net/xfrm/xfrm_state.c

   1 /*
   2  * xfrm_state.c
   3  *
   4  * Changes:
   5  *      Mitsuru KANDA @USAGI
   6  *      Kazunori MIYAZAWA @USAGI
   7  *      Kunihiro Ishiguro <kunihiro@ipinfusion.com>
   8  *              IPv6 support
   9  *      YOSHIFUJI Hideaki @USAGI
  10  *              Split up af-specific functions
  11  *      Derek Atkins <derek@ihtfp.com>
  12  *              Add UDP Encapsulation
  13  *
  14  */
  15
  16 #include <linux/workqueue.h>
  17 #include <net/xfrm.h>
  18 #include <linux/pfkeyv2.h>
  19 #include <linux/ipsec.h>
  20 #include <linux/module.h>
  21 #include <linux/cache.h>
  22 #include <asm/uaccess.h>
  23
  24 #include "xfrm_hash.h"
  25
  26 struct sock *xfrm_nl;
  27 EXPORT_SYMBOL(xfrm_nl);
  28
  29 u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
  30 EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
  31
  32 u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
  33 EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
  34
  35 u32 sysctl_xfrm_acq_expires __read_mostly = 30;
  36
  37 /* Each xfrm_state may be linked to two tables:
  38
  39    1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
  40    2. Hash table by (daddr,family,reqid) to find what SAs exist for given
  41       destination/tunnel endpoint. (output)
  42  */
  43
  44 static DEFINE_SPINLOCK(xfrm_state_lock);
  45
  46 /* Hash table to find appropriate SA towards given target (endpoint
  47  * of tunnel or destination of transport mode) allowed by selector.
  48  *
  49  * Main use is finding SA after policy selected tunnel or transport mode.
  50  * Also, it can be used by ah/esp icmp error handler to find offending SA.
  51  */
  52 static struct hlist_head *xfrm_state_bydst __read_mostly;
  53 static struct hlist_head *xfrm_state_bysrc __read_mostly;
  54 static struct hlist_head *xfrm_state_byspi __read_mostly;
  55 static unsigned int xfrm_state_hmask __read_mostly;
  56 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
  57 static unsigned int xfrm_state_num;
  58 static unsigned int xfrm_state_genid;
  59
  60 static inline unsigned int xfrm_dst_hash(xfrm_address_t *daddr,
  61                                          xfrm_address_t *saddr,
  62                                          u32 reqid,
  63                                          unsigned short family)
  64 {
  65         return __xfrm_dst_hash(daddr, saddr, reqid, family, xfrm_state_hmask);
  66 }
  67
  68 static inline unsigned int xfrm_src_hash(xfrm_address_t *daddr,
  69                                          xfrm_address_t *saddr,
  70                                          unsigned short family)
  71 {
  72         return __xfrm_src_hash(daddr, saddr, family, xfrm_state_hmask);
  73 }
  74
  75 static inline unsigned int
  76 xfrm_spi_hash(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
  77 {
  78         return __xfrm_spi_hash(daddr, spi, proto, family, xfrm_state_hmask);
  79 }
  80
  81 static void xfrm_hash_transfer(struct hlist_head *list,
  82                                struct hlist_head *ndsttable,
  83                                struct hlist_head *nsrctable,
  84                                struct hlist_head *nspitable,
  85                                unsigned int nhashmask)
  86 {
  87         struct hlist_node *entry, *tmp;
  88         struct xfrm_state *x;
  89
  90         hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
  91                 unsigned int h;
  92
  93                 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
  94                                     x->props.reqid, x->props.family,
  95                                     nhashmask);
  96                 hlist_add_head(&x->bydst, ndsttable+h);
  97
  98                 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
  99                                     x->props.family,
 100                                     nhashmask);
 101                 hlist_add_head(&x->bysrc, nsrctable+h);
 102
 103                 if (x->id.spi) {
 104                         h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
 105                                             x->id.proto, x->props.family,
 106                                             nhashmask);
 107                         hlist_add_head(&x->byspi, nspitable+h);
 108                 }
 109         }
 110 }
 111
 112 static unsigned long xfrm_hash_new_size(void)
 113 {
 114         return ((xfrm_state_hmask + 1) << 1) *
 115                 sizeof(struct hlist_head);
 116 }
 117
 118 static DEFINE_MUTEX(hash_resize_mutex);
 119
 120 static void xfrm_hash_resize(struct work_struct *__unused)
 121 {
 122         struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
 123         unsigned long nsize, osize;
 124         unsigned int nhashmask, ohashmask;
 125         int i;
 126
 127         mutex_lock(&hash_resize_mutex);
 128
 129         nsize = xfrm_hash_new_size();
 130         ndst = xfrm_hash_alloc(nsize);
 131         if (!ndst)
 132                 goto out_unlock;
 133         nsrc = xfrm_hash_alloc(nsize);
 134         if (!nsrc) {
 135                 xfrm_hash_free(ndst, nsize);
 136                 goto out_unlock;
 137         }
 138         nspi = xfrm_hash_alloc(nsize);
 139         if (!nspi) {
 140                 xfrm_hash_free(ndst, nsize);
 141                 xfrm_hash_free(nsrc, nsize);
 142                 goto out_unlock;
 143         }
 144
 145         spin_lock_bh(&xfrm_state_lock);
 146
 147         nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
 148         for (i = xfrm_state_hmask; i >= 0; i--)
 149                 xfrm_hash_transfer(xfrm_state_bydst+i, ndst, nsrc, nspi,
 150                                    nhashmask);
 151
 152         odst = xfrm_state_bydst;
 153         osrc = xfrm_state_bysrc;
 154         ospi = xfrm_state_byspi;
 155         ohashmask = xfrm_state_hmask;
 156
 157         xfrm_state_bydst = ndst;
 158         xfrm_state_bysrc = nsrc;
 159         xfrm_state_byspi = nspi;
 160         xfrm_state_hmask = nhashmask;
 161
 162         spin_unlock_bh(&xfrm_state_lock);
 163
 164         osize = (ohashmask + 1) * sizeof(struct hlist_head);
 165         xfrm_hash_free(odst, osize);
 166         xfrm_hash_free(osrc, osize);
 167         xfrm_hash_free(ospi, osize);
 168
 169 out_unlock:
 170         mutex_unlock(&hash_resize_mutex);
 171 }
 172
 173 static DECLARE_WORK(xfrm_hash_work, xfrm_hash_resize);
 174
 175 DECLARE_WAIT_QUEUE_HEAD(km_waitq);
 176 EXPORT_SYMBOL(km_waitq);
 177
 178 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
 179 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
 180
 181 static struct work_struct xfrm_state_gc_work;
 182 static HLIST_HEAD(xfrm_state_gc_list);
 183 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
