1 // SPDX-License-Identifier: GPL-2.0-only 2 /* xfrm_user.c: User interface to configure xfrm engine. 3 * 4 * Copyright (C) 2002 David S. Miller (davem@redhat.com) 5 * 6 * Changes: 7 * Mitsuru KANDA @USAGI 8 * Kazunori MIYAZAWA @USAGI 9 * Kunihiro Ishiguro <kunihiro@ipinfusion.com> 10 * IPv6 support 11 * 12 */ 13 14 #include <linux/crypto.h> 15 #include <linux/module.h> 16 #include <linux/kernel.h> 17 #include <linux/types.h> 18 #include <linux/slab.h> 19 #include <linux/socket.h> 20 #include <linux/string.h> 21 #include <linux/net.h> 22 #include <linux/skbuff.h> 23 #include <linux/pfkeyv2.h> 24 #include <linux/ipsec.h> 25 #include <linux/init.h> 26 #include <linux/security.h> 27 #include <net/sock.h> 28 #include <net/xfrm.h> 29 #include <net/netlink.h> 30 #include <net/ah.h> 31 #include <linux/uaccess.h> 32 #if IS_ENABLED(CONFIG_IPV6) 33 #include <linux/in6.h> 34 #endif 35 #include <asm/unaligned.h> 36 37 static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) 38 { 39 struct nlattr *rt = attrs[type]; 40 struct xfrm_algo *algp; 41 42 if (!rt) 43 return 0; 44 45 algp = nla_data(rt); 46 if (nla_len(rt) < (int)xfrm_alg_len(algp)) 47 return -EINVAL; 48 49 switch (type) { 50 case XFRMA_ALG_AUTH: 51 case XFRMA_ALG_CRYPT: 52 case XFRMA_ALG_COMP: 53 break; 54 55 default: 56 return -EINVAL; 57 } 58 59 algp->alg_name[sizeof(algp->alg_name) - 1] = '\0'; 60 return 0; 61 } 62 63 static int verify_auth_trunc(struct nlattr **attrs) 64 { 65 struct nlattr *rt = attrs[XFRMA_ALG_AUTH_TRUNC]; 66 struct xfrm_algo_auth *algp; 67 68 if (!rt) 69 return 0; 70 71 algp = nla_data(rt); 72 if (nla_len(rt) < (int)xfrm_alg_auth_len(algp)) 73 return -EINVAL; 74 75 algp->alg_name[sizeof(algp->alg_name) - 1] = '\0'; 76 return 0; 77 } 78 79 static int verify_aead(struct nlattr **attrs) 80 { 81 struct nlattr *rt = attrs[XFRMA_ALG_AEAD]; 82 struct xfrm_algo_aead *algp; 83 84 if (!rt) 85 return 0; 86 87 algp = nla_data(rt); 88 if (nla_len(rt) < (int)aead_len(algp)) 89 return -EINVAL; 90 91 algp->alg_name[sizeof(algp->alg_name) - 1] = '\0'; 92 return 0; 93 } 94 95 static void verify_one_addr(struct nlattr **attrs, enum xfrm_attr_type_t type, 96 xfrm_address_t **addrp) 97 { 98 struct nlattr *rt = attrs[type]; 99 100 if (rt && addrp) 101 *addrp = nla_data(rt); 102 } 103 104 static inline int verify_sec_ctx_len(struct nlattr **attrs) 105 { 106 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 107 struct xfrm_user_sec_ctx *uctx; 108 109 if (!rt) 110 return 0; 111 112 uctx = nla_data(rt); 113 if (uctx->len != (sizeof(struct xfrm_user_sec_ctx) + uctx->ctx_len)) 114 return -EINVAL; 115 116 return 0; 117 } 118 119 static inline int verify_replay(struct xfrm_usersa_info *p, 120 struct nlattr **attrs) 121 { 122 struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL]; 123 struct xfrm_replay_state_esn *rs; 124 125 if (!rt) 126 return (p->flags & XFRM_STATE_ESN) ? -EINVAL : 0; 127 128 rs = nla_data(rt); 129 130 if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8) 131 return -EINVAL; 132 133 if (nla_len(rt) < (int)xfrm_replay_state_esn_len(rs) && 134 nla_len(rt) != sizeof(*rs)) 135 return -EINVAL; 136 137 /* As only ESP and AH support ESN feature. */ 138 if ((p->id.proto != IPPROTO_ESP) && (p->id.proto != IPPROTO_AH)) 139 return -EINVAL; 140 141 if (p->replay_window != 0) 142 return -EINVAL; 143 144 return 0; 145 } 146 147 static int verify_newsa_info(struct xfrm_usersa_info *p, 148 struct nlattr **attrs) 149 { 150 int err; 151 152 err = -EINVAL; 153 switch (p->family) { 154 case AF_INET: 155 if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) 156 goto out; 157 158 break; 159 160 case AF_INET6: 161 #if IS_ENABLED(CONFIG_IPV6) 162 if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) 163 goto out; 164 165 break; 166 #else 167 err = -EAFNOSUPPORT; 168 goto out; 169 #endif 170 171 default: 172 goto out; 173 } 174 175 err = -EINVAL; 176 switch (p->id.proto) { 177 case IPPROTO_AH: 178 if ((!attrs[XFRMA_ALG_AUTH] && 179 !attrs[XFRMA_ALG_AUTH_TRUNC]) || 180 attrs[XFRMA_ALG_AEAD] || 181 attrs[XFRMA_ALG_CRYPT] || 182 attrs[XFRMA_ALG_COMP] || 183 attrs[XFRMA_TFCPAD]) 184 goto out; 185 break; 186 187 case IPPROTO_ESP: 188 if (attrs[XFRMA_ALG_COMP]) 189 goto out; 190 if (!attrs[XFRMA_ALG_AUTH] && 191 !attrs[XFRMA_ALG_AUTH_TRUNC] && 192 !attrs[XFRMA_ALG_CRYPT] && 193 !attrs[XFRMA_ALG_AEAD]) 194 goto out; 195 if ((attrs[XFRMA_ALG_AUTH] || 196 attrs[XFRMA_ALG_AUTH_TRUNC] || 197 attrs[XFRMA_ALG_CRYPT]) && 198 attrs[XFRMA_ALG_AEAD]) 199 goto out; 200 if (attrs[XFRMA_TFCPAD] && 201 p->mode != XFRM_MODE_TUNNEL) 202 goto out; 203 break; 204 205 case IPPROTO_COMP: 206 if (!attrs[XFRMA_ALG_COMP] || 207 attrs[XFRMA_ALG_AEAD] || 208 attrs[XFRMA_ALG_AUTH] || 209 attrs[XFRMA_ALG_AUTH_TRUNC] || 210 attrs[XFRMA_ALG_CRYPT] || 211 attrs[XFRMA_TFCPAD] || 212 (ntohl(p->id.spi) >= 0x10000)) 213 goto out; 214 break; 215 216 #if IS_ENABLED(CONFIG_IPV6) 217 case IPPROTO_DSTOPTS: 218 case IPPROTO_ROUTING: 219 if (attrs[XFRMA_ALG_COMP] || 220 attrs[XFRMA_ALG_AUTH] || 221 attrs[XFRMA_ALG_AUTH_TRUNC] || 222 attrs[XFRMA_ALG_AEAD] || 223 attrs[XFRMA_ALG_CRYPT] || 224 attrs[XFRMA_ENCAP] || 225 attrs[XFRMA_SEC_CTX] || 226 attrs[XFRMA_TFCPAD] || 227 !attrs[XFRMA_COADDR]) 228 goto out; 229 break; 230 #endif 231 232 default: 233 goto out; 234 } 235 236 if ((err = verify_aead(attrs))) 237 goto out; 238 if ((err = verify_auth_trunc(attrs))) 239 goto out; 240 if ((err = verify_one_alg(attrs, XFRMA_ALG_AUTH))) 241 goto out; 242 if ((err = verify_one_alg(attrs, XFRMA_ALG_CRYPT))) 243 goto out; 244 if ((err = verify_one_alg(attrs, XFRMA_ALG_COMP))) 245 goto out; 246 if ((err = verify_sec_ctx_len(attrs))) 247 goto out; 248 if ((err = verify_replay(p, attrs))) 249 goto out; 250 251 err = -EINVAL; 252 switch (p->mode) { 253 case XFRM_MODE_TRANSPORT: 254 case XFRM_MODE_TUNNEL: 255 case XFRM_MODE_ROUTEOPTIMIZATION: 256 case XFRM_MODE_BEET: 257 break; 258 259 default: 260 goto out; 261 } 262 263 err = 0; 264 265 out: 266 return err; 267 } 268 269 static int attach_one_algo(struct xfrm_algo **algpp, u8 *props, 270 struct xfrm_algo_desc *(*get_byname)(const char *, int), 271 struct nlattr *rta) 272 { 273 struct xfrm_algo *p, *ualg; 274 struct xfrm_algo_desc *algo; 275 276 if (!rta) 277 return 0; 278 279 ualg = nla_data(rta); 280 281 algo = get_byname(ualg->alg_name, 1); 282 if (!algo) 283 return -ENOSYS; 284 *props = algo->desc.sadb_alg_id; 285 286 p = kmemdup(ualg, xfrm_alg_len(ualg), GFP_KERNEL); 287 if (!p) 288 return -ENOMEM; 289 290 strcpy(p->alg_name, algo->name); 291 *algpp = p; 292 return 0; 293 } 294 295 static int attach_crypt(struct xfrm_state *x, struct nlattr *rta) 296 { 297 struct xfrm_algo *p, *ualg; 298 struct xfrm_algo_desc *algo; 299 300 if (!rta) 301 return 0; 302 303 ualg = nla_data(rta); 304 305 algo = xfrm_ealg_get_byname(ualg->alg_name, 1); 306 if (!algo) 307 return -ENOSYS; 308 x->props.ealgo = algo->desc.sadb_alg_id; 309 310 p = kmemdup(ualg, xfrm_alg_len(ualg), GFP_KERNEL); 311 if (!p) 312 return -ENOMEM; 313 314 strcpy(p->alg_name, algo->name); 315 x->ealg = p; 316 x->geniv = algo->uinfo.encr.geniv; 317 return 0; 318 } 319 320 static int attach_auth(struct xfrm_algo_auth **algpp, u8 *props, 321 struct nlattr *rta) 322 { 323 struct xfrm_algo *ualg; 324 struct xfrm_algo_auth *p; 325 struct xfrm_algo_desc *algo; 326 327 if (!rta) 328 return 0; 329 330 ualg = nla_data(rta); 331 332 algo = xfrm_aalg_get_byname(ualg->alg_name, 1); 333 if (!algo) 334 return -ENOSYS; 335 *props = algo->desc.sadb_alg_id; 336 337 p = kmalloc(sizeof(*p) + (ualg->alg_key_len + 7) / 8, GFP_KERNEL); 338 if (!p) 339 return -ENOMEM; 340 341 strcpy(p->alg_name, algo->name); 342 p->alg_key_len = ualg->alg_key_len; 343 p->alg_trunc_len = algo->uinfo.auth.icv_truncbits; 344 memcpy(p->alg_key, ualg->alg_key, (ualg->alg_key_len + 7) / 8); 345 346 *algpp = p; 347 return 0; 348 } 349 350 static int attach_auth_trunc(struct xfrm_algo_auth **algpp, u8 *props, 351 struct nlattr *rta) 352 { 353 struct xfrm_algo_auth *p, *ualg; 354 struct xfrm_algo_desc *algo; 355 356 if (!rta) 357 return 0; 358 359 ualg = nla_data(rta); 360 361 algo = xfrm_aalg_get_byname(ualg->alg_name, 1); 362 if (!algo) 363 return -ENOSYS; 364 if (ualg->alg_trunc_len > algo->uinfo.auth.icv_fullbits) 365 return -EINVAL; 366 *props = algo->desc.sadb_alg_id; 367 368 p = kmemdup(ualg, xfrm_alg_auth_len(ualg), GFP_KERNEL); 369 if (!p) 370 return -ENOMEM; 371 372 strcpy(p->alg_name, algo->name); 373 if (!p->alg_trunc_len) 374 p->alg_trunc_len = algo->uinfo.auth.icv_truncbits; 375 376 *algpp = p; 377 return 0; 378 } 379 380 static int attach_aead(struct xfrm_state *x, struct nlattr *rta) 381 { 382 struct xfrm_algo_aead *p, *ualg; 383 struct xfrm_algo_desc *algo; 384 385 if (!rta) 386 return 0; 387 388 ualg = nla_data(rta); 389 390 algo = xfrm_aead_get_byname(ualg->alg_name, ualg->alg_icv_len, 1); 391 if (!algo) 392 return -ENOSYS; 393 x->props.ealgo = algo->desc.sadb_alg_id; 394 395 p = kmemdup(ualg, aead_len(ualg), GFP_KERNEL); 396 if (!p) 397 return -ENOMEM; 398 399 strcpy(p->alg_name, algo->name); 400 x->aead = p; 401 x->geniv = algo->uinfo.aead.geniv; 402 return 0; 403 } 404 405 static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_esn, 406 struct nlattr *rp) 407 { 408 struct xfrm_replay_state_esn *up; 409 unsigned int ulen; 410 411 if (!replay_esn || !rp) 412 return 0; 413 414 up = nla_data(rp); 415 ulen = xfrm_replay_state_esn_len(up); 416 417 /* Check the overall length and the internal bitmap length to avoid 418 * potential overflow. */ 419 if (nla_len(rp) < (int)ulen || 420 xfrm_replay_state_esn_len(replay_esn) != ulen || 421 replay_esn->bmp_len != up->bmp_len) 422 return -EINVAL; 423 424 if (up->replay_window > up->bmp_len * sizeof(__u32) * 8) 425 return -EINVAL; 426 427 return 0; 428 } 429 430 static int xfrm_alloc_replay_state_esn(struct xfrm_replay_state_esn **replay_esn, 431 struct xfrm_replay_state_esn **preplay_esn, 432 struct nlattr *rta) 433 { 434 struct xfrm_replay_state_esn *p, *pp, *up; 435 unsigned int klen, ulen; 436 437 if (!rta) 438 return 0; 439 440 up = nla_data(rta); 441 klen = xfrm_replay_state_esn_len(up); 442 ulen = nla_len(rta) >= (int)klen ? klen : sizeof(*up); 443 444 p = kzalloc(klen, GFP_KERNEL); 445 if (!p) 446 return -ENOMEM; 447 448 pp = kzalloc(klen, GFP_KERNEL); 449 if (!pp) { 450 kfree(p); 451 return -ENOMEM; 452 } 453 454 memcpy(p, up, ulen); 455 memcpy(pp, up, ulen); 456 457 *replay_esn = p; 458 *preplay_esn = pp; 459 460 return 0; 461 } 462 463 static inline unsigned int xfrm_user_sec_ctx_size(struct xfrm_sec_ctx *xfrm_ctx) 464 { 465 unsigned int len = 0; 466 467 if (xfrm_ctx) { 468 len += sizeof(struct xfrm_user_sec_ctx); 469 len += xfrm_ctx->ctx_len; 470 } 471 return len; 472 } 473 474 static void copy_from_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 475 { 476 memcpy(&x->id, &p->id, sizeof(x->id)); 477 memcpy(&x->sel, &p->sel, sizeof(x->sel)); 478 memcpy(&x->lft, &p->lft, sizeof(x->lft)); 479 x->props.mode = p->mode; 480 x->props.replay_window = min_t(unsigned int, p->replay_window, 481 sizeof(x->replay.bitmap) * 8); 482 x->props.reqid = p->reqid; 483 x->props.family = p->family; 484 memcpy(&x->props.saddr, &p->saddr, sizeof(x->props.saddr)); 485 x->props.flags = p->flags; 486 487 if (!x->sel.family && !