net/xfrm/xfrm_state.c

   1 /*
   2  * xfrm_state.c
   3  *
   4  * Changes:
   5  *      Mitsuru KANDA @USAGI
   6  *      Kazunori MIYAZAWA @USAGI
   7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
   8  *              IPv6 support
   9  *      YOSHIFUJI Hideaki @USAGI
  10  *              Split up af-specific functions
  11  *      Derek Atkins <derek@ihtfp.com>
  12  *              Add UDP Encapsulation
  13  *
  14  */
  15
  16 #include <linux/workqueue.h>
  17 #include <net/xfrm.h>
  18 #include <linux/pfkeyv2.h>
  19 #include <linux/ipsec.h>
  20 #include <linux/module.h>
  21 #include <linux/cache.h>
  22 #include <linux/audit.h>
  23 #include <asm/uaccess.h>
  24
  25 #include "xfrm_hash.h"
  26
  27 struct sock *xfrm_nl;
  28 EXPORT_SYMBOL(xfrm_nl);
  29
  30 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
  31 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
  32
  33 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
  34 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
  35
  36 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
  37
  38 /* Each xfrm_state may be linked to two tables:
  39
  40    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
  41    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
  42       destination/tunnel endpoint. (output)
  43  */
  44
  45 static DEFINE_SPINLOCK(xfrm_state_lock);
  46
  47 /* Hash table to find appropriate SA towards given target (endpoint
  48  * of tunnel or destination of transport mode) allowed by selector.
  49  *
  50  * Main use is finding SA after policy selected tunnel or transport mode.
  51  * Also, it can be used by ah/esp icmp error handler to find offending SA.
  52  */
  53 static struct hlist_head *xfrm_state_bydst __read_mostly;
  54 static struct hlist_head *xfrm_state_bysrc __read_mostly;
  55 static struct hlist_head *xfrm_state_byspi __read_mostly;
  56 static unsigned int xfrm_state_hmask __read_mostly;
  57 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
  58 static unsigned int xfrm_state_num;
  59 static unsigned int xfrm_state_genid;
  60
  61 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
  62 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
  63
  64 #ifdef CONFIG_AUDITSYSCALL
  65 static void xfrm_audit_state_replay(struct xfrm_state *x,
  66                                     struct sk_buff *skb, __be32 net_seq);
  67 #else
  68 #define xfrm_audit_state_replay(x, s, sq)       do { ; } while (0)
  69 #endif /* CONFIG_AUDITSYSCALL */
  70
  71 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
  72                                          xfrm_address_t *saddr,
  73                                          u32 reqid,
  74                                          unsigned short family)
  75 {
  76         return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
  77 }
  78
  79 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
  80                                          xfrm_address_t *saddr,
  81                                          unsigned short family)
  82 {
  83         return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
  84 }
  85
  86 static inline unsigned int
  87 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
  88 {
  89         return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
  90 }
  91
  92 static void xfrm_hash_transfer(struct hlist_head *list,
  93                                struct hlist_head *ndsttable,
  94                                struct hlist_head *nsrctable,
  95                                struct hlist_head *nspitable,
  96                                unsigned int nhashmask)
  97 {
  98         struct hlist_node *entry, *tmp;
  99         struct xfrm_state *x;
 100
 101         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
 102                 unsigned int h;
 103
 104                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
 105                                     x->props.reqid, x->props.family,
 106                                     nhashmask);
 107                 hlist_add_head(&x->bydst, ndsttable+h);
 108
 109                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
 110                                     x->props.family,
 111                                     nhashmask);
 112                 hlist_add_head(&x->bysrc, nsrctable+h);
 113
 114                 if (x->id.spi) {
 115                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
 116                                             x->id.proto, x->props.family,
 117                                             nhashmask);
 118                         hlist_add_head(&x->byspi, nspitable+h);
 119                 }
 120         }
 121 }
 122
 123 static unsigned long xfrm_hash_new_size(void)
 124 {
 125         return ((xfrm_state_hmask + 1) << 1) *
 126                 sizeof(struct hlist_head);
 127 }
 128
 129 static DEFINE_MUTEX(hash_resize_mutex);
 130
 131 static void xfrm_hash_resize(struct work_struct *__unused)
 132 {
 133         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
 134         unsigned long nsize, osize;
 135         unsigned int nhashmask, ohashmask;
 136         int i;
 137
 138         mutex_lock(&hash_resize_mutex);
 139
 140         nsize = xfrm_hash_new_size();
 141         ndst = xfrm_hash_alloc(nsize);
 142         if (!ndst)
 143                 goto out_unlock;
 144         nsrc = xfrm_hash_alloc(nsize);
 145         if (!nsrc) {
 146                 xfrm_hash_free(ndst, nsize);
 147                 goto out_unlock;
 148         }
 149         nspi = xfrm_hash_alloc(nsize);
 150         if (!nspi) {
 151                 xfrm_hash_free(ndst, nsize);
 152                 xfrm_hash_free(nsrc, nsize);
 153                 goto out_unlock;
 154         }
 155
 156         spin_lock_bh(&xfrm_state_lock);
 157
 158         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
 159         for (i = xfrm_state_hmask; i >= 0; i--)
 160                 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
 161                                    nhashmask);
 162
 163         odst = xfrm_state_bydst;
 164         osrc = xfrm_state_bysrc;
 165         ospi = xfrm_state_byspi;
 166         ohashmask = xfrm_state_hmask;
 167
 168         xfrm_state_bydst = ndst;
 169         xfrm_state_bysrc = nsrc;
 170         xfrm_state_byspi = nspi;
 171         xfrm_state_hmask = nhashmask;
 172
 173         spin_unlock_bh(&xfrm_state_lock);
 174
 175         osize = (ohashmask + 1) * sizeof(struct hlist_head);
 176         xfrm_hash_free(odst, osize);
 177         xfrm_hash_free(osrc, osize);
 178         xfrm_hash_free(ospi, osize);
 179
 180 out_unlock:
 181         mutex_unlock(&hash_resize_mutex);
 182 }
 183
 184 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
 185
 186 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
 187 EXPORT_SYMBOL(km_waitq);
 188
 189 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
 190 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
 191
 192 static struct work_struct xfrm_state_gc_work;
 193 static HLIST_HEAD(xfrm_state_gc_list);
 194 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
 195
 196 int __xfrm_state_delete(struct xfrm_state *x);
 197
 198 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
 199 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
 200
 201 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
 202 {
 203         struct xfrm_state_afinfo *afinfo;
 204         if (unlikely(family >= NPROTO))
 205                 return NULL;
 206         write_lock_bh(&xfrm_state_afinfo_lock);
 207         afinfo = xfrm_state_afinfo[family];
 208         if (unlikely(!afinfo))
 209                 write_unlock_bh(&xfrm_state_afinfo_lock);
 210         return afinfo;
 211 }
 212
 213 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
 214         __releases(xfrm_state_afinfo_lock)
 215 {
 216         write_unlock_bh(&xfrm_state_afinfo_lock);
 217 }
 218
 219 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
 220 {
 221         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
 222         const struct xfrm_type **typemap;
 223         int err = 0;
 224
 225         if (unlikely(afinfo == NULL))
 226                 return -EAFNOSUPPORT;
 227         typemap = afinfo->type_map;
 228
 229         if (likely(typemap[type->proto] == NULL))
 230                 typemap[type->proto] = type;
 231         else
 232                 err = -EEXIST;
 233         xfrm_state_unlock_afinfo(afinfo);
 234         return err;
 235 }
 236 EXPORT_SYMBOL(xfrm_register_type);
 237
 238 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
 239 {
 240         struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
 241         const struct xfrm_type **typemap;
 242         int err = 0;
 243
 244         if (unlikely(afinfo == NULL))
 245                 return -EAFNOSUPPORT;
 246         typemap = afinfo->type_map;
 247
 248         if (unlikely(typemap[type->proto] != type))
 249                 err = -ENOENT;
 250         else
 251                 typemap[type->proto] = NULL;
 252         xfrm_state_unlock_afinfo(afinfo);
 253         return err;
 254 }
 255 EXPORT_SYMBOL(xfrm_unregister_type);
 256
 257 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
 258 {
 259         struct xfrm_state_afinfo *afinfo;
 260         const struct xfrm_type **typemap;
 261         const struct xfrm_type *type;
 262         int modload_attempted = 0;
 263
 264 retry:
 265         afinfo = xfrm_state_get_afinfo(family);
 266         if (unlikely(afinfo == NULL))
 267                 return NULL;
 268         typemap = afinfo->type_map;
 269
 270         type = typemap[proto];
 271         if (unlikely(type && !try_module_get(type->owner)))