 184
 185 int __xfrm_state_delete(struct xfrm_state *x);
 186
 187 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
 188 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
 189
 190 static void xfrm_state_gc_destroy(struct xfrm_state *x)
 191 {
 192         del_timer_sync(&x->timer);
 193         del_timer_sync(&x->rtimer);
 194         kfree(x->aalg);
 195         kfree(x->ealg);
 196         kfree(x->calg);
 197         kfree(x->encap);
 198         kfree(x->coaddr);
 199         if (x->mode)
 200                 xfrm_put_mode(x->mode);
 201         if (x->type) {
 202                 x->type->destructor(x);
 203                 xfrm_put_type(x->type);
 204         }
 205         security_xfrm_state_free(x);
 206         kfree(x);
 207 }
 208
 209 static void xfrm_state_gc_task(struct work_struct *data)
 210 {
 211         struct xfrm_state *x;
 212         struct hlist_node *entry, *tmp;
 213         struct hlist_head gc_list;
 214
 215         spin_lock_bh(&xfrm_state_gc_lock);
 216         gc_list.first = xfrm_state_gc_list.first;
 217         INIT_HLIST_HEAD(&xfrm_state_gc_list);
 218         spin_unlock_bh(&xfrm_state_gc_lock);
 219
 220         hlist_for_each_entry_safe(x, entry, tmp, &gc_list, bydst)
 221                 xfrm_state_gc_destroy(x);
 222
 223         wake_up(&km_waitq);
 224 }
 225
 226 static inline unsigned long make_jiffies(long secs)
 227 {
 228         if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
 229                 return MAX_SCHEDULE_TIMEOUT-1;
 230         else
 231                 return secs*HZ;
 232 }
 233
 234 static void xfrm_timer_handler(unsigned long data)
 235 {
 236         struct xfrm_state *x = (struct xfrm_state*)data;
 237         unsigned long now = get_seconds();
 238         long next = LONG_MAX;
 239         int warn = 0;
 240         int err = 0;
 241
 242         spin_lock(&x->lock);
 243         if (x->km.state == XFRM_STATE_DEAD)
 244                 goto out;
 245         if (x->km.state == XFRM_STATE_EXPIRED)
 246                 goto expired;
 247         if (x->lft.hard_add_expires_seconds) {
 248                 long tmo = x->lft.hard_add_expires_seconds +
 249                         x->curlft.add_time - now;
 250                 if (tmo <= 0)
 251                         goto expired;
 252                 if (tmo < next)
 253                         next = tmo;
 254         }
 255         if (x->lft.hard_use_expires_seconds) {
 256                 long tmo = x->lft.hard_use_expires_seconds +
 257                         (x->curlft.use_time ? : now) - now;
 258                 if (tmo <= 0)
 259                         goto expired;
 260                 if (tmo < next)
 261                         next = tmo;
 262         }
 263         if (x->km.dying)
 264                 goto resched;
 265         if (x->lft.soft_add_expires_seconds) {
 266                 long tmo = x->lft.soft_add_expires_seconds +
 267                         x->curlft.add_time - now;
 268                 if (tmo <= 0)
 269                         warn = 1;
 270                 else if (tmo < next)
 271                         next = tmo;
 272         }
 273         if (x->lft.soft_use_expires_seconds) {
 274                 long tmo = x->lft.soft_use_expires_seconds +
 275                         (x->curlft.use_time ? : now) - now;
 276                 if (tmo <= 0)
 277                         warn = 1;
 278                 else if (tmo < next)
 279                         next = tmo;
 280         }
 281
 282         x->km.dying = warn;
 283         if (warn)
 284                 km_state_expired(x, 0, 0);
 285 resched:
 286         if (next != LONG_MAX)
 287                 mod_timer(&x->timer, jiffies + make_jiffies(next));
 288
 289         goto out;
 290
 291 expired:
 292         if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
 293                 x->km.state = XFRM_STATE_EXPIRED;
 294                 wake_up(&km_waitq);
 295                 next = 2;
 296                 goto resched;
 297         }
 298
 299         err = __xfrm_state_delete(x);
 300         if (!err && x->id.spi)
 301                 km_state_expired(x, 1, 0);
 302
 303         xfrm_audit_state_delete(x, err ? 0 : 1,
 304                                 audit_get_loginuid(current->audit_context), 0);
 305
 306 out:
 307         spin_unlock(&x->lock);
 308 }
 309
 310 static void xfrm_replay_timer_handler(unsigned long data);
 311
 312 struct xfrm_state *xfrm_state_alloc(void)
 313 {
 314         struct xfrm_state *x;
 315
 316         x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
 317
 318         if (x) {
 319                 atomic_set(&x->refcnt, 1);
 320                 atomic_set(&x->tunnel_users, 0);
 321                 INIT_HLIST_NODE(&x->bydst);
 322                 INIT_HLIST_NODE(&x->bysrc);
 323                 INIT_HLIST_NODE(&x->byspi);
 324                 init_timer(&x->timer);
 325                 x->timer.function = xfrm_timer_handler;
 326                 x->timer.data     = (unsigned long)x;
 327                 init_timer(&x->rtimer);
 328                 x->rtimer.function = xfrm_replay_timer_handler;
 329                 x->rtimer.data     = (unsigned long)x;
 330                 x->curlft.add_time = get_seconds();
 331                 x->lft.soft_byte_limit = XFRM_INF;
 332                 x->lft.soft_packet_limit = XFRM_INF;
 333                 x->lft.hard_byte_limit = XFRM_INF;
 334                 x->lft.hard_packet_limit = XFRM_INF;
 335                 x->replay_maxage = 0;
 336                 x->replay_maxdiff = 0;
 337                 spin_lock_init(&x->lock);
 338         }
 339         return x;
 340 }
 341 EXPORT_SYMBOL(xfrm_state_alloc);
 342
 343 void __xfrm_state_destroy(struct xfrm_state *x)
 344 {
 345         BUG_TRAP(x->km.state == XFRM_STATE_DEAD);
 346
 347         spin_lock_bh(&xfrm_state_gc_lock);
 348         hlist_add_head(&x->bydst, &xfrm_state_gc_list);
 349         spin_unlock_bh(&xfrm_state_gc_lock);
 350         schedule_work(&xfrm_state_gc_work);
 351 }
 352 EXPORT_SYMBOL(__xfrm_state_destroy);
 353
 354 int __xfrm_state_delete(struct xfrm_state *x)
 355 {
 356         int err = -ESRCH;
 357
 358         if (x->km.state != XFRM_STATE_DEAD) {
 359                 x->km.state = XFRM_STATE_DEAD;
 360                 spin_lock(&xfrm_state_lock);
 361                 hlist_del(&x->bydst);
 362                 hlist_del(&x->bysrc);
 363                 if (x->id.spi)
 364                         hlist_del(&x->byspi);
 365                 xfrm_state_num--;
 366                 spin_unlock(&xfrm_state_lock);
 367
 368                 /* All xfrm_state objects are created by xfrm_state_alloc.
 369                  * The xfrm_state_alloc call gives a reference, and that
 370                  * is what we are dropping here.
