replay(struct xfrm_usersa_info *p,
123  struct nlattr **attrs)
124 {
125  struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL];
126  struct xfrm_replay_state_esn *rs;
127 
128  if (p->flags & XFRM_STATE_ESN) {
129  if (!rt)
130  return -EINVAL;
131 
132  rs = nla_data(rt);
133 
134  if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8)
135  return -EINVAL;
136 
137  if (nla_len(rt) < xfrm_replay_state_esn_len(rs) &&
138  nla_len(rt) != sizeof(*rs))
139  return -EINVAL;
140  }
141 
142  if (!rt)
143  return 0;
144 
145  if (p->id.proto != IPPROTO_ESP)
146  return -EINVAL;
147 
148  if (p->replay_window != 0)
149  return -EINVAL;
150 
151  return 0;
152 }
153 
154 static int verify_newsa_info(struct xfrm_usersa_info *p,
155  struct nlattr **attrs)
156 {
157  int err;
158 
159  err = -EINVAL;
160  switch (p->family) {
161  case AF_INET:
162  break;
163 
164  case AF_INET6:
165 #if IS_ENABLED(CONFIG_IPV6)
166  break;
167 #else
168  err = -EAFNOSUPPORT;
169  goto out;
170 #endif
171 
172  default:
173  goto out;
174  }
175 
176  err = -EINVAL;
177  switch (p->id.proto) {
178  case IPPROTO_AH:
179  if ((!attrs[XFRMA_ALG_AUTH] &&
180  !attrs[XFRMA_ALG_AUTH_TRUNC]) ||
181  attrs[XFRMA_ALG_AEAD] ||
182  attrs[XFRMA_ALG_CRYPT] ||
183  attrs[XFRMA_ALG_COMP] ||
184  attrs[XFRMA_TFCPAD])
185  goto out;
186  break;
187 
188  case IPPROTO_ESP:
189  if (attrs[XFRMA_ALG_COMP])
190  goto out;
191  if (!attrs[XFRMA_ALG_AUTH] &&
192  !attrs[XFRMA_ALG_AUTH_TRUNC] &&
193  !attrs[XFRMA_ALG_CRYPT] &&
194  !attrs[XFRMA_ALG_AEAD])
195  goto out;
196  if ((attrs[XFRMA_ALG_AUTH] ||
197  attrs[XFRMA_ALG_AUTH_TRUNC] ||
198  attrs[XFRMA_ALG_CRYPT]) &&
199  attrs[XFRMA_ALG_AEAD])
200  goto out;
201  if (attrs[XFRMA_TFCPAD] &&
202  p->mode != XFRM_MODE_TUNNEL)
203  goto out;
204  break;
205 
206  case IPPROTO_COMP:
207  if (!attrs[XFRMA_ALG_COMP] ||
208  attrs[XFRMA_ALG_AEAD] ||
209  attrs[XFRMA_ALG_AUTH] ||
210  attrs[XFRMA_ALG_AUTH_TRUNC] ||
211  attrs[XFRMA_ALG_CRYPT] ||
212  attrs[XFRMA_TFCPAD])
213  goto out;
214  break;
215 
216 #if IS_ENABLED(CONFIG_IPV6)
217  case IPPROTO_DSTOPTS:
218  case IPPROTO_ROUTING:
219  if (attrs[XFRMA_ALG_COMP] ||
220  attrs[XFRMA_ALG_AUTH] ||
221  attrs[XFRMA_ALG_AUTH_TRUNC] ||
222  attrs[XFRMA_ALG_AEAD] ||
223  attrs[XFRMA_ALG_CRYPT] ||
224  attrs[XFRMA_ENCAP] ||
225  attrs[XFRMA_SEC_CTX] ||
226  attrs[XFRMA_TFCPAD] ||
227  !attrs[XFRMA_COADDR])
228  goto out;
229  break;
230 #endif
231 
232  default:
233  goto out;
234  }
235 
236  if ((err = verify_aead(attrs)))
237  goto out;
238  if ((err = verify_auth_trunc(attrs)))
239  goto out;
240  if ((err = verify_one_alg(attrs, XFRMA_ALG_AUTH)))
241  goto out;
242  if ((err = verify_one_alg(attrs, XFRMA_ALG_CRYPT)))
243  goto out;
244  if ((err = verify_one_alg(attrs, XFRMA_ALG_COMP)))
245  goto out;
246  if ((err = verify_sec_ctx_len(attrs)))
247  goto out;
248  if ((err = verify_replay(p, attrs)))
249  goto out;
250 
251  err = -EINVAL;
252  switch (p->mode) {
253  case XFRM_MODE_TRANSPORT:
254  case XFRM_MODE_TUNNEL:
255  case XFRM_MODE_ROUTEOPTIMIZATION:
256  case XFRM_MODE_BEET:
257  break;
258 
259  default:
260  goto out;
261  }
262 
263  err = 0;
264 
265 out:
266  return err;
267 }
268 
269 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props,
270  struct xfrm_algo_desc *(*get_byname)(const char *, int),
271  struct nlattr *rta)
272 {
273  struct xfrm_algo *p, *ualg;
274  struct xfrm_algo_desc *algo;
275 
276  if (!rta)
277  return 0;
278 
279  ualg = nla_data(rta);
280 
281  algo = get_byname(ualg->alg_name, 1);
282  if (!algo)
283  return -ENOSYS;
284  *props = algo->desc.sadb_alg_id;
285 
286  p = kmemdup(ualg, xfrm_alg_len(ualg), GFP_KERNEL);
287  if (!p)
288  return -ENOMEM;
289 
290  strcpy(p->alg_name, algo->name);
291  *algpp = p;
292  return 0;
293 }
294 
295 static int attach_auth(struct xfrm_algo_auth **algpp, u8 *props,
296  struct nlattr *rta)
297 {
298  struct xfrm_algo *ualg;
299  struct xfrm_algo_auth *p;
300  struct xfrm_algo_desc *algo;
301 
302  if (!rta)
303  return 0;
304 
305  ualg = nla_data(rta);
306 
307  algo = xfrm_aalg_get_byname(ualg->alg_name, 1);
308  if (!algo)
309  return -ENOSYS;
310  *props = algo->desc.sadb_alg_id;
311 
312  p = kmalloc(sizeof(*p) + (ualg->alg_key_len + 7) / 8, GFP_KERNEL);
313  if (!p)
314  return -ENOMEM;
315 
316  strcpy(p->alg_name, algo->name);
317  p->alg_key_len = ualg->alg_key_len;
318  p->alg_trunc_len = algo->uinfo.auth.icv_truncbits;
319  memcpy(p->alg_key, ualg->alg_key, (ualg->alg_key_len + 7) / 8);
320 
321  *algpp = p;
322  return 0;
323 }
324 
325 static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props,
326  struct nlattr *rta)
327 {
328  struct xfrm_algo_auth *p, *ualg;
329  struct xfrm_algo_desc *algo;
330 
331  if (!rta)
332  return 0;
333 
334  ualg = nla_data(rta);
335 
336  algo = xfrm_aalg_get_byname(ualg->alg_name, 1);
337  if (!algo)
338  return -ENOSYS;
339  if ((ualg->alg_trunc_len / 8) > MAX_AH_AUTH_LEN ||
340  ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits)
341  return -EINVAL;
342  *props = algo->desc.sadb_alg_id;
343 
344  p = kmemdup(ualg, xfrm_alg_auth_len(ualg), GFP_KERNEL);
345  if (!p)
346  return -ENOMEM;
347 
348  strcpy(p->alg_name, algo->name);
349  if (!p->alg_trunc_len)
350  p->alg_trunc_len = algo->uinfo.auth.icv_truncbits;
351 
352  *algpp = p;
353  return 0;
354 }
355 
356 static int attach_aead(struct xfrm_algo_aead **algpp, u8 *props,
357  struct nlattr *rta)
358 {
359  struct xfrm_algo_aead *p, *ualg;
360  struct xfrm_algo_desc *algo;
361 
362  if (!rta)
363  return 0;
364 
365  ualg = nla_data(rta);
366 
367  algo = xfrm_aead_get_byname(ualg->alg_name, ualg->alg_icv_len, 1);
368  if (!algo)
369  return -ENOSYS;
370  *props = algo->desc.sadb_alg_id;
371 
372  p = kmemdup(ualg, aead_len(ualg), GFP_KERNEL);
373  if (!p)
374  return -ENOMEM;
375 
376  strcpy(p->alg_name, algo->name);
377  *algpp = p;
378  return 0;
379 }
380 
381 static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_esn,
382  struct nlattr *rp)
383 {
384  struct xfrm_replay_state_esn *up;
385  int ulen;
386 
387  if (!replay_esn || !rp)
388  return 0;
389 
390  up = nla_data(rp);
391  ulen = xfrm_replay_state_esn_len(up);
392 
393  if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen)
394  return -EINVAL;
395 
396  return 0;
397 }
398 
399 static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn,
400  struct xfrm_replay_state_esn **preplay_esn,
401  struct nlattr *rta)
402 {
403  struct xfrm_replay_state_esn *p, *pp, *up;
404  int klen, ulen;
405 
406  if (!rta)
407  return 0;
408 
409  up = nla_data(rta);
410  klen = xfrm_replay_state_esn_len(up);
411  ulen = nla_len(rta) >= klen ? klen : sizeof(*up);
412 
413  p = kzalloc(klen, GFP_KERNEL);
414  if (!p)
415  return -ENOMEM;
416 
417  pp = kzalloc(klen, GFP_KERNEL);
418  if (!pp) {
419  kfree(p);
420  return -ENOMEM;
421  }
422 
423  memcpy(p, up, ulen);
424  memcpy(pp, up, ulen);
425 
426  *replay_esn = p;
427  *preplay_esn = pp;
428 
429  return 0;
430 }
431 
432 static inline int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx)
433 {
434  int len = 0;
435 
436  if (xfrm_ctx) {
437  len += sizeof(struct xfrm_user_sec_ctx);
438  len += xfrm_ctx->ctx_len;
439  }
440  return len;
441 }
442 
443 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p)
444 {
445  memcpy(&x->id, &p->id, sizeof(x->id));
446  memcpy(&x->sel, &p->sel, sizeof(x->sel));
447  memcpy(&x->lft, &p->lft, sizeof(x->lft));
448  x->props.mode = p->mode;
449  x->props.replay_window = p->replay_window;
450  x->props.reqid = p->reqid;
451  x->props.family = p->family;
452  memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr));
453  x->props.flags = p->flags;
454 
455  if (!x->sel.family && !(p->flags & XFRM_STATE_AF_UNSPEC))
456  x->sel.family = p->family;
457 }
458 
459 /*
460  * someday when pfkey also has support, we could have the code
461  * somehow made shareable and move it to xfrm_state.c - JHS
462  *
463 */
464 static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs,
465  int update_esn)
466 {
467  struct nlattr *rp = attrs[XFRMA_REPLAY_VAL];
468  struct nlattr *re = update_esn ? attrs[XFRMA_REPLAY_ESN_VAL] : NULL;
469  struct nlattr *lt = attrs[XFRMA_LTIME_VAL];
470  struct nlattr *et = attrs[XFRMA_ETIMER_THRESH];
471  struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH];
472 
473  if (re) {
474  struct xfrm_replay_state_esn *replay_esn;
475  replay_esn = nla_data(re);
476  memcpy(x->replay_esn, replay_esn,
477  xfrm_replay_state_esn_len(replay_esn));
478  memcpy(x->preplay_esn, replay_esn,
479  xfrm_replay_state_esn_len(replay_esn));
480  }
481 
482  if (rp) {
483  struct xfrm_replay_state *replay;
484  replay = nla_data(rp);
485  memcpy(&x->replay, replay, sizeof(*replay));
486  memcpy(&x->preplay, replay, sizeof(*replay));
487  }
488 
489  if (lt) {
490  struct xfrm_lifetime_cur *ltime;
491  ltime = nla_data(lt);
492  x->curlft.bytes = ltime->bytes;
493  x->curlft.packets = ltime->packets;
494  x->curlft.add_time = ltime->add_time;
495  x->curlft.use_time = ltime->use_time;
496  }
497 
498  if (et)
499  x->replay_maxage = nla_get_u32(et);
500 
501  if (rt)
502  x->replay_maxdiff = nla_get_u32(rt);
503 }
504 
505 static struct xfrm_state *xfrm_state_construct(struct net *net,
506  struct xfrm_usersa_info *p,
507  struct nlattr **attrs,
508  int *errp)
509 {
510  struct xfrm_state *x = xfrm_state_alloc(net);
511  int err = -ENOMEM;
512 
513  if (!x)
514  goto error_no_put;
515 
516  copy_from_user_state(x, p);
517 
518  if ((err = attach_aead(&x->aead, &x->props.ealgo,