(p->flags & XFRM_STATE_AF_UNSPEC)) 488 x->sel.family = p->family; 489 } 490 491 /* 492 * someday when pfkey also has support, we could have the code 493 * somehow made shareable and move it to xfrm_state.c - JHS 494 * 495 */ 496 static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs, 497 int update_esn) 498 { 499 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 500 struct nlattr *re = update_esn ? attrs[XFRMA_REPLAY_ESN_VAL] : NULL; 501 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 502 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; 503 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; 504 505 if (re) { 506 struct xfrm_replay_state_esn *replay_esn; 507 replay_esn = nla_data(re); 508 memcpy(x->replay_esn, replay_esn, 509 xfrm_replay_state_esn_len(replay_esn)); 510 memcpy(x->preplay_esn, replay_esn, 511 xfrm_replay_state_esn_len(replay_esn)); 512 } 513 514 if (rp) { 515 struct xfrm_replay_state *replay; 516 replay = nla_data(rp); 517 memcpy(&x->replay, replay, sizeof(*replay)); 518 memcpy(&x->preplay, replay, sizeof(*replay)); 519 } 520 521 if (lt) { 522 struct xfrm_lifetime_cur *ltime; 523 ltime = nla_data(lt); 524 x->curlft.bytes = ltime->bytes; 525 x->curlft.packets = ltime->packets; 526 x->curlft.add_time = ltime->add_time; 527 x->curlft.use_time = ltime->use_time; 528 } 529 530 if (et) 531 x->replay_maxage = nla_get_u32(et); 532 533 if (rt) 534 x->replay_maxdiff = nla_get_u32(rt); 535 } 536 537 static void xfrm_smark_init(struct nlattr **attrs, struct xfrm_mark *m) 538 { 539 if (attrs[XFRMA_SET_MARK]) { 540 m->v = nla_get_u32(attrs[XFRMA_SET_MARK]); 541 if (attrs[XFRMA_SET_MARK_MASK]) 542 m->m = nla_get_u32(attrs[XFRMA_SET_MARK_MASK]); 543 else 544 m->m = 0xffffffff; 545 } else { 546 m->v = m->m = 0; 547 } 548 } 549 550 static struct xfrm_state *xfrm_state_construct(struct net *net, 551 struct xfrm_usersa_info *p, 552 struct nlattr **attrs, 553 int *errp) 554 { 555 struct xfrm_state *x = xfrm_state_alloc(net); 556 int err = -ENOMEM; 557 558 if (!x) 559 goto error_no_put; 560 561 copy_from_user_state(x, p); 562 563 if (attrs[XFRMA_SA_EXTRA_FLAGS]) 564 x->props.extra_flags = nla_get_u32(attrs[XFRMA_SA_EXTRA_FLAGS]); 565 566 if ((err = attach_aead(x, attrs[XFRMA_ALG_AEAD]))) 567 goto error; 568 if ((err = attach_auth_trunc(&x->aalg, &x->props.aalgo, 569 attrs[XFRMA_ALG_AUTH_TRUNC]))) 570 goto error; 571 if (!x->props.aalgo) { 572 if ((err = attach_auth(&x->aalg, &x->props.aalgo, 573 attrs[XFRMA_ALG_AUTH]))) 574 goto error; 575 } 576 if ((err = attach_crypt(x, attrs[XFRMA_ALG_CRYPT]))) 577 goto error; 578 if ((err = attach_one_algo(&x->calg, &x->props.calgo, 579 xfrm_calg_get_byname, 580 attrs[XFRMA_ALG_COMP]))) 581 goto error; 582 583 if (attrs[XFRMA_ENCAP]) { 584 x->encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]), 585 sizeof(*x->encap), GFP_KERNEL); 586 if (x->encap == NULL) 587 goto error; 588 } 589 590 if (attrs[XFRMA_TFCPAD]) 591 x->tfcpad = nla_get_u32(attrs[XFRMA_TFCPAD]); 592 593 if (attrs[XFRMA_COADDR]) { 594 x->coaddr = kmemdup(nla_data(attrs[XFRMA_COADDR]), 595 sizeof(*x->coaddr), GFP_KERNEL); 596 if (x->coaddr == NULL) 597 goto error; 598 } 599 600 xfrm_mark_get(attrs, &x->mark); 601 602 xfrm_smark_init(attrs, &x->props.smark); 603 604 if (attrs[XFRMA_IF_ID]) 605 x->if_id = nla_get_u32(attrs[XFRMA_IF_ID]); 606 607 err = __xfrm_init_state(x, false, attrs[XFRMA_OFFLOAD_DEV]); 608 if (err) 609 goto error; 610 611 if (attrs[XFRMA_SEC_CTX]) { 612 err = security_xfrm_state_alloc(x, 613 nla_data(attrs[XFRMA_SEC_CTX])); 614 if (err) 615 goto error; 616 } 617 618 if ((err = xfrm_alloc_replay_state_esn(&x->replay_esn, &x->preplay_esn, 619 attrs[XFRMA_REPLAY_ESN_VAL]))) 620 goto error; 621 622 x->km.seq = p->seq; 623 x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth; 624 /* sysctl_xfrm_aevent_etime is in 100ms units */ 625 x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M; 626 627 if ((err = xfrm_init_replay(x))) 628 goto error; 629 630 /* override default values from above */ 631 xfrm_update_ae_params(x, attrs, 0); 632 633 /* configure the hardware if offload is requested */ 634 if (attrs[XFRMA_OFFLOAD_DEV]) { 635 err = xfrm_dev_state_add(net, x, 636 nla_data(attrs[XFRMA_OFFLOAD_DEV])); 637 if (err) 638 goto error; 639 } 640 641 return x; 642 643 error: 644 x->km.state = XFRM_STATE_DEAD; 645 xfrm_state_put(x); 646 error_no_put: 647 *errp = err; 648 return NULL; 649 } 650 651 static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 652 struct nlattr **attrs) 653 { 654 struct net *net = sock_net(skb->sk); 655 struct xfrm_usersa_info *p = nlmsg_data(nlh); 656 struct xfrm_state *x; 657 int err; 658 struct km_event c; 659 660 err = verify_newsa_info(p, attrs); 661 if (err) 662 return err; 663 664 x = xfrm_state_construct(net, p, attrs, &err); 665 if (!x) 666 return err; 667 668 xfrm_state_hold(x); 669 if (nlh->nlmsg_type == XFRM_MSG_NEWSA) 670 err = xfrm_state_add(x); 671 else 672 err = xfrm_state_update(x); 673 674 xfrm_audit_state_add(x, err ? 0 : 1, true); 675 676 if (err < 0) { 677 x->km.state = XFRM_STATE_DEAD; 678 xfrm_dev_state_delete(x); 679 __xfrm_state_put(x); 680 goto out; 681 } 682 683 if (x->km.state == XFRM_STATE_VOID) 684 x->km.state = XFRM_STATE_VALID; 685 686 c.seq = nlh->nlmsg_seq; 687 c.portid = nlh->nlmsg_pid; 688 c.event = nlh->nlmsg_type; 689 690 km_state_notify(x, &c); 691 out: 692 xfrm_state_put(x); 693 return err; 694 } 695 696 static struct xfrm_state *xfrm_user_state_lookup(struct net *net, 697 struct xfrm_usersa_id *p, 698 struct nlattr **attrs, 699 int *errp) 700 { 701 struct xfrm_state *x = NULL; 702 struct xfrm_mark m; 703 int err; 704 u32 mark = xfrm_mark_get(attrs, &m); 705 706 if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { 707 err = -ESRCH; 708 x = xfrm_state_lookup(net, mark, &p->daddr, p->spi, p->proto, p->family); 709 } else { 710 xfrm_address_t *saddr = NULL; 711 712 verify_one_addr(attrs, XFRMA_SRCADDR, &saddr); 713 if (!saddr) { 714 err = -EINVAL; 715 goto out; 716 } 717 718 err = -ESRCH; 719 x = xfrm_state_lookup_byaddr(net, mark, 720 &p->daddr, saddr, 721 p->proto, p->family); 722 } 723 724 out: 725 if (!x && errp) 726 *errp = err; 727 return x; 728 } 729 730 static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 731 struct nlattr **attrs) 732 { 733 struct net *net = sock_net(skb->sk); 734 struct xfrm_state *x; 735 int err = -ESRCH; 736 struct km_event c; 737 struct xfrm_usersa_id *p = nlmsg_data(nlh); 738 739 x = xfrm_user_state_lookup(net, p, attrs, &err); 740 if (x == NULL) 741 return err; 742 743 if ((err = security_xfrm_state_delete(x)) != 0) 744 goto out; 745 746 if (xfrm_state_kern(x)) { 747 err = -EPERM; 748 goto out; 749 } 750 751 err = xfrm_state_delete(x); 752 753 if (err < 0) 754 goto out; 755 756 c.seq = nlh->nlmsg_seq; 757 c.portid = nlh->nlmsg_pid; 758 c.event = nlh->nlmsg_type; 759 km_state_notify(x, &c); 760 761 out: 762 xfrm_audit_state_delete(x, err ? 0 : 1, true); 763 xfrm_state_put(x); 764 return err; 765 } 766 767 static void copy_to_user_state(struct xfrm_state *x, struct xfrm_usersa_info *p) 768 { 769 memset(p, 0, sizeof(*p)); 770 memcpy(&p->id, &x->id, sizeof(p->id)); 771 memcpy(&p->sel, &x->sel, sizeof(p->sel)); 772 memcpy(&p->lft, &x->lft, sizeof(p->lft)); 773 memcpy(&p->curlft, &x->curlft, sizeof(p->curlft)); 774 put_unaligned(x->stats.replay_window, &p->stats.replay_window); 775 put_unaligned(x->stats.replay, &p->stats.replay); 776 put_unaligned(x->stats.integrity_failed, &p->stats.integrity_failed); 777 memcpy(&p->saddr, &x->props.saddr, sizeof(p->saddr)); 778 p->mode = x->props.mode; 779 p->replay_window = x->props.replay_window; 780 p->reqid = x->props.reqid; 781 p->family = x->props.family; 782 p->flags = x->props.flags; 783 p->seq = x->km.seq; 784 } 785 786 struct xfrm_dump_info { 787 struct sk_buff *in_skb; 788 struct sk_buff *out_skb; 789 u32 nlmsg_seq; 790 u16 nlmsg_flags; 791 }; 792 793 static int copy_sec_ctx(struct xfrm_sec_ctx *s, struct sk_buff *skb) 794 { 795 struct xfrm_user_sec_ctx *uctx; 796 struct nlattr *attr; 797 int ctx_size = sizeof(*uctx) + s->ctx_len; 798 799 attr = nla_reserve(skb, XFRMA_SEC_CTX, ctx_size); 800 if (attr == NULL) 801 return -EMSGSIZE; 802 803 uctx = nla_data(attr); 804 uctx->exttype = XFRMA_SEC_CTX; 805 uctx->len = ctx_size; 806 uctx->ctx_doi = s->ctx_doi; 807 uctx->ctx_alg = s->ctx_alg; 808 uctx->ctx_len = s->ctx_len; 809 memcpy(uctx + 1, s->ctx_str, s->ctx_len); 810 811 return 0; 812 } 813 814 static int copy_user_offload(struct xfrm_state_offload *xso, struct sk_buff *skb) 815 { 816 struct xfrm_user_offload *xuo; 817 struct nlattr *attr; 818 819 attr = nla_reserve(skb, XFRMA_OFFLOAD_DEV, sizeof(*xuo)); 820 if (attr == NULL) 821 return -EMSGSIZE; 822 823 xuo = nla_data(attr); 824 memset(xuo, 0, sizeof(*xuo)); 825 xuo->ifindex = xso->dev->ifindex; 826 xuo->flags = xso->flags; 827 828 return 0; 829 } 830 831 static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb) 832 { 833 struct xfrm_algo *algo; 834 struct nlattr *nla; 835 836 nla = nla_reserve(skb, XFRMA_ALG_AUTH, 837 sizeof(*algo) + (auth->alg_key_len + 7) / 8); 838 if (!nla) 839 return -EMSGSIZE; 840 841 algo = nla_data(nla); 842 strncpy(algo->alg_name, auth->alg_name, sizeof(algo->alg_name)); 843 memcpy(algo->alg_key, auth->alg_key, (auth->alg_key_len + 7) / 8); 844 algo->alg_key_len = auth->alg_key_len; 845 846 return 0; 847 } 848 849 static int xfrm_smark_put(struct sk_buff *skb, struct xfrm_mark *m) 850 { 851 int ret = 0; 852 853 if (m->v | m->m) { 854 ret = nla_put_u32(skb, XFRMA_SET_MARK, m->v); 855 if (!ret) 856 ret = nla_put_u32(skb, XFRMA_SET_MARK_MASK, m->m); 857 } 858 return ret; 859 } 860 861 /* Don't change this without updating xfrm_sa_len! */ 862 static int copy_to_user_state_extra(struct xfrm_state *x, 863 struct xfrm_usersa_info *p, 864 struct sk_buff *skb) 865 { 866 int ret = 0; 867 868 copy_to_user_state(x, p); 869 870 if (x->props.extra_flags) { 871 ret = nla_put_u32(skb, XFRMA_SA_EXTRA_FLAGS, 872 x->props.extra_flags); 873 if (ret) 874 goto out; 875 } 876 877 if (x->coaddr) { 878 ret = nla_put(skb, XFRMA_COADDR, sizeof(*x->coaddr), x->coaddr); 879 if (ret) 880 goto out; 881 } 882 if (x->lastused) { 883 ret = nla_put_u64_64bit(skb, XFRMA_LASTUSED, x->lastused, 884 XFRMA_PAD); 885 if (ret) 886 goto out; 887 } 888 if (x->aead) { 889 ret = nla_put(skb, XFRMA_ALG_AEAD, aead_len(x->aead), x->aead); 890 if (ret) 891 goto out; 892 } 893 if (x->aalg) { 894 ret = copy_to_user_auth(x->aalg, skb); 895 if (!ret) 896 ret = nla_put(skb, XFRMA_ALG_AUTH_TRUNC, 897 xfrm_alg_auth_len(x->aalg), x->aalg); 898 if (ret) 899 goto out; 900 } 901 if (x->ealg) { 902 ret = nla_put(skb, XFRMA_ALG_CRYPT, xfrm_alg_len(x->ealg), x->ealg); 903 if (ret) 904 goto out; 905 } 906 if (x->calg) { 907 ret = nla_put(skb, XFRMA_ALG_COMP, sizeof(*(x->calg)), x->calg); 908 if (ret) 909 goto out; 910 } 911 if (x->encap) { 912 ret = nla_put(skb, XFRMA_ENCAP, sizeof(*x->encap), x->encap); 913 if (ret) 914 goto out; 915 } 916 if (x->tfcpad) { 917 ret = nla_put_u32(skb, XFRMA_TFCPAD, x->tfcpad); 918 if (ret) 919 goto out; 920 } 921 ret = xfrm_mark_put(skb, &x->mark); 922 if (ret) 923 goto out; 924 925 ret = xfrm_smark_put(skb, &x->props.smark); 926 if (ret) 927 goto out; 928 929 if (x->replay_esn) 930 ret = nla_put(skb, XFRMA_REPLAY_ESN_VAL, 931 xfrm_replay_state_esn_len(x->replay_esn), 932 x->replay_esn); 933 else 934 ret = nla_put(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), 935 &x->replay); 936 if (ret) 937 goto out; 938 if(x->xso.dev) 939 ret = copy_user_offload(&x->xso, skb); 940 if (ret) 941 goto out; 942 if (x->if_id) { 943 ret = nla_put_u32(skb, XFRMA_IF_ID, x->if_id); 944 if (ret) 945 goto out; 946 } 947 if (x->security) 948 ret = copy_sec_ctx(x->security, skb); 949 out: 950 return ret; 951 } 952 953 static int dump_one_state(struct xfrm_state *x, int count, void *ptr) 954 { 955 struct xfrm_dump_info *sp = ptr; 956 struct sk_buff *in_skb = sp->in_skb; 957 struct sk_buff *skb = sp->out_skb; 958 struct xfrm_usersa_info *p; 959 struct nlmsghdr *nlh; 960 int err; 961 962 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).portid, sp->nlmsg_seq, 963 XFRM_MSG_NEWSA, sizeof(*p), sp->nlmsg_flags); 964 if (nlh == NULL) 965 return -EMSGSIZE; 966 967 p = nlmsg_data(nlh); 968 969 err = copy_to_user_state_extra(x, p, skb); 970 if (err) { 971 nlmsg_cancel(skb, nlh); 972 return err; 973 } 974 nlmsg_end(skb, nlh); 975 return 0; 976 } 977 978 static int xfrm_dump_sa_done(struct netlink_callback *cb) 979 { 980 struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; 981 struct sock *sk = cb->skb->sk; 982 struct net *net = sock_net(sk); 983 984 if (cb->args[0]) 985 xfrm_state_walk_done(walk, net); 986 return 0; 987 } 988 989 static const struct nla_policy xfrma_policy[XFRMA_MAX+1]; 990 static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) 991 { 992 struct net *net = sock_net(skb->sk); 993 struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; 994 struct xfrm_dump_info info; 995 996 BUILD_BUG_ON(sizeof(struct xfrm_state_walk) > 997 sizeof(cb->args) - sizeof(cb->args[0])); 998 999 info.in_skb = cb->skb; 1000 info.out_skb = skb; 1001 info.nlmsg_seq = cb->nlh->nlmsg_seq; 1002 info.nlmsg_flags = NLM_F_MULTI; 1003 1004 if (!cb->args[0]) { 1005 struct nlattr *attrs[XFRMA_MAX+1]; 1006 struct xfrm_address_filter *filter = NULL; 1007 u8 proto = 0; 1008 int err; 1009 1010 err = nlmsg_parse_deprecated(cb->nlh, 0, attrs, XFRMA_MAX, 1011 xfrma_policy, cb->extack); 1012 if (err < 0) 1013 return err; 1014 1015 if (attrs[XFRMA_ADDRESS_FILTER]) { 1016 filter = kmemdup(nla_data(attrs[XFRMA_ADDRESS_FILTER]), 1017 sizeof(*filter), GFP_KERNEL); 1018 if (filter == NULL) 1019 return -ENOMEM; 1020 } 1021 1022 if (attrs[XFRMA_PROTO]) 1023 proto = nla_get_u8(attrs[XFRMA_PROTO]); 1024 1025 xfrm_state_walk_init(walk, proto, filter); 1026 cb->args[0] = 1; 1027 } 1028 1029 (void) xfrm_state_walk(net, walk, dump_one_state, &info); 1030 1031 return skb->len; 1032 } 1033 1034 static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb, 1035 struct xfrm_state *x, u32 seq) 1036 { 1037 struct xfrm_dump_info info; 1038 struct sk_buff *skb; 1039 int err; 1040 1041 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 1042 if (!skb) 1043 return ERR_PTR(-ENOMEM); 1044 1045 info.in_skb = in_skb; 1046 info.out_skb = skb; 1047 info.nlmsg_seq = seq; 1048 info.nlmsg_flags = 0; 1049 1050 err = dump_one_state(x, 0, &info); 1051 if (err) { 1052 kfree_skb(skb); 1053 return ERR_PTR(err); 1054 } 1055 1056 return skb; 1057 } 1058 1059 /* A wrapper for nlmsg_multicast() checking that nlsk is still available. 1060 * Must be called with RCU read lock. 1061 */ 1062 static inline int xfrm_nlmsg_multicast(struct net *net, struct sk_buff *skb, 1063 u32 pid, unsigned int group) 1064 { 1065 struct sock *nlsk = rcu_dereference(net->xfrm.nlsk); 1066 1067 if (!nlsk) { 1068 kfree_skb(skb); 1069 return -EPIPE; 1070 } 1071 1072 return nlmsg_multicast(nlsk, skb, pid, group, GFP_ATOMIC); 1073 } 1074 1075 static inline unsigned int xfrm_spdinfo_msgsize(void) 1076 { 1077 return NLMSG_ALIGN(4) 1078 + nla_total_size(sizeof(struct xfrmu_spdinfo)) 1079 + nla_total_size(sizeof(struct xfrmu_spdhinfo)) 1080 + nla_total_size(sizeof(struct xfrmu_spdhthresh)) 1081 + nla_total_size(sizeof(struct xfrmu_spdhthresh)); 1082 } 1083 1084 static int build_spdinfo(struct sk_buff *skb, struct net *net, 1085 u32 portid, u32 seq, u32 flags) 1086 { 1087 struct xfrmk_spdinfo si; 1088 struct xfrmu_spdinfo spc; 1089 struct xfrmu_spdhinfo sph; 1090 struct xfrmu_spdhthresh spt4, spt6; 1091 struct nlmsghdr *nlh; 1092 int err; 1093 u32 *f; 1094 unsigned lseq; 1095 1096 nlh = nlmsg_put(skb, portid, seq, XFRM_MSG_NEWSPDINFO, sizeof(u32), 0); 1097 if (nlh == NULL) /* shouldn't really happen ... */ 1098 return -EMSGSIZE; 1099 1100 f = nlmsg_data(nlh); 1101 *f = flags; 1102 xfrm_spd_getinfo(net, &si); 1103 spc.incnt = si.incnt; 1104 spc.outcnt = si.outcnt; 1105 spc.fwdcnt = si.fwdcnt; 1106 spc.inscnt = si.inscnt; 1107 spc.outscnt = si.outscnt; 1108 spc.fwdscnt = si.fwdscnt; 1109 sph.spdhcnt = si.spdhcnt; 1110 sph.spdhmcnt = si.spdhmcnt; 1111 1112 do { 1113 lseq = read_seqbegin(&net->xfrm.policy_hthresh.lock); 1114 1115 spt4.lbits = net->xfrm.policy_hthresh.lbits4; 1116 spt4.rbits = net->xfrm.policy_hthresh.rbits4; 1117 spt6.lbits = net->xfrm.policy_hthresh.lbits6; 1118 spt6.rbits = net->xfrm.policy_hthresh.rbits6; 1119 } while (read_seqretry(&net->xfrm.policy_hthresh.lock, lseq)); 1120 1121 err = nla_put(skb, XFRMA_SPD_INFO, sizeof(spc), &spc); 1122 if (!err) 1123 err = nla_put(skb, XFRMA_SPD_HINFO, sizeof(sph), &sph); 1124 if (!err) 1125 err = nla_put(skb, XFRMA_SPD_IPV4_HTHRESH, sizeof(spt4), &spt4); 1126 if (!err) 1127 err = nla_put(skb, XFRMA_SPD_IPV6_HTHRESH, sizeof(spt6), &spt6); 1128 if (err) { 1129 nlmsg_cancel(skb, nlh); 1130 return err; 1131 } 1132 1133 nlmsg_end(skb, nlh); 1134 return 0; 1135 } 1136 1137 static int xfrm_set_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 1138 struct nlattr **attrs) 1139 { 1140 struct net *net = sock_net(skb->sk); 1141 struct xfrmu_spdhthresh *thresh4 = NULL; 1142 struct xfrmu_spdhthresh *thresh6 = NULL; 1143 1144 /* selector prefixlen thresholds to hash policies */ 1145 if (attrs[XFRMA_SPD_IPV4_HTHRESH]) { 1146 struct nlattr *rta = attrs[XFRMA_SPD_IPV4_HTHRESH]; 1147 1148 if (nla_len(rta) < sizeof(*thresh4)) 1149 return -EINVAL; 1150 thresh4 = nla_data(rta); 1151 if (thresh4->lbits > 32 || thresh4->rbits > 32) 1152 return -EINVAL; 1153 } 1154 if (attrs[XFRMA_SPD_IPV6_HTHRESH]) { 1155 struct nlattr *rta = attrs[XFRMA_SPD_IPV6_HTHRESH]; 1156 1157 if (nla_len(rta) < sizeof(*thresh6)) 1158 return -EINVAL; 1159 thresh6 = nla_data(rta); 1160 if (thresh6->lbits > 128 || thresh6->rbits > 128) 1161 return -EINVAL; 1162 } 1163 1164 if (thresh4 || thresh6) { 1165 write_seqlock(&net->xfrm.policy_hthresh.lock); 1166 if (thresh4) { 1167 net->xfrm.policy_hthresh.lbits4 = thresh4->lbits; 1168 net->xfrm.policy_hthresh.rbits4 = thresh4->rbits; 1169 } 1170 if (thresh6) { 1171 net->xfrm.policy_hthresh.lbits6 = thresh6->lbits; 1172 net->xfrm.policy_hthresh.rbits6 = thresh6->rbits; 1173 } 1174 write_sequnlock(&net->xfrm.policy_hthresh.lock); 1175 1176 xfrm_policy_hash_rebuild(net); 1177 } 1178 1179 return 0; 1180 } 1181 1182 static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 1183 struct nlattr **attrs) 1184 { 1185 struct net *net = sock_net(skb->sk); 1186 struct sk_buff *r_skb; 1187 u32 *flags = nlmsg_data(nlh); 1188 u32 sportid = NETLINK_CB(skb).portid; 1189 u32 seq = nlh->nlmsg_seq; 1190 int err; 1191 1192 r_skb = nlmsg_new(xfrm_spdinfo_msgsize(), GFP_ATOMIC); 1193 if (r_skb == NULL) 1194 return -ENOMEM; 1195 1196 err = build_spdinfo(r_skb, net, sportid, seq, *flags); 1197 BUG_ON(err < 0); 1198 1199 return nlmsg_unicast(net->xfrm.nlsk, r_skb, sportid); 1200 } 1201 1202 static inline unsigned int xfrm_sadinfo_msgsize(void) 1203 { 1204 return NLMSG_ALIGN(4) 1205 + nla_total_size(sizeof(struct xfrmu_sadhinfo)) 1206 + nla_total_size(4); /* XFRMA_SAD_CNT */ 1207 } 1208 1209 static int build_sadinfo(struct sk_buff *skb, struct net *net, 1210 u32 portid, u32 seq, u32 flags) 1211 { 1212 struct xfrmk_sadinfo si; 1213 struct xfrmu_sadhinfo sh; 1214 struct nlmsghdr *nlh; 1215 int err; 1216 u32 *f; 1217 1218 nlh = nlmsg_put(skb, portid, seq, XFRM_MSG_NEWSADINFO, sizeof(u32), 0); 1219 if (nlh == NULL) /* shouldn't really happen ... */ 1220 return -EMSGSIZE; 1221 1222 f = nlmsg_data(nlh); 1223 *f = flags; 1224 xfrm_sad_getinfo(net, &si); 1225 1226 sh.sadhmcnt = si.sadhmcnt; 1227 sh.sadhcnt = si.sadhcnt; 1228 1229 err = nla_put_u32(skb, XFRMA_SAD_CNT, si.sadcnt); 1230 if (!err) 1231 err = nla_put(skb, XFRMA_SAD_HINFO, sizeof(sh), &sh); 1232 if (err) { 1233 nlmsg_cancel(skb, nlh); 1234 return err; 1235 } 1236 1237 nlmsg_end(skb, nlh); 1238 return 0; 1239 } 1240 1241 static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, 1242 struct nlattr **attrs) 1243 { 1244 struct net *net = sock_net(skb->sk); 1245 struct sk_buff *r_skb; 1246 u32 *flags = nlmsg_data(nlh); 1247 u32 sportid = NETLINK_CB(skb).portid; 1248 u32 seq = nlh->nlmsg_seq; 1249 int err; 1250 1251 r_skb = nlmsg_new(xfrm_sadinfo_msgsize(), GFP_ATOMIC); 1252 if (r_skb == NULL) 1253 return -ENOMEM; 1254 1255 err = build_sadinfo(r_skb, net, sportid, seq, *flags); 1256 BUG_ON(err < 0); 1257 1258 return nlmsg_unicast(net->xfrm.nlsk, r_skb, sportid); 1259 } 1260 1261 static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 1262 struct nlattr **attrs) 1263 { 1264 struct net *net = sock_net(skb->sk); 1265 struct xfrm_usersa_id *p = nlmsg_data(nlh); 1266 struct xfrm_state *x; 1267 struct sk_buff *resp_skb; 1268 int err = -ESRCH; 1269 1270 x = xfrm_user_state_lookup(net, p, attrs, &err); 1271 if (x == NULL) 1272 goto out_noput; 1273 1274 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 1275 if (IS_ERR(resp_skb)) { 1276 err = PTR_ERR(resp_skb); 1277 } else { 1278 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).portid); 1279 } 1280 xfrm_state_put(x); 1281 out_noput: 1282 return err; 1283 } 1284 1285 static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, 1286 struct nlattr **attrs) 1287 { 1288 struct net *net = sock_net(skb->sk); 1289 struct xfrm_state *x; 1290 struct xfrm_userspi_info *p; 1291 struct sk_buff *resp_skb; 1292 xfrm_address_t *daddr; 1293 int family; 1294 int err; 1295 u32 mark; 1296 struct xfrm_mark m; 1297 u32 if_id = 0; 1298 1299 p = nlmsg_data(nlh); 1300 err = verify_spi_info(p->info.id.proto, p->min, p->max); 1301 if (err) 1302 goto out_noput; 1303 1304 family = p->info.family; 1305 daddr = &p->info.id.daddr; 1306 1307 x = NULL; 1308 1309 mark = xfrm_mark_get(attrs, &m); 1310 1311 if (attrs[XFRMA_IF_ID]) 1312 if_id = nla_get_u32(attrs[XFRMA_IF_ID]); 1313 1314 if (p->info.seq) { 1315 x = xfrm_find_acq_byseq(net, mark, p->info.seq); 1316 if (x && !xfrm_addr_equal(&x->id.daddr, daddr, family)) { 1317 xfrm_state_put(x); 1318 x = NULL; 1319 } 1320 } 1321 1322 if (!x) 1323 x = xfrm_find_acq(net, &m, p->info.mode, p->info.reqid, 1324 if_id, p->info.id.proto, daddr, 1325 &p->info.saddr, 1, 1326 family); 1327 err = -ENOENT; 1328 if (x == NULL) 1329 goto out_noput; 1330 1331 err = xfrm_alloc_spi(x, p->min, p->max); 1332 if (err) 1333 goto out; 1334 1335 resp_skb = xfrm_state_netlink(skb, x, nlh->nlmsg_seq); 1336 if (IS_ERR(resp_skb)) { 1337 err = PTR_ERR(resp_skb); 1338 goto out; 1339 } 1340 1341 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).portid); 1342 1343 out: 1344 xfrm_state_put(x); 1345 out_noput: 1346 return err; 1347 } 1348 1349 static int verify_policy_dir(u8 dir) 1350 { 1351 switch (dir) { 1352 case XFRM_POLICY_IN: 1353 case XFRM_POLICY_OUT: 1354 case XFRM_POLICY_FWD: 1355 break; 1356 