net/xfrm/xfrm_state.c

   1 /*
   2  * xfrm_state.c
   3  *
   4  * Changes:
   5  *      Mitsuru KANDA @USAGI
   6  *      Kazunori MIYAZAWA @USAGI
   7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
   8  *              IPv6 support
   9  *      YOSHIFUJI Hideaki @USAGI
  10  *              Split up af-specific functions
  11  *      Derek Atkins <derek@ihtfp.com>
  12  *              Add UDP Encapsulation
  13  *
  14  */
  15
  16 #include <linux/workqueue.h>
  17 #include <net/xfrm.h>
  18 #include <linux/pfkeyv2.h>
  19 #include <linux/ipsec.h>
  20 #include <linux/module.h>
  21 #include <linux/cache.h>
  22 #include <linux/audit.h>
  23 #include <asm/uaccess.h>
  24 #include <linux/ktime.h>
  25 #include <linux/slab.h>
  26 #include <linux/interrupt.h>
  27 #include <linux/kernel.h>
  28
  29 #include "xfrm_hash.h"
  30
  31 /* Each xfrm_state may be linked to two tables:
  32
  33    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
  34    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
  35       destination/tunnel endpoint. (output)
  36  */
  37
  38 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
  39
  40 static inline unsigned int xfrm_dst_hash(struct net *net,
  41                                          const xfrm_address_t *daddr,
  42                                          const xfrm_address_t *saddr,
  43                                          u32 reqid,
  44                                          unsigned short family)
  45 {
  46         return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask);
  47 }
  48
  49 static inline unsigned int xfrm_src_hash(struct net *net,
  50                                          const xfrm_address_t *daddr,
  51                                          const xfrm_address_t *saddr,
  52                                          unsigned short family)
  53 {
  54         return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
  55 }
  56
  57 static inline unsigned int
  58 xfrm_spi_hash(struct net *net, const xfrm_address_t *daddr,
  59               __be32 spi, u8 proto, unsigned short family)
  60 {
  61         return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
  62 }
  63
  64 static void xfrm_hash_transfer(struct hlist_head *list,
  65                                struct hlist_head *ndsttable,
  66                                struct hlist_head *nsrctable,
  67                                struct hlist_head *nspitable,
  68                                unsigned int nhashmask)
  69 {
  70         struct hlist_node *tmp;
  71         struct xfrm_state *x;
  72
  73         hlist_for_each_entry_safe(x, tmp, list, bydst) {
  74                 unsigned int h;
  75
  76                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
  77                                     x->props.reqid, x->props.family,
  78                                     nhashmask);
  79                 hlist_add_head(&x->bydst, ndsttable+h);
  80
  81                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
  82                                     x->props.family,
  83                                     nhashmask);
  84                 hlist_add_head(&x->bysrc, nsrctable+h);
  85
  86                 if (x->id.spi) {
  87                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
  88                                             x->id.proto, x->props.family,
  89                                             nhashmask);
  90                         hlist_add_head(&x->byspi, nspitable+h);
  91                 }
  92         }
  93 }
  94
  95 static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
  96 {
  97         return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
  98 }
  99
 100 static DEFINE_MUTEX(hash_resize_mutex);
 101
 102 static void xfrm_hash_resize(struct work_struct *work)
 103 {
 104         struct net *net = container_of(work, struct net, xfrm.state_hash_work);
 105         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
 106         unsigned long nsize, osize;
 107         unsigned int nhashmask, ohashmask;
 108         int i;
 109
 110         mutex_lock(&hash_resize_mutex);
 111
 112         nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
 113         ndst = xfrm_hash_alloc(nsize);
 114         if (!ndst)
 115                 goto out_unlock;
 116         nsrc = xfrm_hash_alloc(nsize);
 117         if (!nsrc) {
 118                 xfrm_hash_free(ndst, nsize);
 119                 goto out_unlock;
 120         }
 121         nspi = xfrm_hash_alloc(nsize);
 122         if (!nspi) {
 123                 xfrm_hash_free(ndst, nsize);
 124                 xfrm_hash_free(nsrc, nsize);
 125                 goto out_unlock;
 126         }
 127
 128         spin_lock_bh(&net->xfrm.xfrm_state_lock);
 129
 130         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
 131         for (i = net->xfrm.state_hmask; i >= 0; i--)
 132                 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi,
 133                                    nhashmask);
 134
 135         odst = net->xfrm.state_bydst;
 136         osrc = net->xfrm.state_bysrc;
 137         ospi = net->xfrm.state_byspi;
 138         ohashmask = net->xfrm.state_hmask;
 139
 140         net->xfrm.state_bydst = ndst;
 141         net->xfrm.state_bysrc = nsrc;
 142         net->xfrm.state_byspi = nspi;
 143         net->xfrm.state_hmask = nhashmask;
 144
 145         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
 146
 147         osize = (ohashmask + 1) * sizeof(struct hlist_head);
 148         xfrm_hash_free(odst, osize);
 149         xfrm_hash_free(osrc, osize);
 150         xfrm_hash_free(ospi, osize);
 151
 152 out_unlock:
 153         mutex_unlock(&hash_resize_mutex);
 154 }
 155
 156 static DEFINE_SPINLOCK(xfrm_state_afinfo_lock);
 157 static struct xfrm_state_afinfo __rcu *xfrm_state_afinfo[NPROTO];
 158
 159 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
 160
 161 int __xfrm_state_delete(struct xfrm_state *x);
 162
 163 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
 164 bool km_is_alive(const struct km_event *c);
 165 void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
 166
 167 static DEFINE_SPINLOCK(xfrm_type_lock);
 168 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
 169 {
 170         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 171         const struct xfrm_type **typemap;
 172         int err = 0;
 173
 174         if (unlikely(afinfo == NULL))
 175                 return -EAFNOSUPPORT;
 176         typemap = afinfo->type_map;
 177         spin_lock_bh(&xfrm_type_lock);
 178
 179         if (likely(typemap[type->proto] == NULL))
 180                 typemap[type->proto] = type;
 181         else
 182                 err = -EEXIST;
 183         spin_unlock_bh(&xfrm_type_lock);
 184         xfrm_state_put_afinfo(afinfo);
 185         return err;
 186 }
 187 EXPORT_SYMBOL(xfrm_register_type);
 188
 189 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
 190 {
 191         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 192         const struct xfrm_type **typemap;
 193         int err = 0;
 194
 195         if (unlikely(afinfo == NULL))
 196                 return -EAFNOSUPPORT;
 197         typemap = afinfo->type_map;
 198         spin_lock_bh(&xfrm_type_lock);
 199
 200         if (unlikely(typemap[type->proto] != type))
 201                 err = -ENOENT;
 202         else
 203                 typemap[type->proto] = NULL;
 204         spin_unlock_bh(&xfrm_type_lock);
 205         xfrm_state_put_afinfo(afinfo);
 206         return err;
 207 }
 208 EXPORT_SYMBOL(xfrm_unregister_type);
 209
 210 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
 211 {
 212         struct xfrm_state_afinfo *afinfo;
 213         const struct xfrm_type **typemap;
 214         const struct xfrm_type *type;
 215         int modload_attempted = 0;
 216
 217 retry:
 218         afinfo = xfrm_state_get_afinfo(family);
 219         if (unlikely(afinfo == NULL))
 220                 return NULL;
 221         typemap = afinfo->type_map;
 222
 223         type = typemap[proto];
 224         if (unlikely(type && !try_module_get(type->owner)))
 225                 type = NULL;
 226         if (!type && !modload_attempted) {
 227                 xfrm_state_put_afinfo(afinfo);
 228                 request_module("xfrm-type-%d-%d", family, proto);
 229                 modload_attempted = 1;
 230                 goto retry;
 231         }
 232
 233         xfrm_state_put_afinfo(afinfo);
 234         return type;
 235 }
 236
 237 static void xfrm_put_type(const struct xfrm_type *type)
 238 {
 239         module_put(type->owner);
 240 }
 241
 242 static DEFINE_SPINLOCK(xfrm_mode_lock);
 243 int xfrm_register_mode(struct xfrm_mode *mode, int family)
 244 {
 245         struct xfrm_state_afinfo *afinfo;
 246         struct xfrm_mode **modemap;
 247         int err;
 248
 249         if (unlikely(mode->encap >= XFRM_MODE_MAX))
 250                 return -EINVAL;
 251
 252         afinfo = xfrm_state_get_afinfo(family);
 253         if (unlikely(afinfo == NULL))
 254                 return -EAFNOSUPPORT;
 255
 256         err = -EEXIST;
 257         modemap = afinfo->mode_map;
 258         spin_lock_bh(&xfrm_mode_lock);
 259         if (modemap[mode->encap])
 260                 goto out;
 261
 262         err = -ENOENT;
 263         if (!try_module_get(afinfo->owner))
 264                 goto out;
 265
 266         mode->afinfo = afinfo;
 267         modemap[mode->encap] = mode;
 268         err = 0;
 269
 270 out:
 271         spin_unlock_bh(&xfrm_mode_lock);
 272         xfrm_state_put_afinfo(afinfo);
 273         return err;
 274 }
 275 EXPORT_SYMBOL(xfrm_register_mode);
 276
 277 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
 278 {
 279         struct xfrm_state_afinfo *afinfo;
 280         struct xfrm_mode **modemap;