519  attrs[XFRMA_ALG_AEAD])))
520  goto error;
521  if ((err = attach_auth_trunc(&x->aalg, &x->props.aalgo,
522  attrs[XFRMA_ALG_AUTH_TRUNC])))
523  goto error;
524  if (!x->props.aalgo) {
525  if ((err = attach_auth(&x->aalg, &x->props.aalgo,
526  attrs[XFRMA_ALG_AUTH])))
527  goto error;
528  }
529  if ((err = attach_one_algo(&x->ealg, &x->props.ealgo,
530  xfrm_ealg_get_byname,
531  attrs[XFRMA_ALG_CRYPT])))
532  goto error;
533  if ((err = attach_one_algo(&x->calg, &x->props.calgo,
534  xfrm_calg_get_byname,
535  attrs[XFRMA_ALG_COMP])))
536  goto error;
537 
538  if (attrs[XFRMA_ENCAP]) {
539  x->encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]),
540  sizeof(*x->encap), GFP_KERNEL);
541  if (x->encap == NULL)
542  goto error;
543  }
544 
545  if (attrs[XFRMA_TFCPAD])
546  x->tfcpad = nla_get_u32(attrs[XFRMA_TFCPAD]);
547 
548  if (attrs[XFRMA_COADDR]) {
549  x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]),
550  sizeof(*x->coaddr), GFP_KERNEL);
551  if (x->coaddr == NULL)
552  goto error;
553  }
554 
555  xfrm_mark_get(attrs, &x->mark);
556 
557  err = __xfrm_init_state(x, false);
558  if (err)
559  goto error;
560 
561  if (attrs[XFRMA_SEC_CTX] &&
562  security_xfrm_state_alloc(x, nla_data(attrs[XFRMA_SEC_CTX])))
563  goto error;
564 
565  if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn,
566  attrs[XFRMA_REPLAY_ESN_VAL])))
567  goto error;
568 
569  x->km.seq = p->seq;
570  x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth;
571  /* sysctl_xfrm_aevent_etime is in 100ms units */
572  x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M;
573 
574  if ((err = xfrm_init_replay(x)))
575  goto error;
576 
577  /* override default values from above */
578  xfrm_update_ae_params(x, attrs, 0);
579 
580  return x;
581 
582 error:
583  x->km.state = XFRM_STATE_DEAD;
584  xfrm_state_put(x);
585 error_no_put:
586  *errp = err;
587  return NULL;
588 }
589 
590 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
591  struct nlattr **attrs)
592 {
593  struct net *net = sock_net(skb->sk);
594  struct xfrm_usersa_info *p = nlmsg_data(nlh);
595  struct xfrm_state *x;
596  int err;
597  struct km_event c;
598  kuid_t loginuid = audit_get_loginuid(current);
599  u32 sessionid = audit_get_sessionid(current);
600  u32 sid;
601 
602  err = verify_newsa_info(p, attrs);
603  if (err)
604  return err;
605 
606  x = xfrm_state_construct(net, p, attrs, &err);
607  if (!x)
608  return err;
609 
610  xfrm_state_hold(x);
611  if (nlh->nlmsg_type == XFRM_MSG_NEWSA)
612  err = xfrm_state_add(x);
613  else
614  err = xfrm_state_update(x);
615 
616  security_task_getsecid(current, &sid);
617  xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid);
618 
619  if (err < 0) {
620  x->km.state = XFRM_STATE_DEAD;
621  __xfrm_state_put(x);
622  goto out;
623  }
624 
625  c.seq = nlh->nlmsg_seq;
626  c.portid = nlh->nlmsg_pid;
627  c.event = nlh->nlmsg_type;
628 
629  km_state_notify(x, &c);
630 out:
631  xfrm_state_put(x);
632  return err;
633 }
634 
635 static struct xfrm_state *xfrm_user_state_lookup(struct net *net,
636  struct xfrm_usersa_id *p,
637  struct nlattr **attrs,
638  int *errp)
639 {
640  struct xfrm_state *x = NULL;
641  struct xfrm_mark m;
642  int err;
643  u32 mark = xfrm_mark_get(attrs, &m);
644 
645  if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) {
646  err = -ESRCH;
647  x = xfrm_state_lookup(net, mark, &p->daddr, p->spi, p->proto, p->family);
648  } else {
649  xfrm_address_t *saddr = NULL;
650 
651  verify_one_addr(attrs, XFRMA_SRCADDR, &saddr);
652  if (!saddr) {
653  err = -EINVAL;
654  goto out;
655  }
656 
657  err = -ESRCH;
658  x = xfrm_state_lookup_byaddr(net, mark,
659  &p->daddr, saddr,
660  p->proto, p->family);
661  }
662 
663  out:
664  if (!x && errp)
665  *errp = err;
666  return x;
667 }
668 
669 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
670  struct nlattr **attrs)
671 {
672  struct net *net = sock_net(skb->sk);
673  struct xfrm_state *x;
674  int err = -ESRCH;
675  struct km_event c;
676  struct xfrm_usersa_id *p = nlmsg_data(nlh);
677  kuid_t loginuid = audit_get_loginuid(current);
678  u32 sessionid = audit_get_sessionid(current);
679  u32 sid;
680 
681  x = xfrm_user_state_lookup(net, p, attrs, &err);
682  if (x == NULL)
683  return err;
684 
685  if ((err = security_xfrm_state_delete(x)) != 0)
686  goto out;
687 
688  if (xfrm_state_kern(x)) {
689  err = -EPERM;
690  goto out;
691  }
692 
693  err = xfrm_state_delete(x);
694 
695  if (err < 0)
696  goto out;
697 
698  c.seq = nlh->nlmsg_seq;
699  c.portid = nlh->nlmsg_pid;
700  c.event = nlh->nlmsg_type;
701  km_state_notify(x, &c);
702 
703 out:
704  security_task_getsecid(current, &sid);
705  xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid);
706  xfrm_state_put(x);
707  return err;
708 }
709 
710 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p)
711 {
712  memset(p, 0, sizeof(*p));
713  memcpy(&p->id, &x->id, sizeof(p->id));
714  memcpy(&p->sel, &x->sel, sizeof(p->sel));
715  memcpy(&p->lft, &x->lft, sizeof(p->lft));
716  memcpy(&p->curlft, &x->curlft, sizeof(p->curlft));
717  memcpy(&p->stats, &x->stats, sizeof(p->stats));
718  memcpy(&p->saddr, &x->props.saddr, sizeof(p->saddr));
719  p->mode = x->props.mode;
720  p->replay_window = x->props.replay_window;
721  p->reqid = x->props.reqid;
722  p->family = x->props.family;
723  p->flags = x->props.flags;
724  p->seq = x->km.seq;
725 }
726 
727 struct xfrm_dump_info {
728  struct sk_buff *in_skb;
729  struct sk_buff *out_skb;
730  u32 nlmsg_seq;
731  u16 nlmsg_flags;
732 };
733 
734 static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb)
735 {
736  struct xfrm_user_sec_ctx *uctx;
737  struct nlattr *attr;
738  int ctx_size = sizeof(*uctx) + s->ctx_len;
739 
740  attr = nla_reserve(skb, XFRMA_SEC_CTX, ctx_size);
741  if (attr == NULL)
742  return -EMSGSIZE;
743 
744  uctx = nla_data(attr);
745  uctx->exttype = XFRMA_SEC_CTX;
746  uctx->len = ctx_size;
747  uctx->ctx_doi = s->ctx_doi;
748  uctx->ctx_alg = s->ctx_alg;
749  uctx->ctx_len = s->ctx_len;
750  memcpy(uctx + 1, s->ctx_str, s->ctx_len);
751 
752  return 0;
753 }
754 
755 static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb)
756 {
757  struct xfrm_algo *algo;
758  struct nlattr *nla;
759 
760  nla = nla_reserve(skb, XFRMA_ALG_AUTH,
761  sizeof(*algo) + (auth->alg_key_len + 7) / 8);
762  if (!nla)
763  return -EMSGSIZE;
764 
765  algo = nla_data(nla);
766  strncpy(algo->alg_name, auth->alg_name, sizeof(algo->alg_name));
767  memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8);
768  algo->alg_key_len = auth->alg_key_len;
769 
770  return 0;
771 }
772 
773 /* Don't change this without updating xfrm_sa_len! */
774 static int copy_to_user_state_extra(struct xfrm_state *x,
775  struct xfrm_usersa_info *p,
776  struct sk_buff *skb)
777 {
778  int ret = 0;
779 
780  copy_to_user_state(x, p);
781 
782  if (x->coaddr) {
783  ret = nla_put(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr);
784  if (ret)
785  goto out;
786  }
787  if (x->lastused) {
788  ret = nla_put_u64(skb, XFRMA_LASTUSED, x->lastused);
789  if (ret)
790  goto out;
791  }
792  if (x->aead) {
793  ret = nla_put(skb, XFRMA_ALG_AEAD, aead_len(x->aead), x->aead);
794  if (ret)
795  goto out;
796  }
797  if (x->aalg) {
798  ret = copy_to_user_auth(x->aalg, skb);
799  if (!ret)
800  ret = nla_put(skb, XFRMA_ALG_AUTH_TRUNC,
801  xfrm_alg_auth_len(x->aalg), x->aalg);
802  if (ret)
803  goto out;
804  }
805  if (x->ealg) {
806  ret = nla_put(skb, XFRMA_ALG_CRYPT, xfrm_alg_len(x->ealg), x->ealg);
807  if (ret)
808  goto out;
809  }
810  if (x->calg) {
811  ret = nla_put(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg);
812  if (ret)
813  goto out;
814  }
815  if (x->encap) {
816  ret = nla_put(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap);
817  if (ret)
818  goto out;
819  }
820  if (x->tfcpad) {
821  ret = nla_put_u32(skb, XFRMA_TFCPAD, x->tfcpad);
822  if (ret)
823  goto out;
824  }
825  ret = xfrm_mark_put(skb, &x->mark);
826  if (ret)
827  goto out;
828  if (x->replay_esn) {
829  ret = nla_put(skb, XFRMA_REPLAY_ESN_VAL,
830  xfrm_replay_state_esn_len(x->replay_esn),
831  x->replay_esn);
832  if (ret)
833  goto out;
834  }
835  if (x->security)
836  ret = copy_sec_ctx(x->security, skb);
837 out:
838  return ret;
839 }
840 
841 static int dump_one_state(struct xfrm_state *x, int count, void *ptr)
842 {
843  struct xfrm_dump_info *sp = ptr;
844  struct sk_buff *in_skb = sp->in_skb;
845  struct sk_buff *skb = sp->out_skb;
846  struct xfrm_usersa_info *p;
847  struct nlmsghdr *nlh;
848  int err;
849 
850  nlh = nlmsg_put(skb, NETLINK_CB(in_skb).portid, sp->nlmsg_seq,
851  XFRM_MSG_NEWSA, sizeof(*p), sp->nlmsg_flags);
852  if (nlh == NULL)
853  return -EMSGSIZE;
854 
855  p = nlmsg_data(nlh);
856 
857  err = copy_to_user_state_extra(x, p, skb);
858  if (err) {
859  nlmsg_cancel(skb, nlh);
860  return err;
861  }
862  nlmsg_end(skb, nlh);
863  return 0;
864 }
865 
866 static int xfrm_dump_sa_done(struct netlink_callback *cb)
867 {
868  struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1];
869  xfrm_state_walk_done(walk);
870  return 0;
871 }
872 
873 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb)
874 {
875  struct net *net = sock_net(skb->sk);
876  struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1];
877  struct xfrm_dump_info info;
878 
879  BUILD_BUG_ON(sizeof(struct xfrm_state_walk) >
880  sizeof(cb->args) - sizeof(cb->args[0]));
881 
882  info.in_skb = cb->skb;
883  info.out_skb = skb;