1357 default: 1358 return -EINVAL; 1359 } 1360 1361 return 0; 1362 } 1363 1364 static int verify_policy_type(u8 type) 1365 { 1366 switch (type) { 1367 case XFRM_POLICY_TYPE_MAIN: 1368 #ifdef CONFIG_XFRM_SUB_POLICY 1369 case XFRM_POLICY_TYPE_SUB: 1370 #endif 1371 break; 1372 1373 default: 1374 return -EINVAL; 1375 } 1376 1377 return 0; 1378 } 1379 1380 static int verify_newpolicy_info(struct xfrm_userpolicy_info *p) 1381 { 1382 int ret; 1383 1384 switch (p->share) { 1385 case XFRM_SHARE_ANY: 1386 case XFRM_SHARE_SESSION: 1387 case XFRM_SHARE_USER: 1388 case XFRM_SHARE_UNIQUE: 1389 break; 1390 1391 default: 1392 return -EINVAL; 1393 } 1394 1395 switch (p->action) { 1396 case XFRM_POLICY_ALLOW: 1397 case XFRM_POLICY_BLOCK: 1398 break; 1399 1400 default: 1401 return -EINVAL; 1402 } 1403 1404 switch (p->sel.family) { 1405 case AF_INET: 1406 if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) 1407 return -EINVAL; 1408 1409 break; 1410 1411 case AF_INET6: 1412 #if IS_ENABLED(CONFIG_IPV6) 1413 if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) 1414 return -EINVAL; 1415 1416 break; 1417 #else 1418 return -EAFNOSUPPORT; 1419 #endif 1420 1421 default: 1422 return -EINVAL; 1423 } 1424 1425 ret = verify_policy_dir(p->dir); 1426 if (ret) 1427 return ret; 1428 if (p->index && (xfrm_policy_id2dir(p->index) != p->dir)) 1429 return -EINVAL; 1430 1431 return 0; 1432 } 1433 1434 static int copy_from_user_sec_ctx(struct xfrm_policy *pol, struct nlattr **attrs) 1435 { 1436 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1437 struct xfrm_user_sec_ctx *uctx; 1438 1439 if (!rt) 1440 return 0; 1441 1442 uctx = nla_data(rt); 1443 return security_xfrm_policy_alloc(&pol->security, uctx, GFP_KERNEL); 1444 } 1445 1446 static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut, 1447 int nr) 1448 { 1449 int i; 1450 1451 xp->xfrm_nr = nr; 1452 for (i = 0; i < nr; i++, ut++) { 1453 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 1454 1455 memcpy(&t->id, &ut->id, sizeof(struct xfrm_id)); 1456 memcpy(&t->saddr, &ut->saddr, 1457 sizeof(xfrm_address_t)); 1458 t->reqid = ut->reqid; 1459 t->mode = ut->mode; 1460 t->share = ut->share; 1461 t->optional = ut->optional; 1462 t->aalgos = ut->aalgos; 1463 t->ealgos = ut->ealgos; 1464 t->calgos = ut->calgos; 1465 /* If all masks are ~0, then we allow all algorithms. */ 1466 t->allalgs = !~(t->aalgos & t->ealgos & t->calgos); 1467 t->encap_family = ut->family; 1468 } 1469 } 1470 1471 static int validate_tmpl(int nr, struct xfrm_user_tmpl *ut, u16 family) 1472 { 1473 u16 prev_family; 1474 int i; 1475 1476 if (nr > XFRM_MAX_DEPTH) 1477 return -EINVAL; 1478 1479 prev_family = family; 1480 1481 for (i = 0; i < nr; i++) { 1482 /* We never validated the ut->family value, so many 1483 * applications simply leave it at zero. The check was 1484 * never made and ut->family was ignored because all 1485 * templates could be assumed to have the same family as 1486 * the policy itself. Now that we will have ipv4-in-ipv6 1487 * and ipv6-in-ipv4 tunnels, this is no longer true. 1488 */ 1489 if (!ut[i].family) 1490 ut[i].family = family; 1491 1492 switch (ut[i].mode) { 1493 case XFRM_MODE_TUNNEL: 1494 case XFRM_MODE_BEET: 1495 break; 1496 default: 1497 if (ut[i].family != prev_family) 1498 return -EINVAL; 1499 break; 1500 } 1501 if (ut[i].mode >= XFRM_MODE_MAX) 1502 return -EINVAL; 1503 1504 prev_family = ut[i].family; 1505 1506 switch (ut[i].family) { 1507 case AF_INET: 1508 break; 1509 #if IS_ENABLED(CONFIG_IPV6) 1510 case AF_INET6: 1511 break; 1512 #endif 1513 default: 1514 return -EINVAL; 1515 } 1516 1517 if (!xfrm_id_proto_valid(ut[i].id.proto)) 1518 return -EINVAL; 1519 } 1520 1521 return 0; 1522 } 1523 1524 static int copy_from_user_tmpl(struct xfrm_policy *pol, struct nlattr **attrs) 1525 { 1526 struct nlattr *rt = attrs[XFRMA_TMPL]; 1527 1528 if (!rt) { 1529 pol->xfrm_nr = 0; 1530 } else { 1531 struct xfrm_user_tmpl *utmpl = nla_data(rt); 1532 int nr = nla_len(rt) / sizeof(*utmpl); 1533 int err; 1534 1535 err = validate_tmpl(nr, utmpl, pol->family); 1536 if (err) 1537 return err; 1538 1539 copy_templates(pol, utmpl, nr); 1540 } 1541 return 0; 1542 } 1543 1544 static int copy_from_user_policy_type(u8 *tp, struct nlattr **attrs) 1545 { 1546 struct nlattr *rt = attrs[XFRMA_POLICY_TYPE]; 1547 struct xfrm_userpolicy_type *upt; 1548 u8 type = XFRM_POLICY_TYPE_MAIN; 1549 int err; 1550 1551 if (rt) { 1552 upt = nla_data(rt); 1553 type = upt->type; 1554 } 1555 1556 err = verify_policy_type(type); 1557 if (err) 1558 return err; 1559 1560 *tp = type; 1561 return 0; 1562 } 1563 1564 static void copy_from_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p) 1565 { 1566 xp->priority = p->priority; 1567 xp->index = p->index; 1568 memcpy(&xp->selector, &p->sel, sizeof(xp->selector)); 1569 memcpy(&xp->lft, &p->lft, sizeof(xp->lft)); 1570 xp->action = p->action; 1571 xp->flags = p->flags; 1572 xp->family = p->sel.family; 1573 /* XXX xp->share = p->share; */ 1574 } 1575 1576 static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_info *p, int dir) 1577 { 1578 memset(p, 0, sizeof(*p)); 1579 memcpy(&p->sel, &xp->selector, sizeof(p->sel)); 1580 memcpy(&p->lft, &xp->lft, sizeof(p->lft)); 1581 memcpy(&p->curlft, &xp->curlft, sizeof(p->curlft)); 1582 p->priority = xp->priority; 1583 p->index = xp->index; 1584 p->sel.family = xp->family; 1585 p->dir = dir; 1586 p->action = xp->action; 1587 p->flags = xp->flags; 1588 p->share = XFRM_SHARE_ANY; /* XXX xp->share */ 1589 } 1590 1591 static struct xfrm_policy *xfrm_policy_construct(struct net *net, struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) 1592 { 1593 struct xfrm_policy *xp = xfrm_policy_alloc(net, GFP_KERNEL); 1594 int err; 1595 1596 if (!xp) { 1597 *errp = -ENOMEM; 1598 return NULL; 1599 } 1600 1601 copy_from_user_policy(xp, p); 1602 1603 err = copy_from_user_policy_type(&xp->type, attrs); 1604 if (err) 1605 goto error; 1606 1607 if (!(err = copy_from_user_tmpl(xp, attrs))) 1608 err = copy_from_user_sec_ctx(xp, attrs); 1609 if (err) 1610 goto error; 1611 1612 xfrm_mark_get(attrs, &xp->mark); 1613 1614 if (attrs[XFRMA_IF_ID]) 1615 xp->if_id = nla_get_u32(attrs[XFRMA_IF_ID]); 1616 1617 return xp; 1618 error: 1619 *errp = err; 1620 xp->walk.dead = 1; 1621 xfrm_policy_destroy(xp); 1622 return NULL; 1623 } 1624 1625 static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1626 struct nlattr **attrs) 1627 { 1628 struct net *net = sock_net(skb->sk); 1629 struct xfrm_userpolicy_info *p = nlmsg_data(nlh); 1630 struct xfrm_policy *xp; 1631 struct km_event c; 1632 int err; 1633 int excl; 1634 1635 err = verify_newpolicy_info(p); 1636 if (err) 1637 return err; 1638 err = verify_sec_ctx_len(attrs); 1639 if (err) 1640 return err; 1641 1642 xp = xfrm_policy_construct(net, p, attrs, &err); 1643 if (!xp) 1644 return err; 1645 1646 /* shouldn't excl be based on nlh flags?? 1647 * Aha! this is anti-netlink really i.e more pfkey derived 1648 * in netlink excl is a flag and you wouldnt need 1649 * a type XFRM_MSG_UPDPOLICY - JHS */ 1650 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1651 err = xfrm_policy_insert(p->dir, xp, excl); 1652 xfrm_audit_policy_add(xp, err ? 0 : 1, true); 1653 1654 if (err) { 1655 security_xfrm_policy_free(xp->security); 1656 kfree(xp); 1657 return err; 1658 } 1659 1660 c.event = nlh->nlmsg_type; 1661 c.seq = nlh->nlmsg_seq; 1662 c.portid = nlh->nlmsg_pid; 1663 km_policy_notify(xp, p->dir, &c); 1664 1665 xfrm_pol_put(xp); 1666 1667 return 0; 1668 } 1669 1670 static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) 1671 { 1672 struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; 1673 int i; 1674 1675 if (xp->xfrm_nr == 0) 1676 return 0; 1677 1678 for (i = 0; i < xp->xfrm_nr; i++) { 1679 struct xfrm_user_tmpl *up = &vec[i]; 1680 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1681 1682 memset(up, 0, sizeof(*up)); 1683 memcpy(&up->id, &kp->id, sizeof(up->id)); 1684 up->family = kp->encap_family; 1685 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1686 up->reqid = kp->reqid; 1687 up->mode = kp->mode; 1688 up->share = kp->share; 1689 up->optional = kp->optional; 1690 up->aalgos = kp->aalgos; 1691 up->ealgos = kp->ealgos; 1692 up->calgos = kp->calgos; 1693 } 1694 1695 return nla_put(skb, XFRMA_TMPL, 1696 sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr, vec); 1697 } 1698 1699 static inline int copy_to_user_state_sec_ctx(struct xfrm_state *x, struct sk_buff *skb) 1700 { 1701 if (x->security) { 1702 return copy_sec_ctx(x->security, skb); 1703 } 1704 return 0; 1705 } 1706 1707 static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *skb) 1708 { 1709 if (xp->security) 1710 return copy_sec_ctx(xp->security, skb); 1711 return 0; 1712 } 1713 static inline unsigned int userpolicy_type_attrsize(void) 1714 { 1715 #ifdef CONFIG_XFRM_SUB_POLICY 1716 return nla_total_size(sizeof(struct xfrm_userpolicy_type)); 1717 #else 1718 return 0; 1719 #endif 1720 } 1721 1722 #ifdef CONFIG_XFRM_SUB_POLICY 1723 static int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1724 { 1725 struct xfrm_userpolicy_type upt; 1726 1727 /* Sadly there are two holes in struct xfrm_userpolicy_type */ 1728 memset(&upt, 0, sizeof(upt)); 1729 upt.type = type; 1730 1731 return nla_put(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); 1732 } 1733 1734 #else 1735 static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb) 1736 { 1737 return 0; 1738 } 1739 #endif 1740 1741 static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr) 1742 { 1743 struct xfrm_dump_info *sp = ptr; 1744 struct xfrm_userpolicy_info *p; 1745 struct sk_buff *in_skb = sp->in_skb; 1746 struct sk_buff *skb = sp->out_skb; 1747 struct nlmsghdr *nlh; 1748 int err; 1749 1750 nlh = nlmsg_put(skb, NETLINK_CB(in_skb).portid, sp->nlmsg_seq, 1751 XFRM_MSG_NEWPOLICY, sizeof(*p), sp->nlmsg_flags); 1752 if (nlh == NULL) 1753 return -EMSGSIZE; 1754 1755 p = nlmsg_data(nlh); 1756 copy_to_user_policy(xp, p, dir); 1757 err = copy_to_user_tmpl(xp, skb); 1758 if (!err) 1759 err = copy_to_user_sec_ctx(xp, skb); 1760 if (!err) 1761 err = copy_to_user_policy_type(xp->type, skb); 1762 if (!err) 1763 err = xfrm_mark_put(skb, &xp->mark); 1764 if (!err) 1765 err = xfrm_if_id_put(skb, xp->if_id); 1766 if (err) { 1767 nlmsg_cancel(skb, nlh); 1768 return err; 1769 } 1770 nlmsg_end(skb, nlh); 1771 return 0; 1772 } 1773 1774 static int xfrm_dump_policy_done(struct netlink_callback *cb) 1775 { 1776 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args; 1777 struct net *net = sock_net(cb->skb->sk); 1778 1779 xfrm_policy_walk_done(walk, net); 1780 return 0; 1781 } 1782 1783 static int xfrm_dump_policy_start(struct netlink_callback *cb) 1784 { 1785 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args; 1786 1787 BUILD_BUG_ON(sizeof(*walk) > sizeof(cb->args)); 1788 1789 xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY); 1790 return 0; 1791 } 1792 1793 static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) 1794 { 1795 struct net *net = sock_net(skb->sk); 1796 struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *)cb->args; 1797 struct xfrm_dump_info info; 1798 1799 info.in_skb = cb->skb; 1800 info.out_skb = skb; 1801 info.nlmsg_seq = cb->nlh->nlmsg_seq; 1802 info.nlmsg_flags = NLM_F_MULTI; 1803 1804 (void) xfrm_policy_walk(net, walk, dump_one_policy, &info); 1805 