 371                  */
 372                 __xfrm_state_put(x);
 373                 err = 0;
 374         }
 375
 376         return err;
 377 }
 378 EXPORT_SYMBOL(__xfrm_state_delete);
 379
 380 int xfrm_state_delete(struct xfrm_state *x)
 381 {
 382         int err;
 383
 384         spin_lock_bh(&x->lock);
 385         err = __xfrm_state_delete(x);
 386         spin_unlock_bh(&x->lock);
 387
 388         return err;
 389 }
 390 EXPORT_SYMBOL(xfrm_state_delete);
 391
 392 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 393 static inline int
 394 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
 395 {
 396         int i, err = 0;
 397
 398         for (i = 0; i <= xfrm_state_hmask; i++) {
 399                 struct hlist_node *entry;
 400                 struct xfrm_state *x;
 401
 402                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
 403                         if (xfrm_id_proto_match(x->id.proto, proto) &&
 404                            (err = security_xfrm_state_delete(x)) != 0) {
 405                                 xfrm_audit_state_delete(x, 0,
 406                                                         audit_info->loginuid,
 407                                                         audit_info->secid);
 408                                 return err;
 409                         }
 410                 }
 411         }
 412
 413         return err;
 414 }
 415 #else
 416 static inline int
 417 xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
 418 {
 419         return 0;
 420 }
 421 #endif
 422
 423 int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info)
 424 {
 425         int i, err = 0;
 426
 427         spin_lock_bh(&xfrm_state_lock);
 428         err = xfrm_state_flush_secctx_check(proto, audit_info);
 429         if (err)
 430                 goto out;
 431
 432         for (i = 0; i <= xfrm_state_hmask; i++) {
 433                 struct hlist_node *entry;
 434                 struct xfrm_state *x;
 435 restart:
 436                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
 437                         if (!xfrm_state_kern(x) &&
 438                             xfrm_id_proto_match(x->id.proto, proto)) {
 439                                 xfrm_state_hold(x);
 440                                 spin_unlock_bh(&xfrm_state_lock);
 441
 442                                 err = xfrm_state_delete(x);
 443                                 xfrm_audit_state_delete(x, err ? 0 : 1,
 444                                                         audit_info->loginuid,
 445                                                         audit_info->secid);
 446                                 xfrm_state_put(x);
 447
 448                                 spin_lock_bh(&xfrm_state_lock);
 449                                 goto restart;
 450                         }
 451                 }
 452         }
 453         err = 0;
 454
 455 out:
 456         spin_unlock_bh(&xfrm_state_lock);
 457         wake_up(&km_waitq);
 458         return err;
 459 }
 460 EXPORT_SYMBOL(xfrm_state_flush);
 461
 462 void xfrm_sad_getinfo(struct xfrmk_sadinfo *si)
 463 {
 464         spin_lock_bh(&xfrm_state_lock);
 465         si->sadcnt = xfrm_state_num;
 466         si->sadhcnt = xfrm_state_hmask;
 467         si->sadhmcnt = xfrm_state_hashmax;
 468         spin_unlock_bh(&xfrm_state_lock);
 469 }
 470 EXPORT_SYMBOL(xfrm_sad_getinfo);
 471
 472 static int
 473 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
 474                   struct xfrm_tmpl *tmpl,
 475                   xfrm_address_t *daddr, xfrm_address_t *saddr,
 476                   unsigned short family)
 477 {
 478         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
 479         if (!afinfo)
 480                 return -1;
 481         afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
 482         xfrm_state_put_afinfo(afinfo);
 483         return 0;
 484 }
 485
 486 static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
 487 {
 488         unsigned int h = xfrm_spi_hash(daddr, spi, proto, family);
 489         struct xfrm_state *x;
 490         struct hlist_node *entry;
 491
 492         hlist_for_each_entry(x, entry, xfrm_state_byspi+h, byspi) {
 493                 if (x->props.family != family ||
 494                     x->id.spi       != spi ||
 495                     x->id.proto     != proto)
 496                         continue;
 497
 498                 switch (family) {
 499                 case AF_INET:
 500                         if (x->id.daddr.a4 != daddr->a4)
 501                                 continue;
 502                         break;
 503                 case AF_INET6:
 504                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
 505                                              (struct in6_addr *)
 506                                              x->id.daddr.a6))
 507                                 continue;
 508                         break;
 509                 }
 510
 511                 xfrm_state_hold(x);
 512                 return x;
 513         }
 514
 515         return NULL;
 516 }
 517
 518 static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
 519 {
 520         unsigned int h = xfrm_src_hash(daddr, saddr, family);
 521         struct xfrm_state *x;
 522         struct hlist_node *entry;
 523
 524         hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
 525                 if (x->props.family != family ||
 526                     x->id.proto     != proto)
 527                         continue;
 528
 529                 switch (family) {
 530                 case AF_INET:
 531                         if (x->id.daddr.a4 != daddr->a4 ||
 532                             x->props.saddr.a4 != saddr->a4)
 533                                 continue;
 534                         break;
 535                 case AF_INET6:
 536                         if (!ipv6_addr_equal((struct in6_addr *)daddr,
 537                                              (struct in6_addr *)
 538                                              x->id.daddr.a6) ||
 539                             !ipv6_addr_equal((struct in6_addr *)saddr,
 540                                              (struct in6_addr *)
 541                                              x->props.saddr.a6))
 542                                 continue;
 543                         break;
 544                 }
 545
 546                 xfrm_state_hold(x);
 547                 return x;
 548         }
 549
 550         return NULL;
 551 }
 552
 553 static inline struct xfrm_state *
 554 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
 555 {
 556         if (use_spi)
 557                 return __xfrm_state_lookup(&x->id.daddr, x->id.spi,
 558                                            x->id.proto, family);
 559         else
 560                 return __xfrm_state_lookup_byaddr(&x->id.daddr,
 561                                                   &x->props.saddr,
 562                                                   x->id.proto, family);
 563 }
 564
 565 static void xfrm_hash_grow_check(int have_hash_collision)
 566 {
 567         if (have_hash_collision &&
 568             (xfrm_state_hmask + 1) < xfrm_state_hashmax &&
 569             xfrm_state_num > xfrm_state_hmask)
 570                 schedule_work(&xfrm_hash_work);
 571 }
 572
 573 struct xfrm_state *
 574 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
 575                 struct flowi *fl, struct xfrm_tmpl *tmpl,
 576                 struct xfrm_policy *pol, int *err,
 577                 unsigned short family)
 578 {
 579         unsigned int h = xfrm_dst_hash(daddr, saddr, tmpl->reqid, family);
 580         struct hlist_node *entry;
 581         struct xfrm_state *x, *x0;
 582         int acquire_in_progress = 0;
 583         int error = 0;
 584         struct xfrm_state *best = NULL;
 585
 586         spin_lock_bh(&xfrm_state_lock);
 587         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 588                 if (x->props.family == family &&
 589                     x->props.reqid == tmpl->reqid &&
 590                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
 591                     xfrm_state_addr_check(x, daddr, saddr, family) &&
 592                     tmpl->mode == x->props.mode &&
 593                     tmpl->id.proto == x->id.proto &&
 594                     (tmpl->id.spi == x->id.spi || !tmpl->id.spi)) {
 595                         /* Resolution logic:
 596                            1. There is a valid state with matching selector.
 597                               Done.
 598                            2. Valid state with inappropriate selector. Skip.
 599
 600                            Entering area of "sysdeps".
 601
 602                            3. If state is not valid, selector is temporary,
 603                               it selects only session which triggered
 604                               previous resolution. Key manager will do
 605                               something to install a state with proper
 606                               selector.