884  info.nlmsg_seq = cb->nlh->nlmsg_seq;
885  info.nlmsg_flags = NLM_F_MULTI;
886 
887  if (!cb->args[0]) {
888  cb->args[0] = 1;
889  xfrm_state_walk_init(walk, 0);
890  }
891 
892  (void) xfrm_state_walk(net, walk, dump_one_state, &info);
893 
894  return skb->len;
895 }
896 
897 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb,
898  struct xfrm_state *x, u32 seq)
899 {
900  struct xfrm_dump_info info;
901  struct sk_buff *skb;
902  int err;
903 
904  skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
905  if (!skb)
906  return ERR_PTR(-ENOMEM);
907 
908  info.in_skb = in_skb;
909  info.out_skb = skb;
910  info.nlmsg_seq = seq;
911  info.nlmsg_flags = 0;
912 
913  err = dump_one_state(x, 0, &info);
914  if (err) {
915  kfree_skb(skb);
916  return ERR_PTR(err);
917  }
918 
919  return skb;
920 }
921 
922 static inline size_t xfrm_spdinfo_msgsize(void)
923 {
924  return NLMSG_ALIGN(4)
925  + nla_total_size(sizeof(struct xfrmu_spdinfo))
926  + nla_total_size(sizeof(struct xfrmu_spdhinfo));
927 }
928 
929 static int build_spdinfo(struct sk_buff *skb, struct net *net,
930  u32 portid, u32 seq, u32 flags)
931 {
932  struct xfrmk_spdinfo si;
933  struct xfrmu_spdinfo spc;
934  struct xfrmu_spdhinfo sph;
935  struct nlmsghdr *nlh;
936  int err;
937  u32 *f;
938 
939  nlh = nlmsg_put(skb, portid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0);
940  if (nlh == NULL) /* shouldn't really happen ... */
941  return -EMSGSIZE;
942 
943  f = nlmsg_data(nlh);
944  *f = flags;
945  xfrm_spd_getinfo(net, &si);
946  spc.incnt = si.incnt;
947  spc.outcnt = si.outcnt;
948  spc.fwdcnt = si.fwdcnt;
949  spc.inscnt = si.inscnt;
950  spc.outscnt = si.outscnt;
951  spc.fwdscnt = si.fwdscnt;
952  sph.spdhcnt = si.spdhcnt;
953  sph.spdhmcnt = si.spdhmcnt;
954 
955  err = nla_put(skb, XFRMA_SPD_INFO, sizeof(spc), &spc);
956  if (!err)
957  err = nla_put(skb, XFRMA_SPD_HINFO, sizeof(sph), &sph);
958  if (err) {
959  nlmsg_cancel(skb, nlh);
960  return err;
961  }
962 
963  return nlmsg_end(skb, nlh);
964 }
965 
966 static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh,
967  struct nlattr **attrs)
968 {
969  struct net *net = sock_net(skb->sk);
970  struct sk_buff *r_skb;
971  u32 *flags = nlmsg_data(nlh);
972  u32 sportid = NETLINK_CB(skb).portid;
973  u32 seq = nlh->nlmsg_seq;
974 
975  r_skb = nlmsg_new(xfrm_spdinfo_msgsize(), GFP_ATOMIC);
976  if (r_skb == NULL)
977  return -ENOMEM;
978 
979  if (build_spdinfo(r_skb, net, sportid, seq, *flags) < 0)
980  BUG();
981 
982  return nlmsg_unicast(net->xfrm.nlsk, r_skb, sportid);
983 }
984 
985 static inline size_t xfrm_sadinfo_msgsize(void)
986 {
987  return NLMSG_ALIGN(4)
988  + nla_total_size(sizeof(struct xfrmu_sadhinfo))
989  + nla_total_size(4); /* XFRMA_SAD_CNT */
990 }
991 
992 static int build_sadinfo(struct sk_buff *skb, struct net *net,
993  u32 portid, u32 seq, u32 flags)
994 {
995  struct xfrmk_sadinfo si;
996  struct xfrmu_sadhinfo sh;
997  struct nlmsghdr *nlh;
998  int err;
999  u32 *f;
1000 
1001  nlh = nlmsg_put(skb, portid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0);
1002  if (nlh == NULL) /* shouldn't really happen ... */
1003  return -EMSGSIZE;
1004 
1005  f = nlmsg_data(nlh);
1006  *f = flags;
1007  xfrm_sad_getinfo(net, &si);
1008 
1009  sh.sadhmcnt = si.sadhmcnt;
1010  sh.sadhcnt = si.sadhcnt;
1011 
1012  err = nla_put_u32(skb, XFRMA_SAD_CNT, si.sadcnt);
1013  if (!err)
1014  err = nla_put(skb, XFRMA_SAD_HINFO, sizeof(sh), &sh);
1015  if (err) {
1016  nlmsg_cancel(skb, nlh);
1017  return err;
1018  }
1019 
1020  return nlmsg_end(skb, nlh);
1021 }
1022 
1023 static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh,
1024  struct nlattr **attrs)
1025 {
1026  struct net *net = sock_net(skb->sk);
1027  struct sk_buff *r_skb;
1028  u32 *flags = nlmsg_data(nlh);
1029  u32 sportid = NETLINK_CB(skb).portid;
1030  u32 seq = nlh->nlmsg_seq;
1031 
1032  r_skb = nlmsg_new(xfrm_sadinfo_msgsize(), GFP_ATOMIC);
1033  if (r_skb == NULL)
1034  return -ENOMEM;
1035 
1036  if (build_sadinfo(r_skb, net, sportid, seq, *flags) < 0)
1037  BUG();
1038 
1039  return nlmsg_unicast(net->xfrm.nlsk, r_skb, sportid);
1040 }
1041 
1042 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
1043  struct nlattr **attrs)
1044 {
1045  struct net *net = sock_net(skb->sk);
1046  struct xfrm_usersa_id *p = nlmsg_data(nlh);
1047  struct xfrm_state *x;
1048  struct sk_buff *resp_skb;
1049  int err = -ESRCH;
1050 
1051  x = xfrm_user_state_lookup(net, p, attrs, &err);
1052  if (x == NULL)
1053  goto out_noput;
1054 
1055  resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq);
1056  if (IS_ERR(resp_skb)) {
1057  err = PTR_ERR(resp_skb);
1058  } else {
1059  err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).portid);
1060  }
1061  xfrm_state_put(x);
1062 out_noput:
1063  return err;
1064 }
1065 
1066 static int verify_userspi_info(struct xfrm_userspi_info *p)
1067 {
1068  switch (p->info.id.proto) {
1069  case IPPROTO_AH:
1070  case IPPROTO_ESP:
1071  break;
1072 
1073  case IPPROTO_COMP:
1074  /* IPCOMP spi is 16-bits. */
1075  if (p->max >= 0x10000)
1076  return -EINVAL;
1077  break;
1078 
1079  default:
1080  return -EINVAL;
1081  }
1082 
1083  if (p->min > p->max)
1084  return -EINVAL;
1085 
1086  return 0;
1087 }
1088 
1089 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
1090  struct nlattr **attrs)
1091 {
1092  struct net *net = sock_net(skb->sk);
1093  struct xfrm_state *x;
1094  struct xfrm_userspi_info *p;
1095  struct sk_buff *resp_skb;
1096  xfrm_address_t *daddr;
1097  int family;
1098  int err;
1099  u32 mark;
1100  struct xfrm_mark m;
1101 
1102  p = nlmsg_data(nlh);
1103  err = verify_userspi_info(p);
1104  if (err)
1105  goto out_noput;
1106 
1107  family = p->info.family;
1108  daddr = &p->info.id.daddr;
1109 
1110  x = NULL;
1111 
1112  mark = xfrm_mark_get(attrs, &m);
1113  if (p->info.seq) {
1114  x = xfrm_find_acq_byseq(net, mark, p->info.seq);
1115  if (x && xfrm_addr_cmp(&x->id.daddr, daddr, family)) {
1116  xfrm_state_put(x);
1117  x = NULL;
1118  }
1119  }
1120 
1121  if (!x)
1122  x = xfrm_find_acq(net, &m, p->info.mode, p->info.reqid,
1123  p->info.id.proto, daddr,
1124  &p->info.saddr, 1,
1125  family);
1126  err = -ENOENT;
1127  if (x == NULL)
1128  goto out_noput;
1129 
1130  err = xfrm_alloc_spi(x, p->min, p->max);
1131  if (err)
1132  goto out;
1133 
1134  resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq);
1135  if (IS_ERR(resp_skb)) {
1136  err = PTR_ERR(resp_skb);
1137  goto out;
1138  }
1139 
1140  err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).portid);
1141 
1142 out:
1143  xfrm_state_put(x);
1144 out_noput:
1145  return err;
1146 }
1147 
1148 static int verify_policy_dir(u8 dir)
1149 {
1150  switch (dir) {
1151  case XFRM_POLICY_IN:
1152  case XFRM_POLICY_OUT:
1153  case XFRM_POLICY_FWD:
1154  break;
1155 
1156  default:
1157  return -EINVAL;
1158  }
1159 
1160  return 0;
1161 }
1162 
1163 static int verify_policy_type(u8 type)
1164 {
1165  switch (type) {
1166  case XFRM_POLICY_TYPE_MAIN:
1167 #ifdef CONFIG_XFRM_SUB_POLICY
1168  case XFRM_POLICY_TYPE_SUB:
1169 #endif
1170  break;
1171 
1172  default:
1173  return -EINVAL;
1174  }
1175 
1176  return 0;
1177 }
1178 
1179 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p)
1180 {
1181  switch (p->share) {
1182  case XFRM_SHARE_ANY:
1183  case XFRM_SHARE_SESSION:
1184  case XFRM_SHARE_USER:
1185  case XFRM_SHARE_UNIQUE:
1186  break;
1187 
1188  default:
1189  return -EINVAL;
1190  }
1191 
1192  switch (p->action) {
1193  case XFRM_POLICY_ALLOW:
1194  case XFRM_POLICY_BLOCK:
1195  break;
1196 
1197  default:
1198  return -EINVAL;
1199  }
1200 
1201  switch (p->sel.family) {
1202  case AF_INET:
1203  break;
1204 
1205  case AF_INET6:
1206 #if IS_ENABLED(CONFIG_IPV6)
1207  break;
1208 #else
1209  return -EAFNOSUPPORT;
1210 #endif
1211 
1212  default:
1213  return -EINVAL;
1214  }
1215 
1216  return verify_policy_dir(p->dir);
1217 }
1218 
1219 static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct nlattr **attrs)
1220 {
1221  struct nlattr *rt = attrs[XFRMA_SEC_CTX];
1222  struct xfrm_user_sec_ctx *uctx;
1223 
1224  if (!rt)
1225  return 0;
1226 
1227  uctx = nla_data(rt);
1228  return security_xfrm_policy_alloc(&pol->security, uctx);
1229 }
1230 
1231 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut,
1232  int nr)
1233 {
1234  int i;
1235 
1236  xp->xfrm_nr = nr;
1237  for (i = 0; i < nr; i++, ut++) {
1238  struct xfrm_tmpl *t = &xp->xfrm_vec[i];
1239 
1240  memcpy(&t->id, &ut->id, sizeof(struct xfrm_id));
1241  memcpy(&t->saddr, &ut->saddr,
1242  sizeof(xfrm_address_t));
1243  t->reqid = ut->reqid;
1244  t->mode = ut->mode;
1245  t->share = ut->share;
1246  t->optional = ut->optional;
1247  t->aalgos = ut->aalgos;
1248  t->ealgos = ut->ealgos;
1249  t->calgos = ut->calgos;
1250  /* If all masks are ~0, then we allow all algorithms. */
1251  t->allalgs = !~(t->aalgos & t->ealgos & t->calgos);
1252  t->encap_family = ut->family;
1253  }
1254 }
1255 
1256 static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family)
1257 {
1258  int i;
1259 
1260  if (nr > XFRM_MAX_DEPTH)
1261  return -EINVAL;
1262 
1263  for (i = 0; i < nr; i++) {
1264  /* We never validated the ut->family value, so many
1265  * applications simply leave it at zero. The check was
1266  * never made and ut->family was ignored because all
1267  * templates could be assumed to have the same family as
1268  * the policy itself. Now that we will have ipv4-in-ipv6
1269  * and ipv6-in-ipv4 tunnels, this is no longer true.