1806 return skb->len; 1807 } 1808 1809 static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, 1810 struct xfrm_policy *xp, 1811 int dir, u32 seq) 1812 { 1813 struct xfrm_dump_info info; 1814 struct sk_buff *skb; 1815 int err; 1816 1817 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1818 if (!skb) 1819 return ERR_PTR(-ENOMEM); 1820 1821 info.in_skb = in_skb; 1822 info.out_skb = skb; 1823 info.nlmsg_seq = seq; 1824 info.nlmsg_flags = 0; 1825 1826 err = dump_one_policy(xp, dir, 0, &info); 1827 if (err) { 1828 kfree_skb(skb); 1829 return ERR_PTR(err); 1830 } 1831 1832 return skb; 1833 } 1834 1835 static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 1836 struct nlattr **attrs) 1837 { 1838 struct net *net = sock_net(skb->sk); 1839 struct xfrm_policy *xp; 1840 struct xfrm_userpolicy_id *p; 1841 u8 type = XFRM_POLICY_TYPE_MAIN; 1842 int err; 1843 struct km_event c; 1844 int delete; 1845 struct xfrm_mark m; 1846 u32 mark = xfrm_mark_get(attrs, &m); 1847 u32 if_id = 0; 1848 1849 p = nlmsg_data(nlh); 1850 delete = nlh->nlmsg_type == XFRM_MSG_DELPOLICY; 1851 1852 err = copy_from_user_policy_type(&type, attrs); 1853 if (err) 1854 return err; 1855 1856 err = verify_policy_dir(p->dir); 1857 if (err) 1858 return err; 1859 1860 if (attrs[XFRMA_IF_ID]) 1861 if_id = nla_get_u32(attrs[XFRMA_IF_ID]); 1862 1863 if (p->index) 1864 xp = xfrm_policy_byid(net, mark, if_id, type, p->dir, p->index, delete, &err); 1865 else { 1866 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 1867 struct xfrm_sec_ctx *ctx; 1868 1869 err = verify_sec_ctx_len(attrs); 1870 if (err) 1871 return err; 1872 1873 ctx = NULL; 1874 if (rt) { 1875 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 1876 1877 err = security_xfrm_policy_alloc(&ctx, uctx, GFP_KERNEL); 1878 if (err) 1879 return err; 1880 } 1881 xp = xfrm_policy_bysel_ctx(net, mark, if_id, type, p->dir, &p->sel, 1882 ctx, delete, &err); 1883 security_xfrm_policy_free(ctx); 1884 } 1885 if (xp == NULL) 1886 return -ENOENT; 1887 1888 if (!delete) { 1889 struct sk_buff *resp_skb; 1890 1891 resp_skb = xfrm_policy_netlink(skb, xp, p->dir, nlh->nlmsg_seq); 1892 if (IS_ERR(resp_skb)) { 1893 err = PTR_ERR(resp_skb); 1894 } else { 1895 err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, 1896 NETLINK_CB(skb).portid); 1897 } 1898 } else { 1899 xfrm_audit_policy_delete(xp, err ? 0 : 1, true); 1900 1901 if (err != 0) 1902 goto out; 1903 1904 c.data.byid = p->index; 1905 c.event = nlh->nlmsg_type; 1906 c.seq = nlh->nlmsg_seq; 1907 c.portid = nlh->nlmsg_pid; 1908 km_policy_notify(xp, p->dir, &c); 1909 } 1910 1911 out: 1912 xfrm_pol_put(xp); 1913 return err; 1914 } 1915 1916 static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, 1917 struct nlattr **attrs) 1918 { 1919 struct net *net = sock_net(skb->sk); 1920 struct km_event c; 1921 struct xfrm_usersa_flush *p = nlmsg_data(nlh); 1922 int err; 1923 1924 err = xfrm_state_flush(net, p->proto, true, false); 1925 if (err) { 1926 if (err == -ESRCH) /* empty table */ 1927 return 0; 1928 return err; 1929 } 1930 c.data.proto = p->proto; 1931 c.event = nlh->nlmsg_type; 1932 c.seq = nlh->nlmsg_seq; 1933 c.portid = nlh->nlmsg_pid; 1934 c.net = net; 1935 km_state_notify(NULL, &c); 1936 1937 return 0; 1938 } 1939 1940 static inline unsigned int xfrm_aevent_msgsize(struct xfrm_state *x) 1941 { 1942 unsigned int replay_size = x->replay_esn ? 1943 xfrm_replay_state_esn_len(x->replay_esn) : 1944 sizeof(struct xfrm_replay_state); 1945 1946 return NLMSG_ALIGN(sizeof(struct xfrm_aevent_id)) 1947 + nla_total_size(replay_size) 1948 + nla_total_size_64bit(sizeof(struct xfrm_lifetime_cur)) 1949 + nla_total_size(sizeof(struct xfrm_mark)) 1950 + nla_total_size(4) /* XFRM_AE_RTHR */ 1951 + nla_total_size(4); /* XFRM_AE_ETHR */ 1952 } 1953 1954 static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c) 1955 { 1956 struct xfrm_aevent_id *id; 1957 struct nlmsghdr *nlh; 1958 int err; 1959 1960 nlh = nlmsg_put(skb, c->portid, c->seq, XFRM_MSG_NEWAE, sizeof(*id), 0); 1961 if (nlh == NULL) 1962 return -EMSGSIZE; 1963 1964 id = nlmsg_data(nlh); 1965 memset(&id->sa_id, 0, sizeof(id->sa_id)); 1966 memcpy(&id->sa_id.daddr, &x->id.daddr, sizeof(x->id.daddr)); 1967 id->sa_id.spi = x->id.spi; 1968 id->sa_id.family = x->props.family; 1969 id->sa_id.proto = x->id.proto; 1970 memcpy(&id->saddr, &x->props.saddr, sizeof(x->props.saddr)); 1971 id->reqid = x->props.reqid; 1972 id->flags = c->data.aevent; 1973 1974 if (x->replay_esn) { 1975 err = nla_put(skb, XFRMA_REPLAY_ESN_VAL, 1976 xfrm_replay_state_esn_len(x->replay_esn), 1977 x->replay_esn); 1978 } else { 1979 err = nla_put(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), 1980 &x->replay); 1981 } 1982 if (err) 1983 goto out_cancel; 1984 err = nla_put_64bit(skb, XFRMA_LTIME_VAL, sizeof(x->curlft), &x->curlft, 1985 XFRMA_PAD); 1986 if (err) 1987 goto out_cancel; 1988 1989 if (id->flags & XFRM_AE_RTHR) { 1990 err = nla_put_u32(skb, XFRMA_REPLAY_THRESH, x->replay_maxdiff); 1991 if (err) 1992 goto out_cancel; 1993 } 1994 if (id->flags & XFRM_AE_ETHR) { 1995 err = nla_put_u32(skb, XFRMA_ETIMER_THRESH, 1996 x->replay_maxage * 10 / HZ); 1997 if (err) 1998 goto out_cancel; 1999 } 2000 err = xfrm_mark_put(skb, &x->mark); 2001 if (err) 2002 goto out_cancel; 2003 2004 err = xfrm_if_id_put(skb, x->if_id); 2005 if (err) 2006 goto out_cancel; 2007 2008 nlmsg_end(skb, nlh); 2009 return 0; 2010 2011 out_cancel: 2012 nlmsg_cancel(skb, nlh); 2013 return err; 2014 } 2015 2016 static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 2017 struct nlattr **attrs) 2018 { 2019 struct net *net = sock_net(skb->sk); 2020 struct xfrm_state *x; 2021 struct sk_buff *r_skb; 2022 int err; 2023 struct km_event c; 2024 u32 mark; 2025 struct xfrm_mark m; 2026 struct xfrm_aevent_id *p = nlmsg_data(nlh); 2027 struct xfrm_usersa_id *id = &p->sa_id; 2028 2029 mark = xfrm_mark_get(attrs, &m); 2030 2031 x = xfrm_state_lookup(net, mark, &id->daddr, id->spi, id->proto, id->family); 2032 if (x == NULL) 2033 return -ESRCH; 2034 2035 r_skb = nlmsg_new(xfrm_aevent_msgsize(x), GFP_ATOMIC); 2036 if (r_skb == NULL) { 2037 xfrm_state_put(x); 2038 return -ENOMEM; 2039 } 2040 2041 /* 2042 * XXX: is this lock really needed - none of the other 2043 * gets lock (the concern is things getting updated 2044 * while we are still reading) - jhs 2045 */ 2046 spin_lock_bh(&x->lock); 2047 c.data.aevent = p->flags; 2048 c.seq = nlh->nlmsg_seq; 2049 c.portid = nlh->nlmsg_pid; 2050 2051 err = build_aevent(r_skb, x, &c); 2052 BUG_ON(err < 0); 2053 2054 err = nlmsg_unicast(net->xfrm.nlsk, r_skb, NETLINK_CB(skb).portid); 2055 spin_unlock_bh(&x->lock); 2056 xfrm_state_put(x); 2057 return err; 2058 } 2059 2060 static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, 2061 struct nlattr **attrs) 2062 { 2063 struct net *net = sock_net(skb->sk); 2064 struct xfrm_state *x; 2065 struct km_event c; 2066 int err = -EINVAL; 2067 u32 mark = 0; 2068 struct xfrm_mark m; 2069 struct xfrm_aevent_id *p = nlmsg_data(nlh); 2070 struct nlattr *rp = attrs[XFRMA_REPLAY_VAL]; 2071 struct nlattr *re = attrs[XFRMA_REPLAY_ESN_VAL]; 2072 struct nlattr *lt = attrs[XFRMA_LTIME_VAL]; 2073 struct nlattr *et = attrs[XFRMA_ETIMER_THRESH]; 2074 struct nlattr *rt = attrs[XFRMA_REPLAY_THRESH]; 2075 2076 if (!lt && !rp && !re && !et && !rt) 2077 return err; 2078 2079 /* pedantic mode - thou shalt sayeth replaceth */ 2080 if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) 2081 return err; 2082 2083 mark = xfrm_mark_get(attrs, &m); 2084 2085 x = xfrm_state_lookup(net, mark, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); 2086 if (x == NULL) 2087 return -ESRCH; 2088 2089 if (x->km.state != XFRM_STATE_VALID) 2090 goto out; 2091 2092 err = xfrm_replay_verify_len(x->replay_esn, re); 2093 if (err) 2094 goto out; 2095 2096 spin_lock_bh(&x->lock); 2097 xfrm_update_ae_params(x, attrs, 1); 2098 spin_unlock_bh(&x->lock); 2099 2100 c.event = nlh->nlmsg_type; 2101 c.seq = nlh->nlmsg_seq; 2102 c.portid = nlh->nlmsg_pid; 2103 c.data.aevent = XFRM_AE_CU; 2104 km_state_notify(x, &c); 2105 err = 0; 2106 out: 2107 xfrm_state_put(x); 2108 return err; 2109 } 2110 2111 static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, 2112 struct nlattr **attrs) 2113 { 2114 struct net *net = sock_net(skb->sk); 2115 struct km_event c; 2116 u8 type = XFRM_POLICY_TYPE_MAIN; 2117 int err; 2118 2119 err = copy_from_user_policy_type(&type, attrs); 2120 if (err) 2121 return err; 2122 2123 err = xfrm_policy_flush(net, type, true); 2124 if (err) { 2125 if (err == -ESRCH) /* empty table */ 2126 return 0; 2127 return err; 2128 } 2129 2130 c.data.type = type; 2131 c.event = nlh->nlmsg_type; 2132 c.seq = nlh->nlmsg_seq; 2133 c.portid = nlh->nlmsg_pid; 2134 c.net = net; 2135 km_policy_notify(NULL, 0, &c); 2136 return 0; 2137 } 2138 2139 static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 2140 struct nlattr **attrs) 2141 { 2142 struct net *net = sock_net(skb->sk); 2143 struct xfrm_policy *xp; 2144 struct xfrm_user_polexpire *up = nlmsg_data(nlh); 2145 struct xfrm_userpolicy_info *p = &up->pol; 2146 u8 type = XFRM_POLICY_TYPE_MAIN; 2147 int err = -ENOENT; 2148 struct xfrm_mark m; 2149 u32 mark = xfrm_mark_get(attrs, &m); 2150 u32 if_id = 0; 2151 2152 err = copy_from_user_policy_type(&type, attrs); 2153 if (err) 2154 return err; 2155 2156 err = verify_policy_dir(p->dir); 2157 if (err) 2158 return err; 2159 2160 if (attrs[XFRMA_IF_ID]) 2161 if_id = nla_get_u32(attrs[XFRMA_IF_ID]); 2162 2163 if (p->index) 2164 xp = xfrm_policy_byid(net, mark, if_id, type, p->dir, p->index, 0, &err); 2165 else { 2166 struct nlattr *rt = attrs[XFRMA_SEC_CTX]; 2167 struct xfrm_sec_ctx *ctx; 2168 2169 err = verify_sec_ctx_len(attrs); 2170 if (err) 2171 return err; 2172 2173 ctx = NULL; 2174 if (rt) { 2175 struct xfrm_user_sec_ctx *uctx = nla_data(rt); 2176 2177 err = security_xfrm_policy_alloc(&ctx, uctx, GFP_KERNEL); 2178 if (err) 2179 return err; 2180 } 2181 xp = xfrm_policy_bysel_ctx(net, mark, if_id, type, p->dir, 2182 &p->sel, ctx, 0, &err); 2183 security_xfrm_policy_free(ctx); 2184 } 2185 if (xp == NULL) 2186 return -ENOENT; 2187 2188 if (unlikely(xp->walk.dead)) 2189 goto out; 2190 2191 err = 0; 2192 if (up->hard) { 2193 xfrm_policy_delete(xp, p->dir); 2194 xfrm_audit_policy_delete(xp, 1, true); 2195 } 2196 km_policy_expired(xp, p->dir, up->hard, nlh->nlmsg_pid); 2197 2198 out: 2199 xfrm_pol_put(xp); 2200 return err; 2201 } 2202 2203 static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, 2204 struct nlattr **attrs) 2205 { 2206 struct net *net = sock_net(skb->sk); 2207 struct xfrm_state *x; 2208 int err; 2209 struct xfrm_user_expire *ue = nlmsg_data(nlh); 2210 struct xfrm_usersa_info *p = &ue->state; 2211 struct xfrm_mark m; 2212 u32 mark = xfrm_mark_get(attrs, &m); 2213 2214 x = xfrm_state_lookup(net, mark, &p->id.daddr, p->id.spi, p->id.proto, p->family); 2215 2216 err = -ENOENT; 2217 if (x == NULL) 2218 return err; 2219 2220 spin_lock_bh(&x->lock); 2221 err = -EINVAL; 2222 if (x->km.state != XFRM_STATE_VALID) 2223 goto out; 2224 km_state_expired(x, ue->hard, nlh->nlmsg_pid); 2225 2226 if (ue->hard) { 2227 __xfrm_state_delete(x); 2228 xfrm_audit_state_delete(x, 1, true); 2229 } 2230 err = 0; 2231 out: 2232 spin_unlock_bh(&x->lock); 2233 xfrm_state_put(x); 2234 return err; 2235 } 2236 2237 static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, 