 607                          */
 608                         if (x->km.state == XFRM_STATE_VALID) {
 609                                 if (!xfrm_selector_match(&x->sel, fl, x->sel.family) ||
 610                                     !security_xfrm_state_pol_flow_match(x, pol, fl))
 611                                         continue;
 612                                 if (!best ||
 613                                     best->km.dying > x->km.dying ||
 614                                     (best->km.dying == x->km.dying &&
 615                                      best->curlft.add_time < x->curlft.add_time))
 616                                         best = x;
 617                         } else if (x->km.state == XFRM_STATE_ACQ) {
 618                                 acquire_in_progress = 1;
 619                         } else if (x->km.state == XFRM_STATE_ERROR ||
 620                                    x->km.state == XFRM_STATE_EXPIRED) {
 621                                 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
 622                                     security_xfrm_state_pol_flow_match(x, pol, fl))
 623                                         error = -ESRCH;
 624                         }
 625                 }
 626         }
 627
 628         x = best;
 629         if (!x && !error && !acquire_in_progress) {
 630                 if (tmpl->id.spi &&
 631                     (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi,
 632                                               tmpl->id.proto, family)) != NULL) {
 633                         xfrm_state_put(x0);
 634                         error = -EEXIST;
 635                         goto out;
 636                 }
 637                 x = xfrm_state_alloc();
 638                 if (x == NULL) {
 639                         error = -ENOMEM;
 640                         goto out;
 641                 }
 642                 /* Initialize temporary selector matching only
 643                  * to current session. */
 644                 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
 645
 646                 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
 647                 if (error) {
 648                         x->km.state = XFRM_STATE_DEAD;
 649                         xfrm_state_put(x);
 650                         x = NULL;
 651                         goto out;
 652                 }
 653
 654                 if (km_query(x, tmpl, pol) == 0) {
 655                         x->km.state = XFRM_STATE_ACQ;
 656                         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 657                         h = xfrm_src_hash(daddr, saddr, family);
 658                         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
 659                         if (x->id.spi) {
 660                                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
 661                                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
 662                         }
 663                         x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
 664                         x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
 665                         add_timer(&x->timer);
 666                         xfrm_state_num++;
 667                         xfrm_hash_grow_check(x->bydst.next != NULL);
 668                 } else {
 669                         x->km.state = XFRM_STATE_DEAD;
 670                         xfrm_state_put(x);
 671                         x = NULL;
 672                         error = -ESRCH;
 673                 }
 674         }
 675 out:
 676         if (x)
 677                 xfrm_state_hold(x);
 678         else
 679                 *err = acquire_in_progress ? -EAGAIN : error;
 680         spin_unlock_bh(&xfrm_state_lock);
 681         return x;
 682 }
 683
 684 struct xfrm_state *
 685 xfrm_stateonly_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
 686                     unsigned short family, u8 mode, u8 proto, u32 reqid)
 687 {
 688         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
 689         struct xfrm_state *rx = NULL, *x = NULL;
 690         struct hlist_node *entry;
 691
 692         spin_lock(&xfrm_state_lock);
 693         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 694                 if (x->props.family == family &&
 695                     x->props.reqid == reqid &&
 696                     !(x->props.flags & XFRM_STATE_WILDRECV) &&
 697                     xfrm_state_addr_check(x, daddr, saddr, family) &&
 698                     mode == x->props.mode &&
 699                     proto == x->id.proto &&
 700                     x->km.state == XFRM_STATE_VALID) {
 701                         rx = x;
 702                         break;
 703                 }
 704         }
 705
 706         if (rx)
 707                 xfrm_state_hold(rx);
 708         spin_unlock(&xfrm_state_lock);
 709
 710
 711         return rx;
 712 }
 713 EXPORT_SYMBOL(xfrm_stateonly_find);
 714
 715 static void __xfrm_state_insert(struct xfrm_state *x)
 716 {
 717         unsigned int h;
 718
 719         x->genid = ++xfrm_state_genid;
 720
 721         h = xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
 722                           x->props.reqid, x->props.family);
 723         hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 724
 725         h = xfrm_src_hash(&x->id.daddr, &x->props.saddr, x->props.family);
 726         hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
 727
 728         if (x->id.spi) {
 729                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto,
 730                                   x->props.family);
 731
 732                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
 733         }
 734
 735         mod_timer(&x->timer, jiffies + HZ);
 736         if (x->replay_maxage)
 737                 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
 738
 739         wake_up(&km_waitq);
 740
 741         xfrm_state_num++;
 742
 743         xfrm_hash_grow_check(x->bydst.next != NULL);
 744 }
 745
 746 /* xfrm_state_lock is held */
 747 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
 748 {
 749         unsigned short family = xnew->props.family;
 750         u32 reqid = xnew->props.reqid;
 751         struct xfrm_state *x;
 752         struct hlist_node *entry;
 753         unsigned int h;
 754
 755         h = xfrm_dst_hash(&xnew->id.daddr, &xnew->props.saddr, reqid, family);
 756         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 757                 if (x->props.family     == family &&
 758                     x->props.reqid      == reqid &&
 759                     !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
 760                     !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
 761                         x->genid = xfrm_state_genid;
 762         }
 763 }
 764
 765 void xfrm_state_insert(struct xfrm_state *x)
 766 {
 767         spin_lock_bh(&xfrm_state_lock);
 768         __xfrm_state_bump_genids(x);
 769         __xfrm_state_insert(x);
 770         spin_unlock_bh(&xfrm_state_lock);
 771 }
 772 EXPORT_SYMBOL(xfrm_state_insert);
 773
 774 /* xfrm_state_lock is held */
 775 static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 reqid, u8 proto, xfrm_address_t *daddr, xfrm_address_t *saddr, int create)
 776 {
 777         unsigned int h = xfrm_dst_hash(daddr, saddr, reqid, family);
 778         struct hlist_node *entry;
 779         struct xfrm_state *x;
 780
 781         hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
 782                 if (x->props.reqid  != reqid ||
 783                     x->props.mode   != mode ||
 784                     x->props.family != family ||
 785                     x->km.state     != XFRM_STATE_ACQ ||
 786                     x->id.spi       != 0 ||
 787                     x->id.proto     != proto)
 788                         continue;
 789
 790                 switch (family) {
 791                 case AF_INET:
 792                         if (x->id.daddr.a4    != daddr->a4 ||
 793                             x->props.saddr.a4 != saddr->a4)
 794                                 continue;
 795                         break;
 796                 case AF_INET6:
 797                         if (!ipv6_addr_equal((struct in6_addr *)x->id.daddr.a6,
 798                                              (struct in6_addr *)daddr) ||
 799                             !ipv6_addr_equal((struct in6_addr *)
 800                                              x->props.saddr.a6,
 801                                              (struct in6_addr *)saddr))
 802                                 continue;
 803                         break;
 804                 }
 805
 806                 xfrm_state_hold(x);
 807                 return x;
 808         }
 809
 810         if (!create)
 811                 return NULL;
 812
 813         x = xfrm_state_alloc();
 814         if (likely(x)) {
 815                 switch (family) {
 816                 case AF_INET:
 817                         x->sel.daddr.a4 = daddr->a4;
 818                         x->sel.saddr.a4 = saddr->a4;
 819                         x->sel.prefixlen_d = 32;
 820                         x->sel.prefixlen_s = 32;
 821                         x->props.saddr.a4 = saddr->a4;
 822                         x->id.daddr.a4 = daddr->a4;
 823                         break;
 824
 825                 case AF_INET6:
 826                         ipv6_addr_copy((struct in6_addr *)x->sel.daddr.a6,
 827                                        (struct in6_addr *)daddr);