 281         int err;
 282
 283         if (unlikely(mode->encap >= XFRM_MODE_MAX))
 284                 return -EINVAL;
 285
 286         afinfo = xfrm_state_get_afinfo(family);
 287         if (unlikely(afinfo == NULL))
 288                 return -EAFNOSUPPORT;
 289
 290         err = -ENOENT;
 291         modemap = afinfo->mode_map;
 292         spin_lock_bh(&xfrm_mode_lock);
 293         if (likely(modemap[mode->encap] == mode)) {
 294                 modemap[mode->encap] = NULL;
 295                 module_put(mode->afinfo->owner);
 296                 err = 0;
 297         }
 298
 299         spin_unlock_bh(&xfrm_mode_lock);
 300         xfrm_state_put_afinfo(afinfo);
 301         return err;
 302 }
 303 EXPORT_SYMBOL(xfrm_unregister_mode);
 304
 305 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
 306 {
 307         struct xfrm_state_afinfo *afinfo;
 308         struct xfrm_mode *mode;
 309         int modload_attempted = 0;
 310
 311         if (unlikely(encap >= XFRM_MODE_MAX))
 312                 return NULL;
 313
 314 retry:
 315         afinfo = xfrm_state_get_afinfo(family);
 316         if (unlikely(afinfo == NULL))
 317                 return NULL;
 318
 319         mode = afinfo->mode_map[encap];
 320         if (unlikely(mode && !try_module_get(mode->owner)))
 321                 mode = NULL;
 322         if (!mode && !modload_attempted) {
 323                 xfrm_state_put_afinfo(afinfo);
 324                 request_module("xfrm-mode-%d-%d", family, encap);
 325                 modload_attempted = 1;
 326                 goto retry;
 327         }
 328
 329         xfrm_state_put_afinfo(afinfo);
 330         return mode;
 331 }
 332
 333 static void xfrm_put_mode(struct xfrm_mode *mode)
 334 {
 335         module_put(mode->owner);
 336 }
 337
 338 static void xfrm_state_gc_destroy(struct xfrm_state *x)
 339 {
 340         tasklet_hrtimer_cancel(&x->mtimer);
 341         del_timer_sync(&x->rtimer);
 342         kfree(x->aalg);
 343         kfree(x->ealg);
 344         kfree(x->calg);
 345         kfree(x->encap);
 346         kfree(x->coaddr);
 347         kfree(x->replay_esn);
 348         kfree(x->preplay_esn);
 349         if (x->inner_mode)
 350                 xfrm_put_mode(x->inner_mode);
 351         if (x->inner_mode_iaf)
 352                 xfrm_put_mode(x->inner_mode_iaf);
 353         if (x->outer_mode)
 354                 xfrm_put_mode(x->outer_mode);
 355         if (x->type) {
 356                 x->type->destructor(x);
 357                 xfrm_put_type(x->type);
 358         }
 359         security_xfrm_state_free(x);
 360         kfree(x);
 361 }
 362
 363 static void xfrm_state_gc_task(struct work_struct *work)
 364 {
 365         struct net *net = container_of(work, struct net, xfrm.state_gc_work);
 366         struct xfrm_state *x;
 367         struct hlist_node *tmp;
 368         struct hlist_head gc_list;
 369
 370         spin_lock_bh(&xfrm_state_gc_lock);
 371         hlist_move_list(&net->xfrm.state_gc_list, &gc_list);
 372         spin_unlock_bh(&xfrm_state_gc_lock);
 373
 374         hlist_for_each_entry_safe(x, tmp, &gc_list, gclist)
 375                 xfrm_state_gc_destroy(x);
 376 }
 377
 378 static inline unsigned long make_jiffies(long secs)
 379 {
 380         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
 381                 return MAX_SCHEDULE_TIMEOUT-1;
 382         else
 383                 return secs*HZ;
 384 }
 385
 386 static enum hrtimer_restart xfrm_timer_handler(struct hrtimer *me)
 387 {
 388         struct tasklet_hrtimer *thr = container_of(me, struct tasklet_hrtimer, timer);
 389         struct xfrm_state *x = container_of(thr, struct xfrm_state, mtimer);
 390         unsigned long now = get_seconds();
 391         long next = LONG_MAX;
 392         int warn = 0;
 393         int err = 0;
 394
 395         spin_lock(&x->lock);
 396         if (x->km.state == XFRM_STATE_DEAD)
 397                 goto out;
 398         if (x->km.state == XFRM_STATE_EXPIRED)
 399                 goto expired;
 400         if (x->lft.hard_add_expires_seconds) {
 401                 long tmo = x->lft.hard_add_expires_seconds +
 402                         x->curlft.add_time - now;
 403                 if (tmo <= 0) {
 404                         if (x->xflags & XFRM_SOFT_EXPIRE) {
 405                                 /* enter hard expire without soft expire first?!
 406                                  * setting a new date could trigger this.
 407                                  * workarbound: fix x->curflt.add_time by below:
 408                                  */
 409                                 x->curlft.add_time = now - x->saved_tmo - 1;
 410                                 tmo = x->lft.hard_add_expires_seconds - x->saved_tmo;
 411                         } else
 412                                 goto expired;
 413                 }
 414                 if (tmo < next)
 415                         next = tmo;
 416         }
 417         if (x->lft.hard_use_expires_seconds) {
 418                 long tmo = x->lft.hard_use_expires_seconds +
 419                         (x->curlft.use_time ? : now) - now;
 420                 if (tmo <= 0)
 421                         goto expired;
 422                 if (tmo < next)
 423                         next = tmo;
 424         }
 425         if (x->km.dying)
 426                 goto resched;
 427         if (x->lft.soft_add_expires_seconds) {
 428                 long tmo = x->lft.soft_add_expires_seconds +
 429                         x->curlft.add_time - now;
 430                 if (tmo <= 0) {
 431                         warn = 1;
 432                         x->xflags &= ~XFRM_SOFT_EXPIRE;
 433                 } else if (tmo < next) {
 434                         next = tmo;
 435                         x->xflags |= XFRM_SOFT_EXPIRE;
 436                         x->saved_tmo = tmo;
 437                 }
 438         }
 439         if (x->lft.soft_use_expires_seconds) {
 440                 long tmo = x->lft.soft_use_expires_seconds +
 441                         (x->curlft.use_time ? : now) - now;
 442                 if (tmo <= 0)
 443                         warn = 1;
 444                 else if (tmo < next)
 445                         next = tmo;
 446         }
 447
 448         x->km.dying = warn;
 449         if (warn)
 450                 km_state_expired(x, 0, 0);
 451 resched:
 452         if (next != LONG_MAX) {
 453                 tasklet_hrtimer_start(&x->mtimer, ktime_set(next, 0), HRTIMER_MODE_REL);
 454         }
 455
 456         goto out;
 457
 458 expired:
 459         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0)
 460                 x->km.state = XFRM_STATE_EXPIRED;
 461
 462         err = __xfrm_state_delete(x);
 463         if (!err)
 464                 km_state_expired(x, 1, 0);
 465
 466         xfrm_audit_state_delete(x, err ? 0 : 1,
 467                                 audit_get_loginuid(current),
 468                                 audit_get_sessionid(current), 0);
 469
 470 out:
 471         spin_unlock(&x->lock);
 472         return HRTIMER_NORESTART;
 473 }
 474
 475 static void xfrm_replay_timer_handler(unsigned long data);
 476
 477 struct xfrm_state *xfrm_state_alloc(struct net *net)
 478 {
 479         struct xfrm_state *x;
 480
 481         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
 482
 483         if (x) {
 484                 write_pnet(&x->xs_net, net);
 485                 atomic_set(&x->refcnt, 1);
 486                 atomic_set(&x->tunnel_users, 0);
 487                 INIT_LIST_HEAD(&x->km.all);
 488                 INIT_HLIST_NODE(&x->bydst);
 489                 INIT_HLIST_NODE(&x->bysrc);
 490                 INIT_HLIST_NODE(&x->byspi);
 491                 tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler,
 492                                         CLOCK_BOOTTIME, HRTIMER_MODE_ABS);
 493                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
 494                                 (unsigned long)x);
 495                 x->curlft.add_time = get_seconds();
 496                 x->lft.soft_byte_limit = XFRM_INF;
 497                 x->lft.soft_packet_limit = XFRM_INF;
 498                 x->lft.hard_byte_limit = XFRM_INF;
 499                 x->lft.hard_packet_limit = XFRM_INF;
 500                 x->replay_maxage = 0;
 501                 x->replay_maxdiff = 0;
 502                 x->inner_mode = NULL;
 503                 x->inner_mode_iaf = NULL;
 504                 spin_lock_init(&x->lock);
 505         }
 506         return x;
 507 }
 508 EXPORT_SYMBOL(xfrm_state_alloc);
 509
 510 void __xfrm_state_destroy(struct xfrm_state *x)
 511 {
 512         struct net *net = xs_net(x);
 513
 514         WARN_ON(x->km.state != XFRM_STATE_DEAD);
 515
 516         spin_lock_bh(&xfrm_state_gc_lock);
 517         hlist_add_head(&x->gclist, &net->xfrm.state_gc_list);
 518         spin_unlock_bh(&xfrm_state_gc_lock);
 519         schedule_work(&net->xfrm.state_gc_work);
 520 }
 521 EXPORT_SYMBOL(__xfrm_state_destroy);
 522
 523 int __xfrm_state_delete(struct xfrm_state *x)
 524 {
 525         struct net *net = xs_net(x);
 526         int err = -ESRCH;
 527
 528         if (x->km.state != XFRM_STATE_DEAD) {
 529                 x->km.state = XFRM_STATE_DEAD;
 530                 spin_lock(&net->xfrm.xfrm_state_lock);
 531                 list_del(&x->km.all);
 532                 hlist_del(&x->bydst);
 533                 hlist_del(&x->bysrc);
 534                 if (x->id.spi)
 535                         hlist_del(&x->byspi);
 536                 net->xfrm.state_num--;
 537                 spin_unlock(&net->xfrm.xfrm_state_lock);
 538
 539                 /* All xfrm_state objects are created by xfrm_state_alloc.
 540                  * The xfrm_state_alloc call gives a reference, and that
 541                  * is what we are dropping here.