2238 struct nlattr **attrs) 2239 { 2240 struct net *net = sock_net(skb->sk); 2241 struct xfrm_policy *xp; 2242 struct xfrm_user_tmpl *ut; 2243 int i; 2244 struct nlattr *rt = attrs[XFRMA_TMPL]; 2245 struct xfrm_mark mark; 2246 2247 struct xfrm_user_acquire *ua = nlmsg_data(nlh); 2248 struct xfrm_state *x = xfrm_state_alloc(net); 2249 int err = -ENOMEM; 2250 2251 if (!x) 2252 goto nomem; 2253 2254 xfrm_mark_get(attrs, &mark); 2255 2256 err = verify_newpolicy_info(&ua->policy); 2257 if (err) 2258 goto free_state; 2259 2260 /* build an XP */ 2261 xp = xfrm_policy_construct(net, &ua->policy, attrs, &err); 2262 if (!xp) 2263 goto free_state; 2264 2265 memcpy(&x->id, &ua->id, sizeof(ua->id)); 2266 memcpy(&x->props.saddr, &ua->saddr, sizeof(ua->saddr)); 2267 memcpy(&x->sel, &ua->sel, sizeof(ua->sel)); 2268 xp->mark.m = x->mark.m = mark.m; 2269 xp->mark.v = x->mark.v = mark.v; 2270 ut = nla_data(rt); 2271 /* extract the templates and for each call km_key */ 2272 for (i = 0; i < xp->xfrm_nr; i++, ut++) { 2273 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 2274 memcpy(&x->id, &t->id, sizeof(x->id)); 2275 x->props.mode = t->mode; 2276 x->props.reqid = t->reqid; 2277 x->props.family = ut->family; 2278 t->aalgos = ua->aalgos; 2279 t->ealgos = ua->ealgos; 2280 t->calgos = ua->calgos; 2281 err = km_query(x, t, xp); 2282 2283 } 2284 2285 xfrm_state_free(x); 2286 kfree(xp); 2287 2288 return 0; 2289 2290 free_state: 2291 xfrm_state_free(x); 2292 nomem: 2293 return err; 2294 } 2295 2296 #ifdef CONFIG_XFRM_MIGRATE 2297 static int copy_from_user_migrate(struct xfrm_migrate *ma, 2298 struct xfrm_kmaddress *k, 2299 struct nlattr **attrs, int *num) 2300 { 2301 struct nlattr *rt = attrs[XFRMA_MIGRATE]; 2302 struct xfrm_user_migrate *um; 2303 int i, num_migrate; 2304 2305 if (k != NULL) { 2306 struct xfrm_user_kmaddress *uk; 2307 2308 uk = nla_data(attrs[XFRMA_KMADDRESS]); 2309 memcpy(&k->local, &uk->local, sizeof(k->local)); 2310 memcpy(&k->remote, &uk->remote, sizeof(k->remote)); 2311 k->family = uk->family; 2312 k->reserved = uk->reserved; 2313 } 2314 2315 um = nla_data(rt); 2316 num_migrate = nla_len(rt) / sizeof(*um); 2317 2318 if (num_migrate <= 0 || num_migrate > XFRM_MAX_DEPTH) 2319 return -EINVAL; 2320 2321 for (i = 0; i < num_migrate; i++, um++, ma++) { 2322 memcpy(&ma->old_daddr, &um->old_daddr, sizeof(ma->old_daddr)); 2323 memcpy(&ma->old_saddr, &um->old_saddr, sizeof(ma->old_saddr)); 2324 memcpy(&ma->new_daddr, &um->new_daddr, sizeof(ma->new_daddr)); 2325 memcpy(&ma->new_saddr, &um->new_saddr, sizeof(ma->new_saddr)); 2326 2327 ma->proto = um->proto; 2328 ma->mode = um->mode; 2329 ma->reqid = um->reqid; 2330 2331 ma->old_family = um->old_family; 2332 ma->new_family = um->new_family; 2333 } 2334 2335 *num = i; 2336 return 0; 2337 } 2338 2339 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 2340 struct nlattr **attrs) 2341 { 2342 struct xfrm_userpolicy_id *pi = nlmsg_data(nlh); 2343 struct xfrm_migrate m[XFRM_MAX_DEPTH]; 2344 struct xfrm_kmaddress km, *kmp; 2345 u8 type; 2346 int err; 2347 int n = 0; 2348 struct net *net = sock_net(skb->sk); 2349 struct xfrm_encap_tmpl *encap = NULL; 2350 2351 if (attrs[XFRMA_MIGRATE] == NULL) 2352 return -EINVAL; 2353 2354 kmp = attrs[XFRMA_KMADDRESS] ? &km : NULL; 2355 2356 err = copy_from_user_policy_type(&type, attrs); 2357 if (err) 2358 return err; 2359 2360 err = copy_from_user_migrate((struct xfrm_migrate *)m, kmp, attrs, &n); 2361 if (err) 2362 return err; 2363 2364 if (!n) 2365 return 0; 2366 2367 if (attrs[XFRMA_ENCAP]) { 2368 encap = kmemdup(nla_data(attrs[XFRMA_ENCAP]), 2369 sizeof(*encap), GFP_KERNEL); 2370 if (!encap) 2371 return 0; 2372 } 2373 2374 err = xfrm_migrate(&pi->sel, pi->dir, type, m, n, kmp, net, encap); 2375 2376 kfree(encap); 2377 2378 return err; 2379 } 2380 #else 2381 static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, 2382 struct nlattr **attrs) 2383 { 2384 return -ENOPROTOOPT; 2385 } 2386 #endif 2387 2388 #ifdef CONFIG_XFRM_MIGRATE 2389 static int copy_to_user_migrate(const struct xfrm_migrate *m, struct sk_buff *skb) 2390 { 2391 struct xfrm_user_migrate um; 2392 2393 memset(&um, 0, sizeof(um)); 2394 um.proto = m->proto; 2395 um.mode = m->mode; 2396 um.reqid = m->reqid; 2397 um.old_family = m->old_family; 2398 memcpy(&um.old_daddr, &m->old_daddr, sizeof(um.old_daddr)); 2399 memcpy(&um.old_saddr, &m->old_saddr, sizeof(um.old_saddr)); 2400 um.new_family = m->new_family; 2401 memcpy(&um.new_daddr, &m->new_daddr, sizeof(um.new_daddr)); 2402 memcpy(&um.new_saddr, &m->new_saddr, sizeof(um.new_saddr)); 2403 2404 return nla_put(skb, XFRMA_MIGRATE, sizeof(um), &um); 2405 } 2406 2407 static int copy_to_user_kmaddress(const struct xfrm_kmaddress *k, struct sk_buff *skb) 2408 { 2409 struct xfrm_user_kmaddress uk; 2410 2411 memset(&uk, 0, sizeof(uk)); 2412 uk.family = k->family; 2413 uk.reserved = k->reserved; 2414 memcpy(&uk.local, &k->local, sizeof(uk.local)); 2415 memcpy(&uk.remote, &k->remote, sizeof(uk.remote)); 2416 2417 return nla_put(skb, XFRMA_KMADDRESS, sizeof(uk), &uk); 2418 } 2419 2420 static inline unsigned int xfrm_migrate_msgsize(int num_migrate, int with_kma, 2421 int with_encp) 2422 { 2423 return NLMSG_ALIGN(sizeof(struct xfrm_userpolicy_id)) 2424 + (with_kma ? nla_total_size(sizeof(struct xfrm_kmaddress)) : 0) 2425 + (with_encp ? nla_total_size(sizeof(struct xfrm_encap_tmpl)) : 0) 2426 + nla_total_size(sizeof(struct xfrm_user_migrate) * num_migrate) 2427 + userpolicy_type_attrsize(); 2428 } 2429 2430 static int build_migrate(struct sk_buff *skb, const struct xfrm_migrate *m, 2431 int num_migrate, const struct xfrm_kmaddress *k, 2432 const struct xfrm_selector *sel, 2433 const struct xfrm_encap_tmpl *encap, u8 dir, u8 type) 2434 { 2435 const struct xfrm_migrate *mp; 2436 struct xfrm_userpolicy_id *pol_id; 2437 struct nlmsghdr *nlh; 2438 int i, err; 2439 2440 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MIGRATE, sizeof(*pol_id), 0); 2441 if (nlh == NULL) 2442 return -EMSGSIZE; 2443 2444 pol_id = nlmsg_data(nlh); 2445 /* copy data from selector, dir, and type to the pol_id */ 2446 memset(pol_id, 0, sizeof(*pol_id)); 2447 memcpy(&pol_id->sel, sel, sizeof(pol_id->sel)); 2448 pol_id->dir = dir; 2449 2450 if (k != NULL) { 2451 err = copy_to_user_kmaddress(k, skb); 2452 if (err) 2453 goto out_cancel; 2454 } 2455 if (encap) { 2456 err = nla_put(skb, XFRMA_ENCAP, sizeof(*encap), encap); 2457 if (err) 2458 goto out_cancel; 2459 } 2460 err = copy_to_user_policy_type(type, skb); 2461 if (err) 2462 goto out_cancel; 2463 for (i = 0, mp = m ; i < num_migrate; i++, mp++) { 2464 err = copy_to_user_migrate(mp, skb); 2465 if (err) 2466 goto out_cancel; 2467 } 2468 2469 nlmsg_end(skb, nlh); 2470 return 0; 2471 2472 out_cancel: 2473 nlmsg_cancel(skb, nlh); 2474 return err; 2475 } 2476 2477 static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, 2478 const struct xfrm_migrate *m, int num_migrate, 2479 const struct xfrm_kmaddress *k, 2480 const struct xfrm_encap_tmpl *encap) 2481 { 2482 struct net *net = &init_net; 2483 struct sk_buff *skb; 2484 int err; 2485 2486 skb = nlmsg_new(xfrm_migrate_msgsize(num_migrate, !!k, !!encap), 2487 GFP_ATOMIC); 2488 if (skb == NULL) 2489 return -ENOMEM; 2490 2491 /* build migrate */ 2492 err = build_migrate(skb, m, num_migrate, k, sel, encap, dir, type); 2493 BUG_ON(err < 0); 2494 2495 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MIGRATE); 2496 } 2497 #else 2498 static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type, 2499 const struct xfrm_migrate *m, int num_migrate, 2500 const struct xfrm_kmaddress *k, 2501 const struct xfrm_encap_tmpl *encap) 2502 { 2503 return -ENOPROTOOPT; 2504 } 2505 #endif 2506 2507 #define XMSGSIZE(type) sizeof(struct type) 2508 2509 static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = { 2510 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 2511 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 2512 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id), 2513 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 2514 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 2515 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 2516 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info), 2517 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire), 2518 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire), 2519 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info), 2520 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info), 2521 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire), 2522 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush), 2523 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = 0, 2524 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 2525 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id), 2526 [XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report), 2527 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id), 2528 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = sizeof(u32), 2529 [XFRM_MSG_NEWSPDINFO - XFRM_MSG_BASE] = sizeof(u32), 2530 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = sizeof(u32), 2531 }; 2532 2533 #undef XMSGSIZE 2534 2535 static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = { 2536 [XFRMA_SA] = { .len = sizeof(struct xfrm_usersa_info)}, 2537 [XFRMA_POLICY] = { .len = sizeof(struct xfrm_userpolicy_info)}, 2538 [XFRMA_LASTUSED] = { .type = NLA_U64}, 2539 [XFRMA_ALG_AUTH_TRUNC] = { .len = sizeof(struct xfrm_algo_auth)}, 2540 [XFRMA_ALG_AEAD] = { .len = sizeof(struct xfrm_algo_aead) }, 2541 [XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) }, 2542 [XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) }, 2543 [XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) }, 2544 [XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) }, 2545 [XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) }, 2546 [XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) }, 2547 [XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) }, 2548 [XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) }, 2549 [XFRMA_REPLAY_THRESH] = { .type = NLA_U32 }, 2550 [XFRMA_ETIMER_THRESH] = { .type = NLA_U32 }, 2551 [XFRMA_SRCADDR] = { .len = sizeof(xfrm_address_t) }, 2552 [XFRMA_COADDR] = { .len = sizeof(xfrm_address_t) }, 2553 [XFRMA_POLICY_TYPE] = { .len = sizeof(struct xfrm_userpolicy_type)}, 2554 [XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) }, 2555 [XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) }, 2556 [XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) }, 2557 [XFRMA_TFCPAD] = { .type = NLA_U32 }, 2558 [XFRMA_REPLAY_ESN_VAL] = { .len = sizeof(struct xfrm_replay_state_esn) }, 2559 [XFRMA_SA_EXTRA_FLAGS] = { .type = NLA_U32 }, 2560 [XFRMA_PROTO] = { .type = NLA_U8 }, 2561 [XFRMA_ADDRESS_FILTER] = { .len = sizeof(struct xfrm_address_filter) }, 2562 [XFRMA_OFFLOAD_DEV] = { .len = sizeof(struct xfrm_user_offload) }, 2563 [XFRMA_SET_MARK] = { .type = NLA_U32 }, 2564 [XFRMA_SET_MARK_MASK] = { .type = NLA_U32 }, 2565 [XFRMA_IF_ID] = { .type = NLA_U32 }, 2566 }; 2567 2568 static const struct nla_policy xfrma_spd_policy[XFRMA_SPD_MAX+1] = { 2569 [XFRMA_SPD_IPV4_HTHRESH] = { .len = sizeof(struct xfrmu_spdhthresh) }, 2570 [XFRMA_SPD_IPV6_HTHRESH] = { .len = sizeof(struct xfrmu_spdhthresh) }, 