 272                 type = NULL;
 273         if (!type && !modload_attempted) {
 274                 xfrm_state_put_afinfo(afinfo);
 275                 request_module("xfrm-type-%d-%d", family, proto);
 276                 modload_attempted = 1;
 277                 goto retry;
 278         }
 279
 280         xfrm_state_put_afinfo(afinfo);
 281         return type;
 282 }
 283
 284 static void xfrm_put_type(const struct xfrm_type *type)
 285 {
 286         module_put(type->owner);
 287 }
 288
 289 int xfrm_register_mode(struct xfrm_mode *mode, int family)
 290 {
 291         struct xfrm_state_afinfo *afinfo;
 292         struct xfrm_mode **modemap;
 293         int err;
 294
 295         if (unlikely(mode->encap >= XFRM_MODE_MAX))
 296                 return -EINVAL;
 297
 298         afinfo = xfrm_state_lock_afinfo(family);
 299         if (unlikely(afinfo == NULL))
 300                 return -EAFNOSUPPORT;
 301
 302         err = -EEXIST;
 303         modemap = afinfo->mode_map;
 304         if (modemap[mode->encap])
 305                 goto out;
 306
 307         err = -ENOENT;
 308         if (!try_module_get(afinfo->owner))
 309                 goto out;
 310
 311         mode->afinfo = afinfo;
 312         modemap[mode->encap] = mode;
 313         err = 0;
 314
 315 out:
 316         xfrm_state_unlock_afinfo(afinfo);
 317         return err;
 318 }
 319 EXPORT_SYMBOL(xfrm_register_mode);
 320
 321 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
 322 {
 323         struct xfrm_state_afinfo *afinfo;
 324         struct xfrm_mode **modemap;
 325         int err;
 326
 327         if (unlikely(mode->encap >= XFRM_MODE_MAX))
 328                 return -EINVAL;
 329
 330         afinfo = xfrm_state_lock_afinfo(family);
 331         if (unlikely(afinfo == NULL))
 332                 return -EAFNOSUPPORT;
 333
 334         err = -ENOENT;
 335         modemap = afinfo->mode_map;
 336         if (likely(modemap[mode->encap] == mode)) {
 337                 modemap[mode->encap] = NULL;
 338                 module_put(mode->afinfo->owner);
 339                 err = 0;
 340         }
 341
 342         xfrm_state_unlock_afinfo(afinfo);
 343         return err;
 344 }
 345 EXPORT_SYMBOL(xfrm_unregister_mode);
 346
 347 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
 348 {
 349         struct xfrm_state_afinfo *afinfo;
 350         struct xfrm_mode *mode;
 351         int modload_attempted = 0;
 352
 353         if (unlikely(encap >= XFRM_MODE_MAX))
 354                 return NULL;
 355
 356 retry:
 357         afinfo = xfrm_state_get_afinfo(family);
 358         if (unlikely(afinfo == NULL))
 359                 return NULL;
 360
 361         mode = afinfo->mode_map[encap];
 362         if (unlikely(mode && !try_module_get(mode->owner)))
 363                 mode = NULL;
 364         if (!mode && !modload_attempted) {
 365                 xfrm_state_put_afinfo(afinfo);
 366                 request_module("xfrm-mode-%d-%d", family, encap);
 367                 modload_attempted = 1;
 368                 goto retry;
 369         }
 370
 371         xfrm_state_put_afinfo(afinfo);
 372         return mode;
 373 }
 374
 375 static void xfrm_put_mode(struct xfrm_mode *mode)
 376 {
 377         module_put(mode->owner);
 378 }
 379
 380 static void xfrm_state_gc_destroy(struct xfrm_state *x)
 381 {
 382         del_timer_sync(&x->timer);
 383         del_timer_sync(&x->rtimer);
 384         kfree(x->aalg);
 385         kfree(x->ealg);
 386         kfree(x->calg);
 387         kfree(x->encap);
 388         kfree(x->coaddr);
 389         if (x->inner_mode)
 390                 xfrm_put_mode(x->inner_mode);
 391         if (x->outer_mode)
 392                 xfrm_put_mode(x->outer_mode);
 393         if (x->type) {
 394                 x->type->destructor(x);
 395                 xfrm_put_type(x->type);
 396         }
 397         security_xfrm_state_free(x);
 398         kfree(x);
 399 }
 400
 401 static void xfrm_state_gc_task(struct work_struct *data)
 402 {
 403         struct xfrm_state *x;
 404         struct hlist_node *entry, *tmp;
 405         struct hlist_head gc_list;
 406
 407         spin_lock_bh(&xfrm_state_gc_lock);
 408         gc_list.first = xfrm_state_gc_list.first;
 409         INIT_HLIST_HEAD(&xfrm_state_gc_list);
 410         spin_unlock_bh(&xfrm_state_gc_lock);
 411
 412         hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
 413                 xfrm_state_gc_destroy(x);
 414
 415         wake_up(&km_waitq);
 416 }
 417
 418 static inline unsigned long make_jiffies(long secs)
 419 {
 420         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
 421                 return MAX_SCHEDULE_TIMEOUT-1;
 422         else
 423                 return secs*HZ;
 424 }
 425
 426 static void xfrm_timer_handler(unsigned long data)
 427 {
 428         struct xfrm_state *x = (struct xfrm_state*)data;
 429         unsigned long now = get_seconds();
 430         long next = LONG_MAX;
 431         int warn = 0;
 432         int err = 0;
 433
 434         spin_lock(&x->lock);
 435         if (x->km.state == XFRM_STATE_DEAD)
 436                 goto out;
 437         if (x->km.state == XFRM_STATE_EXPIRED)
 438                 goto expired;
 439         if (x->lft.hard_add_expires_seconds) {
 440                 long tmo = x->lft.hard_add_expires_seconds +
 441                         x->curlft.add_time - now;
 442                 if (tmo <= 0)
 443                         goto expired;
 444                 if (tmo < next)
 445                         next = tmo;
 446         }
 447         if (x->lft.hard_use_expires_seconds) {
 448                 long tmo = x->lft.hard_use_expires_seconds +
 449                         (x->curlft.use_time ? : now) - now;
 450                 if (tmo <= 0)
 451                         goto expired;
 452                 if (tmo < next)
 453                         next = tmo;
 454         }
 455         if (x->km.dying)
 456                 goto resched;
 457         if (x->lft.soft_add_expires_seconds) {
 458                 long tmo = x->lft.soft_add_expires_seconds +
 459                         x->curlft.add_time - now;
 460                 if (tmo <= 0)
 461                         warn = 1;
 462                 else if (tmo < next)
 463                         next = tmo;
 464         }
 465         if (x->lft.soft_use_expires_seconds) {
 466                 long tmo = x->lft.soft_use_expires_seconds +
 467                         (x->curlft.use_time ? : now) - now;
 468                 if (tmo <= 0)
 469                         warn = 1;
 470                 else if (tmo < next)
 471                         next = tmo;
 472         }
 473
 474         x->km.dying = warn;
 475         if (warn)
 476                 km_state_expired(x, 0, 0);
 477 resched:
 478         if (next != LONG_MAX)
 479                 mod_timer(&x->timer, jiffies + make_jiffies(next));
 480
 481         goto out;
 482
 483 expired:
 484         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
 485                 x->km.state = XFRM_STATE_EXPIRED;
 486                 wake_up(&km_waitq);
 487                 next = 2;
 488                 goto resched;
 489         }
 490
 491         err = __xfrm_state_delete(x);
 492         if (!err && x->id.spi)
 493                 km_state_expired(x, 1, 0);
 494
 495         xfrm_audit_state_delete(x, err ? 0 : 1,
 496                                 audit_get_loginuid(current), 0);
 497
 498 out:
 499         spin_unlock(&x->lock);
 500 }
 501
 502 static void xfrm_replay_timer_handler(unsigned long data);
 503
 504 struct xfrm_state *xfrm_state_alloc(void)
 505 {
 506         struct xfrm_state *x;
 507
 508         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
 509
 510         if (x) {
 511                 atomic_set(&x->refcnt, 1);
 512                 atomic_set(&x->tunnel_users, 0);
 513                 INIT_HLIST_NODE(&x->bydst);
 514                 INIT_HLIST_NODE(&x->bysrc);
 515                 INIT_HLIST_NODE(&x->byspi);
 516                 setup_timer(&x->timer, xfrm_timer_handler, (unsigned long)x);
 517                 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
 518                                 (unsigned long)x);
 519                 x->curlft.add_time = get_seconds();
 520                 x->lft.soft_byte_limit = XFRM_INF;
 521                 x->lft.soft_packet_limit = XFRM_INF;
 522                 x->lft.hard_byte_limit = XFRM_INF;
 523                 x->lft.hard_packet_limit = XFRM_INF;
 524                 x->replay_maxage = 0;
 525                 x->replay_maxdiff = 0;
 526                 spin_lock_init(&x->lock);
 527         }
 528         return x;
 529 }
 530 EXPORT_SYMBOL(xfrm_state_alloc);
 531
 532 void __xfrm_state_destroy(struct xfrm_state *x)
 533 {
 534         BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
 535
 536         spin_lock_bh(&xfrm_state_gc_lock);
 537         hlist_add_head(&x->bydst, &xfrm_state_gc_list);
 538         spin_unlock_bh(&xfrm_state_gc_lock);
 539         schedule_work(&xfrm_state_gc_work);
 540 }
 541 EXPORT_SYMBOL(__xfrm_state_destroy);
 542
 543 int __xfrm_state_delete(struct xfrm_state *x)
 544 {
 545         int err = -ESRCH;
 546
 547         if (x->km.state != XFRM_STATE_DEAD) {
 548                 x->km.state = XFRM_STATE_DEAD;
 549                 spin_lock(&xfrm_state_lock);
 550                 hlist_del(&x->bydst);
 551                 hlist_del(&x->bysrc);
 552                 if (x->id.spi)
 553                         hlist_del(&x->byspi);
 554                 xfrm_state_num--;
 555                 spin_unlock(&xfrm_state_lock);
 556
 557                 /* All xfrm_state objects are created by xfrm_state_alloc.