 542                  */
 543                 xfrm_state_put(x);
 544                 err = 0;
 545         }
 546
 547         return err;
 548 }
 549 EXPORT_SYMBOL(__xfrm_state_delete);
 550
 551 int xfrm_state_delete(struct xfrm_state *x)
 552 {
 553         int err;
 554
 555         spin_lock_bh(&x->lock);
 556         err = __xfrm_state_delete(x);
 557         spin_unlock_bh(&x->lock);
 558
 559         return err;
 560 }
 561 EXPORT_SYMBOL(xfrm_state_delete);
 562
 563 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 564 static inline int
 565 xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
 566 {
 567         int i, err = 0;
 568
 569         for (i = 0; i <= net->xfrm.state_hmask; i++) {
 570                 struct xfrm_state *x;
 571
 572                 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
 573                         if (xfrm_id_proto_match(x->id.proto, proto) &&
 574                            (err = security_xfrm_state_delete(x)) != 0) {
 575                                 xfrm_audit_state_delete(x, 0,
 576                                                         audit_info->loginuid,
 577                                                         audit_info->sessionid,
 578                                                         audit_info->secid);
 579                                 return err;
 580                         }
 581                 }
 582         }
 583
 584         return err;
 585 }
 586 #else
 587 static inline int
 588 xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
 589 {
 590         return 0;
 591 }
 592 #endif
 593
 594 int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info)
 595 {
 596         int i, err = 0, cnt = 0;
 597
 598         spin_lock_bh(&net->xfrm.xfrm_state_lock);
 599         err = xfrm_state_flush_secctx_check(net, proto, audit_info);
 600         if (err)
 601                 goto out;
 602
 603         err = -ESRCH;
 604         for (i = 0; i <= net->xfrm.state_hmask; i++) {
 605                 struct xfrm_state *x;
 606 restart:
 607                 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
 608                         if (!xfrm_state_kern(x) &&
 609                             xfrm_id_proto_match(x->id.proto, proto)) {
 610                                 xfrm_state_hold(x);
 611                                 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
 612
 613                                 err = xfrm_state_delete(x);
 614                                 xfrm_audit_state_delete(x, err ? 0 : 1,
 615                                                         audit_info->loginuid,
 616                                                         audit_info->sessionid,
 617                                                         audit_info->secid);
 618                                 xfrm_state_put(x);
 619                                 if (!err)
 620                                         cnt++;
 621
 622                                 spin_lock_bh(&net->xfrm.xfrm_state_lock);
 623                                 goto restart;
 624                         }
 625                 }
 626         }
 627         if (cnt)
 628                 err = 0;
 629
 630 out:
 631         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
 632         return err;
 633 }
 634 EXPORT_SYMBOL(xfrm_state_flush);
 635
 636 void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si)
 637 {
 638         spin_lock_bh(&net->xfrm.xfrm_state_lock);
 639         si->sadcnt = net->xfrm.state_num;
 640         si->sadhcnt = net->xfrm.state_hmask;
 641         si->sadhmcnt = xfrm_state_hashmax;
 642         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
 643 }
 644 EXPORT_SYMBOL(xfrm_sad_getinfo);
 645
 646 static int
 647 xfrm_init_tempstate(struct xfrm_state *x, const struct flowi *fl,
 648                     const struct xfrm_tmpl *tmpl,
 649                     const xfrm_address_t *daddr, const xfrm_address_t *saddr,
 650                     unsigned short family)
 651 {
 652         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 653         if (!afinfo)
 654                 return -1;
 655         afinfo->init_tempsel(&x->sel, fl);
 656
 657         if (family != tmpl->encap_family) {
 658                 xfrm_state_put_afinfo(afinfo);
 659                 afinfo = xfrm_state_get_afinfo(tmpl->encap_family);
 660                 if (!afinfo)
 661                         return -1;
 662         }
 663         afinfo->init_temprop(x, tmpl, daddr, saddr);
 664         xfrm_state_put_afinfo(afinfo);
 665         return 0;
 666 }
 667
 668 static struct xfrm_state *__xfrm_state_lookup(struct net *net, u32 mark,
 669                                               const xfrm_address_t *daddr,
 670                                               __be32 spi, u8 proto,
 671                                               unsigned short family)
 672 {
 673         unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
 674         struct xfrm_state *x;
 675
 676         hlist_for_each_entry(x, net->xfrm.state_byspi+h, byspi) {
 677                 if (x->props.family != family ||
 678                     x->id.spi       != spi ||
 679                     x->id.proto     != proto ||
 680                     !xfrm_addr_equal(&x->id.daddr, daddr, family))
 681                         continue;
 682
 683                 if ((mark & x->mark.m) != x->mark.v)
 684                         continue;
 685                 xfrm_state_hold(x);
 686                 return x;
 687         }
 688
 689         return NULL;
 690 }
 691
 692 static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, u32 mark,
 693                                                      const xfrm_address_t *daddr,
 694                                                      const xfrm_address_t *saddr,
 695                                                      u8 proto, unsigned short family)
 696 {
 697         unsigned int h = xfrm_src_hash(net, daddr, saddr, family);
 698         struct xfrm_state *x;
 699
 700         hlist_for_each_entry(x, net->xfrm.state_bysrc+h, bysrc) {
 701                 if (x->props.family != family ||
 702                     x->id.proto     != proto ||
 703                     !xfrm_addr_equal(&x->id.daddr, daddr, family) ||
 704                     !xfrm_addr_equal(&x->props.saddr, saddr, family))
 705                         continue;
 706
 707                 if ((mark & x->mark.m) != x->mark.v)
 708                         continue;
 709                 xfrm_state_hold(x);
 710                 return x;
 711         }
 712
 713         return NULL;
 714 }
 715
 716 static inline struct xfrm_state *
 717 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
 718 {
 719         struct net *net = xs_net(x);
 720         u32 mark = x->mark.v & x->mark.m;
 721
 722         if (use_spi)
 723                 return __xfrm_state_lookup(net, mark, &x->id.daddr,
 724                                            x->id.spi, x->id.proto, family);
 725         else
 726                 return __xfrm_state_lookup_byaddr(net, mark,
 727                                                   &x->id.daddr,
 728                                                   &x->props.saddr,
 729                                                   x->id.proto, family);
 730 }
 731
 732 static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
 733 {
 734         if (have_hash_collision &&
 735             (net->xfrm.state_hmask + 1) < xfrm_state_hashmax &&
 736             net->xfrm.state_num > net->xfrm.state_hmask)
 737                 schedule_work(&net->xfrm.state_hash_work);
 738 }
 739
 740 static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
 741                                const struct flowi *fl, unsigned short family,
 742                                struct xfrm_state **best, int *acq_in_progress,
 743                                int *error)
 744 {
 745         /* Resolution logic:
 746          * 1. There is a valid state with matching selector. Done.
 747          * 2. Valid state with inappropriate selector. Skip.
 748          *
 749          * Entering area of "sysdeps".
 750          *
 751          * 3. If state is not valid, selector is temporary, it selects
 752          *    only session which triggered previous resolution. Key
 753          *    manager will do something to install a state with proper
 754          *    selector.
 755          */
 756         if (x->km.state == XFRM_STATE_VALID) {
 757                 if ((x->sel.family &&
 758                      !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
 759                     !security_xfrm_state_pol_flow_match(x, pol, fl))
 760                         return;
 761
 762                 if (!*best ||
 763                     (*best)->km.dying > x->km.dying ||
 764                     ((*best)->km.dying == x->km.dying &&
 765                      (*best)->curlft.add_time < x->curlft.add_time))
 766                         *best = x;
 767         } else if (x->km.state == XFRM_STATE_ACQ) {
 768                 *acq_in_progress = 1;
 769         } else if (x->km.state == XFRM_STATE_ERROR ||
 770                    x->km.state == XFRM_STATE_EXPIRED) {
 771                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
 772                     security_xfrm_state_pol_flow_match(x, pol, fl))
 773                         *error = -ESRCH;
 774         }
 775 }
 776
 777 struct xfrm_state *
 778 xfrm_state_find(const xfrm_address_t *daddr, const xfrm_address_t *saddr,
 779                 const struct flowi *fl, struct xfrm_tmpl *tmpl,
 780                 struct xfrm_policy *pol, int *err,
 781                 unsigned short family)
 782 {
 783         static xfrm_address_t saddr_wildcard = { };
 784         struct net *net = xp_net(pol);
 785         unsigned int h, h_wildcard;
 786         struct xfrm_state *x, *x0, *to_put;
 787         int acquire_in_progress = 0;
 788         int error = 0;
 789         struct xfrm_state *best = NULL;
 790         u32 mark = pol->mark.v & pol->mark.m;
 791         unsigned short encap_family = tmpl->encap_family;
 792         struct km_event c;
 793
 794         to_put = NULL;
 795
 796         spin_lock_bh(&net->xfrm.xfrm_state_lock);
 797         h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family);
 798         hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
 799                 if (x->props.family == encap_family &&
 800                     x->props.reqid == tmpl->reqid &&
 801                     (mark & x->mark.m) == x->mark.v &&
 802                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
 803                     xfrm_state_addr_check(x, daddr, saddr, encap_family) &&
 804                     tmpl->mode == x->props.mode &&
 805                     tmpl->id.proto == x->id.proto &&
 806                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
 807                         xfrm_state_look_at(pol, x, fl, encap_family,
 808                                            &best, &acquire_in_progress, &error);
 809         }
 810         if (best || acquire_in_progress)
 811                 goto found;
 812
 813         h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, encap_family);
 814         hlist_for_each_entry(x, net->xfrm.state_bydst+h_wildcard, bydst) {
 815                 if (x->props.family == encap_family &&
 816                     x->props.reqid == tmpl->reqid &&
 817                     (mark & x->mark.m) == x->mark.v &&
 818                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
 819                     xfrm_addr_equal(&x->id.daddr, daddr, encap_family) &&
 820                     tmpl->mode == x->props.mode &&
 821                     tmpl->id.proto == x->id.proto &&
 822                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
 823                         xfrm_state_look_at(pol, x, fl, encap_family,
 824                                            &best, &acquire_in_progress, &error);
 825         }
 826
 827 found:
 828         x = best;
 829         if (!x && !error && !acquire_in_progress) {
 830                 if (tmpl->id.spi &&
 831                     (x0 = __xfrm_state_lookup(net, mark, daddr, tmpl->id.spi,
 832                                               tmpl->id.proto, encap_family)) != NULL) {
 833                         to_put = x0;
 834                         error = -EEXIST;
 835                         goto out;
 836                 }
 837
 838                 c.net = net;
 839                 /* If the KMs have no listeners (yet...), avoid allocating an SA
 840                  * for each and every packet - garbage collection might not
 841                  * handle the flood.