2571 }; 2572 2573 static const struct xfrm_link { 2574 int (*doit)(struct sk_buff *, struct nlmsghdr *, struct nlattr **); 2575 int (*start)(struct netlink_callback *); 2576 int (*dump)(struct sk_buff *, struct netlink_callback *); 2577 int (*done)(struct netlink_callback *); 2578 const struct nla_policy *nla_pol; 2579 int nla_max; 2580 } xfrm_dispatch[XFRM_NR_MSGTYPES] = { 2581 [XFRM_MSG_NEWSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 2582 [XFRM_MSG_DELSA - XFRM_MSG_BASE] = { .doit = xfrm_del_sa }, 2583 [XFRM_MSG_GETSA - XFRM_MSG_BASE] = { .doit = xfrm_get_sa, 2584 .dump = xfrm_dump_sa, 2585 .done = xfrm_dump_sa_done }, 2586 [XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 2587 [XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy }, 2588 [XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_get_policy, 2589 .start = xfrm_dump_policy_start, 2590 .dump = xfrm_dump_policy, 2591 .done = xfrm_dump_policy_done }, 2592 [XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = { .doit = xfrm_alloc_userspi }, 2593 [XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_acquire }, 2594 [XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_sa_expire }, 2595 [XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_add_policy }, 2596 [XFRM_MSG_UPDSA - XFRM_MSG_BASE] = { .doit = xfrm_add_sa }, 2597 [XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = { .doit = xfrm_add_pol_expire}, 2598 [XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = { .doit = xfrm_flush_sa }, 2599 [XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = { .doit = xfrm_flush_policy }, 2600 [XFRM_MSG_NEWAE - XFRM_MSG_BASE] = { .doit = xfrm_new_ae }, 2601 [XFRM_MSG_GETAE - XFRM_MSG_BASE] = { .doit = xfrm_get_ae }, 2602 [XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = { .doit = xfrm_do_migrate }, 2603 [XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_sadinfo }, 2604 [XFRM_MSG_NEWSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_set_spdinfo, 2605 .nla_pol = xfrma_spd_policy, 2606 .nla_max = XFRMA_SPD_MAX }, 2607 [XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = { .doit = xfrm_get_spdinfo }, 2608 }; 2609 2610 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, 2611 struct netlink_ext_ack *extack) 2612 { 2613 struct net *net = sock_net(skb->sk); 2614 struct nlattr *attrs[XFRMA_MAX+1]; 2615 const struct xfrm_link *link; 2616 int type, err; 2617 2618 if (in_compat_syscall()) 2619 return -EOPNOTSUPP; 2620 2621 type = nlh->nlmsg_type; 2622 if (type > XFRM_MSG_MAX) 2623 return -EINVAL; 2624 2625 type -= XFRM_MSG_BASE; 2626 link = &xfrm_dispatch[type]; 2627 2628 /* All operations require privileges, even GET */ 2629 if (!netlink_net_capable(skb, CAP_NET_ADMIN)) 2630 return -EPERM; 2631 2632 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 2633 type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) && 2634 (nlh->nlmsg_flags & NLM_F_DUMP)) { 2635 if (link->dump == NULL) 2636 return -EINVAL; 2637 2638 { 2639 struct netlink_dump_control c = { 2640 .start = link->start, 2641 .dump = link->dump, 2642 .done = link->done, 2643 }; 2644 return netlink_dump_start(net->xfrm.nlsk, skb, nlh, &c); 2645 } 2646 } 2647 2648 err = nlmsg_parse_deprecated(nlh, xfrm_msg_min[type], attrs, 2649 link->nla_max ? : XFRMA_MAX, 2650 link->nla_pol ? : xfrma_policy, extack); 2651 if (err < 0) 2652 return err; 2653 2654 if (link->doit == NULL) 2655 return -EINVAL; 2656 2657 return link->doit(skb, nlh, attrs); 2658 } 2659 2660 static void xfrm_netlink_rcv(struct sk_buff *skb) 2661 { 2662 struct net *net = sock_net(skb->sk); 2663 2664 mutex_lock(&net->xfrm.xfrm_cfg_mutex); 2665 netlink_rcv_skb(skb, &xfrm_user_rcv_msg); 2666 mutex_unlock(&net->xfrm.xfrm_cfg_mutex); 2667 } 2668 2669 static inline unsigned int xfrm_expire_msgsize(void) 2670 { 2671 return NLMSG_ALIGN(sizeof(struct xfrm_user_expire)) 2672 + nla_total_size(sizeof(struct xfrm_mark)); 2673 } 2674 2675 static int build_expire(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c) 2676 { 2677 struct xfrm_user_expire *ue; 2678 struct nlmsghdr *nlh; 2679 int err; 2680 2681 nlh = nlmsg_put(skb, c->portid, 0, XFRM_MSG_EXPIRE, sizeof(*ue), 0); 2682 if (nlh == NULL) 2683 return -EMSGSIZE; 2684 2685 ue = nlmsg_data(nlh); 2686 copy_to_user_state(x, &ue->state); 2687 ue->hard = (c->data.hard != 0) ? 1 : 0; 2688 /* clear the padding bytes */ 2689 memset(&ue->hard + 1, 0, sizeof(*ue) - offsetofend(typeof(*ue), hard)); 2690 2691 err = xfrm_mark_put(skb, &x->mark); 2692 if (err) 2693 return err; 2694 2695 err = xfrm_if_id_put(skb, x->if_id); 2696 if (err) 2697 return err; 2698 2699 nlmsg_end(skb, nlh); 2700 return 0; 2701 } 2702 2703 static int xfrm_exp_state_notify(struct xfrm_state *x, const struct km_event *c) 2704 { 2705 struct net *net = xs_net(x); 2706 struct sk_buff *skb; 2707 2708 skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC); 2709 if (skb == NULL) 2710 return -ENOMEM; 2711 2712 if (build_expire(skb, x, c) < 0) { 2713 kfree_skb(skb); 2714 return -EMSGSIZE; 2715 } 2716 2717 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_EXPIRE); 2718 } 2719 2720 static int xfrm_aevent_state_notify(struct xfrm_state *x, const struct km_event *c) 2721 { 2722 struct net *net = xs_net(x); 2723 struct sk_buff *skb; 2724 int err; 2725 2726 skb = nlmsg_new(xfrm_aevent_msgsize(x), GFP_ATOMIC); 2727 if (skb == NULL) 2728 return -ENOMEM; 2729 2730 err = build_aevent(skb, x, c); 2731 BUG_ON(err < 0); 2732 2733 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_AEVENTS); 2734 } 2735 2736 static int xfrm_notify_sa_flush(const struct km_event *c) 2737 { 2738 struct net *net = c->net; 2739 struct xfrm_usersa_flush *p; 2740 struct nlmsghdr *nlh; 2741 struct sk_buff *skb; 2742 int len = NLMSG_ALIGN(sizeof(struct xfrm_usersa_flush)); 2743 2744 skb = nlmsg_new(len, GFP_ATOMIC); 2745 if (skb == NULL) 2746 return -ENOMEM; 2747 2748 nlh = nlmsg_put(skb, c->portid, c->seq, XFRM_MSG_FLUSHSA, sizeof(*p), 0); 2749 if (nlh == NULL) { 2750 kfree_skb(skb); 2751 return -EMSGSIZE; 2752 } 2753 2754 p = nlmsg_data(nlh); 2755 p->proto = c->data.proto; 2756 2757 nlmsg_end(skb, nlh); 2758 2759 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_SA); 2760 } 2761 2762 static inline unsigned int xfrm_sa_len(struct xfrm_state *x) 2763 { 2764 unsigned int l = 0; 2765 if (x->aead) 2766 l += nla_total_size(aead_len(x->aead)); 2767 if (x->aalg) { 2768 l += nla_total_size(sizeof(struct xfrm_algo) + 2769 (x->aalg->alg_key_len + 7) / 8); 2770 l += nla_total_size(xfrm_alg_auth_len(x->aalg)); 2771 } 2772 if (x->ealg) 2773 l += nla_total_size(xfrm_alg_len(x->ealg)); 2774 if (x->calg) 2775 l += nla_total_size(sizeof(*x->calg)); 2776 if (x->encap) 2777 l += nla_total_size(sizeof(*x->encap)); 2778 if (x->tfcpad) 2779 l += nla_total_size(sizeof(x->tfcpad)); 2780 if (x->replay_esn) 2781 l += nla_total_size(xfrm_replay_state_esn_len(x->replay_esn)); 2782 else 2783 l += nla_total_size(sizeof(struct xfrm_replay_state)); 2784 if (x->security) 2785 l += nla_total_size(sizeof(struct xfrm_user_sec_ctx) + 2786 x->security->ctx_len); 2787 if (x->coaddr) 2788 l += nla_total_size(sizeof(*x->coaddr)); 2789 if (x->props.extra_flags) 2790 l += nla_total_size(sizeof(x->props.extra_flags)); 2791 if (x->xso.dev) 2792 l += nla_total_size(sizeof(x->xso)); 2793 if (x->props.smark.v | x->props.smark.m) { 2794 l += nla_total_size(sizeof(x->props.smark.v)); 2795 l += nla_total_size(sizeof(x->props.smark.m)); 2796 } 2797 if (x->if_id) 2798 l += nla_total_size(sizeof(x->if_id)); 2799 2800 /* Must count x->lastused as it may become non-zero behind our back. */ 2801 l += nla_total_size_64bit(sizeof(u64)); 2802 2803 return l; 2804 } 2805 2806 static int xfrm_notify_sa(struct xfrm_state *x, const struct km_event *c) 2807 { 2808 struct net *net = xs_net(x); 2809 struct xfrm_usersa_info *p; 2810 struct xfrm_usersa_id *id; 2811 struct nlmsghdr *nlh; 2812 struct sk_buff *skb; 2813 unsigned int len = xfrm_sa_len(x); 2814 unsigned int headlen; 2815 int err; 2816 2817 headlen = sizeof(*p); 2818 if (c->event == XFRM_MSG_DELSA) { 2819 len += nla_total_size(headlen); 2820 headlen = sizeof(*id); 2821 len += nla_total_size(sizeof(struct xfrm_mark)); 2822 } 2823 len += NLMSG_ALIGN(headlen); 2824 2825 skb = nlmsg_new(len, GFP_ATOMIC); 2826 if (skb == NULL) 2827 return -ENOMEM; 2828 2829 nlh = nlmsg_put(skb, c->portid, c->seq, c->event, headlen, 0); 2830 err = -EMSGSIZE; 2831 if (nlh == NULL) 2832 goto out_free_skb; 2833 2834 p = nlmsg_data(nlh); 2835 if (c->event == XFRM_MSG_DELSA) { 2836 struct nlattr *attr; 2837 2838 id = nlmsg_data(nlh); 2839 memset(id, 0, sizeof(*id)); 2840 memcpy(&id->daddr, &x->id.daddr, sizeof(id->daddr)); 2841 id->spi = x->id.spi; 2842 id->family = x->props.family; 2843 id->proto = x->id.proto; 2844 2845 attr = nla_reserve(skb, XFRMA_SA, sizeof(*p)); 2846 err = -EMSGSIZE; 2847 if (attr == NULL) 2848 goto out_free_skb; 2849 2850 p = nla_data(attr); 2851 } 2852 err = copy_to_user_state_extra(x, p, skb); 2853 if (err) 2854 goto out_free_skb; 2855 2856 nlmsg_end(skb, nlh); 2857 2858 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_SA); 2859 2860 out_free_skb: 2861 kfree_skb(skb); 2862 return err; 2863 } 2864 2865 static int xfrm_send_state_notify(struct xfrm_state *x, const struct km_event *c) 2866 { 2867 2868 switch (c->event) { 2869 case XFRM_MSG_EXPIRE: 2870 return xfrm_exp_state_notify(x, c); 2871 case XFRM_MSG_NEWAE: 2872 return xfrm_aevent_state_notify(x, c); 2873 case XFRM_MSG_DELSA: 2874 case XFRM_MSG_UPDSA: 2875 case XFRM_MSG_NEWSA: 2876 return xfrm_notify_sa(x, c); 2877 case XFRM_MSG_FLUSHSA: 2878 return xfrm_notify_sa_flush(c); 2879 default: 2880 printk(KERN_NOTICE "xfrm_user: Unknown SA event %d\n", 2881 c->event); 2882 break; 2883 } 2884 2885 return 0; 2886 2887 } 2888 2889 static inline unsigned int xfrm_acquire_msgsize(struct xfrm_state *x, 2890 struct xfrm_policy *xp) 2891 { 2892 return NLMSG_ALIGN(sizeof(struct xfrm_user_acquire)) 2893 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 2894 + nla_total_size(sizeof(struct xfrm_mark)) 2895 + nla_total_size(xfrm_user_sec_ctx_size(x->security)) 2896 + userpolicy_type_attrsize(); 2897 } 2898 2899 static int build_acquire(struct sk_buff *skb, struct xfrm_state *x, 2900 struct xfrm_tmpl *xt, struct xfrm_policy *xp) 2901 { 2902 __u32 seq = xfrm_get_acqseq(); 2903 struct xfrm_user_acquire *ua; 2904 struct nlmsghdr *nlh; 2905 int err; 2906 2907 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_ACQUIRE, sizeof(*ua), 0); 2908 if (nlh == NULL) 2909 return -EMSGSIZE; 2910 2911 ua = nlmsg_data(nlh); 2912 memcpy(&ua->id, &x->id, sizeof(ua->id)); 2913 memcpy(&ua->saddr, &x->props.saddr, sizeof(ua->saddr)); 2914 memcpy(&ua->sel, &x->sel, sizeof(ua->sel)); 2915 copy_to_user_policy(xp, &ua->policy, XFRM_POLICY_OUT); 2916 ua->aalgos = xt->aalgos; 2917 ua->ealgos = xt->ealgos; 2918 ua->calgos = xt->calgos; 2919 ua->seq = x->km.seq = seq; 2920 2921 err = copy_to_user_tmpl(xp, skb); 2922 if (!err) 2923 err = copy_to_user_state_sec_ctx(x, skb); 2924 if (!err) 2925 err = copy_to_user_policy_type(xp->type, skb); 2926 if (!err) 2927 err = xfrm_mark_put(skb, &xp->mark); 2928 if (!err) 2929 err = xfrm_if_id_put(skb, xp->if_id); 2930 if (err) { 2931 nlmsg_cancel(skb, nlh); 2932 return err; 2933 } 2934 2935 nlmsg_end(skb, nlh); 2936 return 0; 2937 } 2938 2939 static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, 2940 struct xfrm_policy *xp) 2941 { 2942 struct net *net = xs_net(x); 2943 struct sk_buff *skb; 2944 int err; 2945 2946 skb = nlmsg_new(xfrm_acquire_msgsize(x, xp), GFP_ATOMIC); 2947 if (skb == NULL) 2948 return -ENOMEM; 2949 2950 err = build_acquire(skb, x, xt, xp); 2951 BUG_ON(err < 0); 2952 2953 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_ACQUIRE); 2954 } 2955 2956 /* User gives us xfrm_user_policy_info followed by an array of 0 2957 * or more templates. 