1270  */
1271  if (!ut[i].family)
1272  ut[i].family = family;
1273 
1274  switch (ut[i].family) {
1275  case AF_INET:
1276  break;
1277 #if IS_ENABLED(CONFIG_IPV6)
1278  case AF_INET6:
1279  break;
1280 #endif
1281  default:
1282  return -EINVAL;
1283  }
1284  }
1285 
1286  return 0;
1287 }
1288 
1289 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct nlattr **attrs)
1290 {
1291  struct nlattr *rt = attrs[XFRMA_TMPL];
1292 
1293  if (!rt) {
1294  pol->xfrm_nr = 0;
1295  } else {
1296  struct xfrm_user_tmpl *utmpl = nla_data(rt);
1297  int nr = nla_len(rt) / sizeof(*utmpl);
1298  int err;
1299 
1300  err = validate_tmpl(nr, utmpl, pol->family);
1301  if (err)
1302  return err;
1303 
1304  copy_templates(pol, utmpl, nr);
1305  }
1306  return 0;
1307 }
1308 
1309 static int copy_from_user_policy_type(u8 *tp, struct nlattr **attrs)
1310 {
1311  struct nlattr *rt = attrs[XFRMA_POLICY_TYPE];
1312  struct xfrm_userpolicy_type *upt;
1313  u8 type = XFRM_POLICY_TYPE_MAIN;
1314  int err;
1315 
1316  if (rt) {
1317  upt = nla_data(rt);
1318  type = upt->type;
1319  }
1320 
1321  err = verify_policy_type(type);
1322  if (err)
1323  return err;
1324 
1325  *tp = type;
1326  return 0;
1327 }
1328 
1329 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p)
1330 {
1331  xp->priority = p->priority;
1332  xp->index = p->index;
1333  memcpy(&xp->selector, &p->sel, sizeof(xp->selector));
1334  memcpy(&xp->lft, &p->lft, sizeof(xp->lft));
1335  xp->action = p->action;
1336  xp->flags = p->flags;
1337  xp->family = p->sel.family;
1338  /* XXX xp->share = p->share; */
1339 }
1340 
1341 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir)
1342 {
1343  memset(p, 0, sizeof(*p));
1344  memcpy(&p->sel, &xp->selector, sizeof(p->sel));
1345  memcpy(&p->lft, &xp->lft, sizeof(p->lft));
1346  memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft));
1347  p->priority = xp->priority;
1348  p->index = xp->index;
1349  p->sel.family = xp->family;
1350  p->dir = dir;
1351  p->action = xp->action;
1352  p->flags = xp->flags;
1353  p->share = XFRM_SHARE_ANY; /* XXX xp->share */
1354 }
1355 
1356 static struct xfrm_policy *xfrm_policy_construct(struct net *net, struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp)
1357 {
1358  struct xfrm_policy *xp = xfrm_policy_alloc(net, GFP_KERNEL);
1359  int err;
1360 
1361  if (!xp) {
1362  *errp = -ENOMEM;
1363  return NULL;
1364  }
1365 
1366  copy_from_user_policy(xp, p);
1367 
1368  err = copy_from_user_policy_type(&xp->type, attrs);
1369  if (err)
1370  goto error;
1371 
1372  if (!(err = copy_from_user_tmpl(xp, attrs)))
1373  err = copy_from_user_sec_ctx(xp, attrs);
1374  if (err)
1375  goto error;
1376 
1377  xfrm_mark_get(attrs, &xp->mark);
1378 
1379  return xp;
1380  error:
1381  *errp = err;
1382  xp->walk.dead = 1;
1383  xfrm_policy_destroy(xp);
1384  return NULL;
1385 }
1386 
1387 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1388  struct nlattr **attrs)
1389 {
1390  struct net *net = sock_net(skb->sk);
1391  struct xfrm_userpolicy_info *p = nlmsg_data(nlh);
1392  struct xfrm_policy *xp;
1393  struct km_event c;
1394  int err;
1395  int excl;
1396  kuid_t loginuid = audit_get_loginuid(current);
1397  u32 sessionid = audit_get_sessionid(current);
1398  u32 sid;
1399 
1400  err = verify_newpolicy_info(p);
1401  if (err)
1402  return err;
1403  err = verify_sec_ctx_len(attrs);
1404  if (err)
1405  return err;
1406 
1407  xp = xfrm_policy_construct(net, p, attrs, &err);
1408  if (!xp)
1409  return err;
1410 
1411  /* shouldn't excl be based on nlh flags??
1412  * Aha! this is anti-netlink really i.e more pfkey derived
1413  * in netlink excl is a flag and you wouldnt need
1414  * a type XFRM_MSG_UPDPOLICY - JHS */
1415  excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
1416  err = xfrm_policy_insert(p->dir, xp, excl);
1417  security_task_getsecid(current, &sid);
1418  xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid);
1419 
1420  if (err) {
1421  security_xfrm_policy_free(xp->security);
1422  kfree(xp);
1423  return err;
1424  }
1425 
1426  c.event = nlh->nlmsg_type;
1427  c.seq = nlh->nlmsg_seq;
1428  c.portid = nlh->nlmsg_pid;
1429  km_policy_notify(xp, p->dir, &c);
1430 
1431  xfrm_pol_put(xp);
1432 
1433  return 0;
1434 }
1435 
1436 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb)
1437 {
1438  struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH];
1439  int i;
1440 
1441  if (xp->xfrm_nr == 0)
1442  return 0;
1443 
1444  for (i = 0; i < xp->xfrm_nr; i++) {
1445  struct xfrm_user_tmpl *up = &vec[i];
1446  struct xfrm_tmpl *kp = &xp->xfrm_vec[i];
1447 
1448  memset(up, 0, sizeof(*up));
1449  memcpy(&up->id, &kp->id, sizeof(up->id));
1450  up->family = kp->encap_family;
1451  memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr));
1452  up->reqid = kp->reqid;
1453  up->mode = kp->mode;
1454  up->share = kp->share;
1455  up->optional = kp->optional;
1456  up->aalgos = kp->aalgos;
1457  up->ealgos = kp->ealgos;
1458  up->calgos = kp->calgos;
1459  }
1460 
1461  return nla_put(skb, XFRMA_TMPL,
1462  sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr, vec);
1463 }
1464 
1465 static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb)
1466 {
1467  if (x->security) {
1468  return copy_sec_ctx(x->security, skb);
1469  }
1470  return 0;
1471 }
1472 
1473 static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb)
1474 {
1475  if (xp->security)
1476  return copy_sec_ctx(xp->security, skb);
1477  return 0;
1478 }
1479 static inline size_t userpolicy_type_attrsize(void)
1480 {
1481 #ifdef CONFIG_XFRM_SUB_POLICY
1482  return nla_total_size(sizeof(struct xfrm_userpolicy_type));
1483 #else
1484  return 0;
1485 #endif
1486 }
1487 
1488 #ifdef CONFIG_XFRM_SUB_POLICY
1489 static int copy_to_user_policy_type(u8 type, struct sk_buff *skb)
1490 {
1491  struct xfrm_userpolicy_type upt = {
1492  .type = type,
1493  };
1494 
1495  return nla_put(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt);
1496 }
1497 
1498 #else
1499 static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb)
1500 {
1501  return 0;
1502 }
1503 #endif
1504 
1505 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr)
1506 {
1507  struct xfrm_dump_info *sp = ptr;
1508  struct xfrm_userpolicy_info *p;
1509  struct sk_buff *in_skb = sp->in_skb;
1510  struct sk_buff *skb = sp->out_skb;
1511  struct nlmsghdr *nlh;
1512  int err;
1513 
1514  nlh = nlmsg_put(skb, NETLINK_CB(in_skb).portid, sp->nlmsg_seq,
1515  XFRM_MSG_NEWPOLICY, sizeof(*p), sp->nlmsg_flags);
1516  if (nlh == NULL)
1517  return -EMSGSIZE;
1518 
1519  p = nlmsg_data(nlh);
1520  copy_to_user_policy(xp, p, dir);
1521  err = copy_to_user_tmpl(xp, skb);
1522  if (!err)
1523  err = copy_to_user_sec_ctx(xp, skb);
1524  if (!err)
1525  err = copy_to_user_policy_type(xp->type, skb);
1526  if (!err)
1527  err = xfrm_mark_put(skb, &xp->mark);
1528  if (err) {
1529  nlmsg_cancel(skb, nlh);
1530  return err;
1531  }
1532  nlmsg_end(skb, nlh);
1533  return 0;
1534 }
1535 
1536 static int xfrm_dump_policy_done(struct netlink_callback *cb)
1537 {
1538  struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1];
1539 
1540  xfrm_policy_walk_done(walk);
1541  return 0;
1542 }
1543 
1544 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb)
1545 {
1546  struct net *net = sock_net(skb->sk);
1547  struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1];
1548  struct xfrm_dump_info info;
1549 
1550  BUILD_BUG_ON(sizeof(struct xfrm_policy_walk) >
1551  sizeof(cb->args) - sizeof(cb->args[0]));
1552 
1553  info.in_skb = cb->skb;
1554  info.out_skb = skb;
1555  info.nlmsg_seq = cb->nlh->nlmsg_seq;
1556  info.nlmsg_flags = NLM_F_MULTI;
1557 
1558  if (!cb->args[0]) {
1559  cb->args[0] = 1;
1560  xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY);
1561  }
1562 
1563  (void) xfrm_policy_walk(net, walk, dump_one_policy, &info);
1564 
1565  return skb->len;
1566 }
1567 
1568 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb,
1569  struct xfrm_policy *xp,
1570  int dir, u32 seq)
1571 {
1572  struct xfrm_dump_info info;
1573  struct sk_buff *skb;
1574  int err;
1575 
1576  skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1577  if (!skb)
1578  return ERR_PTR(-ENOMEM);
1579 
1580  info.in_skb = in_skb;
1581  info.out_skb = skb;
1582  info.nlmsg_seq = seq;
1583  info.nlmsg_flags = 0;
1584 
1585  err = dump_one_policy(xp, dir, 0, &info);
1586  if (err) {
1587  kfree_skb(skb);
1588  return ERR_PTR(err);
1589  }
1590 
1591  return skb;
1592 }
1593 
1594 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1595  struct nlattr **attrs)
1596 {
1597  struct net *net = sock_net(skb->sk);
1598  struct xfrm_policy *xp;
1599  struct xfrm_userpolicy_id *p;
1600  u8 type = XFRM_POLICY_TYPE_MAIN;
1601  int err;
1602  struct km_event c;
1603  int delete;
1604  struct xfrm_mark m;
1605  u32 mark = xfrm_mark_get(attrs, &m);
1606 
1607  p = nlmsg_data(nlh);
1608  delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY;
1609 
1610  err = copy_from_user_policy_type(&type, attrs);
1611  if (err)
1612  return err;
1613 
1614  err = verify_policy_dir(p->dir);
1615  if (err)
1616  return err;
1617 
1618  if (p->index)
1619  xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, delete, &err);
1620  else {
1621  struct nlattr *rt = attrs[XFRMA_SEC_CTX];
1622  struct xfrm_sec_ctx *ctx;
1623 
1624  err = verify_sec_ctx_len(attrs);
1625  if (err)
1626  return err;
1627 
1628  ctx = NULL;
1629  if (rt) {
1630  struct xfrm_user_sec_ctx *uctx = nla_data(rt);
1631 
1632  err = security_xfrm_policy_alloc(&ctx, uctx);
1633  if (err)
1634  return err;
1635  }
1636  xp = xfrm_policy_bysel_ctx(net, mark, type, p->dir, &p->sel,
1637  ctx, delete, &err);
1638  security_xfrm_policy_free(ctx);
1639  }
1640  if (xp == NULL)
1641  return -ENOENT;
1642 
1643  if (!delete) {
1644  struct sk_buff *resp_skb;
1645 
1646  resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq);
1647  if (IS_ERR(resp_skb)) {
1648  err = PTR_ERR(resp_skb);
1649  } else {
1650  err = nlmsg_unicast(net->xfrm.nlsk, resp_skb,
1651  NETLINK_CB(skb).portid);
1652  }
1653  } else {
1654  kuid_t loginuid = audit_get_loginuid(current);
1655  u32 sessionid = audit_get_sessionid(current);
1656  u32 sid;
1657 
1658  security_task_getsecid(current, &sid);
1659  xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid,
1660  sid);
1661 
1662  if (err != 0)
1663  goto out;
1664 
1665  c.data.byid = p->index;
1666  c.event = nlh->nlmsg_type;
1667  c.seq = nlh->nlmsg_seq;
1668  c.portid = nlh->nlmsg_pid;
1669  km_policy_notify(xp, p->dir, &c);
1670  }
1671 
1672 out:
1673  xfrm_pol_put(xp);
1674  return err;
1675 }
1676 
1677 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
1678  struct nlattr **attrs)
1679 {
1680  struct net *net = sock_net(skb->sk);
1681  struct km_event c;
1682  struct xfrm_usersa_flush *p = nlmsg_data(nlh);
1683  struct xfrm_audit audit_info;
1684  int err;
1685 
1686  audit_info.loginuid = audit_get_loginuid(current);
1687  audit_info.sessionid = audit_get_sessionid(current);
1688  security_task_getsecid(current, &audit_info.secid);
1689  err = xfrm_state_flush(net, p->proto, &audit_info);
1690  if (err) {
1691  if (err == -ESRCH) /* empty table */
1692  return 0;
1693  return err;
1694  }
1695  c.data.proto = p->proto;
1696  c.event = nlh->nlmsg_type;
1697  c.seq = nlh->nlmsg_seq;
1698  c.portid = nlh->nlmsg_pid;
1699  c.net = net;
1700  km_state_notify(NULL, &c);
1701 
1702  return 0;
1703 }
1704 
1705 static inline size_t xfrm_aevent_msgsize(struct xfrm_state *x)
1706 {
1707  size_t replay_size = x->replay_esn ?