 558                  * The xfrm_state_alloc call gives a reference, and that
 559                  * is what we are dropping here.
 560                  */
 561                 xfrm_state_put(x);
 562                 err = 0;
 563         }
 564
 565         return err;
 566 }
 567 EXPORT_SYMBOL(__xfrm_state_delete);
 568
 569 int xfrm_state_delete(struct xfrm_state *x)
 570 {
 571         int err;
 572
 573         spin_lock_bh(&x->lock);
 574         err = __xfrm_state_delete(x);
 575         spin_unlock_bh(&x->lock);
 576
 577         return err;
 578 }
 579 EXPORT_SYMBOL(xfrm_state_delete);
 580
 581 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 582 static inline int
 583 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
 584 {
 585         int i, err = 0;
 586
 587         for (i = 0; i <= xfrm_state_hmask; i++) {
 588                 struct hlist_node *entry;
 589                 struct xfrm_state *x;
 590
 591                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
 592                         if (xfrm_id_proto_match(x->id.proto, proto) &&
 593                            (err = security_xfrm_state_delete(x)) != 0) {
 594                                 xfrm_audit_state_delete(x, 0,
 595                                                         audit_info->loginuid,
 596                                                         audit_info->secid);
 597                                 return err;
 598                         }
 599                 }
 600         }
 601
 602         return err;
 603 }
 604 #else
 605 static inline int
 606 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
 607 {
 608         return 0;
 609 }
 610 #endif
 611
 612 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
 613 {
 614         int i, err = 0;
 615
 616         spin_lock_bh(&xfrm_state_lock);
 617         err = xfrm_state_flush_secctx_check(proto, audit_info);
 618         if (err)
 619                 goto out;
 620
 621         for (i = 0; i <= xfrm_state_hmask; i++) {
 622                 struct hlist_node *entry;
 623                 struct xfrm_state *x;
 624 restart:
 625                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
 626                         if (!xfrm_state_kern(x) &&
 627                             xfrm_id_proto_match(x->id.proto, proto)) {
 628                                 xfrm_state_hold(x);
 629                                 spin_unlock_bh(&xfrm_state_lock);
 630
 631                                 err = xfrm_state_delete(x);
 632                                 xfrm_audit_state_delete(x, err ? 0 : 1,
 633                                                         audit_info->loginuid,
 634                                                         audit_info->secid);
 635                                 xfrm_state_put(x);
 636
 637                                 spin_lock_bh(&xfrm_state_lock);
 638                                 goto restart;
 639                         }
 640                 }
 641         }
 642         err = 0;
 643
 644 out:
 645         spin_unlock_bh(&xfrm_state_lock);
 646         wake_up(&km_waitq);
 647         return err;
 648 }
 649 EXPORT_SYMBOL(xfrm_state_flush);
 650
 651 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
 652 {
 653         spin_lock_bh(&xfrm_state_lock);
 654         si->sadcnt = xfrm_state_num;
 655         si->sadhcnt = xfrm_state_hmask;
 656         si->sadhmcnt = xfrm_state_hashmax;
 657         spin_unlock_bh(&xfrm_state_lock);
 658 }
 659 EXPORT_SYMBOL(xfrm_sad_getinfo);
 660
 661 static int
 662 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
 663                   struct xfrm_tmpl *tmpl,
 664                   xfrm_address_t *daddr, xfrm_address_t *saddr,
 665                   unsigned short family)
 666 {
 667         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 668         if (!afinfo)
 669                 return -1;
 670         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
 671         xfrm_state_put_afinfo(afinfo);
 672         return 0;
 673 }
 674
 675 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
 676 {
 677         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
 678         struct xfrm_state *x;
 679         struct hlist_node *entry;
 680
 681         hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
 682                 if (x->props.family != family ||
 683                     x->id.spi       != spi ||
 684                     x->id.proto     != proto)
 685                         continue;
 686
 687                 switch (family) {
 688                 case AF_INET:
 689                         if (x->id.daddr.a4 != daddr->a4)
 690                                 continue;
 691                         break;
 692                 case AF_INET6:
 693                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
 694                                              (struct in6_addr *)
 695                                              x->id.daddr.a6))
 696                                 continue;
 697                         break;
 698                 }
 699
 700                 xfrm_state_hold(x);
 701                 return x;
 702         }
 703
 704         return NULL;
 705 }
 706
 707 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
 708 {
 709         unsigned int h = xfrm_src_hash(daddr, saddr, family);
 710         struct xfrm_state *x;
 711         struct hlist_node *entry;
 712
 713         hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
 714                 if (x->props.family != family ||
 715                     x->id.proto     != proto)
 716                         continue;
 717
 718                 switch (family) {
 719                 case AF_INET:
 720                         if (x->id.daddr.a4 != daddr->a4 ||
 721                             x->props.saddr.a4 != saddr->a4)
 722                                 continue;
 723                         break;
 724                 case AF_INET6:
 725                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
 726                                              (struct in6_addr *)
 727                                              x->id.daddr.a6) ||
 728                             !ipv6_addr_equal((struct in6_addr *)saddr,
 729                                              (struct in6_addr *)
 730                                              x->props.saddr.a6))
 731                                 continue;
 732                         break;
 733                 }
 734
 735                 xfrm_state_hold(x);
 736                 return x;
 737         }
 738
 739         return NULL;
 740 }
 741
 742 static inline struct xfrm_state *
 743 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
 744 {
 745         if (use_spi)
 746                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
 747                                            x->id.proto, family);
 748         else
 749                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
 750                                                   &x->props.saddr,
 751                                                   x->id.proto, family);
 752 }
 753
 754 static void xfrm_hash_grow_check(int have_hash_collision)
 755 {
 756         if (have_hash_collision &&
 757             (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
 758             xfrm_state_num > xfrm_state_hmask)
 759                 schedule_work(&xfrm_hash_work);
 760 }
 761
 762 struct xfrm_state *
 763 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
 764                 struct flowi *fl, struct xfrm_tmpl *tmpl,
 765                 struct xfrm_policy *pol, int *err,
 766                 unsigned short family)
 767 {
 768         unsigned int h;
 769         struct hlist_node *entry;
 770         struct xfrm_state *x, *x0;
 771         int acquire_in_progress = 0;
 772         int error = 0;
 773         struct xfrm_state *best = NULL;
 774
 775         spin_lock_bh(&xfrm_state_lock);
 776         h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
 777         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 778                 if (x->props.family == family &&
 779                     x->props.reqid == tmpl->reqid &&
 780                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
 781                     xfrm_state_addr_check(x, daddr, saddr, family) &&
 782                     tmpl->mode == x->props.mode &&
 783                     tmpl->id.proto == x->id.proto &&
 784                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
 785                         /* Resolution logic:
 786                            1. There is a valid state with matching selector.
 787                               Done.
 788                            2. Valid state with inappropriate selector. Skip.