 842                  */
 843                 if (!km_is_alive(&c)) {
 844                         error = -ESRCH;
 845                         goto out;
 846                 }
 847
 848                 x = xfrm_state_alloc(net);
 849                 if (x == NULL) {
 850                         error = -ENOMEM;
 851                         goto out;
 852                 }
 853                 /* Initialize temporary state matching only
 854                  * to current session. */
 855                 xfrm_init_tempstate(x, fl, tmpl, daddr, saddr, family);
 856                 memcpy(&x->mark, &pol->mark, sizeof(x->mark));
 857
 858                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->flowi_secid);
 859                 if (error) {
 860                         x->km.state = XFRM_STATE_DEAD;
 861                         to_put = x;
 862                         x = NULL;
 863                         goto out;
 864                 }
 865
 866                 if (km_query(x, tmpl, pol) == 0) {
 867                         x->km.state = XFRM_STATE_ACQ;
 868                         list_add(&x->km.all, &net->xfrm.state_all);
 869                         hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
 870                         h = xfrm_src_hash(net, daddr, saddr, encap_family);
 871                         hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
 872                         if (x->id.spi) {
 873                                 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, encap_family);
 874                                 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
 875                         }
 876                         x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
 877                         tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
 878                         net->xfrm.state_num++;
 879                         xfrm_hash_grow_check(net, x->bydst.next != NULL);
 880                 } else {
 881                         x->km.state = XFRM_STATE_DEAD;
 882                         to_put = x;
 883                         x = NULL;
 884                         error = -ESRCH;
 885                 }
 886         }
 887 out:
 888         if (x)
 889                 xfrm_state_hold(x);
 890         else
 891                 *err = acquire_in_progress ? -EAGAIN : error;
 892         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
 893         if (to_put)
 894                 xfrm_state_put(to_put);
 895         return x;
 896 }
 897
 898 struct xfrm_state *
 899 xfrm_stateonly_find(struct net *net, u32 mark,
 900                     xfrm_address_t *daddr, xfrm_address_t *saddr,
 901                     unsigned short family, u8 mode, u8 proto, u32 reqid)
 902 {
 903         unsigned int h;
 904         struct xfrm_state *rx = NULL, *x = NULL;
 905
 906         spin_lock_bh(&net->xfrm.xfrm_state_lock);
 907         h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
 908         hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
 909                 if (x->props.family == family &&
 910                     x->props.reqid == reqid &&
 911                     (mark & x->mark.m) == x->mark.v &&
 912                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
 913                     xfrm_state_addr_check(x, daddr, saddr, family) &&
 914                     mode == x->props.mode &&
 915                     proto == x->id.proto &&
 916                     x->km.state == XFRM_STATE_VALID) {
 917                         rx = x;
 918                         break;
 919                 }
 920         }
 921
 922         if (rx)
 923                 xfrm_state_hold(rx);
 924         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
 925
 926
 927         return rx;
 928 }
 929 EXPORT_SYMBOL(xfrm_stateonly_find);
 930
 931 struct xfrm_state *xfrm_state_lookup_byspi(struct net *net, __be32 spi,
 932                                               unsigned short family)
 933 {
 934         struct xfrm_state *x;
 935         struct xfrm_state_walk *w;
 936
 937         spin_lock_bh(&net->xfrm.xfrm_state_lock);
 938         list_for_each_entry(w, &net->xfrm.state_all, all) {
 939                 x = container_of(w, struct xfrm_state, km);
 940                 if (x->props.family != family ||
 941                         x->id.spi != spi)
 942                         continue;
 943
 944                 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
 945                 xfrm_state_hold(x);
 946                 return x;
 947         }
 948         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
 949         return NULL;
 950 }
 951 EXPORT_SYMBOL(xfrm_state_lookup_byspi);
 952
 953 static void __xfrm_state_insert(struct xfrm_state *x)
 954 {
 955         struct net *net = xs_net(x);
 956         unsigned int h;
 957
 958         list_add(&x->km.all, &net->xfrm.state_all);
 959
 960         h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr,
 961                           x->props.reqid, x->props.family);
 962         hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
 963
 964         h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family);
 965         hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
 966
 967         if (x->id.spi) {
 968                 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto,
 969                                   x->props.family);
 970
 971                 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
 972         }
 973
 974         tasklet_hrtimer_start(&x->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
 975         if (x->replay_maxage)
 976                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
 977
 978         net->xfrm.state_num++;
 979
 980         xfrm_hash_grow_check(net, x->bydst.next != NULL);
 981 }
 982
 983 /* net->xfrm.xfrm_state_lock is held */
 984 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
 985 {
 986         struct net *net = xs_net(xnew);
 987         unsigned short family = xnew->props.family;
 988         u32 reqid = xnew->props.reqid;
 989         struct xfrm_state *x;
 990         unsigned int h;
 991         u32 mark = xnew->mark.v & xnew->mark.m;
 992
 993         h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
 994         hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
 995                 if (x->props.family     == family &&
 996                     x->props.reqid      == reqid &&
 997                     (mark & x->mark.m) == x->mark.v &&
 998                     xfrm_addr_equal(&x->id.daddr, &xnew->id.daddr, family) &&
 999                     xfrm_addr_equal(&x->props.saddr, &xnew->props.saddr, family))
1000                         x->genid++;
1001         }
1002 }
1003
1004 void xfrm_state_insert(struct xfrm_state *x)
1005 {
1006         struct net *net = xs_net(x);
1007
1008         spin_lock_bh(&net->xfrm.xfrm_state_lock);
1009         __xfrm_state_bump_genids(x);
1010         __xfrm_state_insert(x);
1011         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1012 }
1013 EXPORT_SYMBOL(xfrm_state_insert);
1014
1015 /* net->xfrm.xfrm_state_lock is held */
1016 static struct xfrm_state *__find_acq_core(struct net *net,
1017                                           const struct xfrm_mark *m,
1018                                           unsigned short family, u8 mode,
1019                                           u32 reqid, u8 proto,
1020                                           const xfrm_address_t *daddr,
1021                                           const xfrm_address_t *saddr,
1022                                           int create)
1023 {
1024         unsigned int h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
1025         struct xfrm_state *x;
1026         u32 mark = m->v & m->m;
1027
1028         hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1029                 if (x->props.reqid  != reqid ||
1030                     x->props.mode   != mode ||
1031                     x->props.family != family ||
1032                     x->km.state     != XFRM_STATE_ACQ ||
1033                     x->id.spi       != 0 ||
1034                     x->id.proto     != proto ||
1035                     (mark & x->mark.m) != x->mark.v ||
1036                     !xfrm_addr_equal(&x->id.daddr, daddr, family) ||
1037                     !xfrm_addr_equal(&x->props.saddr, saddr, family))
1038                         continue;
1039
1040                 xfrm_state_hold(x);
1041                 return x;
1042         }
1043
1044         if (!create)
1045                 return NULL;
1046
1047         x = xfrm_state_alloc(net);
1048         if (likely(x)) {
1049                 switch (family) {
1050                 case AF_INET:
1051                         x->sel.daddr.a4 = daddr->a4;
1052                         x->sel.saddr.a4 = saddr->a4;
1053                         x->sel.prefixlen_d = 32;
1054                         x->sel.prefixlen_s = 32;
1055                         x->props.saddr.a4 = saddr->a4;
1056                         x->id.daddr.a4 = daddr->a4;
1057                         break;
1058
1059                 case AF_INET6:
1060                         *(struct in6_addr *)x->sel.daddr.a6 = *(struct in6_addr *)daddr;
1061                         *(struct in6_addr *)x->sel.saddr.a6 = *(struct in6_addr *)saddr;
1062                         x->sel.prefixlen_d = 128;
1063                         x->sel.prefixlen_s = 128;
1064                         *(struct in6_addr *)x->props.saddr.a6 = *(struct in6_addr *)saddr;
1065                         *(struct in6_addr *)x->id.daddr.a6 = *(struct in6_addr *)daddr;
1066                         break;
1067                 }
1068
1069                 x->km.state = XFRM_STATE_ACQ;
1070                 x->id.proto = proto;
1071                 x->props.family = family;
1072                 x->props.mode = mode;
1073                 x->props.reqid = reqid;
1074                 x->mark.v = m->v;
1075                 x->mark.m = m->m;
1076                 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
1077                 xfrm_state_hold(x);
1078                 tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
1079                 list_add(&x->km.all, &net->xfrm.state_all);
1080                 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
1081                 h = xfrm_src_hash(net, daddr, saddr, family);
1082                 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
1083
1084                 net->xfrm.state_num++;
1085
1086                 xfrm_hash_grow_check(net, x->bydst.next != NULL);
1087         }
1088
1089         return x;
1090 }