1708  xfrm_replay_state_esn_len(x->replay_esn) :
1709  sizeof(struct xfrm_replay_state);
1710 
1711  return NLMSG_ALIGN(sizeof(struct xfrm_aevent_id))
1712  + nla_total_size(replay_size)
1713  + nla_total_size(sizeof(struct xfrm_lifetime_cur))
1714  + nla_total_size(sizeof(struct xfrm_mark))
1715  + nla_total_size(4) /* XFRM_AE_RTHR */
1716  + nla_total_size(4); /* XFRM_AE_ETHR */
1717 }
1718 
1719 static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c)
1720 {
1721  struct xfrm_aevent_id *id;
1722  struct nlmsghdr *nlh;
1723  int err;
1724 
1725  nlh = nlmsg_put(skb, c->portid, c->seq, XFRM_MSG_NEWAE, sizeof(*id), 0);
1726  if (nlh == NULL)
1727  return -EMSGSIZE;
1728 
1729  id = nlmsg_data(nlh);
1730  memcpy(&id->sa_id.daddr, &x->id.daddr,sizeof(x->id.daddr));
1731  id->sa_id.spi = x->id.spi;
1732  id->sa_id.family = x->props.family;
1733  id->sa_id.proto = x->id.proto;
1734  memcpy(&id->saddr, &x->props.saddr,sizeof(x->props.saddr));
1735  id->reqid = x->props.reqid;
1736  id->flags = c->data.aevent;
1737 
1738  if (x->replay_esn) {
1739  err = nla_put(skb, XFRMA_REPLAY_ESN_VAL,
1740  xfrm_replay_state_esn_len(x->replay_esn),
1741  x->replay_esn);
1742  } else {
1743  err = nla_put(skb, XFRMA_REPLAY_VAL, sizeof(x->replay),
1744  &x->replay);
1745  }
1746  if (err)
1747  goto out_cancel;
1748  err = nla_put(skb, XFRMA_LTIME_VAL, sizeof(x->curlft), &x->curlft);
1749  if (err)
1750  goto out_cancel;
1751 
1752  if (id->flags & XFRM_AE_RTHR) {
1753  err = nla_put_u32(skb, XFRMA_REPLAY_THRESH, x->replay_maxdiff);
1754  if (err)
1755  goto out_cancel;
1756  }
1757  if (id->flags & XFRM_AE_ETHR) {
1758  err = nla_put_u32(skb, XFRMA_ETIMER_THRESH,
1759  x->replay_maxage * 10 / HZ);
1760  if (err)
1761  goto out_cancel;
1762  }
1763  err = xfrm_mark_put(skb, &x->mark);
1764  if (err)
1765  goto out_cancel;
1766 
1767  return nlmsg_end(skb, nlh);
1768 
1769 out_cancel:
1770  nlmsg_cancel(skb, nlh);
1771  return err;
1772 }
1773 
1774 static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
1775  struct nlattr **attrs)
1776 {
1777  struct net *net = sock_net(skb->sk);
1778  struct xfrm_state *x;
1779  struct sk_buff *r_skb;
1780  int err;
1781  struct km_event c;
1782  u32 mark;
1783  struct xfrm_mark m;
1784  struct xfrm_aevent_id *p = nlmsg_data(nlh);
1785  struct xfrm_usersa_id *id = &p->sa_id;
1786 
1787  mark = xfrm_mark_get(attrs, &m);
1788 
1789  x = xfrm_state_lookup(net, mark, &id->daddr, id->spi, id->proto, id->family);
1790  if (x == NULL)
1791  return -ESRCH;
1792 
1793  r_skb = nlmsg_new(xfrm_aevent_msgsize(x), GFP_ATOMIC);
1794  if (r_skb == NULL) {
1795  xfrm_state_put(x);
1796  return -ENOMEM;
1797  }
1798 
1799  /*
1800  * XXX: is this lock really needed - none of the other
1801  * gets lock (the concern is things getting updated
1802  * while we are still reading) - jhs
1803  */
1804  spin_lock_bh(&x->lock);
1805  c.data.aevent = p->flags;
1806  c.seq = nlh->nlmsg_seq;
1807  c.portid = nlh->nlmsg_pid;
1808 
1809  if (build_aevent(r_skb, x, &c) < 0)
1810  BUG();
1811  err = nlmsg_unicast(net->xfrm.nlsk, r_skb, NETLINK_CB(skb).portid);
1812  spin_unlock_bh(&x->lock);
1813  xfrm_state_put(x);
1814  return err;
1815 }
1816 
1817 static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh,
1818  struct nlattr **attrs)
1819 {
1820  struct net *net = sock_net(skb->sk);
1821  struct xfrm_state *x;
1822  struct km_event c;
1823  int err = - EINVAL;
1824  u32 mark = 0;
1825  struct xfrm_mark m;
1826  struct xfrm_aevent_id *p = nlmsg_data(nlh);
1827  struct nlattr *rp = attrs[XFRMA_REPLAY_VAL];
1828  struct nlattr *re = attrs[XFRMA_REPLAY_ESN_VAL];
1829  struct nlattr *lt = attrs[XFRMA_LTIME_VAL];
1830 
1831  if (!lt && !rp && !re)
1832  return err;
1833 
1834  /* pedantic mode - thou shalt sayeth replaceth */
1835  if (!(nlh->nlmsg_flags&NLM_F_REPLACE))
1836  return err;
1837 
1838  mark = xfrm_mark_get(attrs, &m);
1839 
1840  x = xfrm_state_lookup(net, mark, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family);
1841  if (x == NULL)
1842  return -ESRCH;
1843 
1844  if (x->km.state != XFRM_STATE_VALID)
1845  goto out;
1846 
1847  err = xfrm_replay_verify_len(x->replay_esn, rp);
1848  if (err)
1849  goto out;
1850 
1851  spin_lock_bh(&x->lock);
1852  xfrm_update_ae_params(x, attrs, 1);
1853  spin_unlock_bh(&x->lock);
1854 
1855  c.event = nlh->nlmsg_type;
1856  c.seq = nlh->nlmsg_seq;
1857  c.portid = nlh->nlmsg_pid;
1858  c.data.aevent = XFRM_AE_CU;
1859  km_state_notify(x, &c);
1860  err = 0;
1861 out:
1862  xfrm_state_put(x);
1863  return err;
1864 }
1865 
1866 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1867  struct nlattr **attrs)
1868 {
1869  struct net *net = sock_net(skb->sk);
1870  struct km_event c;
1871  u8 type = XFRM_POLICY_TYPE_MAIN;
1872  int err;
1873  struct xfrm_audit audit_info;
1874 
1875  err = copy_from_user_policy_type(&type, attrs);
1876  if (err)
1877  return err;
1878 
1879  audit_info.loginuid = audit_get_loginuid(current);
1880  audit_info.sessionid = audit_get_sessionid(current);
1881  security_task_getsecid(current, &audit_info.secid);
1882  err = xfrm_policy_flush(net, type, &audit_info);
1883  if (err) {
1884  if (err == -ESRCH) /* empty table */
1885  return 0;
1886  return err;
1887  }
1888 
1889  c.data.type = type;
1890  c.event = nlh->nlmsg_type;
1891  c.seq = nlh->nlmsg_seq;
1892  c.portid = nlh->nlmsg_pid;
1893  c.net = net;
1894  km_policy_notify(NULL, 0, &c);
1895  return 0;
1896 }
1897 
1898 static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1899  struct nlattr **attrs)
1900 {
1901  struct net *net = sock_net(skb->sk);
1902  struct xfrm_policy *xp;
1903  struct xfrm_user_polexpire *up = nlmsg_data(nlh);
1904  struct xfrm_userpolicy_info *p = &up->pol;
1905  u8 type = XFRM_POLICY_TYPE_MAIN;
1906  int err = -ENOENT;
1907  struct xfrm_mark m;
1908  u32 mark = xfrm_mark_get(attrs, &m);
1909 
1910  err = copy_from_user_policy_type(&type, attrs);
1911  if (err)
1912  return err;
1913 
1914  err = verify_policy_dir(p->dir);
1915  if (err)
1916  return err;
1917 
1918  if (p->index)
1919  xp = xfrm_policy_byid(net, mark, type, p->dir, p->index, 0, &err);
1920  else {
1921  struct nlattr *rt = attrs[XFRMA_SEC_CTX];
1922  struct xfrm_sec_ctx *ctx;
1923 
1924  err = verify_sec_ctx_len(attrs);
1925  if (err)
1926  return err;
1927 
1928  ctx = NULL;
1929  if (rt) {
1930  struct xfrm_user_sec_ctx *uctx = nla_data(rt);
1931 
1932  err = security_xfrm_policy_alloc(&ctx, uctx);
1933  if (err)
1934  return err;
1935  }
1936  xp = xfrm_policy_bysel_ctx(net, mark, type, p->dir,
1937  &p->sel, ctx, 0, &err);
1938  security_xfrm_policy_free(ctx);
1939  }
1940  if (xp == NULL)
1941  return -ENOENT;
1942 
1943  if (unlikely(xp->walk.dead))
1944  goto out;
1945 
1946  err = 0;
1947  if (up->hard) {
1948  kuid_t loginuid = audit_get_loginuid(current);
1949  u32 sessionid = audit_get_sessionid(current);
1950  u32 sid;
1951 
1952  security_task_getsecid(current, &sid);
1953  xfrm_policy_delete(xp, p->dir);
1954  xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid);
1955 
1956  } else {
1957  // reset the timers here?