 789
 790                            Entering area of "sysdeps".
 791
 792                            3. If state is not valid, selector is temporary,
 793                               it selects only session which triggered
 794                               previous resolution. Key manager will do
 795                               something to install a state with proper
 796                               selector.
 797                          */
 798                         if (x->km.state == XFRM_STATE_VALID) {
 799                                 if (!xfrm_selector_match(&x->sel, fl, x->sel.family) ||
 800                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
 801                                         continue;
 802                                 if (!best ||
 803                                     best->km.dying > x->km.dying ||
 804                                     (best->km.dying == x->km.dying &&
 805                                      best->curlft.add_time < x->curlft.add_time))
 806                                         best = x;
 807                         } else if (x->km.state == XFRM_STATE_ACQ) {
 808                                 acquire_in_progress = 1;
 809                         } else if (x->km.state == XFRM_STATE_ERROR ||
 810                                    x->km.state == XFRM_STATE_EXPIRED) {
 811                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
 812                                     security_xfrm_state_pol_flow_match(x, pol, fl))
 813                                         error = -ESRCH;
 814                         }
 815                 }
 816         }
 817
 818         x = best;
 819         if (!x && !error && !acquire_in_progress) {
 820                 if (tmpl->id.spi &&
 821                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
 822                                               tmpl->id.proto, family)) != NULL) {
 823                         xfrm_state_put(x0);
 824                         error = -EEXIST;
 825                         goto out;
 826                 }
 827                 x = xfrm_state_alloc();
 828                 if (x == NULL) {
 829                         error = -ENOMEM;
 830                         goto out;
 831                 }
 832                 /* Initialize temporary selector matching only
 833                  * to current session. */
 834                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
 835
 836                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
 837                 if (error) {
 838                         x->km.state = XFRM_STATE_DEAD;
 839                         xfrm_state_put(x);
 840                         x = NULL;
 841                         goto out;
 842                 }
 843
 844                 if (km_query(x, tmpl, pol) == 0) {
 845                         x->km.state = XFRM_STATE_ACQ;
 846                         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 847                         h = xfrm_src_hash(daddr, saddr, family);
 848                         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
 849                         if (x->id.spi) {
 850                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
 851                                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
 852                         }
 853                         x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
 854                         x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
 855                         add_timer(&x->timer);
 856                         xfrm_state_num++;
 857                         xfrm_hash_grow_check(x->bydst.next != NULL);
 858                 } else {
 859                         x->km.state = XFRM_STATE_DEAD;
 860                         xfrm_state_put(x);
 861                         x = NULL;
 862                         error = -ESRCH;
 863                 }
 864         }
 865 out:
 866         if (x)
 867                 xfrm_state_hold(x);
 868         else
 869                 *err = acquire_in_progress ? -EAGAIN : error;
 870         spin_unlock_bh(&xfrm_state_lock);
 871         return x;
 872 }
 873
 874 struct xfrm_state *
 875 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
 876                     unsigned short family, u8 mode, u8 proto, u32 reqid)
 877 {
 878         unsigned int h;
 879         struct xfrm_state *rx = NULL, *x = NULL;
 880         struct hlist_node *entry;
 881
 882         spin_lock(&xfrm_state_lock);
 883         h = xfrm_dst_hash(daddr, saddr, reqid, family);
 884         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 885                 if (x->props.family == family &&
 886                     x->props.reqid == reqid &&
 887                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
 888                     xfrm_state_addr_check(x, daddr, saddr, family) &&
 889                     mode == x->props.mode &&
 890                     proto == x->id.proto &&
 891                     x->km.state == XFRM_STATE_VALID) {
 892                         rx = x;
 893                         break;
 894                 }
 895         }
 896
 897         if (rx)
 898                 xfrm_state_hold(rx);
 899         spin_unlock(&xfrm_state_lock);
 900
 901
 902         return rx;
 903 }
 904 EXPORT_SYMBOL(xfrm_stateonly_find);
 905
 906 static void __xfrm_state_insert(struct xfrm_state *x)
 907 {
 908         unsigned int h;
 909
 910         x->genid = ++xfrm_state_genid;
 911
 912         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
 913                           x->props.reqid, x->props.family);
 914         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 915
 916         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
 917         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
 918
 919         if (x->id.spi) {
 920                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
 921                                   x->props.family);
 922
 923                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
 924         }
 925
 926         mod_timer(&x->timer, jiffies + HZ);
 927         if (x->replay_maxage)
 928                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
 929
 930         wake_up(&km_waitq);
 931
 932         xfrm_state_num++;
 933
 934         xfrm_hash_grow_check(x->bydst.next != NULL);
 935 }
 936
 937 /* xfrm_state_lock is held */
 938 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
 939 {
 940         unsigned short family = xnew->props.family;
 941         u32 reqid = xnew->props.reqid;
 942         struct xfrm_state *x;
 943         struct hlist_node *entry;
 944         unsigned int h;
 945
 946         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
 947         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 948                 if (x->props.family     == family &&
 949                     x->props.reqid      == reqid &&
 950                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
 951                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
 952                         x->genid = xfrm_state_genid;
 953         }
 954 }
 955
 956 void xfrm_state_insert(struct xfrm_state *x)
 957 {
 958         spin_lock_bh(&xfrm_state_lock);
 959         __xfrm_state_bump_genids(x);
 960         __xfrm_state_insert(x);
 961         spin_unlock_bh(&xfrm_state_lock);
 962 }
 963 EXPORT_SYMBOL(xfrm_state_insert);
 964
 965 /* xfrm_state_lock is held */
 966 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
 967 {
 968         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
 969         struct hlist_node *entry;
 970         struct xfrm_state *x;
 971
 972         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 973                 if (x->props.reqid  != reqid ||
 974                     x->props.mode   != mode ||
 975                     x->props.family != family ||
 976                     x->km.state     != XFRM_STATE_ACQ ||
 977                     x->id.spi       != 0 ||
 978                     x->id.proto     != proto)
 979                         continue;
 980
 981                 switch (family) {
 982                 case AF_INET:
 983                         if (x->id.daddr.a4    != daddr->a4 ||
 984                             x->props.saddr.a4 != saddr->a4)
 985                                 continue;
 986                         break;
 987                 case AF_INET6:
 988                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
 989                                              (struct in6_addr *)daddr) ||
 990                             !ipv6_addr_equal((struct in6_addr *)
 991                                              x->props.saddr.a6,
 992                                              (struct in6_addr *)saddr))
 993                                 continue;
 994                         break;
 995                 }
 996
 997                 xfrm_state_hold(x);
 998                 return x;
 999         }
1000
1001         if (!create)
1002                 return NULL;
1003
1004         x = xfrm_state_alloc();
1005         if (likely(x)) {
1006                 switch (family) {
1007                 case AF_INET:
1008                         x->sel.daddr.a4 = daddr->a4;
1009                         x->sel.saddr.a4 = saddr->a4;
1010                         x->sel.prefixlen_d = 32;
1011                         x->sel.prefixlen_s = 32;
1012                         x->props.saddr.a4 = saddr->a4;
1013                         x->id.daddr.a4 = daddr->a4;
1014                         break;
1015
1016                 case AF_INET6:
1017                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
1018                                        (struct in6_addr *)daddr);
1019                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
1020                                        (struct in6_addr *)saddr);