1091
1092 static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq);
1093
1094 int xfrm_state_add(struct xfrm_state *x)
1095 {
1096         struct net *net = xs_net(x);
1097         struct xfrm_state *x1, *to_put;
1098         int family;
1099         int err;
1100         u32 mark = x->mark.v & x->mark.m;
1101         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1102
1103         family = x->props.family;
1104
1105         to_put = NULL;
1106
1107         spin_lock_bh(&net->xfrm.xfrm_state_lock);
1108
1109         x1 = __xfrm_state_locate(x, use_spi, family);
1110         if (x1) {
1111                 to_put = x1;
1112                 x1 = NULL;
1113                 err = -EEXIST;
1114                 goto out;
1115         }
1116
1117         if (use_spi && x->km.seq) {
1118                 x1 = __xfrm_find_acq_byseq(net, mark, x->km.seq);
1119                 if (x1 && ((x1->id.proto != x->id.proto) ||
1120                     !xfrm_addr_equal(&x1->id.daddr, &x->id.daddr, family))) {
1121                         to_put = x1;
1122                         x1 = NULL;
1123                 }
1124         }
1125
1126         if (use_spi && !x1)
1127                 x1 = __find_acq_core(net, &x->mark, family, x->props.mode,
1128                                      x->props.reqid, x->id.proto,
1129                                      &x->id.daddr, &x->props.saddr, 0);
1130
1131         __xfrm_state_bump_genids(x);
1132         __xfrm_state_insert(x);
1133         err = 0;
1134
1135 out:
1136         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1137
1138         if (x1) {
1139                 xfrm_state_delete(x1);
1140                 xfrm_state_put(x1);
1141         }
1142
1143         if (to_put)
1144                 xfrm_state_put(to_put);
1145
1146         return err;
1147 }
1148 EXPORT_SYMBOL(xfrm_state_add);
1149
1150 #ifdef CONFIG_XFRM_MIGRATE
1151 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig)
1152 {
1153         struct net *net = xs_net(orig);
1154         struct xfrm_state *x = xfrm_state_alloc(net);
1155         if (!x)
1156                 goto out;
1157
1158         memcpy(&x->id, &orig->id, sizeof(x->id));
1159         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1160         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1161         x->props.mode = orig->props.mode;
1162         x->props.replay_window = orig->props.replay_window;
1163         x->props.reqid = orig->props.reqid;
1164         x->props.family = orig->props.family;
1165         x->props.saddr = orig->props.saddr;
1166
1167         if (orig->aalg) {
1168                 x->aalg = xfrm_algo_auth_clone(orig->aalg);
1169                 if (!x->aalg)
1170                         goto error;
1171         }
1172         x->props.aalgo = orig->props.aalgo;
1173
1174         if (orig->aead) {
1175                 x->aead = xfrm_algo_aead_clone(orig->aead);
1176                 if (!x->aead)
1177                         goto error;
1178         }
1179         if (orig->ealg) {
1180                 x->ealg = xfrm_algo_clone(orig->ealg);
1181                 if (!x->ealg)
1182                         goto error;
1183         }
1184         x->props.ealgo = orig->props.ealgo;
1185
1186         if (orig->calg) {
1187                 x->calg = xfrm_algo_clone(orig->calg);
1188                 if (!x->calg)
1189                         goto error;
1190         }
1191         x->props.calgo = orig->props.calgo;
1192
1193         if (orig->encap) {
1194                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1195                 if (!x->encap)
1196                         goto error;
1197         }
1198
1199         if (orig->coaddr) {
1200                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1201                                     GFP_KERNEL);
1202                 if (!x->coaddr)
1203                         goto error;
1204         }
1205
1206         if (orig->replay_esn) {
1207                 if (xfrm_replay_clone(x, orig))
1208                         goto error;
1209         }
1210
1211         memcpy(&x->mark, &orig->mark, sizeof(x->mark));
1212
1213         if (xfrm_init_state(x) < 0)
1214                 goto error;
1215
1216         x->props.flags = orig->props.flags;
1217         x->props.extra_flags = orig->props.extra_flags;
1218
1219         x->tfcpad = orig->tfcpad;
1220         x->replay_maxdiff = orig->replay_maxdiff;
1221         x->replay_maxage = orig->replay_maxage;
1222         x->curlft.add_time = orig->curlft.add_time;
1223         x->km.state = orig->km.state;
1224         x->km.seq = orig->km.seq;
1225
1226         return x;
1227
1228  error:
1229         xfrm_state_put(x);
1230 out:
1231         return NULL;
1232 }
1233
1234 struct xfrm_state *xfrm_migrate_state_find(struct xfrm_migrate *m, struct net *net)
1235 {
1236         unsigned int h;
1237         struct xfrm_state *x = NULL;
1238
1239         spin_lock_bh(&net->xfrm.xfrm_state_lock);
1240
1241         if (m->reqid) {
1242                 h = xfrm_dst_hash(net, &m->old_daddr, &m->old_saddr,
1243                                   m->reqid, m->old_family);
1244                 hlist_for_each_entry(x, net->xfrm.state_bydst+h, bydst) {
1245                         if (x->props.mode != m->mode ||
1246                             x->id.proto != m->proto)
1247                                 continue;
1248                         if (m->reqid && x->props.reqid != m->reqid)
1249                                 continue;
1250                         if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr,
1251                                              m->old_family) ||
1252                             !xfrm_addr_equal(&x->props.saddr, &m->old_saddr,
1253                                              m->old_family))
1254                                 continue;
1255                         xfrm_state_hold(x);
1256                         break;
1257                 }
1258         } else {
1259                 h = xfrm_src_hash(net, &m->old_daddr, &m->old_saddr,
1260                                   m->old_family);
1261                 hlist_for_each_entry(x, net->xfrm.state_bysrc+h, bysrc) {
1262                         if (x->props.mode != m->mode ||
1263                             x->id.proto != m->proto)
1264                                 continue;
1265                         if (!xfrm_addr_equal(&x->id.daddr, &m->old_daddr,
1266                                              m->old_family) ||
1267                             !xfrm_addr_equal(&x->props.saddr, &m->old_saddr,
1268                                              m->old_family))
1269                                 continue;
1270                         xfrm_state_hold(x);
1271                         break;
1272                 }
1273         }
1274
1275         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1276
1277         return x;
1278 }
1279 EXPORT_SYMBOL(xfrm_migrate_state_find);
1280
1281 struct xfrm_state *xfrm_state_migrate(struct xfrm_state *x,
1282                                       struct xfrm_migrate *m)
1283 {
1284         struct xfrm_state *xc;
1285
1286         xc = xfrm_state_clone(x);
1287         if (!xc)
1288                 return NULL;
1289
1290         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1291         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1292
1293         /* add state */
1294         if (xfrm_addr_equal(&x->id.daddr, &m->new_daddr, m->new_family)) {
1295                 /* a care is needed when the destination address of the
1296                    state is to be updated as it is a part of triplet */
1297                 xfrm_state_insert(xc);
1298         } else {
1299                 if (xfrm_state_add(xc) < 0)
1300                         goto error;
1301         }
1302
1303         return xc;
1304 error:
1305         xfrm_state_put(xc);
1306         return NULL;
1307 }
1308 EXPORT_SYMBOL(xfrm_state_migrate);
1309 #endif
1310
1311 int xfrm_state_update(struct xfrm_state *x)
1312 {
1313         struct xfrm_state *x1, *to_put;
1314         int err;
1315         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1316         struct net *net = xs_net(x);
1317
1318         to_put = NULL;
1319
1320         spin_lock_bh(&net->xfrm.xfrm_state_lock);
1321         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1322
1323         err = -ESRCH;
1324         if (!x1)
1325                 goto out;
1326
1327         if (xfrm_state_kern(x1)) {
1328                 to_put = x1;
1329                 err = -EEXIST;
1330                 goto out;
1331         }
1332
1333         if (x1->km.state == XFRM_STATE_ACQ) {
1334                 __xfrm_state_insert(x);
1335                 x = NULL;
1336         }
1337         err = 0;
1338
1339 out:
1340         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1341
1342         if (to_put)
1343                 xfrm_state_put(to_put);
1344
1345         if (err)
1346                 return err;
1347
1348         if (!x) {
1349                 xfrm_state_delete(x1);
1350                 xfrm_state_put(x1);
1351                 return 0;
1352         }
1353
1354         err = -EINVAL;
1355         spin_lock_bh(&x1->lock);
1356         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1357                 if (x->encap && x1->encap)
1358                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1359                 if (x->coaddr && x1->coaddr) {
1360                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1361                 }
1362                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1363                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1364                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1365                 x1->km.dying = 0;
1366
1367                 tasklet_hrtimer_start(&x1->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
1368                 if (x1->curlft.use_time)
1369                         xfrm_state_check_expire(x1);
1370
1371                 err = 0;
1372                 x->km.state = XFRM_STATE_DEAD;
1373                 __xfrm_state_put(x);
1374         }
1375         spin_unlock_bh(&x1->lock);
1376
1377         xfrm_state_put(x1);
1378
1379         return err;
1380 }
1381 EXPORT_SYMBOL(xfrm_state_update);
1382
1383 int xfrm_state_check_expire(struct xfrm_state *x)
1384 {
1385         if (!x->curlft.use_time)
1386                 x->curlft.use_time = get_seconds();
1387
1388         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1389             x->curlft.packets >= x->lft.hard_packet_limit) {
1390                 x->km.state = XFRM_STATE_EXPIRED;