1958  WARN(1, "Dont know what to do with soft policy expire\n");
1959  }
1960  km_policy_expired(xp, p->dir, up->hard, nlh->nlmsg_pid);
1961 
1962 out:
1963  xfrm_pol_put(xp);
1964  return err;
1965 }
1966 
1967 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1968  struct nlattr **attrs)
1969 {
1970  struct net *net = sock_net(skb->sk);
1971  struct xfrm_state *x;
1972  int err;
1973  struct xfrm_user_expire *ue = nlmsg_data(nlh);
1974  struct xfrm_usersa_info *p = &ue->state;
1975  struct xfrm_mark m;
1976  u32 mark = xfrm_mark_get(attrs, &m);
1977 
1978  x = xfrm_state_lookup(net, mark, &p->id.daddr, p->id.spi, p->id.proto, p->family);
1979 
1980  err = -ENOENT;
1981  if (x == NULL)
1982  return err;
1983 
1984  spin_lock_bh(&x->lock);
1985  err = -EINVAL;
1986  if (x->km.state != XFRM_STATE_VALID)
1987  goto out;
1988  km_state_expired(x, ue->hard, nlh->nlmsg_pid);
1989 
1990  if (ue->hard) {
1991  kuid_t loginuid = audit_get_loginuid(current);
1992  u32 sessionid = audit_get_sessionid(current);
1993  u32 sid;
1994 
1995  security_task_getsecid(current, &sid);
1996  __xfrm_state_delete(x);
1997  xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid);
1998  }
1999  err = 0;
2000 out:
2001  spin_unlock_bh(&x->lock);
2002  xfrm_state_put(x);
2003  return err;
2004 }
2005 
2006 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh,
2007  struct nlattr **attrs)
2008 {
2009  struct net *net = sock_net(skb->sk);
2010  struct xfrm_policy *xp;
2011  struct xfrm_user_tmpl *ut;
2012  int i;
2013  struct nlattr *rt = attrs[XFRMA_TMPL];
2014  struct xfrm_mark mark;
2015 
2016  struct xfrm_user_acquire *ua = nlmsg_data(nlh);
2017  struct xfrm_state *x = xfrm_state_alloc(net);
2018  int err = -ENOMEM;
2019 
2020  if (!x)
2021  goto nomem;
2022 
2023  xfrm_mark_get(attrs, &mark);
2024 
2025  err = verify_newpolicy_info(&ua->policy);
2026  if (err)
2027  goto bad_policy;
2028 
2029  /* build an XP */
2030  xp = xfrm_policy_construct(net, &ua->policy, attrs, &err);
2031  if (!xp)
2032  goto free_state;
2033 
2034  memcpy(&x->id, &ua->id, sizeof(ua->id));
2035  memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr));
2036  memcpy(&x->sel, &ua->sel, sizeof(ua->sel));
2037  xp->mark.m = x->mark.m = mark.m;
2038  xp->mark.v = x->mark.v = mark.v;
2039  ut = nla_data(rt);
2040  /* extract the templates and for each call km_key */
2041  for (i = 0; i < xp->xfrm_nr; i++, ut++) {
2042  struct xfrm_tmpl *t = &xp->xfrm_vec[i];
2043  memcpy(&x->id, &t->id, sizeof(x->id));
2044  x->props.mode = t->mode;
2045  x->props.reqid = t->reqid;
2046  x->props.family = ut->family;
2047  t->aalgos = ua->aalgos;
2048  t->ealgos = ua->ealgos;
2049  t->calgos = ua->calgos;
2050  err = km_query(x, t, xp);
2051 
2052  }
2053 
2054  kfree(x);
2055  kfree(xp);
2056 
2057  return 0;
2058 
2059 bad_policy:
2060  WARN(1, "BAD policy passed\n");
2061 free_state:
2062  kfree(x);
2063 nomem:
2064  return err;
2065 }
2066 
2067 #ifdef CONFIG_XFRM_MIGRATE
2068 static int copy_from_user_migrate(struct xfrm_migrate *ma,
2069  struct xfrm_kmaddress *k,
2070  struct nlattr **attrs, int *num)
2071 {
2072  struct nlattr *rt = attrs[XFRMA_MIGRATE];
2073  struct xfrm_user_migrate *um;
2074  int i, num_migrate;
2075 
2076  if (k != NULL) {
2077  struct xfrm_user_kmaddress *uk;
2078 
2079  uk = nla_data(attrs[XFRMA_KMADDRESS]);
2080  memcpy(&k->local, &uk->local, sizeof(k->local));
2081  memcpy(&k->remote, &uk->remote, sizeof(k->remote));
2082  k->family = uk->family;
2083  k->reserved = uk->reserved;
2084  }
2085 
2086  um = nla_data(rt);
2087  num_migrate = nla_len(rt) / sizeof(*um);
2088 
2089  if (num_migrate <= 0 || num_migrate > XFRM_MAX_DEPTH)
2090  return -EINVAL;
2091 
2092  for (i = 0; i < num_migrate; i++, um++, ma++) {
2093  memcpy(&ma->old_daddr, &um->old_daddr, sizeof(ma->old_daddr));
2094  memcpy(&ma->old_saddr, &um->old_saddr, sizeof(ma->old_saddr));
2095  memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr));
2096  memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr));
2097 
2098  ma->proto = um->proto;
2099  ma->mode = um->mode;
2100  ma->reqid = um->reqid;
2101 
2102  ma->old_family = um->old_family;
2103  ma->new_family = um->new_family;
2104  }
2105 
2106  *num = i;
2107  return 0;
2108 }
2109 
2110 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
2111  struct nlattr **attrs)
2112 {
2113  struct xfrm_userpolicy_id *pi = nlmsg_data(nlh);
2114  struct xfrm_migrate m[XFRM_MAX_DEPTH];
2115  struct xfrm_kmaddress km, *kmp;
2116  u8 type;
2117  int err;
2118  int n = 0;
2119 
2120  if (attrs[XFRMA_MIGRATE] == NULL)
2121  return -EINVAL;
2122 
2123  kmp = attrs[XFRMA_KMADDRESS] ? &km : NULL;
2124 
2125  err = copy_from_user_policy_type(&type, attrs);
2126  if (err)
2127  return err;
2128 
2129  err = copy_from_user_migrate((struct xfrm_migrate *)m, kmp, attrs, &n);
2130  if (err)
2131  return err;
2132 
2133  if (!n)
2134  return 0;
2135 
2136  xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp);
2137 
2138  return 0;
2139 }
2140 #else
2141 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh,
2142  struct nlattr **attrs)
2143 {
2144  return -ENOPROTOOPT;
2145 }
2146 #endif
2147 
2148 #ifdef CONFIG_XFRM_MIGRATE
2149 static int copy_to_user_migrate(const struct xfrm_migrate *m, struct sk_buff *skb)
2150 {
2151  struct xfrm_user_migrate um;
2152 
2153  memset(&um, 0, sizeof(um));
2154  um.proto = m->proto;
2155  um.mode = m->mode;
2156  um.reqid = m->reqid;
2157  um.old_family = m->old_family;
2158  memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr));
2159  memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr));
2160  um.new_family = m->new_family;
2161  memcpy(&um.new_daddr, &m->new_daddr, sizeof(um.new_daddr));
2162  memcpy(&um.new_saddr, &m->new_saddr, sizeof(um.new_saddr));
2163 
2164  return nla_put(skb, XFRMA_MIGRATE, sizeof(um), &um);
2165 }
2166 
2167 static int copy_to_user_kmaddress(const struct xfrm_kmaddress *k, struct sk_buff *skb)
2168 {
2169  struct xfrm_user_kmaddress uk;
2170 
2171  memset(&uk, 0, sizeof(uk));
2172  uk.family = k->family;
2173  uk.reserved = k->reserved;
2174  memcpy(&uk.local, &k->local, sizeof(uk.local));
2175  memcpy(&uk.remote, &k->remote, sizeof(uk.remote));
2176 
2177  return nla_put(skb, XFRMA_KMADDRESS, sizeof(uk), &uk);
2178 }
2179 
2180 static inline size_t xfrm_migrate_msgsize(int num_migrate, int with_kma)
2181 {
2182  return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id))
2183  + (with_kma ? nla_total_size(sizeof(struct xfrm_kmaddress)) : 0)
2184  + nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate)
2185  + userpolicy_type_attrsize();
2186 }
2187 
2188 static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m,
2189  int num_migrate, const struct xfrm_kmaddress *k,
2190  const struct xfrm_selector *sel, u8 dir, u8 type)
2191 {
2192  const struct xfrm_migrate *mp;
2193  struct xfrm_userpolicy_id *pol_id;
2194  struct nlmsghdr *nlh;
2195  int i, err;
2196 
2197  nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MIGRATE, sizeof(*pol_id), 0);
2198  if (nlh == NULL)
2199  return -EMSGSIZE;
2200 
2201  pol_id = nlmsg_data(nlh);
2202  /* copy data from selector, dir, and type to the pol_id */
2203  memset(pol_id, 0, sizeof(*pol_id));
2204  memcpy(&pol_id->sel, sel, sizeof(pol_id->sel));
2205  pol_id->dir = dir;
2206 
2207  if (k != NULL) {
2208  err = copy_to_user_kmaddress(k, skb);
2209  if (err)
2210  goto out_cancel;
2211  }
2212  err = copy_to_user_policy_type(type, skb);
2213  if (err)
2214  goto out_cancel;
2215  for (i = 0, mp = m ; i < num_migrate; i++, mp++) {
2216  err = copy_to_user_migrate(mp, skb);
2217  if (err)
2218  goto out_cancel;
2219  }
2220 
2221  return nlmsg_end(skb, nlh);
2222 
2223 out_cancel:
2224  nlmsg_cancel(skb, nlh);
2225  return err;
2226 }
2227 
2228 static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
2229  const struct xfrm_migrate *m, int num_migrate,
2230  const struct xfrm_kmaddress *k)
2231 {
2232  struct net *net = &init_net;
2233  struct sk_buff *skb;
2234 
2235  skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k), GFP_ATOMIC);
2236  if (skb == NULL)
2237  return -ENOMEM;
2238 
2239  /* build migrate */
2240  if (build_migrate(skb, m, num_migrate, k, sel, dir, type) < 0)
2241  BUG();
2242 
2243  return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_MIGRATE, GFP_ATOMIC);
2244 }
2245 #else
2246 static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
2247  const struct xfrm_migrate *m, int num_migrate,
2248  const struct xfrm_kmaddress *k)
2249 {
2250  return -ENOPROTOOPT;
2251 }
2252 #endif
2253 
2254 #define XMSGSIZE(type) sizeof(struct type)
2255 
2256 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
2257  [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info),
2258  [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
2259  [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
2260  [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info),
2261  [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
2262  [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
2263  [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info),
2264  [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire),
2265  [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire),
2266  [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info),
2267  [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info),
2268  [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire),
2269  [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush),
2270  [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = 0,
2271  [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
2272  [XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
2273  [XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report),
2274  [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
2275  [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = sizeof(u32),
2276  [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = sizeof(u32),
2277 };
2278 
2279 #undef XMSGSIZE
2280 
2281 static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = {
2282  [XFRMA_SA] = { .len = sizeof(struct xfrm_usersa_info)},
2283  [XFRMA_POLICY] = { .len = sizeof(struct xfrm_userpolicy_info)},
2284  [XFRMA_LASTUSED] = { .type = NLA_U64},
2285  [XFRMA_ALG_AUTH_TRUNC] = { .len = sizeof(struct xfrm_algo_auth)},
2286  [XFRMA_ALG_AEAD] = { .len = sizeof(struct xfrm_algo_aead) },
2287  [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) },
2288  [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) },
2289  [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) },
2290  [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) },
2291  [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) },
2292  [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) },
2293  [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) },
2294  [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) },
2295  [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 },
2296  [XFRMA_ETIMER_THRESH] = { .type = NLA_U32 },