1021                         x->sel.prefixlen_d = 128;
1022                         x->sel.prefixlen_s = 128;
1023                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
1024                                        (struct in6_addr *)saddr);
1025                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
1026                                        (struct in6_addr *)daddr);
1027                         break;
1028                 }
1029
1030                 x->km.state = XFRM_STATE_ACQ;
1031                 x->id.proto = proto;
1032                 x->props.family = family;
1033                 x->props.mode = mode;
1034                 x->props.reqid = reqid;
1035                 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
1036                 xfrm_state_hold(x);
1037                 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
1038                 add_timer(&x->timer);
1039                 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
1040                 h = xfrm_src_hash(daddr, saddr, family);
1041                 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
1042
1043                 xfrm_state_num++;
1044
1045                 xfrm_hash_grow_check(x->bydst.next != NULL);
1046         }
1047
1048         return x;
1049 }
1050
1051 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
1052
1053 int xfrm_state_add(struct xfrm_state *x)
1054 {
1055         struct xfrm_state *x1;
1056         int family;
1057         int err;
1058         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1059
1060         family = x->props.family;
1061
1062         spin_lock_bh(&xfrm_state_lock);
1063
1064         x1 = __xfrm_state_locate(x, use_spi, family);
1065         if (x1) {
1066                 xfrm_state_put(x1);
1067                 x1 = NULL;
1068                 err = -EEXIST;
1069                 goto out;
1070         }
1071
1072         if (use_spi && x->km.seq) {
1073                 x1 = __xfrm_find_acq_byseq(x->km.seq);
1074                 if (x1 && ((x1->id.proto != x->id.proto) ||
1075                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
1076                         xfrm_state_put(x1);
1077                         x1 = NULL;
1078                 }
1079         }
1080
1081         if (use_spi && !x1)
1082                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
1083                                      x->id.proto,
1084                                      &x->id.daddr, &x->props.saddr, 0);
1085
1086         __xfrm_state_bump_genids(x);
1087         __xfrm_state_insert(x);
1088         err = 0;
1089
1090 out:
1091         spin_unlock_bh(&xfrm_state_lock);
1092
1093         if (x1) {
1094                 xfrm_state_delete(x1);
1095                 xfrm_state_put(x1);
1096         }
1097
1098         return err;
1099 }
1100 EXPORT_SYMBOL(xfrm_state_add);
1101
1102 #ifdef CONFIG_XFRM_MIGRATE
1103 static struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
1104 {
1105         int err = -ENOMEM;
1106         struct xfrm_state *x = xfrm_state_alloc();
1107         if (!x)
1108                 goto error;
1109
1110         memcpy(&x->id, &orig->id, sizeof(x->id));
1111         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
1112         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
1113         x->props.mode = orig->props.mode;
1114         x->props.replay_window = orig->props.replay_window;
1115         x->props.reqid = orig->props.reqid;
1116         x->props.family = orig->props.family;
1117         x->props.saddr = orig->props.saddr;
1118
1119         if (orig->aalg) {
1120                 x->aalg = xfrm_algo_clone(orig->aalg);
1121                 if (!x->aalg)
1122                         goto error;
1123         }
1124         x->props.aalgo = orig->props.aalgo;
1125
1126         if (orig->ealg) {
1127                 x->ealg = xfrm_algo_clone(orig->ealg);
1128                 if (!x->ealg)
1129                         goto error;
1130         }
1131         x->props.ealgo = orig->props.ealgo;
1132
1133         if (orig->calg) {
1134                 x->calg = xfrm_algo_clone(orig->calg);
1135                 if (!x->calg)
1136                         goto error;
1137         }
1138         x->props.calgo = orig->props.calgo;
1139
1140         if (orig->encap) {
1141                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
1142                 if (!x->encap)
1143                         goto error;
1144         }
1145
1146         if (orig->coaddr) {
1147                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
1148                                     GFP_KERNEL);
1149                 if (!x->coaddr)
1150                         goto error;
1151         }
1152
1153         err = xfrm_init_state(x);
1154         if (err)
1155                 goto error;
1156
1157         x->props.flags = orig->props.flags;
1158
1159         x->curlft.add_time = orig->curlft.add_time;
1160         x->km.state = orig->km.state;
1161         x->km.seq = orig->km.seq;
1162
1163         return x;
1164
1165  error:
1166         if (errp)
1167                 *errp = err;
1168         if (x) {
1169                 kfree(x->aalg);
1170                 kfree(x->ealg);
1171                 kfree(x->calg);
1172                 kfree(x->encap);
1173                 kfree(x->coaddr);
1174         }
1175         kfree(x);
1176         return NULL;
1177 }
1178
1179 /* xfrm_state_lock is held */
1180 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
1181 {
1182         unsigned int h;
1183         struct xfrm_state *x;
1184         struct hlist_node *entry;
1185
1186         if (m->reqid) {
1187                 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
1188                                   m->reqid, m->old_family);
1189                 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1190                         if (x->props.mode != m->mode ||
1191                             x->id.proto != m->proto)
1192                                 continue;
1193                         if (m->reqid && x->props.reqid != m->reqid)
1194                                 continue;
1195                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1196                                           m->old_family) ||
1197                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1198                                           m->old_family))
1199                                 continue;
1200                         xfrm_state_hold(x);
1201                         return x;
1202                 }
1203         } else {
1204                 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1205                                   m->old_family);
1206                 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1207                         if (x->props.mode != m->mode ||
1208                             x->id.proto != m->proto)
1209                                 continue;
1210                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1211                                           m->old_family) ||
1212                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1213                                           m->old_family))
1214                                 continue;
1215                         xfrm_state_hold(x);
1216                         return x;
1217                 }
1218         }
1219
1220         return NULL;
1221 }
1222 EXPORT_SYMBOL(xfrm_migrate_state_find);
1223
1224 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1225                                        struct xfrm_migrate *m)
1226 {
1227         struct xfrm_state *xc;
1228         int err;
1229
1230         xc = xfrm_state_clone(x, &err);
1231         if (!xc)
1232                 return NULL;
1233
1234         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1235         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1236
1237         /* add state */
1238         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1239                 /* a care is needed when the destination address of the
1240                    state is to be updated as it is a part of triplet */
1241                 xfrm_state_insert(xc);
1242         } else {
1243                 if ((err = xfrm_state_add(xc)) < 0)
1244                         goto error;
1245         }
1246
1247         return xc;
1248 error:
1249         kfree(xc);
1250         return NULL;
1251 }
1252 EXPORT_SYMBOL(xfrm_state_migrate);
1253 #endif
1254
1255 int xfrm_state_update(struct xfrm_state *x)
1256 {
1257         struct xfrm_state *x1;
1258         int err;
1259         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1260
1261         spin_lock_bh(&xfrm_state_lock);
1262         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1263
1264         err = -ESRCH;
1265         if (!x1)
1266                 goto out;
1267
1268         if (xfrm_state_kern(x1)) {
1269                 xfrm_state_put(x1);
1270                 err = -EEXIST;
1271                 goto out;
1272         }
1273
1274         if (x1->km.state == XFRM_STATE_ACQ) {
1275                 __xfrm_state_insert(x);
1276                 x = NULL;
1277         }
1278         err = 0;
1279
1280 out:
1281         spin_unlock_bh(&xfrm_state_lock);
1282
1283         if (err)
1284                 return err;
1285
1286         if (!x) {
1287                 xfrm_state_delete(x1);
1288                 xfrm_state_put(x1);
1289                 return 0;
1290         }
1291
1292         err = -EINVAL;
1293         spin_lock_bh(&x1->lock);
1294         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1295                 if (x->encap && x1->encap)
1296                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1297                 if (x->coaddr && x1->coaddr) {
1298                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1299                 }