1391                 tasklet_hrtimer_start(&x->mtimer, ktime_set(0, 0), HRTIMER_MODE_REL);
1392                 return -EINVAL;
1393         }
1394
1395         if (!x->km.dying &&
1396             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1397              x->curlft.packets >= x->lft.soft_packet_limit)) {
1398                 x->km.dying = 1;
1399                 km_state_expired(x, 0, 0);
1400         }
1401         return 0;
1402 }
1403 EXPORT_SYMBOL(xfrm_state_check_expire);
1404
1405 struct xfrm_state *
1406 xfrm_state_lookup(struct net *net, u32 mark, const xfrm_address_t *daddr, __be32 spi,
1407                   u8 proto, unsigned short family)
1408 {
1409         struct xfrm_state *x;
1410
1411         spin_lock_bh(&net->xfrm.xfrm_state_lock);
1412         x = __xfrm_state_lookup(net, mark, daddr, spi, proto, family);
1413         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1414         return x;
1415 }
1416 EXPORT_SYMBOL(xfrm_state_lookup);
1417
1418 struct xfrm_state *
1419 xfrm_state_lookup_byaddr(struct net *net, u32 mark,
1420                          const xfrm_address_t *daddr, const xfrm_address_t *saddr,
1421                          u8 proto, unsigned short family)
1422 {
1423         struct xfrm_state *x;
1424
1425         spin_lock_bh(&net->xfrm.xfrm_state_lock);
1426         x = __xfrm_state_lookup_byaddr(net, mark, daddr, saddr, proto, family);
1427         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1428         return x;
1429 }
1430 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1431
1432 struct xfrm_state *
1433 xfrm_find_acq(struct net *net, const struct xfrm_mark *mark, u8 mode, u32 reqid,
1434               u8 proto, const xfrm_address_t *daddr,
1435               const xfrm_address_t *saddr, int create, unsigned short family)
1436 {
1437         struct xfrm_state *x;
1438
1439         spin_lock_bh(&net->xfrm.xfrm_state_lock);
1440         x = __find_acq_core(net, mark, family, mode, reqid, proto, daddr, saddr, create);
1441         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1442
1443         return x;
1444 }
1445 EXPORT_SYMBOL(xfrm_find_acq);
1446
1447 #ifdef CONFIG_XFRM_SUB_POLICY
1448 int
1449 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1450                unsigned short family, struct net *net)
1451 {
1452         int err = 0;
1453         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1454         if (!afinfo)
1455                 return -EAFNOSUPPORT;
1456
1457         spin_lock_bh(&net->xfrm.xfrm_state_lock); /*FIXME*/
1458         if (afinfo->tmpl_sort)
1459                 err = afinfo->tmpl_sort(dst, src, n);
1460         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1461         xfrm_state_put_afinfo(afinfo);
1462         return err;
1463 }
1464 EXPORT_SYMBOL(xfrm_tmpl_sort);
1465
1466 int
1467 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1468                 unsigned short family)
1469 {
1470         int err = 0;
1471         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1472         struct net *net = xs_net(*src);
1473
1474         if (!afinfo)
1475                 return -EAFNOSUPPORT;
1476
1477         spin_lock_bh(&net->xfrm.xfrm_state_lock);
1478         if (afinfo->state_sort)
1479                 err = afinfo->state_sort(dst, src, n);
1480         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1481         xfrm_state_put_afinfo(afinfo);
1482         return err;
1483 }
1484 EXPORT_SYMBOL(xfrm_state_sort);
1485 #endif
1486
1487 /* Silly enough, but I'm lazy to build resolution list */
1488
1489 static struct xfrm_state *__xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
1490 {
1491         int i;
1492
1493         for (i = 0; i <= net->xfrm.state_hmask; i++) {
1494                 struct xfrm_state *x;
1495
1496                 hlist_for_each_entry(x, net->xfrm.state_bydst+i, bydst) {
1497                         if (x->km.seq == seq &&
1498                             (mark & x->mark.m) == x->mark.v &&
1499                             x->km.state == XFRM_STATE_ACQ) {
1500                                 xfrm_state_hold(x);
1501                                 return x;
1502                         }
1503                 }
1504         }
1505         return NULL;
1506 }
1507
1508 struct xfrm_state *xfrm_find_acq_byseq(struct net *net, u32 mark, u32 seq)
1509 {
1510         struct xfrm_state *x;
1511
1512         spin_lock_bh(&net->xfrm.xfrm_state_lock);
1513         x = __xfrm_find_acq_byseq(net, mark, seq);
1514         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1515         return x;
1516 }
1517 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1518
1519 u32 xfrm_get_acqseq(void)
1520 {
1521         u32 res;
1522         static atomic_t acqseq;
1523
1524         do {
1525                 res = atomic_inc_return(&acqseq);
1526         } while (!res);
1527
1528         return res;
1529 }
1530 EXPORT_SYMBOL(xfrm_get_acqseq);
1531
1532 int verify_spi_info(u8 proto, u32 min, u32 max)
1533 {
1534         switch (proto) {
1535         case IPPROTO_AH:
1536         case IPPROTO_ESP:
1537                 break;
1538
1539         case IPPROTO_COMP:
1540                 /* IPCOMP spi is 16-bits. */
1541                 if (max >= 0x10000)
1542                         return -EINVAL;
1543                 break;
1544
1545         default:
1546                 return -EINVAL;
1547         }
1548
1549         if (min > max)
1550                 return -EINVAL;
1551
1552         return 0;
1553 }
1554 EXPORT_SYMBOL(verify_spi_info);
1555
1556 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1557 {
1558         struct net *net = xs_net(x);
1559         unsigned int h;
1560         struct xfrm_state *x0;
1561         int err = -ENOENT;
1562         __be32 minspi = htonl(low);
1563         __be32 maxspi = htonl(high);
1564         u32 mark = x->mark.v & x->mark.m;
1565
1566         spin_lock_bh(&x->lock);
1567         if (x->km.state == XFRM_STATE_DEAD)
1568                 goto unlock;
1569
1570         err = 0;
1571         if (x->id.spi)
1572                 goto unlock;
1573
1574         err = -ENOENT;
1575
1576         if (minspi == maxspi) {
1577                 x0 = xfrm_state_lookup(net, mark, &x->id.daddr, minspi, x->id.proto, x->props.family);
1578                 if (x0) {
1579                         xfrm_state_put(x0);
1580                         goto unlock;
1581                 }
1582                 x->id.spi = minspi;
1583         } else {
1584                 u32 spi = 0;
1585                 for (h = 0; h < high-low+1; h++) {
1586                         spi = low + prandom_u32()%(high-low+1);
1587                         x0 = xfrm_state_lookup(net, mark, &x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1588                         if (x0 == NULL) {
1589                                 x->id.spi = htonl(spi);
1590                                 break;
1591                         }
1592                         xfrm_state_put(x0);
1593                 }
1594         }
1595         if (x->id.spi) {
1596                 spin_lock_bh(&net->xfrm.xfrm_state_lock);
1597                 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1598                 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
1599                 spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1600
1601                 err = 0;
1602         }
1603
1604 unlock:
1605         spin_unlock_bh(&x->lock);
1606
1607         return err;
1608 }
1609 EXPORT_SYMBOL(xfrm_alloc_spi);
1610
1611 static bool __xfrm_state_filter_match(struct xfrm_state *x,
1612                                       struct xfrm_address_filter *filter)
1613 {
1614         if (filter) {
1615                 if ((filter->family == AF_INET ||
1616                      filter->family == AF_INET6) &&
1617                     x->props.family != filter->family)
1618                         return false;
1619
1620                 return addr_match(&x->props.saddr, &filter->saddr,
1621                                   filter->splen) &&
1622                        addr_match(&x->id.daddr, &filter->daddr,
1623                                   filter->dplen);
1624         }
1625         return true;
1626 }
1627
1628 int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,
1629                     int (*func)(struct xfrm_state *, int, void*),
1630                     void *data)
1631 {
1632         struct xfrm_state *state;
1633         struct xfrm_state_walk *x;
1634         int err = 0;
1635
1636         if (walk->seq != 0 && list_empty(&walk->all))
1637                 return 0;
1638
1639         spin_lock_bh(&net->xfrm.xfrm_state_lock);
1640         if (list_empty(&walk->all))
1641                 x = list_first_entry(&net->xfrm.state_all, struct xfrm_state_walk, all);
1642         else
1643                 x = list_entry(&walk->all, struct xfrm_state_walk, all);
1644         list_for_each_entry_from(x, &net->xfrm.state_all, all) {
1645                 if (x->state == XFRM_STATE_DEAD)
1646                         continue;
1647                 state = container_of(x, struct xfrm_state, km);
1648                 if (!xfrm_id_proto_match(state->id.proto, walk->proto))
1649                         continue;
1650                 if (!__xfrm_state_filter_match(state, walk->filter))
1651                         continue;
1652                 err = func(state, walk->seq, data);
1653                 if (err) {
1654                         list_move_tail(&walk->all, &x->all);
1655                         goto out;
1656                 }
1657                 walk->seq++;
1658         }
1659         if (walk->seq == 0) {
1660                 err = -ENOENT;
1661                 goto out;
1662         }
1663         list_del_init(&walk->all);
1664 out:
1665         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1666         return err;
1667 }
1668 EXPORT_SYMBOL(xfrm_state_walk);
1669
1670 void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto,
1671                           struct xfrm_address_filter *filter)
1672 {
1673         INIT_LIST_HEAD(&walk->all);
1674         walk->proto = proto;
1675         walk->state = XFRM_STATE_DEAD;
1676         walk->seq = 0;
1677         walk->filter = filter;
1678 }
1679 EXPORT_SYMBOL(xfrm_state_walk_init);
1680
1681 void xfrm_state_walk_done(struct xfrm_state_walk *walk, struct net *net)
1682 {
1683         kfree(walk->filter);
1684
1685         if (list_empty(&walk->all))
1686                 return;
1687
1688         spin_lock_bh(&net->xfrm.xfrm_state_lock);
1689         list_del(&walk->all);
1690         spin_unlock_bh(&net->xfrm.xfrm_state_lock);
1691 }
1692 EXPORT_SYMBOL(xfrm_state_walk_done);
1693
1694 static void xfrm_replay_timer_handler(unsigned long data)