 828                         ipv6_addr_copy((struct in6_addr *)x->sel.saddr.a6,
 829                                        (struct in6_addr *)saddr);
 830                         x->sel.prefixlen_d = 128;
 831                         x->sel.prefixlen_s = 128;
 832                         ipv6_addr_copy((struct in6_addr *)x->props.saddr.a6,
 833                                        (struct in6_addr *)saddr);
 834                         ipv6_addr_copy((struct in6_addr *)x->id.daddr.a6,
 835                                        (struct in6_addr *)daddr);
 836                         break;
 837                 }
 838
 839                 x->km.state = XFRM_STATE_ACQ;
 840                 x->id.proto = proto;
 841                 x->props.family = family;
 842                 x->props.mode = mode;
 843                 x->props.reqid = reqid;
 844                 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
 845                 xfrm_state_hold(x);
 846                 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
 847                 add_timer(&x->timer);
 848                 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
 849                 h = xfrm_src_hash(daddr, saddr, family);
 850                 hlist_add_head(&x->bysrc, xfrm_state_bysrc+h);
 851
 852                 xfrm_state_num++;
 853
 854                 xfrm_hash_grow_check(x->bydst.next != NULL);
 855         }
 856
 857         return x;
 858 }
 859
 860 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq);
 861
 862 int xfrm_state_add(struct xfrm_state *x)
 863 {
 864         struct xfrm_state *x1;
 865         int family;
 866         int err;
 867         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
 868
 869         family = x->props.family;
 870
 871         spin_lock_bh(&xfrm_state_lock);
 872
 873         x1 = __xfrm_state_locate(x, use_spi, family);
 874         if (x1) {
 875                 xfrm_state_put(x1);
 876                 x1 = NULL;
 877                 err = -EEXIST;
 878                 goto out;
 879         }
 880
 881         if (use_spi && x->km.seq) {
 882                 x1 = __xfrm_find_acq_byseq(x->km.seq);
 883                 if (x1 && ((x1->id.proto != x->id.proto) ||
 884                     xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
 885                         xfrm_state_put(x1);
 886                         x1 = NULL;
 887                 }
 888         }
 889
 890         if (use_spi && !x1)
 891                 x1 = __find_acq_core(family, x->props.mode, x->props.reqid,
 892                                      x->id.proto,
 893                                      &x->id.daddr, &x->props.saddr, 0);
 894
 895         __xfrm_state_bump_genids(x);
 896         __xfrm_state_insert(x);
 897         err = 0;
 898
 899 out:
 900         spin_unlock_bh(&xfrm_state_lock);
 901
 902         if (x1) {
 903                 xfrm_state_delete(x1);
 904                 xfrm_state_put(x1);
 905         }
 906
 907         return err;
 908 }
 909 EXPORT_SYMBOL(xfrm_state_add);
 910
 911 #ifdef CONFIG_XFRM_MIGRATE
 912 struct xfrm_state *xfrm_state_clone(struct xfrm_state *orig, int *errp)
 913 {
 914         int err = -ENOMEM;
 915         struct xfrm_state *x = xfrm_state_alloc();
 916         if (!x)
 917                 goto error;
 918
 919         memcpy(&x->id, &orig->id, sizeof(x->id));
 920         memcpy(&x->sel, &orig->sel, sizeof(x->sel));
 921         memcpy(&x->lft, &orig->lft, sizeof(x->lft));
 922         x->props.mode = orig->props.mode;
 923         x->props.replay_window = orig->props.replay_window;
 924         x->props.reqid = orig->props.reqid;
 925         x->props.family = orig->props.family;
 926         x->props.saddr = orig->props.saddr;
 927
 928         if (orig->aalg) {
 929                 x->aalg = xfrm_algo_clone(orig->aalg);
 930                 if (!x->aalg)
 931                         goto error;
 932         }
 933         x->props.aalgo = orig->props.aalgo;
 934
 935         if (orig->ealg) {
 936                 x->ealg = xfrm_algo_clone(orig->ealg);
 937                 if (!x->ealg)
 938                         goto error;
 939         }
 940         x->props.ealgo = orig->props.ealgo;
 941
 942         if (orig->calg) {
 943                 x->calg = xfrm_algo_clone(orig->calg);
 944                 if (!x->calg)
 945                         goto error;
 946         }
 947         x->props.calgo = orig->props.calgo;
 948
 949         if (orig->encap) {
 950                 x->encap = kmemdup(orig->encap, sizeof(*x->encap), GFP_KERNEL);
 951                 if (!x->encap)
 952                         goto error;
 953         }
 954
 955         if (orig->coaddr) {
 956                 x->coaddr = kmemdup(orig->coaddr, sizeof(*x->coaddr),
 957                                     GFP_KERNEL);
 958                 if (!x->coaddr)
 959                         goto error;
 960         }
 961
 962         err = xfrm_init_state(x);
 963         if (err)
 964                 goto error;
 965
 966         x->props.flags = orig->props.flags;
 967
 968         x->curlft.add_time = orig->curlft.add_time;
 969         x->km.state = orig->km.state;
 970         x->km.seq = orig->km.seq;
 971
 972         return x;
 973
 974  error:
 975         if (errp)
 976                 *errp = err;
 977         if (x) {
 978                 kfree(x->aalg);
 979                 kfree(x->ealg);
 980                 kfree(x->calg);
 981                 kfree(x->encap);
 982                 kfree(x->coaddr);
 983         }
 984         kfree(x);
 985         return NULL;
 986 }
 987 EXPORT_SYMBOL(xfrm_state_clone);
 988
 989 /* xfrm_state_lock is held */
 990 struct xfrm_state * xfrm_migrate_state_find(struct xfrm_migrate *m)
 991 {
 992         unsigned int h;
 993         struct xfrm_state *x;
 994         struct hlist_node *entry;
 995
 996         if (m->reqid) {
 997                 h = xfrm_dst_hash(&m->old_daddr, &m->old_saddr,
 998                                   m->reqid, m->old_family);
 999                 hlist_for_each_entry(x, entry, xfrm_state_bydst+h, bydst) {
1000                         if (x->props.mode != m->mode ||
1001                             x->id.proto != m->proto)
1002                                 continue;
1003                         if (m->reqid && x->props.reqid != m->reqid)
1004                                 continue;
1005                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1006                                           m->old_family) ||
1007                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1008                                           m->old_family))
1009                                 continue;
1010                         xfrm_state_hold(x);
1011                         return x;
1012                 }
1013         } else {
1014                 h = xfrm_src_hash(&m->old_daddr, &m->old_saddr,
1015                                   m->old_family);
1016                 hlist_for_each_entry(x, entry, xfrm_state_bysrc+h, bysrc) {
1017                         if (x->props.mode != m->mode ||
1018                             x->id.proto != m->proto)
1019                                 continue;
1020                         if (xfrm_addr_cmp(&x->id.daddr, &m->old_daddr,
1021                                           m->old_family) ||
1022                             xfrm_addr_cmp(&x->props.saddr, &m->old_saddr,
1023                                           m->old_family))
1024                                 continue;
1025                         xfrm_state_hold(x);
1026                         return x;
1027                 }
1028         }
1029
1030         return NULL;
1031 }
1032 EXPORT_SYMBOL(xfrm_migrate_state_find);
1033
1034 struct xfrm_state * xfrm_state_migrate(struct xfrm_state *x,
1035                                        struct xfrm_migrate *m)
1036 {
1037         struct xfrm_state *xc;
1038         int err;
1039
1040         xc = xfrm_state_clone(x, &err);
1041         if (!xc)
1042                 return NULL;
1043
1044         memcpy(&xc->id.daddr, &m->new_daddr, sizeof(xc->id.daddr));
1045         memcpy(&xc->props.saddr, &m->new_saddr, sizeof(xc->props.saddr));
1046
1047         /* add state */
1048         if (!xfrm_addr_cmp(&x->id.daddr, &m->new_daddr, m->new_family)) {
1049                 /* a care is needed when the destination address of the
1050                    state is to be updated as it is a part of triplet */
1051                 xfrm_state_insert(xc);
1052         } else {
1053                 if ((err = xfrm_state_add(xc)) < 0)
1054                         goto error;
1055         }
1056
1057         return xc;
1058 error:
1059         kfree(xc);
1060         return NULL;
1061 }
1062 EXPORT_SYMBOL(xfrm_state_migrate);
1063 #endif
1064
1065 int xfrm_state_update(struct xfrm_state *x)
1066 {
1067         struct xfrm_state *x1;
1068         int err;
1069         int use_spi = xfrm_id_proto_match(x->id.proto, IPSEC_PROTO_ANY);
1070
1071         spin_lock_bh(&xfrm_state_lock);
1072         x1 = __xfrm_state_locate(x, use_spi, x->props.family);
1073
1074         err = -ESRCH;
1075         if (!x1)
1076                 goto out;
1077
1078         if (xfrm_state_kern(x1)) {
1079                 xfrm_state_put(x1);
1080                 err = -EEXIST;
1081                 goto out;
1082         }
1083
1084         if (x1->km.state == XFRM_STATE_ACQ) {
1085                 __xfrm_state_insert(x);
1086                 x = NULL;
1087         }
1088         err = 0;
1089
1090 out:
1091         spin_unlock_bh(&xfrm_state_lock);
1092
1093         if (err)
1094                 return err;