2297  [XFRMA_SRCADDR] = { .len = sizeof(xfrm_address_t) },
2298  [XFRMA_COADDR] = { .len = sizeof(xfrm_address_t) },
2299  [XFRMA_POLICY_TYPE] = { .len = sizeof(struct xfrm_userpolicy_type)},
2300  [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) },
2301  [XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) },
2302  [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) },
2303  [XFRMA_TFCPAD] = { .type = NLA_U32 },
2304  [XFRMA_REPLAY_ESN_VAL] = { .len = sizeof(struct xfrm_replay_state_esn) },
2305 };
2306 
2307 static struct xfrm_link {
2308  int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **);
2309  int (*dump)(struct sk_buff *, struct netlink_callback *);
2310  int (*done)(struct netlink_callback *);
2311 } xfrm_dispatch[XFRM_NR_MSGTYPES] = {
2312  [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa },
2313  [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa },
2314  [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa,
2315  .dump = xfrm_dump_sa,
2316  .done = xfrm_dump_sa_done },
2317  [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy },
2318  [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy },
2319  [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy,
2320  .dump = xfrm_dump_policy,
2321  .done = xfrm_dump_policy_done },
2322  [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi },
2323  [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire },
2324  [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire },
2325  [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy },
2326  [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa },
2327  [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire},
2328  [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa },
2329  [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy },
2330  [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae },
2331  [XFRM_MSG_GETAE - XFRM_MSG_BASE] = { .doit = xfrm_get_ae },
2332  [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = { .doit = xfrm_do_migrate },
2333  [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_sadinfo },
2334  [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_spdinfo },
2335 };
2336 
2337 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2338 {
2339  struct net *net = sock_net(skb->sk);
2340  struct nlattr *attrs[XFRMA_MAX+1];
2341  struct xfrm_link *link;
2342  int type, err;
2343 
2344  type = nlh->nlmsg_type;
2345  if (type > XFRM_MSG_MAX)
2346  return -EINVAL;
2347 
2348  type -= XFRM_MSG_BASE;
2349  link = &xfrm_dispatch[type];
2350 
2351  /* All operations require privileges, even GET */
2352  if (!capable(CAP_NET_ADMIN))
2353  return -EPERM;
2354 
2355  if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) ||
2356  type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) &&
2357  (nlh->nlmsg_flags & NLM_F_DUMP)) {
2358  if (link->dump == NULL)
2359  return -EINVAL;
2360 
2361  {
2362  struct netlink_dump_control c = {
2363  .dump = link->dump,
2364  .done = link->done,
2365  };
2366  return netlink_dump_start(net->xfrm.nlsk, skb, nlh, &c);
2367  }
2368  }
2369 
2370  err = nlmsg_parse(nlh, xfrm_msg_min[type], attrs, XFRMA_MAX,
2371  xfrma_policy);
2372  if (err < 0)
2373  return err;
2374 
2375  if (link->doit == NULL)
2376  return -EINVAL;
2377 
2378  return link->doit(skb, nlh, attrs);
2379 }
2380 
2381 static void xfrm_netlink_rcv(struct sk_buff *skb)
2382 {
2383  mutex_lock(&xfrm_cfg_mutex);
2384  netlink_rcv_skb(skb, &xfrm_user_rcv_msg);
2385  mutex_unlock(&xfrm_cfg_mutex);
2386 }
2387 
2388 static inline size_t xfrm_expire_msgsize(void)
2389 {
2390  return NLMSG_ALIGN(sizeof(struct xfrm_user_expire))
2391  + nla_total_size(sizeof(struct xfrm_mark));
2392 }
2393 
2394 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c)
2395 {
2396  struct xfrm_user_expire *ue;
2397  struct nlmsghdr *nlh;
2398  int err;
2399 
2400  nlh = nlmsg_put(skb, c->portid, 0, XFRM_MSG_EXPIRE, sizeof(*ue), 0);
2401  if (nlh == NULL)
2402  return -EMSGSIZE;
2403 
2404  ue = nlmsg_data(nlh);
2405  copy_to_user_state(x, &ue->state);
2406  ue->hard = (c->data.hard != 0) ? 1 : 0;
2407 
2408  err = xfrm_mark_put(skb, &x->mark);
2409  if (err)
2410  return err;
2411 
2412  return nlmsg_end(skb, nlh);
2413 }
2414 
2415 static int xfrm_exp_state_notify(struct xfrm_state *x, const struct km_event *c)
2416 {
2417  struct net *net = xs_net(x);
2418  struct sk_buff *skb;
2419 
2420  skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC);
2421  if (skb == NULL)
2422  return -ENOMEM;
2423 
2424  if (build_expire(skb, x, c) < 0) {
2425  kfree_skb(skb);
2426  return -EMSGSIZE;
2427  }
2428 
2429  return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC);
2430 }
2431 
2432 static int xfrm_aevent_state_notify(struct xfrm_state *x, const struct km_event *c)
2433 {
2434  struct net *net = xs_net(x);
2435  struct sk_buff *skb;
2436 
2437  skb = nlmsg_new(xfrm_aevent_msgsize(x), GFP_ATOMIC);
2438  if (skb == NULL)
2439  return -ENOMEM;
2440 
2441  if (build_aevent(skb, x, c) < 0)
2442  BUG();
2443 
2444  return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_AEVENTS, GFP_ATOMIC);
2445 }
2446 
2447 static int xfrm_notify_sa_flush(const struct km_event *c)
2448 {
2449  struct net *net = c->net;
2450  struct xfrm_usersa_flush *p;
2451  struct nlmsghdr *nlh;
2452  struct sk_buff *skb;
2453  int len = NLMSG_ALIGN(sizeof(struct xfrm_usersa_flush));
2454 
2455  skb = nlmsg_new(len, GFP_ATOMIC);
2456  if (skb == NULL)
2457  return -ENOMEM;
2458 
2459  nlh = nlmsg_put(skb, c->portid, c->seq, XFRM_MSG_FLUSHSA, sizeof(*p), 0);
2460  if (nlh == NULL) {
2461  kfree_skb(skb);
2462  return -EMSGSIZE;
2463  }
2464 
2465  p = nlmsg_data(nlh);
2466  p->proto = c->data.proto;
2467 
2468  nlmsg_end(skb, nlh);
2469 
2470  return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC);
2471 }
2472 
2473 static inline size_t xfrm_sa_len(struct xfrm_state *x)
2474 {
2475  size_t l = 0;
2476  if (x->aead)
2477  l += nla_total_size(aead_len(x->aead));
2478  if (x->aalg) {
2479  l += nla_total_size(sizeof(struct xfrm_algo) +
2480  (x->aalg->alg_key_len + 7) / 8);
2481  l += nla_total_size(xfrm_alg_auth_len(x->aalg));
2482  }
2483  if (x->ealg)
2484  l += nla_total_size(xfrm_alg_len(x->ealg));
2485  if (x->calg)
2486  l += nla_total_size(sizeof(*x->calg));
2487  if (x->encap)
2488  l += nla_total_size(sizeof(*x->encap));
2489  if (x->tfcpad)
2490  l += nla_total_size(sizeof(x->tfcpad));
2491  if (x->replay_esn)
2492  l += nla_total_size(xfrm_replay_state_esn_len(x->replay_esn));
2493  if (x->security)
2494  l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) +
2495  x->security->ctx_len);
2496  if (x->coaddr)
2497  l += nla_total_size(sizeof(*x->coaddr));
2498 
2499  /* Must count x->lastused as it may become non-zero behind our back. */
2500  l += nla_total_size(sizeof(u64));
2501 
2502  return l;
2503 }
2504 
2505 static int xfrm_notify_sa(struct xfrm_state *x, const struct km_event *c)
2506 {
2507  struct net *net = xs_net(x);
2508  struct xfrm_usersa_info *p;
2509  struct xfrm_usersa_id *id;
2510  struct nlmsghdr *nlh;
2511  struct sk_buff *skb;
2512  int len = xfrm_sa_len(x);
2513  int headlen, err;
2514 
2515  headlen = sizeof(*p);
2516  if (c->event == XFRM_MSG_DELSA) {
2517  len += nla_total_size(headlen);
2518  headlen = sizeof(*id);
2519  len += nla_total_size(sizeof(struct xfrm_mark));
2520  }
2521  len += NLMSG_ALIGN(headlen);
2522 
2523  skb = nlmsg_new(len, GFP_ATOMIC);
2524  if (skb == NULL)
2525  return -ENOMEM;
2526 
2527  nlh = nlmsg_put(skb, c->portid, c->seq, c->event, headlen, 0);
2528  err = -EMSGSIZE;
2529  if (nlh == NULL)
2530  goto out_free_skb;
2531 
2532  p = nlmsg_data(nlh);
2533  if (c->event == XFRM_MSG_DELSA) {
2534  struct nlattr *attr;
2535 
2536  id = nlmsg_data(nlh);
2537  memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr));
2538  id->spi = x->id.spi;
2539  id->family = x->props.family;
2540  id->proto = x->id.proto;
2541 
2542  attr = nla_reserve(skb, XFRMA_SA, sizeof(*p));
2543  err = -EMSGSIZE;
2544  if (attr == NULL)
2545  goto out_free_skb;
2546 
2547  p = nla_data(attr);
2548  }
2549  err = copy_to_user_state_extra(x, p, skb);
2550  if (err)
2551  goto out_free_skb;
2552 
2553  nlmsg_end(skb, nlh);
2554 
2555  return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_SA, GFP_ATOMIC);
2556 
2557 out_free_skb:
2558  kfree_skb(skb);
2559  return err;
2560 }
2561 
2562 static int xfrm_send_state_notify(struct xfrm_state *x, const struct km_event *c)
2563 {
2564 
2565  switch (c->event) {
2566  case XFRM_MSG_EXPIRE:
2567  return xfrm_exp_state_notify(x, c);
2568  case XFRM_MSG_NEWAE:
2569  return xfrm_aevent_state_notify(x, c);
2570  case XFRM_MSG_DELSA:
2571  case XFRM_MSG_UPDSA:
2572  case XFRM_MSG_NEWSA:
2573  return xfrm_notify_sa(x, c);
2574  case XFRM_MSG_FLUSHSA:
2575  return xfrm_notify_sa_flush(c);
2576  default:
2577  printk(KERN_NOTICE "xfrm_user: Unknown SA event %d\n",
2578  c->event);
2579  break;
2580  }
2581 
2582  return 0;
2583 
2584 }
2585 
2586 static inline size_t xfrm_acquire_msgsize(struct xfrm_state *x,
2587  struct xfrm_policy *xp)
2588 {
2589  return NLMSG_ALIGN(sizeof(struct xfrm_user_acquire))
2590  + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr)
2591  + nla_total_size(sizeof(struct xfrm_mark))
2592  + nla_total_size(xfrm_user_sec_ctx_size(x->security))
2593  + userpolicy_type_attrsize();
2594 }
2595 
2596 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x,
2597  struct xfrm_tmpl *xt, struct xfrm_policy *xp)
2598 {
2599  __u32 seq = xfrm_get_acqseq();
2600  struct xfrm_user_acquire *ua;
2601  struct nlmsghdr *nlh;
2602  int err;
2603 
2604  nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_ACQUIRE, sizeof(*ua), 0);
2605  if (nlh == NULL)
2606  return -EMSGSIZE;
2607 
2608  ua = nlmsg_data(nlh);
2609  memcpy(&ua->id, &x->id, sizeof(ua->id));
2610  memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr));
2611  memcpy(&ua->sel, &x->sel, sizeof(ua->sel));
2612  copy_to_user_policy(xp, &ua->policy, XFRM_POLICY_OUT);
2613  ua->aalgos = xt->aalgos;
2614  ua->ealgos = xt->ealgos;
2615  ua->calgos = xt->calgos;
2616  ua->seq = x->km.seq = seq;
2617 
2618  err = copy_to_user_tmpl(xp, skb);
2619  if (!err)
2620  err = copy_to_user_state_sec_ctx(x, skb);
2621  if (!err)
2622  err = copy_to_user_policy_type(xp->type, skb);
2623  if (!err)
2624  err = xfrm_mark_put(skb, &xp->mark);
2625  if (err) {
2626  nlmsg_cancel(skb, nlh);
2627  return err;
2628  }
2629 
2630  return nlmsg_end(skb, nlh);
2631 }
2632 
2633 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt,
2634  struct xfrm_policy *xp)
2635 {
2636  struct net *net = xs_net(x);
2637  struct sk_buff *skb;
2638 
2639  skb = nlmsg_new(xfrm_acquire_msgsize(x, xp), GFP_ATOMIC);
2640  if (skb == NULL)
2641  return -ENOMEM;
2642 
2643  if (build_acquire(skb, x, xt, xp) < 0)
2644  BUG();
2645 
2646  return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_ACQUIRE, GFP_ATOMIC);
2647 }
2648 
2649 /* User gives us xfrm_user_policy_info followed by an array of 0
2650  * or more templates.