1695 {
1696         struct xfrm_state *x = (struct xfrm_state *)data;
1697
1698         spin_lock(&x->lock);
1699
1700         if (x->km.state == XFRM_STATE_VALID) {
1701                 if (xfrm_aevent_is_on(xs_net(x)))
1702                         x->repl->notify(x, XFRM_REPLAY_TIMEOUT);
1703                 else
1704                         x->xflags |= XFRM_TIME_DEFER;
1705         }
1706
1707         spin_unlock(&x->lock);
1708 }
1709
1710 static LIST_HEAD(xfrm_km_list);
1711
1712 void km_policy_notify(struct xfrm_policy *xp, int dir, const struct km_event *c)
1713 {
1714         struct xfrm_mgr *km;
1715
1716         rcu_read_lock();
1717         list_for_each_entry_rcu(km, &xfrm_km_list, list)
1718                 if (km->notify_policy)
1719                         km->notify_policy(xp, dir, c);
1720         rcu_read_unlock();
1721 }
1722
1723 void km_state_notify(struct xfrm_state *x, const struct km_event *c)
1724 {
1725         struct xfrm_mgr *km;
1726         rcu_read_lock();
1727         list_for_each_entry_rcu(km, &xfrm_km_list, list)
1728                 if (km->notify)
1729                         km->notify(x, c);
1730         rcu_read_unlock();
1731 }
1732
1733 EXPORT_SYMBOL(km_policy_notify);
1734 EXPORT_SYMBOL(km_state_notify);
1735
1736 void km_state_expired(struct xfrm_state *x, int hard, u32 portid)
1737 {
1738         struct km_event c;
1739
1740         c.data.hard = hard;
1741         c.portid = portid;
1742         c.event = XFRM_MSG_EXPIRE;
1743         km_state_notify(x, &c);
1744 }
1745
1746 EXPORT_SYMBOL(km_state_expired);
1747 /*
1748  * We send to all registered managers regardless of failure
1749  * We are happy with one success
1750 */
1751 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1752 {
1753         int err = -EINVAL, acqret;
1754         struct xfrm_mgr *km;
1755
1756         rcu_read_lock();
1757         list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1758                 acqret = km->acquire(x, t, pol);
1759                 if (!acqret)
1760                         err = acqret;
1761         }
1762         rcu_read_unlock();
1763         return err;
1764 }
1765 EXPORT_SYMBOL(km_query);
1766
1767 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1768 {
1769         int err = -EINVAL;
1770         struct xfrm_mgr *km;
1771
1772         rcu_read_lock();
1773         list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1774                 if (km->new_mapping)
1775                         err = km->new_mapping(x, ipaddr, sport);
1776                 if (!err)
1777                         break;
1778         }
1779         rcu_read_unlock();
1780         return err;
1781 }
1782 EXPORT_SYMBOL(km_new_mapping);
1783
1784 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid)
1785 {
1786         struct km_event c;
1787
1788         c.data.hard = hard;
1789         c.portid = portid;
1790         c.event = XFRM_MSG_POLEXPIRE;
1791         km_policy_notify(pol, dir, &c);
1792 }
1793 EXPORT_SYMBOL(km_policy_expired);
1794
1795 #ifdef CONFIG_XFRM_MIGRATE
1796 int km_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
1797                const struct xfrm_migrate *m, int num_migrate,
1798                const struct xfrm_kmaddress *k)
1799 {
1800         int err = -EINVAL;
1801         int ret;
1802         struct xfrm_mgr *km;
1803
1804         rcu_read_lock();
1805         list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1806                 if (km->migrate) {
1807                         ret = km->migrate(sel, dir, type, m, num_migrate, k);
1808                         if (!ret)
1809                                 err = ret;
1810                 }
1811         }
1812         rcu_read_unlock();
1813         return err;
1814 }
1815 EXPORT_SYMBOL(km_migrate);
1816 #endif
1817
1818 int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1819 {
1820         int err = -EINVAL;
1821         int ret;
1822         struct xfrm_mgr *km;
1823
1824         rcu_read_lock();
1825         list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1826                 if (km->report) {
1827                         ret = km->report(net, proto, sel, addr);
1828                         if (!ret)
1829                                 err = ret;
1830                 }
1831         }
1832         rcu_read_unlock();
1833         return err;
1834 }
1835 EXPORT_SYMBOL(km_report);
1836
1837 bool km_is_alive(const struct km_event *c)
1838 {
1839         struct xfrm_mgr *km;
1840         bool is_alive = false;
1841
1842         rcu_read_lock();
1843         list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1844                 if (km->is_alive && km->is_alive(c)) {
1845                         is_alive = true;
1846                         break;
1847                 }
1848         }
1849         rcu_read_unlock();
1850
1851         return is_alive;
1852 }
1853 EXPORT_SYMBOL(km_is_alive);
1854
1855 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1856 {
1857         int err;
1858         u8 *data;
1859         struct xfrm_mgr *km;
1860         struct xfrm_policy *pol = NULL;
1861
1862         if (optlen <= 0 || optlen > PAGE_SIZE)
1863                 return -EMSGSIZE;
1864
1865         data = kmalloc(optlen, GFP_KERNEL);
1866         if (!data)
1867                 return -ENOMEM;
1868
1869         err = -EFAULT;
1870         if (copy_from_user(data, optval, optlen))
1871                 goto out;
1872
1873         err = -EINVAL;
1874         rcu_read_lock();
1875         list_for_each_entry_rcu(km, &xfrm_km_list, list) {
1876                 pol = km->compile_policy(sk, optname, data,
1877                                          optlen, &err);
1878                 if (err >= 0)
1879                         break;
1880         }
1881         rcu_read_unlock();
1882
1883         if (err >= 0) {
1884                 xfrm_sk_policy_insert(sk, err, pol);
1885                 xfrm_pol_put(pol);
1886                 err = 0;
1887         }
1888
1889 out:
1890         kfree(data);
1891         return err;
1892 }
1893 EXPORT_SYMBOL(xfrm_user_policy);
1894
1895 static DEFINE_SPINLOCK(xfrm_km_lock);
1896
1897 int xfrm_register_km(struct xfrm_mgr *km)
1898 {
1899         spin_lock_bh(&xfrm_km_lock);
1900         list_add_tail_rcu(&km->list, &xfrm_km_list);
1901         spin_unlock_bh(&xfrm_km_lock);
1902         return 0;
1903 }
1904 EXPORT_SYMBOL(xfrm_register_km);
1905
1906 int xfrm_unregister_km(struct xfrm_mgr *km)
1907 {
1908         spin_lock_bh(&xfrm_km_lock);
1909         list_del_rcu(&km->list);
1910         spin_unlock_bh(&xfrm_km_lock);
1911         synchronize_rcu();
1912         return 0;
1913 }
1914 EXPORT_SYMBOL(xfrm_unregister_km);
1915
1916 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1917 {
1918         int err = 0;
1919         if (unlikely(afinfo == NULL))
1920                 return -EINVAL;
1921         if (unlikely(afinfo->family >= NPROTO))
1922                 return -EAFNOSUPPORT;
1923         spin_lock_bh(&xfrm_state_afinfo_lock);
1924         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1925                 err = -ENOBUFS;
1926         else
1927                 rcu_assign_pointer(xfrm_state_afinfo[afinfo->family], afinfo);
1928         spin_unlock_bh(&xfrm_state_afinfo_lock);
1929         return err;
1930 }
1931 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1932
1933 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1934 {
1935         int err = 0;
1936         if (unlikely(afinfo == NULL))
1937                 return -EINVAL;
1938         if (unlikely(afinfo->family >= NPROTO))
1939                 return -EAFNOSUPPORT;
1940         spin_lock_bh(&xfrm_state_afinfo_lock);
1941         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1942                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1943                         err = -EINVAL;
1944                 else
1945                         RCU_INIT_POINTER(xfrm_state_afinfo[afinfo->family], NULL);
1946         }
1947         spin_unlock_bh(&xfrm_state_afinfo_lock);
1948         synchronize_rcu();
1949         return err;
1950 }
1951 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1952
1953 struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1954 {
1955         struct xfrm_state_afinfo *afinfo;
1956         if (unlikely(family >= NPROTO))
1957                 return NULL;
1958         rcu_read_lock();
1959         afinfo = rcu_dereference(xfrm_state_afinfo[family]);
1960         if (unlikely(!afinfo))
1961                 rcu_read_unlock();
1962         return afinfo;
1963 }
1964
1965 void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1966 {
1967         rcu_read_unlock();
1968 }
1969
1970 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1971 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1972 {
1973         if (x->tunnel) {
1974                 struct xfrm_state *t = x->tunnel;
1975
1976                 if (atomic_read(&t->tunnel_users) == 2)
1977                         xfrm_state_delete(t);
1978                 atomic_dec(&t->tunnel_users);
1979                 xfrm_state_put(t);
1980                 x->tunnel = NULL;
1981         }
1982 }
1983 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1984
1985 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1986 {
1987         int res;
1988
1989         spin_lock_bh(&x->lock);
1990         if (x->km.state == XFRM_STATE_VALID &&
1991             x->type && x->type->get_mtu)
1992                 res = x->type->get_mtu(x, mtu);
1993         else
1994                 res = mtu - x->props.header_len;
1995         spin_unlock_bh(&x->lock);
1996         return res;
1997 }
1998
1999 int __xfrm_init_state(struct xfrm_state *x, bool init_replay)
2000 {
2001         struct xfrm_state_afinfo *afinfo;
2002         struct xfrm_mode *inner_mode;
2003         int family = x->props.family;
2004         int err;
2005
2006         err = -EAFNOSUPPORT;
2007         afinfo = xfrm_state_get_afinfo(family);
2008         if (!afinfo)
2009                 goto error;
2010
2011         err = 0;
2012         if (afinfo->init_flags)
2013                 err = afinfo->init_flags(x);
2014
2015         xfrm_state_put_afinfo(afinfo);
2016
2017         if (err)
2018                 goto error;
2019
2020         err = -EPROTONOSUPPORT;
2021
2022         if (x->sel.family != AF_UNSPEC) {
2023                 inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
2024                 if (inner_mode == NULL)
2025                         goto error;
2026
2027                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
2028                     family != x->sel.family) {
2029                         xfrm_put_mode(inner_mode);
2030                         goto error;