1300                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1301                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1302                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1303                 x1->km.dying = 0;
1304
1305                 mod_timer(&x1->timer, jiffies + HZ);
1306                 if (x1->curlft.use_time)
1307                         xfrm_state_check_expire(x1);
1308
1309                 err = 0;
1310         }
1311         spin_unlock_bh(&x1->lock);
1312
1313         xfrm_state_put(x1);
1314
1315         return err;
1316 }
1317 EXPORT_SYMBOL(xfrm_state_update);
1318
1319 int xfrm_state_check_expire(struct xfrm_state *x)
1320 {
1321         if (!x->curlft.use_time)
1322                 x->curlft.use_time = get_seconds();
1323
1324         if (x->km.state != XFRM_STATE_VALID)
1325                 return -EINVAL;
1326
1327         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1328             x->curlft.packets >= x->lft.hard_packet_limit) {
1329                 x->km.state = XFRM_STATE_EXPIRED;
1330                 mod_timer(&x->timer, jiffies);
1331                 return -EINVAL;
1332         }
1333
1334         if (!x->km.dying &&
1335             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1336              x->curlft.packets >= x->lft.soft_packet_limit)) {
1337                 x->km.dying = 1;
1338                 km_state_expired(x, 0, 0);
1339         }
1340         return 0;
1341 }
1342 EXPORT_SYMBOL(xfrm_state_check_expire);
1343
1344 struct xfrm_state *
1345 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1346                   unsigned short family)
1347 {
1348         struct xfrm_state *x;
1349
1350         spin_lock_bh(&xfrm_state_lock);
1351         x = __xfrm_state_lookup(daddr, spi, proto, family);
1352         spin_unlock_bh(&xfrm_state_lock);
1353         return x;
1354 }
1355 EXPORT_SYMBOL(xfrm_state_lookup);
1356
1357 struct xfrm_state *
1358 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1359                          u8 proto, unsigned short family)
1360 {
1361         struct xfrm_state *x;
1362
1363         spin_lock_bh(&xfrm_state_lock);
1364         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1365         spin_unlock_bh(&xfrm_state_lock);
1366         return x;
1367 }
1368 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1369
1370 struct xfrm_state *
1371 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1372               xfrm_address_t *daddr, xfrm_address_t *saddr,
1373               int create, unsigned short family)
1374 {
1375         struct xfrm_state *x;
1376
1377         spin_lock_bh(&xfrm_state_lock);
1378         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1379         spin_unlock_bh(&xfrm_state_lock);
1380
1381         return x;
1382 }
1383 EXPORT_SYMBOL(xfrm_find_acq);
1384
1385 #ifdef CONFIG_XFRM_SUB_POLICY
1386 int
1387 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1388                unsigned short family)
1389 {
1390         int err = 0;
1391         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1392         if (!afinfo)
1393                 return -EAFNOSUPPORT;
1394
1395         spin_lock_bh(&xfrm_state_lock);
1396         if (afinfo->tmpl_sort)
1397                 err = afinfo->tmpl_sort(dst, src, n);
1398         spin_unlock_bh(&xfrm_state_lock);
1399         xfrm_state_put_afinfo(afinfo);
1400         return err;
1401 }
1402 EXPORT_SYMBOL(xfrm_tmpl_sort);
1403
1404 int
1405 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1406                 unsigned short family)
1407 {
1408         int err = 0;
1409         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1410         if (!afinfo)
1411                 return -EAFNOSUPPORT;
1412
1413         spin_lock_bh(&xfrm_state_lock);
1414         if (afinfo->state_sort)
1415                 err = afinfo->state_sort(dst, src, n);
1416         spin_unlock_bh(&xfrm_state_lock);
1417         xfrm_state_put_afinfo(afinfo);
1418         return err;
1419 }
1420 EXPORT_SYMBOL(xfrm_state_sort);
1421 #endif
1422
1423 /* Silly enough, but I'm lazy to build resolution list */
1424
1425 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1426 {
1427         int i;
1428
1429         for (i = 0; i <= xfrm_state_hmask; i++) {
1430                 struct hlist_node *entry;
1431                 struct xfrm_state *x;
1432
1433                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1434                         if (x->km.seq == seq &&
1435                             x->km.state == XFRM_STATE_ACQ) {
1436                                 xfrm_state_hold(x);
1437                                 return x;
1438                         }
1439                 }
1440         }
1441         return NULL;
1442 }
1443
1444 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1445 {
1446         struct xfrm_state *x;
1447
1448         spin_lock_bh(&xfrm_state_lock);
1449         x = __xfrm_find_acq_byseq(seq);
1450         spin_unlock_bh(&xfrm_state_lock);
1451         return x;
1452 }
1453 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1454
1455 u32 xfrm_get_acqseq(void)
1456 {
1457         u32 res;
1458         static u32 acqseq;
1459         static DEFINE_SPINLOCK(acqseq_lock);
1460
1461         spin_lock_bh(&acqseq_lock);
1462         res = (++acqseq ? : ++acqseq);
1463         spin_unlock_bh(&acqseq_lock);
1464         return res;
1465 }
1466 EXPORT_SYMBOL(xfrm_get_acqseq);
1467
1468 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1469 {
1470         unsigned int h;
1471         struct xfrm_state *x0;
1472         int err = -ENOENT;
1473         __be32 minspi = htonl(low);
1474         __be32 maxspi = htonl(high);
1475
1476         spin_lock_bh(&x->lock);
1477         if (x->km.state == XFRM_STATE_DEAD)
1478                 goto unlock;
1479
1480         err = 0;
1481         if (x->id.spi)
1482                 goto unlock;
1483
1484         err = -ENOENT;
1485
1486         if (minspi == maxspi) {
1487                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1488                 if (x0) {
1489                         xfrm_state_put(x0);
1490                         goto unlock;
1491                 }
1492                 x->id.spi = minspi;
1493         } else {
1494                 u32 spi = 0;
1495                 for (h=0; h<high-low+1; h++) {
1496                         spi = low + net_random()%(high-low+1);
1497                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1498                         if (x0 == NULL) {
1499                                 x->id.spi = htonl(spi);
1500                                 break;
1501                         }
1502                         xfrm_state_put(x0);
1503                 }
1504         }
1505         if (x->id.spi) {
1506                 spin_lock_bh(&xfrm_state_lock);
1507                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1508                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1509                 spin_unlock_bh(&xfrm_state_lock);
1510
1511                 err = 0;
1512         }
1513
1514 unlock:
1515         spin_unlock_bh(&x->lock);
1516
1517         return err;
1518 }
1519 EXPORT_SYMBOL(xfrm_alloc_spi);
1520
1521 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
1522                     void *data)
1523 {
1524         int i;
1525         struct xfrm_state *x, *last = NULL;
1526         struct hlist_node *entry;
1527         int count = 0;
1528         int err = 0;
1529
1530         spin_lock_bh(&xfrm_state_lock);
1531         for (i = 0; i <= xfrm_state_hmask; i++) {
1532                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1533                         if (!xfrm_id_proto_match(x->id.proto, proto))
1534                                 continue;
1535                         if (last) {
1536                                 err = func(last, count, data);
1537                                 if (err)
1538                                         goto out;
1539                         }
1540                         last = x;
1541                         count++;
1542                 }
1543         }
1544         if (count == 0) {
1545                 err = -ENOENT;
1546                 goto out;
1547         }
1548         err = func(last, 0, data);
1549 out:
1550         spin_unlock_bh(&xfrm_state_lock);
1551         return err;
1552 }
1553 EXPORT_SYMBOL(xfrm_state_walk);
1554
1555
1556 void xfrm_replay_notify(struct xfrm_state *x, int event)
1557 {
1558         struct km_event c;
1559         /* we send notify messages in case
1560          *  1. we updated on of the sequence numbers, and the seqno difference
1561          *     is at least x->replay_maxdiff, in this case we also update the
1562          *     timeout of our timer function
1563          *  2. if x->replay_maxage has elapsed since last update,
1564          *     and there were changes
1565          *
1566          *  The state structure must be locked!
1567          */
1568
1569         switch (event) {
1570         case XFRM_REPLAY_UPDATE:
1571                 if (x->replay_maxdiff &&
1572                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1573                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1574                         if (x->xflags & XFRM_TIME_DEFER)
1575                                 event = XFRM_REPLAY_TIMEOUT;
1576                         else
1577                                 return;
1578                 }
1579
1580                 break;
1581
1582         case XFRM_REPLAY_TIMEOUT:
1583                 if ((x->replay.seq == x->preplay.seq) &&
1584                     (x->replay.bitmap == x->preplay.bitmap) &&
1585                     (x->replay.oseq == x->preplay.oseq)) {
1586                         x->xflags |= XFRM_TIME_DEFER;
1587                         return;
1588                 }
1589
1590                 break;
1591         }
1592
1593         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1594         c.event = XFRM_MSG_NEWAE;