1095
1096         if (!x) {
1097                 xfrm_state_delete(x1);
1098                 xfrm_state_put(x1);
1099                 return 0;
1100         }
1101
1102         err = -EINVAL;
1103         spin_lock_bh(&x1->lock);
1104         if (likely(x1->km.state == XFRM_STATE_VALID)) {
1105                 if (x->encap && x1->encap)
1106                         memcpy(x1->encap, x->encap, sizeof(*x1->encap));
1107                 if (x->coaddr && x1->coaddr) {
1108                         memcpy(x1->coaddr, x->coaddr, sizeof(*x1->coaddr));
1109                 }
1110                 if (!use_spi && memcmp(&x1->sel, &x->sel, sizeof(x1->sel)))
1111                         memcpy(&x1->sel, &x->sel, sizeof(x1->sel));
1112                 memcpy(&x1->lft, &x->lft, sizeof(x1->lft));
1113                 x1->km.dying = 0;
1114
1115                 mod_timer(&x1->timer, jiffies + HZ);
1116                 if (x1->curlft.use_time)
1117                         xfrm_state_check_expire(x1);
1118
1119                 err = 0;
1120         }
1121         spin_unlock_bh(&x1->lock);
1122
1123         xfrm_state_put(x1);
1124
1125         return err;
1126 }
1127 EXPORT_SYMBOL(xfrm_state_update);
1128
1129 int xfrm_state_check_expire(struct xfrm_state *x)
1130 {
1131         if (!x->curlft.use_time)
1132                 x->curlft.use_time = get_seconds();
1133
1134         if (x->km.state != XFRM_STATE_VALID)
1135                 return -EINVAL;
1136
1137         if (x->curlft.bytes >= x->lft.hard_byte_limit ||
1138             x->curlft.packets >= x->lft.hard_packet_limit) {
1139                 x->km.state = XFRM_STATE_EXPIRED;
1140                 mod_timer(&x->timer, jiffies);
1141                 return -EINVAL;
1142         }
1143
1144         if (!x->km.dying &&
1145             (x->curlft.bytes >= x->lft.soft_byte_limit ||
1146              x->curlft.packets >= x->lft.soft_packet_limit)) {
1147                 x->km.dying = 1;
1148                 km_state_expired(x, 0, 0);
1149         }
1150         return 0;
1151 }
1152 EXPORT_SYMBOL(xfrm_state_check_expire);
1153
1154 struct xfrm_state *
1155 xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto,
1156                   unsigned short family)
1157 {
1158         struct xfrm_state *x;
1159
1160         spin_lock_bh(&xfrm_state_lock);
1161         x = __xfrm_state_lookup(daddr, spi, proto, family);
1162         spin_unlock_bh(&xfrm_state_lock);
1163         return x;
1164 }
1165 EXPORT_SYMBOL(xfrm_state_lookup);
1166
1167 struct xfrm_state *
1168 xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr,
1169                          u8 proto, unsigned short family)
1170 {
1171         struct xfrm_state *x;
1172
1173         spin_lock_bh(&xfrm_state_lock);
1174         x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family);
1175         spin_unlock_bh(&xfrm_state_lock);
1176         return x;
1177 }
1178 EXPORT_SYMBOL(xfrm_state_lookup_byaddr);
1179
1180 struct xfrm_state *
1181 xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
1182               xfrm_address_t *daddr, xfrm_address_t *saddr,
1183               int create, unsigned short family)
1184 {
1185         struct xfrm_state *x;
1186
1187         spin_lock_bh(&xfrm_state_lock);
1188         x = __find_acq_core(family, mode, reqid, proto, daddr, saddr, create);
1189         spin_unlock_bh(&xfrm_state_lock);
1190
1191         return x;
1192 }
1193 EXPORT_SYMBOL(xfrm_find_acq);
1194
1195 #ifdef CONFIG_XFRM_SUB_POLICY
1196 int
1197 xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n,
1198                unsigned short family)
1199 {
1200         int err = 0;
1201         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1202         if (!afinfo)
1203                 return -EAFNOSUPPORT;
1204
1205         spin_lock_bh(&xfrm_state_lock);
1206         if (afinfo->tmpl_sort)
1207                 err = afinfo->tmpl_sort(dst, src, n);
1208         spin_unlock_bh(&xfrm_state_lock);
1209         xfrm_state_put_afinfo(afinfo);
1210         return err;
1211 }
1212 EXPORT_SYMBOL(xfrm_tmpl_sort);
1213
1214 int
1215 xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n,
1216                 unsigned short family)
1217 {
1218         int err = 0;
1219         struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
1220         if (!afinfo)
1221                 return -EAFNOSUPPORT;
1222
1223         spin_lock_bh(&xfrm_state_lock);
1224         if (afinfo->state_sort)
1225                 err = afinfo->state_sort(dst, src, n);
1226         spin_unlock_bh(&xfrm_state_lock);
1227         xfrm_state_put_afinfo(afinfo);
1228         return err;
1229 }
1230 EXPORT_SYMBOL(xfrm_state_sort);
1231 #endif
1232
1233 /* Silly enough, but I'm lazy to build resolution list */
1234
1235 static struct xfrm_state *__xfrm_find_acq_byseq(u32 seq)
1236 {
1237         int i;
1238
1239         for (i = 0; i <= xfrm_state_hmask; i++) {
1240                 struct hlist_node *entry;
1241                 struct xfrm_state *x;
1242
1243                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1244                         if (x->km.seq == seq &&
1245                             x->km.state == XFRM_STATE_ACQ) {
1246                                 xfrm_state_hold(x);
1247                                 return x;
1248                         }
1249                 }
1250         }
1251         return NULL;
1252 }
1253
1254 struct xfrm_state *xfrm_find_acq_byseq(u32 seq)
1255 {
1256         struct xfrm_state *x;
1257
1258         spin_lock_bh(&xfrm_state_lock);
1259         x = __xfrm_find_acq_byseq(seq);
1260         spin_unlock_bh(&xfrm_state_lock);
1261         return x;
1262 }
1263 EXPORT_SYMBOL(xfrm_find_acq_byseq);
1264
1265 u32 xfrm_get_acqseq(void)
1266 {
1267         u32 res;
1268         static u32 acqseq;
1269         static DEFINE_SPINLOCK(acqseq_lock);
1270
1271         spin_lock_bh(&acqseq_lock);
1272         res = (++acqseq ? : ++acqseq);
1273         spin_unlock_bh(&acqseq_lock);
1274         return res;
1275 }
1276 EXPORT_SYMBOL(xfrm_get_acqseq);
1277
1278 int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high)
1279 {
1280         unsigned int h;
1281         struct xfrm_state *x0;
1282         int err = -ENOENT;
1283         __be32 minspi = htonl(low);
1284         __be32 maxspi = htonl(high);
1285
1286         spin_lock_bh(&x->lock);
1287         if (x->km.state == XFRM_STATE_DEAD)
1288                 goto unlock;
1289
1290         err = 0;
1291         if (x->id.spi)
1292                 goto unlock;
1293
1294         err = -ENOENT;
1295
1296         if (minspi == maxspi) {
1297                 x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family);
1298                 if (x0) {
1299                         xfrm_state_put(x0);
1300                         goto unlock;
1301                 }
1302                 x->id.spi = minspi;
1303         } else {
1304                 u32 spi = 0;
1305                 for (h=0; h<high-low+1; h++) {
1306                         spi = low + net_random()%(high-low+1);
1307                         x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family);
1308                         if (x0 == NULL) {
1309                                 x->id.spi = htonl(spi);
1310                                 break;
1311                         }
1312                         xfrm_state_put(x0);
1313                 }
1314         }
1315         if (x->id.spi) {
1316                 spin_lock_bh(&xfrm_state_lock);
1317                 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, x->props.family);
1318                 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
1319                 spin_unlock_bh(&xfrm_state_lock);
1320
1321                 err = 0;
1322         }
1323
1324 unlock:
1325         spin_unlock_bh(&x->lock);
1326
1327         return err;
1328 }
1329 EXPORT_SYMBOL(xfrm_alloc_spi);
1330
1331 int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
1332                     void *data)
1333 {
1334         int i;
1335         struct xfrm_state *x, *last = NULL;
1336         struct hlist_node *entry;
1337         int count = 0;
1338         int err = 0;
1339
1340         spin_lock_bh(&xfrm_state_lock);
1341         for (i = 0; i <= xfrm_state_hmask; i++) {
1342                 hlist_for_each_entry(x, entry, xfrm_state_bydst+i, bydst) {
1343                         if (!xfrm_id_proto_match(x->id.proto, proto))
1344                                 continue;
1345                         if (last) {
1346                                 err = func(last, count, data);
1347                                 if (err)
1348                                         goto out;
1349                         }
1350                         last = x;
1351                         count++;
1352                 }
1353         }
1354         if (count == 0) {
1355                 err = -ENOENT;
1356                 goto out;
1357         }
1358         err = func(last, 0, data);
1359 out:
1360         spin_unlock_bh(&xfrm_state_lock);
1361         return err;
1362 }
1363 EXPORT_SYMBOL(xfrm_state_walk);
1364
1365
1366 void xfrm_replay_notify(struct xfrm_state *x, int event)
1367 {
1368         struct km_event c;
1369         /* we send notify messages in case
1370          *  1. we updated on of the sequence numbers, and the seqno difference
1371          *     is at least x->replay_maxdiff, in this case we also update the
1372          *     timeout of our timer function
1373          *  2. if x->replay_maxage has elapsed since last update,
1374          *     and there were changes
1375          *
1376          *  The state structure must be locked!