2031                 }
2032
2033                 x->inner_mode = inner_mode;
2034         } else {
2035                 struct xfrm_mode *inner_mode_iaf;
2036                 int iafamily = AF_INET;
2037
2038                 inner_mode = xfrm_get_mode(x->props.mode, x->props.family);
2039                 if (inner_mode == NULL)
2040                         goto error;
2041
2042                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
2043                         xfrm_put_mode(inner_mode);
2044                         goto error;
2045                 }
2046                 x->inner_mode = inner_mode;
2047
2048                 if (x->props.family == AF_INET)
2049                         iafamily = AF_INET6;
2050
2051                 inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily);
2052                 if (inner_mode_iaf) {
2053                         if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)
2054                                 x->inner_mode_iaf = inner_mode_iaf;
2055                         else
2056                                 xfrm_put_mode(inner_mode_iaf);
2057                 }
2058         }
2059
2060         x->type = xfrm_get_type(x->id.proto, family);
2061         if (x->type == NULL)
2062                 goto error;
2063
2064         err = x->type->init_state(x);
2065         if (err)
2066                 goto error;
2067
2068         x->outer_mode = xfrm_get_mode(x->props.mode, family);
2069         if (x->outer_mode == NULL) {
2070                 err = -EPROTONOSUPPORT;
2071                 goto error;
2072         }
2073
2074         if (init_replay) {
2075                 err = xfrm_init_replay(x);
2076                 if (err)
2077                         goto error;
2078         }
2079
2080         x->km.state = XFRM_STATE_VALID;
2081
2082 error:
2083         return err;
2084 }
2085
2086 EXPORT_SYMBOL(__xfrm_init_state);
2087
2088 int xfrm_init_state(struct xfrm_state *x)
2089 {
2090         return __xfrm_init_state(x, true);
2091 }
2092
2093 EXPORT_SYMBOL(xfrm_init_state);
2094
2095 int __net_init xfrm_state_init(struct net *net)
2096 {
2097         unsigned int sz;
2098
2099         INIT_LIST_HEAD(&net->xfrm.state_all);
2100
2101         sz = sizeof(struct hlist_head) * 8;
2102
2103         net->xfrm.state_bydst = xfrm_hash_alloc(sz);
2104         if (!net->xfrm.state_bydst)
2105                 goto out_bydst;
2106         net->xfrm.state_bysrc = xfrm_hash_alloc(sz);
2107         if (!net->xfrm.state_bysrc)
2108                 goto out_bysrc;
2109         net->xfrm.state_byspi = xfrm_hash_alloc(sz);
2110         if (!net->xfrm.state_byspi)
2111                 goto out_byspi;
2112         net->xfrm.state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2113
2114         net->xfrm.state_num = 0;
2115         INIT_WORK(&net->xfrm.state_hash_work, xfrm_hash_resize);
2116         INIT_HLIST_HEAD(&net->xfrm.state_gc_list);
2117         INIT_WORK(&net->xfrm.state_gc_work, xfrm_state_gc_task);
2118         spin_lock_init(&net->xfrm.xfrm_state_lock);
2119         return 0;
2120
2121 out_byspi:
2122         xfrm_hash_free(net->xfrm.state_bysrc, sz);
2123 out_bysrc:
2124         xfrm_hash_free(net->xfrm.state_bydst, sz);
2125 out_bydst:
2126         return -ENOMEM;
2127 }
2128
2129 void xfrm_state_fini(struct net *net)
2130 {
2131         struct xfrm_audit audit_info;
2132         unsigned int sz;
2133
2134         flush_work(&net->xfrm.state_hash_work);
2135         audit_info.loginuid = INVALID_UID;
2136         audit_info.sessionid = (unsigned int)-1;
2137         audit_info.secid = 0;
2138         xfrm_state_flush(net, IPSEC_PROTO_ANY, &audit_info);
2139         flush_work(&net->xfrm.state_gc_work);
2140
2141         WARN_ON(!list_empty(&net->xfrm.state_all));
2142
2143         sz = (net->xfrm.state_hmask + 1) * sizeof(struct hlist_head);
2144         WARN_ON(!hlist_empty(net->xfrm.state_byspi));
2145         xfrm_hash_free(net->xfrm.state_byspi, sz);
2146         WARN_ON(!hlist_empty(net->xfrm.state_bysrc));
2147         xfrm_hash_free(net->xfrm.state_bysrc, sz);
2148         WARN_ON(!hlist_empty(net->xfrm.state_bydst));
2149         xfrm_hash_free(net->xfrm.state_bydst, sz);
2150 }
2151
2152 #ifdef CONFIG_AUDITSYSCALL
2153 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2154                                      struct audit_buffer *audit_buf)
2155 {
2156         struct xfrm_sec_ctx *ctx = x->security;
2157         u32 spi = ntohl(x->id.spi);
2158
2159         if (ctx)
2160                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2161                                  ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2162
2163         switch (x->props.family) {
2164         case AF_INET:
2165                 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2166                                  &x->props.saddr.a4, &x->id.daddr.a4);
2167                 break;
2168         case AF_INET6:
2169                 audit_log_format(audit_buf, " src=%pI6 dst=%pI6",
2170                                  x->props.saddr.a6, x->id.daddr.a6);
2171                 break;
2172         }
2173
2174         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2175 }
2176
2177 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2178                                       struct audit_buffer *audit_buf)
2179 {
2180         const struct iphdr *iph4;
2181         const struct ipv6hdr *iph6;
2182
2183         switch (family) {
2184         case AF_INET:
2185                 iph4 = ip_hdr(skb);
2186                 audit_log_format(audit_buf, " src=%pI4 dst=%pI4",
2187                                  &iph4->saddr, &iph4->daddr);
2188                 break;
2189         case AF_INET6:
2190                 iph6 = ipv6_hdr(skb);
2191                 audit_log_format(audit_buf,
2192                                  " src=%pI6 dst=%pI6 flowlbl=0x%x%02x%02x",
2193                                  &iph6->saddr, &iph6->daddr,
2194                                  iph6->flow_lbl[0] & 0x0f,
2195                                  iph6->flow_lbl[1],
2196                                  iph6->flow_lbl[2]);
2197                 break;
2198         }
2199 }
2200
2201 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2202                           kuid_t auid, unsigned int sessionid, u32 secid)
2203 {
2204         struct audit_buffer *audit_buf;
2205
2206         audit_buf = xfrm_audit_start("SAD-add");
2207         if (audit_buf == NULL)
2208                 return;
2209         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2210         xfrm_audit_helper_sainfo(x, audit_buf);
2211         audit_log_format(audit_buf, " res=%u", result);
2212         audit_log_end(audit_buf);
2213 }
2214 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2215
2216 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2217                              kuid_t auid, unsigned int sessionid, u32 secid)
2218 {
2219         struct audit_buffer *audit_buf;
2220
2221         audit_buf = xfrm_audit_start("SAD-delete");
2222         if (audit_buf == NULL)
2223                 return;
2224         xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2225         xfrm_audit_helper_sainfo(x, audit_buf);
2226         audit_log_format(audit_buf, " res=%u", result);
2227         audit_log_end(audit_buf);
2228 }
2229 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2230
2231 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2232                                       struct sk_buff *skb)
2233 {
2234         struct audit_buffer *audit_buf;
2235         u32 spi;
2236
2237         audit_buf = xfrm_audit_start("SA-replay-overflow");
2238         if (audit_buf == NULL)
2239                 return;
2240         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2241         /* don't record the sequence number because it's inherent in this kind
2242          * of audit message */
2243         spi = ntohl(x->id.spi);
2244         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2245         audit_log_end(audit_buf);
2246 }
2247 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2248
2249 void xfrm_audit_state_replay(struct xfrm_state *x,
2250                              struct sk_buff *skb, __be32 net_seq)
2251 {
2252         struct audit_buffer *audit_buf;
2253         u32 spi;
2254
2255         audit_buf = xfrm_audit_start("SA-replayed-pkt");
2256         if (audit_buf == NULL)
2257                 return;
2258         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2259         spi = ntohl(x->id.spi);
2260         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2261                          spi, spi, ntohl(net_seq));
2262         audit_log_end(audit_buf);
2263 }
2264 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay);
2265
2266 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2267 {
2268         struct audit_buffer *audit_buf;
2269
2270         audit_buf = xfrm_audit_start("SA-notfound");
2271         if (audit_buf == NULL)
2272                 return;
2273         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2274         audit_log_end(audit_buf);
2275 }
2276 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2277
2278 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2279                                __be32 net_spi, __be32 net_seq)
2280 {
2281         struct audit_buffer *audit_buf;
2282         u32 spi;
2283
2284         audit_buf = xfrm_audit_start("SA-notfound");
2285         if (audit_buf == NULL)
2286                 return;
2287         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2288         spi = ntohl(net_spi);
2289         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2290                          spi, spi, ntohl(net_seq));
2291         audit_log_end(audit_buf);
2292 }
2293 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2294
2295 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2296                               struct sk_buff *skb, u8 proto)
2297 {
2298         struct audit_buffer *audit_buf;
2299         __be32 net_spi;
2300         __be32 net_seq;
2301
2302         audit_buf = xfrm_audit_start("SA-icv-failure");
2303         if (audit_buf == NULL)
2304                 return;
2305         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2306         if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2307                 u32 spi = ntohl(net_spi);
2308                 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2309                                  spi, spi, ntohl(net_seq));
2310         }
2311         audit_log_end(audit_buf);
2312 }
2313 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2314 #endif /* CONFIG_AUDITSYSCALL */