1595         c.data.aevent = event;
1596         km_state_notify(x, &c);
1597
1598         if (x->replay_maxage &&
1599             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1600                 x->xflags &= ~XFRM_TIME_DEFER;
1601 }
1602
1603 static void xfrm_replay_timer_handler(unsigned long data)
1604 {
1605         struct xfrm_state *x = (struct xfrm_state*)data;
1606
1607         spin_lock(&x->lock);
1608
1609         if (x->km.state == XFRM_STATE_VALID) {
1610                 if (xfrm_aevent_is_on())
1611                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1612                 else
1613                         x->xflags |= XFRM_TIME_DEFER;
1614         }
1615
1616         spin_unlock(&x->lock);
1617 }
1618
1619 int xfrm_replay_check(struct xfrm_state *x,
1620                       struct sk_buff *skb, __be32 net_seq)
1621 {
1622         u32 diff;
1623         u32 seq = ntohl(net_seq);
1624
1625         if (unlikely(seq == 0))
1626                 goto err;
1627
1628         if (likely(seq > x->replay.seq))
1629                 return 0;
1630
1631         diff = x->replay.seq - seq;
1632         if (diff >= min_t(unsigned int, x->props.replay_window,
1633                           sizeof(x->replay.bitmap) * 8)) {
1634                 x->stats.replay_window++;
1635                 goto err;
1636         }
1637
1638         if (x->replay.bitmap & (1U << diff)) {
1639                 x->stats.replay++;
1640                 goto err;
1641         }
1642         return 0;
1643
1644 err:
1645         xfrm_audit_state_replay(x, skb, net_seq);
1646         return -EINVAL;
1647 }
1648
1649 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1650 {
1651         u32 diff;
1652         u32 seq = ntohl(net_seq);
1653
1654         if (seq > x->replay.seq) {
1655                 diff = seq - x->replay.seq;
1656                 if (diff < x->props.replay_window)
1657                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1658                 else
1659                         x->replay.bitmap = 1;
1660                 x->replay.seq = seq;
1661         } else {
1662                 diff = x->replay.seq - seq;
1663                 x->replay.bitmap |= (1U << diff);
1664         }
1665
1666         if (xfrm_aevent_is_on())
1667                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1668 }
1669
1670 static LIST_HEAD(xfrm_km_list);
1671 static DEFINE_RWLOCK(xfrm_km_lock);
1672
1673 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1674 {
1675         struct xfrm_mgr *km;
1676
1677         read_lock(&xfrm_km_lock);
1678         list_for_each_entry(km, &xfrm_km_list, list)
1679                 if (km->notify_policy)
1680                         km->notify_policy(xp, dir, c);
1681         read_unlock(&xfrm_km_lock);
1682 }
1683
1684 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1685 {
1686         struct xfrm_mgr *km;
1687         read_lock(&xfrm_km_lock);
1688         list_for_each_entry(km, &xfrm_km_list, list)
1689                 if (km->notify)
1690                         km->notify(x, c);
1691         read_unlock(&xfrm_km_lock);
1692 }
1693
1694 EXPORT_SYMBOL(km_policy_notify);
1695 EXPORT_SYMBOL(km_state_notify);
1696
1697 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1698 {
1699         struct km_event c;
1700
1701         c.data.hard = hard;
1702         c.pid = pid;
1703         c.event = XFRM_MSG_EXPIRE;
1704         km_state_notify(x, &c);
1705
1706         if (hard)
1707                 wake_up(&km_waitq);
1708 }
1709
1710 EXPORT_SYMBOL(km_state_expired);
1711 /*
1712  * We send to all registered managers regardless of failure
1713  * We are happy with one success
1714 */
1715 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1716 {
1717         int err = -EINVAL, acqret;
1718         struct xfrm_mgr *km;
1719
1720         read_lock(&xfrm_km_lock);
1721         list_for_each_entry(km, &xfrm_km_list, list) {
1722                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1723                 if (!acqret)
1724                         err = acqret;
1725         }
1726         read_unlock(&xfrm_km_lock);
1727         return err;
1728 }
1729 EXPORT_SYMBOL(km_query);
1730
1731 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1732 {
1733         int err = -EINVAL;
1734         struct xfrm_mgr *km;
1735
1736         read_lock(&xfrm_km_lock);
1737         list_for_each_entry(km, &xfrm_km_list, list) {
1738                 if (km->new_mapping)
1739                         err = km->new_mapping(x, ipaddr, sport);
1740                 if (!err)
1741                         break;
1742         }
1743         read_unlock(&xfrm_km_lock);
1744         return err;
1745 }
1746 EXPORT_SYMBOL(km_new_mapping);
1747
1748 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1749 {
1750         struct km_event c;
1751
1752         c.data.hard = hard;
1753         c.pid = pid;
1754         c.event = XFRM_MSG_POLEXPIRE;
1755         km_policy_notify(pol, dir, &c);
1756
1757         if (hard)
1758                 wake_up(&km_waitq);
1759 }
1760 EXPORT_SYMBOL(km_policy_expired);
1761
1762 #ifdef CONFIG_XFRM_MIGRATE
1763 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1764                struct xfrm_migrate *m, int num_migrate)
1765 {
1766         int err = -EINVAL;
1767         int ret;
1768         struct xfrm_mgr *km;
1769
1770         read_lock(&xfrm_km_lock);
1771         list_for_each_entry(km, &xfrm_km_list, list) {
1772                 if (km->migrate) {
1773                         ret = km->migrate(sel, dir, type, m, num_migrate);
1774                         if (!ret)
1775                                 err = ret;
1776                 }
1777         }
1778         read_unlock(&xfrm_km_lock);
1779         return err;
1780 }
1781 EXPORT_SYMBOL(km_migrate);
1782 #endif
1783
1784 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1785 {
1786         int err = -EINVAL;
1787         int ret;
1788         struct xfrm_mgr *km;
1789
1790         read_lock(&xfrm_km_lock);
1791         list_for_each_entry(km, &xfrm_km_list, list) {
1792                 if (km->report) {
1793                         ret = km->report(proto, sel, addr);
1794                         if (!ret)
1795                                 err = ret;
1796                 }
1797         }
1798         read_unlock(&xfrm_km_lock);
1799         return err;
1800 }
1801 EXPORT_SYMBOL(km_report);
1802
1803 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1804 {
1805         int err;
1806         u8 *data;
1807         struct xfrm_mgr *km;
1808         struct xfrm_policy *pol = NULL;
1809
1810         if (optlen <= 0 || optlen > PAGE_SIZE)
1811                 return -EMSGSIZE;
1812
1813         data = kmalloc(optlen, GFP_KERNEL);
1814         if (!data)
1815                 return -ENOMEM;
1816
1817         err = -EFAULT;
1818         if (copy_from_user(data, optval, optlen))
1819                 goto out;
1820
1821         err = -EINVAL;
1822         read_lock(&xfrm_km_lock);
1823         list_for_each_entry(km, &xfrm_km_list, list) {
1824                 pol = km->compile_policy(sk, optname, data,
1825                                          optlen, &err);
1826                 if (err >= 0)
1827                         break;
1828         }
1829         read_unlock(&xfrm_km_lock);
1830
1831         if (err >= 0) {
1832                 xfrm_sk_policy_insert(sk, err, pol);
1833                 xfrm_pol_put(pol);
1834                 err = 0;
1835         }
1836
1837 out:
1838         kfree(data);
1839         return err;
1840 }
1841 EXPORT_SYMBOL(xfrm_user_policy);
1842
1843 int xfrm_register_km(struct xfrm_mgr *km)
1844 {
1845         write_lock_bh(&xfrm_km_lock);
1846         list_add_tail(&km->list, &xfrm_km_list);
1847         write_unlock_bh(&xfrm_km_lock);
1848         return 0;
1849 }
1850 EXPORT_SYMBOL(xfrm_register_km);
1851
1852 int xfrm_unregister_km(struct xfrm_mgr *km)
1853 {
1854         write_lock_bh(&xfrm_km_lock);
1855         list_del(&km->list);
1856         write_unlock_bh(&xfrm_km_lock);
1857         return 0;
1858 }
1859 EXPORT_SYMBOL(xfrm_unregister_km);
1860
1861 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1862 {
1863         int err = 0;
1864         if (unlikely(afinfo == NULL))
1865                 return -EINVAL;
1866         if (unlikely(afinfo->family >= NPROTO))
1867                 return -EAFNOSUPPORT;
1868         write_lock_bh(&xfrm_state_afinfo_lock);
1869         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1870                 err = -ENOBUFS;
1871         else
1872                 xfrm_state_afinfo[afinfo->family] = afinfo;
1873         write_unlock_bh(&xfrm_state_afinfo_lock);
1874         return err;
1875 }
1876 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1877
1878 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1879 {
1880         int err = 0;
1881         if (unlikely(afinfo == NULL))
1882                 return -EINVAL;
1883         if (unlikely(afinfo->family >= NPROTO))
1884                 return -EAFNOSUPPORT;
1885         write_lock_bh(&xfrm_state_afinfo_lock);
1886         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1887                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1888                         err = -EINVAL;
1889                 else
1890                         xfrm_state_afinfo[afinfo->family] = NULL;
1891         }
1892         write_unlock_bh(&xfrm_state_afinfo_lock);
1893         return err;
1894 }
1895 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1896
1897 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
1898 {
1899         struct xfrm_state_afinfo *afinfo;
1900         if (unlikely(family >= NPROTO))
1901                 return NULL;
1902         read_lock(&xfrm_state_afinfo_lock);
1903         afinfo = xfrm_state_afinfo[family];
1904         if (unlikely(!afinfo))
1905                 read_unlock(&xfrm_state_afinfo_lock);
1906         return afinfo;
1907 }
1908