1377          */
1378
1379         switch (event) {
1380         case XFRM_REPLAY_UPDATE:
1381                 if (x->replay_maxdiff &&
1382                     (x->replay.seq - x->preplay.seq < x->replay_maxdiff) &&
1383                     (x->replay.oseq - x->preplay.oseq < x->replay_maxdiff)) {
1384                         if (x->xflags & XFRM_TIME_DEFER)
1385                                 event = XFRM_REPLAY_TIMEOUT;
1386                         else
1387                                 return;
1388                 }
1389
1390                 break;
1391
1392         case XFRM_REPLAY_TIMEOUT:
1393                 if ((x->replay.seq == x->preplay.seq) &&
1394                     (x->replay.bitmap == x->preplay.bitmap) &&
1395                     (x->replay.oseq == x->preplay.oseq)) {
1396                         x->xflags |= XFRM_TIME_DEFER;
1397                         return;
1398                 }
1399
1400                 break;
1401         }
1402
1403         memcpy(&x->preplay, &x->replay, sizeof(struct xfrm_replay_state));
1404         c.event = XFRM_MSG_NEWAE;
1405         c.data.aevent = event;
1406         km_state_notify(x, &c);
1407
1408         if (x->replay_maxage &&
1409             !mod_timer(&x->rtimer, jiffies + x->replay_maxage))
1410                 x->xflags &= ~XFRM_TIME_DEFER;
1411 }
1412
1413 static void xfrm_replay_timer_handler(unsigned long data)
1414 {
1415         struct xfrm_state *x = (struct xfrm_state*)data;
1416
1417         spin_lock(&x->lock);
1418
1419         if (x->km.state == XFRM_STATE_VALID) {
1420                 if (xfrm_aevent_is_on())
1421                         xfrm_replay_notify(x, XFRM_REPLAY_TIMEOUT);
1422                 else
1423                         x->xflags |= XFRM_TIME_DEFER;
1424         }
1425
1426         spin_unlock(&x->lock);
1427 }
1428
1429 int xfrm_replay_check(struct xfrm_state *x, __be32 net_seq)
1430 {
1431         u32 diff;
1432         u32 seq = ntohl(net_seq);
1433
1434         if (unlikely(seq == 0))
1435                 return -EINVAL;
1436
1437         if (likely(seq > x->replay.seq))
1438                 return 0;
1439
1440         diff = x->replay.seq - seq;
1441         if (diff >= min_t(unsigned int, x->props.replay_window,
1442                           sizeof(x->replay.bitmap) * 8)) {
1443                 x->stats.replay_window++;
1444                 return -EINVAL;
1445         }
1446
1447         if (x->replay.bitmap & (1U << diff)) {
1448                 x->stats.replay++;
1449                 return -EINVAL;
1450         }
1451         return 0;
1452 }
1453 EXPORT_SYMBOL(xfrm_replay_check);
1454
1455 void xfrm_replay_advance(struct xfrm_state *x, __be32 net_seq)
1456 {
1457         u32 diff;
1458         u32 seq = ntohl(net_seq);
1459
1460         if (seq > x->replay.seq) {
1461                 diff = seq - x->replay.seq;
1462                 if (diff < x->props.replay_window)
1463                         x->replay.bitmap = ((x->replay.bitmap) << diff) | 1;
1464                 else
1465                         x->replay.bitmap = 1;
1466                 x->replay.seq = seq;
1467         } else {
1468                 diff = x->replay.seq - seq;
1469                 x->replay.bitmap |= (1U << diff);
1470         }
1471
1472         if (xfrm_aevent_is_on())
1473                 xfrm_replay_notify(x, XFRM_REPLAY_UPDATE);
1474 }
1475 EXPORT_SYMBOL(xfrm_replay_advance);
1476
1477 static struct list_head xfrm_km_list = LIST_HEAD_INIT(xfrm_km_list);
1478 static DEFINE_RWLOCK(xfrm_km_lock);
1479
1480 void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c)
1481 {
1482         struct xfrm_mgr *km;
1483
1484         read_lock(&xfrm_km_lock);
1485         list_for_each_entry(km, &xfrm_km_list, list)
1486                 if (km->notify_policy)
1487                         km->notify_policy(xp, dir, c);
1488         read_unlock(&xfrm_km_lock);
1489 }
1490
1491 void km_state_notify(struct xfrm_state *x, struct km_event *c)
1492 {
1493         struct xfrm_mgr *km;
1494         read_lock(&xfrm_km_lock);
1495         list_for_each_entry(km, &xfrm_km_list, list)
1496                 if (km->notify)
1497                         km->notify(x, c);
1498         read_unlock(&xfrm_km_lock);
1499 }
1500
1501 EXPORT_SYMBOL(km_policy_notify);
1502 EXPORT_SYMBOL(km_state_notify);
1503
1504 void km_state_expired(struct xfrm_state *x, int hard, u32 pid)
1505 {
1506         struct km_event c;
1507
1508         c.data.hard = hard;
1509         c.pid = pid;
1510         c.event = XFRM_MSG_EXPIRE;
1511         km_state_notify(x, &c);
1512
1513         if (hard)
1514                 wake_up(&km_waitq);
1515 }
1516
1517 EXPORT_SYMBOL(km_state_expired);
1518 /*
1519  * We send to all registered managers regardless of failure
1520  * We are happy with one success
1521 */
1522 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1523 {
1524         int err = -EINVAL, acqret;
1525         struct xfrm_mgr *km;
1526
1527         read_lock(&xfrm_km_lock);
1528         list_for_each_entry(km, &xfrm_km_list, list) {
1529                 acqret = km->acquire(x, t, pol, XFRM_POLICY_OUT);
1530                 if (!acqret)
1531                         err = acqret;
1532         }
1533         read_unlock(&xfrm_km_lock);
1534         return err;
1535 }
1536 EXPORT_SYMBOL(km_query);
1537
1538 int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1539 {
1540         int err = -EINVAL;
1541         struct xfrm_mgr *km;
1542
1543         read_lock(&xfrm_km_lock);
1544         list_for_each_entry(km, &xfrm_km_list, list) {
1545                 if (km->new_mapping)
1546                         err = km->new_mapping(x, ipaddr, sport);
1547                 if (!err)
1548                         break;
1549         }
1550         read_unlock(&xfrm_km_lock);
1551         return err;
1552 }
1553 EXPORT_SYMBOL(km_new_mapping);
1554
1555 void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid)
1556 {
1557         struct km_event c;
1558
1559         c.data.hard = hard;
1560         c.pid = pid;
1561         c.event = XFRM_MSG_POLEXPIRE;
1562         km_policy_notify(pol, dir, &c);
1563
1564         if (hard)
1565                 wake_up(&km_waitq);
1566 }
1567 EXPORT_SYMBOL(km_policy_expired);
1568
1569 int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
1570                struct xfrm_migrate *m, int num_migrate)
1571 {
1572         int err = -EINVAL;
1573         int ret;
1574         struct xfrm_mgr *km;
1575
1576         read_lock(&xfrm_km_lock);
1577         list_for_each_entry(km, &xfrm_km_list, list) {
1578                 if (km->migrate) {
1579                         ret = km->migrate(sel, dir, type, m, num_migrate);
1580                         if (!ret)
1581                                 err = ret;
1582                 }