2651  */
2652 static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt,
2653  u8 *data, int len, int *dir)
2654 {
2655  struct net *net = sock_net(sk);
2656  struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data;
2657  struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1);
2658  struct xfrm_policy *xp;
2659  int nr;
2660 
2661  switch (sk->sk_family) {
2662  case AF_INET:
2663  if (opt != IP_XFRM_POLICY) {
2664  *dir = -EOPNOTSUPP;
2665  return NULL;
2666  }
2667  break;
2668 #if IS_ENABLED(CONFIG_IPV6)
2669  case AF_INET6:
2670  if (opt != IPV6_XFRM_POLICY) {
2671  *dir = -EOPNOTSUPP;
2672  return NULL;
2673  }
2674  break;
2675 #endif
2676  default:
2677  *dir = -EINVAL;
2678  return NULL;
2679  }
2680 
2681  *dir = -EINVAL;
2682 
2683  if (len < sizeof(*p) ||
2684  verify_newpolicy_info(p))
2685  return NULL;
2686 
2687  nr = ((len - sizeof(*p)) / sizeof(*ut));
2688  if (validate_tmpl(nr, ut, p->sel.family))
2689  return NULL;
2690 
2691  if (p->dir > XFRM_POLICY_OUT)
2692  return NULL;
2693 
2694  xp = xfrm_policy_alloc(net, GFP_ATOMIC);
2695  if (xp == NULL) {
2696  *dir = -ENOBUFS;
2697  return NULL;
2698  }
2699 
2700  copy_from_user_policy(xp, p);
2701  xp->type = XFRM_POLICY_TYPE_MAIN;
2702  copy_templates(xp, ut, nr);
2703 
2704  *dir = p->dir;
2705 
2706  return xp;
2707 }
2708 
2709 static inline size_t xfrm_polexpire_msgsize(struct xfrm_policy *xp)
2710 {
2711  return NLMSG_ALIGN(sizeof(struct xfrm_user_polexpire))
2712  + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr)
2713  + nla_total_size(xfrm_user_sec_ctx_size(xp->security))
2714  + nla_total_size(sizeof(struct xfrm_mark))
2715  + userpolicy_type_attrsize();
2716 }
2717 
2718 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp,
2719  int dir, const struct km_event *c)
2720 {
2721  struct xfrm_user_polexpire *upe;
2722  int hard = c->data.hard;
2723  struct nlmsghdr *nlh;
2724  int err;
2725 
2726  nlh = nlmsg_put(skb, c->portid, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe), 0);
2727  if (nlh == NULL)
2728  return -EMSGSIZE;
2729 
2730  upe = nlmsg_data(nlh);
2731  copy_to_user_policy(xp, &upe->pol, dir);
2732  err = copy_to_user_tmpl(xp, skb);
2733  if (!err)
2734  err = copy_to_user_sec_ctx(xp, skb);
2735  if (!err)
2736  err = copy_to_user_policy_type(xp->type, skb);
2737  if (!err)
2738  err = xfrm_mark_put(skb, &xp->mark);
2739  if (err) {
2740  nlmsg_cancel(skb, nlh);
2741  return err;
2742  }
2743  upe->hard = !!hard;
2744 
2745  return nlmsg_end(skb, nlh);
2746 }
2747 
2748 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
2749 {
2750  struct net *net = xp_net(xp);
2751  struct sk_buff *skb;
2752 
2753  skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC);
2754  if (skb == NULL)
2755  return -ENOMEM;
2756 
2757  if (build_polexpire(skb, xp, dir, c) < 0)
2758  BUG();
2759 
2760  return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_EXPIRE, GFP_ATOMIC);
2761 }
2762 
2763 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c)
2764 {
2765  int len = nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr);
2766  struct net *net = xp_net(xp);
2767  struct xfrm_userpolicy_info *p;
2768  struct xfrm_userpolicy_id *id;
2769  struct nlmsghdr *nlh;
2770  struct sk_buff *skb;
2771  int headlen, err;
2772 
2773  headlen = sizeof(*p);
2774  if (c->event == XFRM_MSG_DELPOLICY) {
2775  len += nla_total_size(headlen);
2776  headlen = sizeof(*id);
2777  }
2778  len += userpolicy_type_attrsize();
2779  len += nla_total_size(sizeof(struct xfrm_mark));
2780  len += NLMSG_ALIGN(headlen);
2781 
2782  skb = nlmsg_new(len, GFP_ATOMIC);
2783  if (skb == NULL)
2784  return -ENOMEM;
2785 
2786  nlh = nlmsg_put(skb, c->portid, c->seq, c->event, headlen, 0);
2787  err = -EMSGSIZE;
2788  if (nlh == NULL)
2789  goto out_free_skb;
2790 
2791  p = nlmsg_data(nlh);
2792  if (c->event == XFRM_MSG_DELPOLICY) {
2793  struct nlattr *attr;
2794 
2795  id = nlmsg_data(nlh);
2796  memset(id, 0, sizeof(*id));
2797  id->dir = dir;
2798  if (c->data.byid)
2799  id->index = xp->index;
2800  else
2801  memcpy(&id->sel, &xp->selector, sizeof(id->sel));
2802 
2803  attr = nla_reserve(skb, XFRMA_POLICY, sizeof(*p));
2804  err = -EMSGSIZE;
2805  if (attr == NULL)
2806  goto out_free_skb;
2807 
2808  p = nla_data(attr);
2809  }
2810 
2811  copy_to_user_policy(xp, p, dir);
2812  err = copy_to_user_tmpl(xp, skb);
2813  if (!err)
2814  err = copy_to_user_policy_type(xp->type, skb);
2815  if (!err)
2816  err = xfrm_mark_put(skb, &xp->mark);
2817  if (err)
2818  goto out_free_skb;
2819 
2820  nlmsg_end(skb, nlh);
2821 
2822  return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC);
2823 
2824 out_free_skb:
2825  kfree_skb(skb);
2826  return err;
2827 }
2828 
2829 static int xfrm_notify_policy_flush(const struct km_event *c)
2830 {
2831  struct net *net = c->net;
2832  struct nlmsghdr *nlh;
2833  struct sk_buff *skb;
2834  int err;
2835 
2836  skb = nlmsg_new(userpolicy_type_attrsize(), GFP_ATOMIC);
2837  if (skb == NULL)
2838  return -ENOMEM;
2839 
2840  nlh = nlmsg_put(skb, c->portid, c->seq, XFRM_MSG_FLUSHPOLICY, 0, 0);
2841  err = -EMSGSIZE;
2842  if (nlh == NULL)
2843  goto out_free_skb;
2844  err = copy_to_user_policy_type(c->data.type, skb);
2845  if (err)
2846  goto out_free_skb;
2847 
2848  nlmsg_end(skb, nlh);
2849 
2850  return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC);
2851 
2852 out_free_skb:
2853  kfree_skb(skb);
2854  return err;
2855 }
2856 
2857 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
2858 {
2859 
2860  switch (c->event) {
2861  case XFRM_MSG_NEWPOLICY:
2862  case XFRM_MSG_UPDPOLICY:
2863  case XFRM_MSG_DELPOLICY:
2864  return xfrm_notify_policy(xp, dir, c);
2865  case XFRM_MSG_FLUSHPOLICY:
2866  return xfrm_notify_policy_flush(c);
2867  case XFRM_MSG_POLEXPIRE:
2868  return xfrm_exp_policy_notify(xp, dir, c);
2869  default:
2870  printk(KERN_NOTICE "xfrm_user: Unknown Policy event %d\n",
2871  c->event);
2872  }
2873 
2874  return 0;
2875 
2876 }
2877 
2878 static inline size_t xfrm_report_msgsize(void)
2879 {
2880  return NLMSG_ALIGN(sizeof(struct xfrm_user_report));
2881 }
2882 
2883 static int build_report(struct sk_buff *skb, u8 proto,
2884  struct xfrm_selector *sel, xfrm_address_t *addr)
2885 {
2886  struct xfrm_user_report *ur;
2887  struct nlmsghdr *nlh;
2888 
2889  nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_REPORT, sizeof(*ur), 0);
2890  if (nlh == NULL)
2891  return -EMSGSIZE;
2892 
2893  ur = nlmsg_data(nlh);
2894  ur->proto = proto;
2895  memcpy(&ur->sel, sel, sizeof(ur->sel));
2896 
2897  if (addr) {
2898  int err = nla_put(skb, XFRMA_COADDR, sizeof(*addr), addr);
2899  if (err) {
2900  nlmsg_cancel(skb, nlh);
2901  return err;
2902  }
2903  }
2904  return nlmsg_end(skb, nlh);
2905 }
2906 
2907 static int xfrm_send_report(struct net *net, u8 proto,
2908  struct xfrm_selector *sel, xfrm_address_t *addr)
2909 {
2910  struct sk_buff *skb;
2911 
2912  skb = nlmsg_new(xfrm_report_msgsize(), GFP_ATOMIC);
2913  if (skb == NULL)
2914  return -ENOMEM;
2915 
2916  if (build_report(skb, proto, sel, addr) < 0)
2917  BUG();
2918 
2919  return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_REPORT, GFP_ATOMIC);
2920 }
2921 
2922 static inline size_t xfrm_mapping_msgsize(void)
2923 {
2924  return NLMSG_ALIGN(sizeof(struct xfrm_user_mapping));
2925 }
2926 
2927 static int build_mapping(struct sk_buff *skb, struct xfrm_state *x,
2928  xfrm_address_t *new_saddr, __be16 new_sport)
2929 {
2930  struct xfrm_user_mapping *um;
2931  struct nlmsghdr *nlh;
2932 
2933  nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MAPPING, sizeof(*um), 0);
2934  if (nlh == NULL)
2935  return -EMSGSIZE;
2936 
2937  um = nlmsg_data(nlh);
2938 
2939  memcpy(&um->id.daddr, &x->id.daddr, sizeof(um->id.daddr));
2940  um->id.spi = x->id.spi;
2941  um->id.family = x->props.family;
2942  um->id.proto = x->id.proto;
2943  memcpy(&um->new_saddr, new_saddr, sizeof(um->new_saddr));
2944  memcpy(&um->old_saddr, &x->props.saddr, sizeof(um->old_saddr));
2945  um->new_sport = new_sport;
2946  um->old_sport = x->encap->encap_sport;
2947  um->reqid = x->props.reqid;
2948 
2949  return nlmsg_end(skb, nlh);
2950 }
2951 
2952 static int xfrm_send_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr,
2953  __be16 sport)
2954 {
2955  struct net *net = xs_net(x);
2956  struct sk_buff *skb;
2957 
2958  if (x->id.proto != IPPROTO_ESP)
2959  return -EINVAL;
2960 
2961  if (!x->encap)
2962  return -EINVAL;
2963 
2964  skb = nlmsg_new(xfrm_mapping_msgsize(), GFP_ATOMIC);
2965  if (skb == NULL)
2966  return -ENOMEM;
2967 
2968  if (build_mapping(skb, x, ipaddr, sport) < 0)
2969  BUG();
2970 
2971  return nlmsg_multicast(net->xfrm.nlsk, skb, 0, XFRMNLGRP_MAPPING, GFP_ATOMIC);
2972 }
2973 
2974 static struct xfrm_mgr netlink_mgr = {
2975  .id = "netlink",
2976  .notify = xfrm_send_state_notify,
2977  .acquire = xfrm_send_acquire,
2978  .compile_policy = xfrm_compile_policy,
2979  .notify_policy = xfrm_send_policy_notify,
2980  .report = xfrm_send_report,
2981  .migrate = xfrm_send_migrate,
2982  .new_mapping = xfrm_send_mapping,
2983 };
2984 
2985 static int __net_init xfrm_user_net_init(struct net *net)
2986 {
2987  struct sock *nlsk;
2988  struct netlink_kernel_cfg cfg = {
2989  .groups = XFRMNLGRP_MAX,
2990  .input = xfrm_netlink_rcv,
2991  };
2992 
2993  nlsk = netlink_kernel_create(net, NETLINK_XFRM, &cfg);
2994  if (nlsk == NULL)
2995  return -ENOMEM;
2996  net->xfrm.nlsk_stash = nlsk; /* Don't set to NULL */
2997  rcu_assign_pointer(net->xfrm.nlsk, nlsk);
2998  return 0;
2999 }
3000 
3001 static void __net_exit xfrm_user_net_exit(struct list_head *net_exit_list)
3002 {
3003  struct net *net;
3004  list_for_each_entry(net, net_exit_list, exit_list)
3005  RCU_INIT_POINTER(net->xfrm.nlsk, NULL);
3006  synchronize_net();
3007  list_for_each_entry(net, net_exit_list, exit_list)
3008  netlink_kernel_release(net->xfrm.nlsk_stash);
3009 }
3010 
3011 static struct pernet_operations xfrm_user_net_ops = {
3012  .init = xfrm_user_net_init,
3013  .exit_batch = xfrm_user_net_exit,
3014 };
3015 
3016 static int __init xfrm_user_init(void)
3017 {
3018  int rv;
3019 
3020  printk(KERN_INFO "Initializing XFRM netlink socket\n");
3021 
3022  rv = register_pernet_subsys(&xfrm_user_net_ops);
3023  if (rv < 0)
3024  return rv;
3025  rv = xfrm_register_km(&netlink_mgr);
3026  if (rv < 0)
3027  unregister_pernet_subsys(&xfrm_user_net_ops);
3028  return rv;
3029 }
3030 
3031 static void __exit xfrm_user_exit(void)
3032 {
3033  xfrm_unregister_km(&netlink_mgr);
3034  unregister_pernet_subsys(&xfrm_user_net_ops);
3035 }
3036 
3037 module_init(xfrm_user_init);
3038 module_exit(xfrm_user_exit);
3039 MODULE_LICENSE("GPL");
3040 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM);
3041 
Generated on Thu Jan 10 2013 15:02:46 for Linux Kernel by   doxygen 1.8.2