1909 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1910         __releases(xfrm_state_afinfo_lock)
1911 {
1912         read_unlock(&xfrm_state_afinfo_lock);
1913 }
1914
1915 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1916 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1917 {
1918         if (x->tunnel) {
1919                 struct xfrm_state *t = x->tunnel;
1920
1921                 if (atomic_read(&t->tunnel_users) == 2)
1922                         xfrm_state_delete(t);
1923                 atomic_dec(&t->tunnel_users);
1924                 xfrm_state_put(t);
1925                 x->tunnel = NULL;
1926         }
1927 }
1928 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1929
1930 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1931 {
1932         int res;
1933
1934         spin_lock_bh(&x->lock);
1935         if (x->km.state == XFRM_STATE_VALID &&
1936             x->type && x->type->get_mtu)
1937                 res = x->type->get_mtu(x, mtu);
1938         else
1939                 res = mtu - x->props.header_len;
1940         spin_unlock_bh(&x->lock);
1941         return res;
1942 }
1943
1944 int xfrm_init_state(struct xfrm_state *x)
1945 {
1946         struct xfrm_state_afinfo *afinfo;
1947         int family = x->props.family;
1948         int err;
1949
1950         err = -EAFNOSUPPORT;
1951         afinfo = xfrm_state_get_afinfo(family);
1952         if (!afinfo)
1953                 goto error;
1954
1955         err = 0;
1956         if (afinfo->init_flags)
1957                 err = afinfo->init_flags(x);
1958
1959         xfrm_state_put_afinfo(afinfo);
1960
1961         if (err)
1962                 goto error;
1963
1964         err = -EPROTONOSUPPORT;
1965         x->inner_mode = xfrm_get_mode(x->props.mode, x->sel.family);
1966         if (x->inner_mode == NULL)
1967                 goto error;
1968
1969         if (!(x->inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
1970             family != x->sel.family)
1971                 goto error;
1972
1973         x->type = xfrm_get_type(x->id.proto, family);
1974         if (x->type == NULL)
1975                 goto error;
1976
1977         err = x->type->init_state(x);
1978         if (err)
1979                 goto error;
1980
1981         x->outer_mode = xfrm_get_mode(x->props.mode, family);
1982         if (x->outer_mode == NULL)
1983                 goto error;
1984
1985         x->km.state = XFRM_STATE_VALID;
1986
1987 error:
1988         return err;
1989 }
1990
1991 EXPORT_SYMBOL(xfrm_init_state);
1992
1993 void __init xfrm_state_init(void)
1994 {
1995         unsigned int sz;
1996
1997         sz = sizeof(struct hlist_head) * 8;
1998
1999         xfrm_state_bydst = xfrm_hash_alloc(sz);
2000         xfrm_state_bysrc = xfrm_hash_alloc(sz);
2001         xfrm_state_byspi = xfrm_hash_alloc(sz);
2002         if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
2003                 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
2004         xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
2005
2006         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
2007 }
2008
2009 #ifdef CONFIG_AUDITSYSCALL
2010 static void xfrm_audit_helper_sainfo(struct xfrm_state *x,
2011                                      struct audit_buffer *audit_buf)
2012 {
2013         struct xfrm_sec_ctx *ctx = x->security;
2014         u32 spi = ntohl(x->id.spi);
2015
2016         if (ctx)
2017                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
2018                                  ctx->ctx_alg, ctx->ctx_doi, ctx->ctx_str);
2019
2020         switch(x->props.family) {
2021         case AF_INET:
2022                 audit_log_format(audit_buf,
2023                                  " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2024                                  NIPQUAD(x->props.saddr.a4),
2025                                  NIPQUAD(x->id.daddr.a4));
2026                 break;
2027         case AF_INET6:
2028                 audit_log_format(audit_buf,
2029                                  " src=" NIP6_FMT " dst=" NIP6_FMT,
2030                                  NIP6(*(struct in6_addr *)x->props.saddr.a6),
2031                                  NIP6(*(struct in6_addr *)x->id.daddr.a6));
2032                 break;
2033         }
2034
2035         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2036 }
2037
2038 static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2039                                       struct audit_buffer *audit_buf)
2040 {
2041         struct iphdr *iph4;
2042         struct ipv6hdr *iph6;
2043
2044         switch (family) {
2045         case AF_INET:
2046                 iph4 = ip_hdr(skb);
2047                 audit_log_format(audit_buf,
2048                                  " src=" NIPQUAD_FMT " dst=" NIPQUAD_FMT,
2049                                  NIPQUAD(iph4->saddr),
2050                                  NIPQUAD(iph4->daddr));
2051                 break;
2052         case AF_INET6:
2053                 iph6 = ipv6_hdr(skb);
2054                 audit_log_format(audit_buf,
2055                                  " src=" NIP6_FMT " dst=" NIP6_FMT
2056                                  " flowlbl=0x%x%x%x",
2057                                  NIP6(iph6->saddr),
2058                                  NIP6(iph6->daddr),
2059                                  iph6->flow_lbl[0] & 0x0f,
2060                                  iph6->flow_lbl[1],
2061                                  iph6->flow_lbl[2]);
2062                 break;
2063         }
2064 }
2065
2066 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2067                           u32 auid, u32 secid)
2068 {
2069         struct audit_buffer *audit_buf;
2070
2071         audit_buf = xfrm_audit_start("SAD-add");
2072         if (audit_buf == NULL)
2073                 return;
2074         xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
2075         xfrm_audit_helper_sainfo(x, audit_buf);
2076         audit_log_format(audit_buf, " res=%u", result);
2077         audit_log_end(audit_buf);
2078 }
2079 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2080
2081 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2082                              u32 auid, u32 secid)
2083 {
2084         struct audit_buffer *audit_buf;
2085
2086         audit_buf = xfrm_audit_start("SAD-delete");
2087         if (audit_buf == NULL)
2088                 return;
2089         xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
2090         xfrm_audit_helper_sainfo(x, audit_buf);
2091         audit_log_format(audit_buf, " res=%u", result);
2092         audit_log_end(audit_buf);
2093 }
2094 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
2095
2096 void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
2097                                       struct sk_buff *skb)
2098 {
2099         struct audit_buffer *audit_buf;
2100         u32 spi;
2101
2102         audit_buf = xfrm_audit_start("SA-replay-overflow");
2103         if (audit_buf == NULL)
2104                 return;
2105         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2106         /* don't record the sequence number because it's inherent in this kind
2107          * of audit message */
2108         spi = ntohl(x->id.spi);
2109         audit_log_format(audit_buf, " spi=%u(0x%x)", spi, spi);
2110         audit_log_end(audit_buf);
2111 }
2112 EXPORT_SYMBOL_GPL(xfrm_audit_state_replay_overflow);
2113
2114 static void xfrm_audit_state_replay(struct xfrm_state *x,
2115                              struct sk_buff *skb, __be32 net_seq)
2116 {
2117         struct audit_buffer *audit_buf;
2118         u32 spi;
2119
2120         audit_buf = xfrm_audit_start("SA-replayed-pkt");
2121         if (audit_buf == NULL)
2122                 return;
2123         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2124         spi = ntohl(x->id.spi);
2125         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2126                          spi, spi, ntohl(net_seq));
2127         audit_log_end(audit_buf);
2128 }
2129
2130 void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family)
2131 {
2132         struct audit_buffer *audit_buf;
2133
2134         audit_buf = xfrm_audit_start("SA-notfound");
2135         if (audit_buf == NULL)
2136                 return;
2137         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2138         audit_log_end(audit_buf);
2139 }
2140 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound_simple);
2141
2142 void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
2143                                __be32 net_spi, __be32 net_seq)
2144 {
2145         struct audit_buffer *audit_buf;
2146         u32 spi;
2147
2148         audit_buf = xfrm_audit_start("SA-notfound");
2149         if (audit_buf == NULL)
2150                 return;
2151         xfrm_audit_helper_pktinfo(skb, family, audit_buf);
2152         spi = ntohl(net_spi);
2153         audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2154                          spi, spi, ntohl(net_seq));
2155         audit_log_end(audit_buf);
2156 }
2157 EXPORT_SYMBOL_GPL(xfrm_audit_state_notfound);
2158
2159 void xfrm_audit_state_icvfail(struct xfrm_state *x,
2160                               struct sk_buff *skb, u8 proto)
2161 {
2162         struct audit_buffer *audit_buf;
2163         __be32 net_spi;
2164         __be32 net_seq;
2165
2166         audit_buf = xfrm_audit_start("SA-icv-failure");
2167         if (audit_buf == NULL)
2168                 return;
2169         xfrm_audit_helper_pktinfo(skb, x->props.family, audit_buf);
2170         if (xfrm_parse_spi(skb, proto, &net_spi, &net_seq) == 0) {
2171                 u32 spi = ntohl(net_spi);
2172                 audit_log_format(audit_buf, " spi=%u(0x%x) seqno=%u",
2173                                  spi, spi, ntohl(net_seq));
2174         }
2175         audit_log_end(audit_buf);
2176 }
2177 EXPORT_SYMBOL_GPL(xfrm_audit_state_icvfail);
2178 #endif /* CONFIG_AUDITSYSCALL */