2958 */ 2959 static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, 2960 u8 *data, int len, int *dir) 2961 { 2962 struct net *net = sock_net(sk); 2963 struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; 2964 struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); 2965 struct xfrm_policy *xp; 2966 int nr; 2967 2968 switch (sk->sk_family) { 2969 case AF_INET: 2970 if (opt != IP_XFRM_POLICY) { 2971 *dir = -EOPNOTSUPP; 2972 return NULL; 2973 } 2974 break; 2975 #if IS_ENABLED(CONFIG_IPV6) 2976 case AF_INET6: 2977 if (opt != IPV6_XFRM_POLICY) { 2978 *dir = -EOPNOTSUPP; 2979 return NULL; 2980 } 2981 break; 2982 #endif 2983 default: 2984 *dir = -EINVAL; 2985 return NULL; 2986 } 2987 2988 *dir = -EINVAL; 2989 2990 if (len < sizeof(*p) || 2991 verify_newpolicy_info(p)) 2992 return NULL; 2993 2994 nr = ((len - sizeof(*p)) / sizeof(*ut)); 2995 if (validate_tmpl(nr, ut, p->sel.family)) 2996 return NULL; 2997 2998 if (p->dir > XFRM_POLICY_OUT) 2999 return NULL; 3000 3001 xp = xfrm_policy_alloc(net, GFP_ATOMIC); 3002 if (xp == NULL) { 3003 *dir = -ENOBUFS; 3004 return NULL; 3005 } 3006 3007 copy_from_user_policy(xp, p); 3008 xp->type = XFRM_POLICY_TYPE_MAIN; 3009 copy_templates(xp, ut, nr); 3010 3011 *dir = p->dir; 3012 3013 return xp; 3014 } 3015 3016 static inline unsigned int xfrm_polexpire_msgsize(struct xfrm_policy *xp) 3017 { 3018 return NLMSG_ALIGN(sizeof(struct xfrm_user_polexpire)) 3019 + nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr) 3020 + nla_total_size(xfrm_user_sec_ctx_size(xp->security)) 3021 + nla_total_size(sizeof(struct xfrm_mark)) 3022 + userpolicy_type_attrsize(); 3023 } 3024 3025 static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp, 3026 int dir, const struct km_event *c) 3027 { 3028 struct xfrm_user_polexpire *upe; 3029 int hard = c->data.hard; 3030 struct nlmsghdr *nlh; 3031 int err; 3032 3033 nlh = nlmsg_put(skb, c->portid, 0, XFRM_MSG_POLEXPIRE, sizeof(*upe), 0); 3034 if (nlh == NULL) 3035 return -EMSGSIZE; 3036 3037 upe = nlmsg_data(nlh); 3038 copy_to_user_policy(xp, &upe->pol, dir); 3039 err = copy_to_user_tmpl(xp, skb); 3040 if (!err) 3041 err = copy_to_user_sec_ctx(xp, skb); 3042 if (!err) 3043 err = copy_to_user_policy_type(xp->type, skb); 3044 if (!err) 3045 err = xfrm_mark_put(skb, &xp->mark); 3046 if (!err) 3047 err = xfrm_if_id_put(skb, xp->if_id); 3048 if (err) { 3049 nlmsg_cancel(skb, nlh); 3050 return err; 3051 } 3052 upe->hard = !!hard; 3053 3054 nlmsg_end(skb, nlh); 3055 return 0; 3056 } 3057 3058 static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c) 3059 { 3060 struct net *net = xp_net(xp); 3061 struct sk_buff *skb; 3062 int err; 3063 3064 skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC); 3065 if (skb == NULL) 3066 return -ENOMEM; 3067 3068 err = build_polexpire(skb, xp, dir, c); 3069 BUG_ON(err < 0); 3070 3071 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_EXPIRE); 3072 } 3073 3074 static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, const struct km_event *c) 3075 { 3076 unsigned int len = nla_total_size(sizeof(struct xfrm_user_tmpl) * xp->xfrm_nr); 3077 struct net *net = xp_net(xp); 3078 struct xfrm_userpolicy_info *p; 3079 struct xfrm_userpolicy_id *id; 3080 struct nlmsghdr *nlh; 3081 struct sk_buff *skb; 3082 unsigned int headlen; 3083 int err; 3084 3085 headlen = sizeof(*p); 3086 if (c->event == XFRM_MSG_DELPOLICY) { 3087 len += nla_total_size(headlen); 3088 headlen = sizeof(*id); 3089 } 3090 len += userpolicy_type_attrsize(); 3091 len += nla_total_size(sizeof(struct xfrm_mark)); 3092 len += NLMSG_ALIGN(headlen); 3093 3094 skb = nlmsg_new(len, GFP_ATOMIC); 3095 if (skb == NULL) 3096 return -ENOMEM; 3097 3098 nlh = nlmsg_put(skb, c->portid, c->seq, c->event, headlen, 0); 3099 err = -EMSGSIZE; 3100 if (nlh == NULL) 3101 goto out_free_skb; 3102 3103 p = nlmsg_data(nlh); 3104 if (c->event == XFRM_MSG_DELPOLICY) { 3105 struct nlattr *attr; 3106 3107 id = nlmsg_data(nlh); 3108 memset(id, 0, sizeof(*id)); 3109 id->dir = dir; 3110 if (c->data.byid) 3111 id->index = xp->index; 3112 else 3113 memcpy(&id->sel, &xp->selector, sizeof(id->sel)); 3114 3115 attr = nla_reserve(skb, XFRMA_POLICY, sizeof(*p)); 3116 err = -EMSGSIZE; 3117 if (attr == NULL) 3118 goto out_free_skb; 3119 3120 p = nla_data(attr); 3121 } 3122 3123 copy_to_user_policy(xp, p, dir); 3124 err = copy_to_user_tmpl(xp, skb); 3125 if (!err) 3126 err = copy_to_user_policy_type(xp->type, skb); 3127 if (!err) 3128 err = xfrm_mark_put(skb, &xp->mark); 3129 if (!err) 3130 err = xfrm_if_id_put(skb, xp->if_id); 3131 if (err) 3132 goto out_free_skb; 3133 3134 nlmsg_end(skb, nlh); 3135 3136 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY); 3137 3138 out_free_skb: 3139 kfree_skb(skb); 3140 return err; 3141 } 3142 3143 static int xfrm_notify_policy_flush(const struct km_event *c) 3144 { 3145 struct net *net = c->net; 3146 struct nlmsghdr *nlh; 3147 struct sk_buff *skb; 3148 int err; 3149 3150 skb = nlmsg_new(userpolicy_type_attrsize(), GFP_ATOMIC); 3151 if (skb == NULL) 3152 return -ENOMEM; 3153 3154 nlh = nlmsg_put(skb, c->portid, c->seq, XFRM_MSG_FLUSHPOLICY, 0, 0); 3155 err = -EMSGSIZE; 3156 if (nlh == NULL) 3157 goto out_free_skb; 3158 err = copy_to_user_policy_type(c->data.type, skb); 3159 if (err) 3160 goto out_free_skb; 3161 3162 nlmsg_end(skb, nlh); 3163 3164 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY); 3165 3166 out_free_skb: 3167 kfree_skb(skb); 3168 return err; 3169 } 3170 3171 static int xfrm_send_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c) 3172 { 3173 3174 switch (c->event) { 3175 case XFRM_MSG_NEWPOLICY: 3176 case XFRM_MSG_UPDPOLICY: 3177 case XFRM_MSG_DELPOLICY: 3178 return xfrm_notify_policy(xp, dir, c); 3179 case XFRM_MSG_FLUSHPOLICY: 3180 return xfrm_notify_policy_flush(c); 3181 case XFRM_MSG_POLEXPIRE: 3182 return xfrm_exp_policy_notify(xp, dir, c); 3183 default: 3184 printk(KERN_NOTICE "xfrm_user: Unknown Policy event %d\n", 3185 c->event); 3186 } 3187 3188 return 0; 3189 3190 } 3191 3192 static inline unsigned int xfrm_report_msgsize(void) 3193 { 3194 return NLMSG_ALIGN(sizeof(struct xfrm_user_report)); 3195 } 3196 3197 static int build_report(struct sk_buff *skb, u8 proto, 3198 struct xfrm_selector *sel, xfrm_address_t *addr) 3199 { 3200 struct xfrm_user_report *ur; 3201 struct nlmsghdr *nlh; 3202 3203 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_REPORT, sizeof(*ur), 0); 3204 if (nlh == NULL) 3205 return -EMSGSIZE; 3206 3207 ur = nlmsg_data(nlh); 3208 ur->proto = proto; 3209 memcpy(&ur->sel, sel, sizeof(ur->sel)); 3210 3211 if (addr) { 3212 int err = nla_put(skb, XFRMA_COADDR, sizeof(*addr), addr); 3213 if (err) { 3214 nlmsg_cancel(skb, nlh); 3215 return err; 3216 } 3217 } 3218 nlmsg_end(skb, nlh); 3219 return 0; 3220 } 3221 3222 static int xfrm_send_report(struct net *net, u8 proto, 3223 struct xfrm_selector *sel, xfrm_address_t *addr) 3224 { 3225 struct sk_buff *skb; 3226 int err; 3227 3228 skb = nlmsg_new(xfrm_report_msgsize(), GFP_ATOMIC); 3229 if (skb == NULL) 3230 return -ENOMEM; 3231 3232 err = build_report(skb, proto, sel, addr); 3233 BUG_ON(err < 0); 3234 3235 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_REPORT); 3236 } 3237 3238 static inline unsigned int xfrm_mapping_msgsize(void) 3239 { 3240 return NLMSG_ALIGN(sizeof(struct xfrm_user_mapping)); 3241 } 3242 3243 static int build_mapping(struct sk_buff *skb, struct xfrm_state *x, 3244 xfrm_address_t *new_saddr, __be16 new_sport) 3245 { 3246 struct xfrm_user_mapping *um; 3247 struct nlmsghdr *nlh; 3248 3249 nlh = nlmsg_put(skb, 0, 0, XFRM_MSG_MAPPING, sizeof(*um), 0); 3250 if (nlh == NULL) 3251 return -EMSGSIZE; 3252 3253 um = nlmsg_data(nlh); 3254 3255 memcpy(&um->id.daddr, &x->id.daddr, sizeof(um->id.daddr)); 3256 um->id.spi = x->id.spi; 3257 um->id.family = x->props.family; 3258 um->id.proto = x->id.proto; 3259 memcpy(&um->new_saddr, new_saddr, sizeof(um->new_saddr)); 3260 memcpy(&um->old_saddr, &x->props.saddr, sizeof(um->old_saddr)); 3261 um->new_sport = new_sport; 3262 um->old_sport = x->encap->encap_sport; 3263 um->reqid = x->props.reqid; 3264 3265 nlmsg_end(skb, nlh); 3266 return 0; 3267 } 3268 3269 static int xfrm_send_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, 3270 __be16 sport) 3271 { 3272 struct net *net = xs_net(x); 3273 struct sk_buff *skb; 3274 int err; 3275 3276 if (x->id.proto != IPPROTO_ESP) 3277 return -EINVAL; 3278 3279 if (!x->encap) 3280 return -EINVAL; 3281 3282 skb = nlmsg_new(xfrm_mapping_msgsize(), GFP_ATOMIC); 3283 if (skb == NULL) 3284 return -ENOMEM; 3285 3286 err = build_mapping(skb, x, ipaddr, sport); 3287 BUG_ON(err < 0); 3288 3289 return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_MAPPING); 3290 } 3291 3292 static bool xfrm_is_alive(const struct km_event *c) 3293 { 3294 return (bool)xfrm_acquire_is_on(c->net); 3295 } 3296 3297 static struct xfrm_mgr netlink_mgr = { 3298 .notify = xfrm_send_state_notify, 3299 .acquire = xfrm_send_acquire, 3300 .compile_policy = xfrm_compile_policy, 3301 .notify_policy = xfrm_send_policy_notify, 3302 .report = xfrm_send_report, 3303 .migrate = xfrm_send_migrate, 3304 .new_mapping = xfrm_send_mapping, 3305 .is_alive = xfrm_is_alive, 3306 }; 3307 3308 static int __net_init xfrm_user_net_init(struct net *net) 3309 { 3310 struct sock *nlsk; 3311 struct netlink_kernel_cfg cfg = { 3312 .groups = XFRMNLGRP_MAX, 3313 .input = xfrm_netlink_rcv, 3314 }; 3315 3316 nlsk = netlink_kernel_create(net, NETLINK_XFRM, &cfg); 3317 if (nlsk == NULL) 3318 return -ENOMEM; 3319 net->xfrm.nlsk_stash = nlsk; /* Don't set to NULL */ 3320 rcu_assign_pointer(net->xfrm.nlsk, nlsk); 3321 return 0; 3322 } 3323 3324 static void __net_exit xfrm_user_net_exit(struct list_head *net_exit_list) 3325 { 3326 struct net *net; 3327 list_for_each_entry(net, net_exit_list, exit_list) 3328 RCU_INIT_POINTER(net->xfrm.nlsk, NULL); 3329 synchronize_net(); 3330 list_for_each_entry(net, net_exit_list, exit_list) 3331 netlink_kernel_release(net->xfrm.nlsk_stash); 3332 } 3333 3334 static struct pernet_operations xfrm_user_net_ops = { 3335 .init = xfrm_user_net_init, 3336 .exit_batch = xfrm_user_net_exit, 3337 }; 3338 3339 static int __init xfrm_user_init(void) 3340 { 3341 int rv; 3342 3343 printk(KERN_INFO "Initializing XFRM netlink socket\n"); 3344 3345 rv = register_pernet_subsys(&xfrm_user_net_ops); 3346 if (rv < 0) 3347 return rv; 3348 rv = xfrm_register_km(&netlink_mgr); 3349 if (rv < 0) 3350 unregister_pernet_subsys(&xfrm_user_net_ops); 3351 return rv; 3352 } 3353 3354 static void __exit xfrm_user_exit(void) 3355 { 3356 xfrm_unregister_km(&netlink_mgr); 3357 unregister_pernet_subsys(&xfrm_user_net_ops); 3358 } 3359 3360 module_init(xfrm_user_init); 3361 module_exit(xfrm_user_exit); 3362 MODULE_LICENSE("GPL"); 3363 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_XFRM); 3364