1583         }
1584         read_unlock(&xfrm_km_lock);
1585         return err;
1586 }
1587 EXPORT_SYMBOL(km_migrate);
1588
1589 int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr)
1590 {
1591         int err = -EINVAL;
1592         int ret;
1593         struct xfrm_mgr *km;
1594
1595         read_lock(&xfrm_km_lock);
1596         list_for_each_entry(km, &xfrm_km_list, list) {
1597                 if (km->report) {
1598                         ret = km->report(proto, sel, addr);
1599                         if (!ret)
1600                                 err = ret;
1601                 }
1602         }
1603         read_unlock(&xfrm_km_lock);
1604         return err;
1605 }
1606 EXPORT_SYMBOL(km_report);
1607
1608 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
1609 {
1610         int err;
1611         u8 *data;
1612         struct xfrm_mgr *km;
1613         struct xfrm_policy *pol = NULL;
1614
1615         if (optlen <= 0 || optlen > PAGE_SIZE)
1616                 return -EMSGSIZE;
1617
1618         data = kmalloc(optlen, GFP_KERNEL);
1619         if (!data)
1620                 return -ENOMEM;
1621
1622         err = -EFAULT;
1623         if (copy_from_user(data, optval, optlen))
1624                 goto out;
1625
1626         err = -EINVAL;
1627         read_lock(&xfrm_km_lock);
1628         list_for_each_entry(km, &xfrm_km_list, list) {
1629                 pol = km->compile_policy(sk, optname, data,
1630                                          optlen, &err);
1631                 if (err >= 0)
1632                         break;
1633         }
1634         read_unlock(&xfrm_km_lock);
1635
1636         if (err >= 0) {
1637                 xfrm_sk_policy_insert(sk, err, pol);
1638                 xfrm_pol_put(pol);
1639                 err = 0;
1640         }
1641
1642 out:
1643         kfree(data);
1644         return err;
1645 }
1646 EXPORT_SYMBOL(xfrm_user_policy);
1647
1648 int xfrm_register_km(struct xfrm_mgr *km)
1649 {
1650         write_lock_bh(&xfrm_km_lock);
1651         list_add_tail(&km->list, &xfrm_km_list);
1652         write_unlock_bh(&xfrm_km_lock);
1653         return 0;
1654 }
1655 EXPORT_SYMBOL(xfrm_register_km);
1656
1657 int xfrm_unregister_km(struct xfrm_mgr *km)
1658 {
1659         write_lock_bh(&xfrm_km_lock);
1660         list_del(&km->list);
1661         write_unlock_bh(&xfrm_km_lock);
1662         return 0;
1663 }
1664 EXPORT_SYMBOL(xfrm_unregister_km);
1665
1666 int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo)
1667 {
1668         int err = 0;
1669         if (unlikely(afinfo == NULL))
1670                 return -EINVAL;
1671         if (unlikely(afinfo->family >= NPROTO))
1672                 return -EAFNOSUPPORT;
1673         write_lock_bh(&xfrm_state_afinfo_lock);
1674         if (unlikely(xfrm_state_afinfo[afinfo->family] != NULL))
1675                 err = -ENOBUFS;
1676         else
1677                 xfrm_state_afinfo[afinfo->family] = afinfo;
1678         write_unlock_bh(&xfrm_state_afinfo_lock);
1679         return err;
1680 }
1681 EXPORT_SYMBOL(xfrm_state_register_afinfo);
1682
1683 int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo)
1684 {
1685         int err = 0;
1686         if (unlikely(afinfo == NULL))
1687                 return -EINVAL;
1688         if (unlikely(afinfo->family >= NPROTO))
1689                 return -EAFNOSUPPORT;
1690         write_lock_bh(&xfrm_state_afinfo_lock);
1691         if (likely(xfrm_state_afinfo[afinfo->family] != NULL)) {
1692                 if (unlikely(xfrm_state_afinfo[afinfo->family] != afinfo))
1693                         err = -EINVAL;
1694                 else
1695                         xfrm_state_afinfo[afinfo->family] = NULL;
1696         }
1697         write_unlock_bh(&xfrm_state_afinfo_lock);
1698         return err;
1699 }
1700 EXPORT_SYMBOL(xfrm_state_unregister_afinfo);
1701
1702 struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned short family)
1703 {
1704         struct xfrm_state_afinfo *afinfo;
1705         if (unlikely(family >= NPROTO))
1706                 return NULL;
1707         read_lock(&xfrm_state_afinfo_lock);
1708         afinfo = xfrm_state_afinfo[family];
1709         if (unlikely(!afinfo))
1710                 read_unlock(&xfrm_state_afinfo_lock);
1711         return afinfo;
1712 }
1713
1714 void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo)
1715 {
1716         read_unlock(&xfrm_state_afinfo_lock);
1717 }
1718
1719 EXPORT_SYMBOL(xfrm_state_get_afinfo);
1720 EXPORT_SYMBOL(xfrm_state_put_afinfo);
1721
1722 /* Temporarily located here until net/xfrm/xfrm_tunnel.c is created */
1723 void xfrm_state_delete_tunnel(struct xfrm_state *x)
1724 {
1725         if (x->tunnel) {
1726                 struct xfrm_state *t = x->tunnel;
1727
1728                 if (atomic_read(&t->tunnel_users) == 2)
1729                         xfrm_state_delete(t);
1730                 atomic_dec(&t->tunnel_users);
1731                 xfrm_state_put(t);
1732                 x->tunnel = NULL;
1733         }
1734 }
1735 EXPORT_SYMBOL(xfrm_state_delete_tunnel);
1736
1737 int xfrm_state_mtu(struct xfrm_state *x, int mtu)
1738 {
1739         int res;
1740
1741         spin_lock_bh(&x->lock);
1742         if (x->km.state == XFRM_STATE_VALID &&
1743             x->type && x->type->get_mtu)
1744                 res = x->type->get_mtu(x, mtu);
1745         else
1746                 res = mtu - x->props.header_len;
1747         spin_unlock_bh(&x->lock);
1748         return res;
1749 }
1750
1751 int xfrm_init_state(struct xfrm_state *x)
1752 {
1753         struct xfrm_state_afinfo *afinfo;
1754         int family = x->props.family;
1755         int err;
1756
1757         err = -EAFNOSUPPORT;
1758         afinfo = xfrm_state_get_afinfo(family);
1759         if (!afinfo)
1760                 goto error;
1761
1762         err = 0;
1763         if (afinfo->init_flags)
1764                 err = afinfo->init_flags(x);
1765
1766         xfrm_state_put_afinfo(afinfo);
1767
1768         if (err)
1769                 goto error;
1770
1771         err = -EPROTONOSUPPORT;
1772         x->type = xfrm_get_type(x->id.proto, family);
1773         if (x->type == NULL)
1774                 goto error;
1775
1776         err = x->type->init_state(x);
1777         if (err)
1778                 goto error;
1779
1780         x->mode = xfrm_get_mode(x->props.mode, family);
1781         if (x->mode == NULL)
1782                 goto error;
1783
1784         x->km.state = XFRM_STATE_VALID;
1785
1786 error:
1787         return err;
1788 }
1789
1790 EXPORT_SYMBOL(xfrm_init_state);
1791
1792 void __init xfrm_state_init(void)
1793 {
1794         unsigned int sz;
1795
1796         sz = sizeof(struct hlist_head) * 8;
1797
1798         xfrm_state_bydst = xfrm_hash_alloc(sz);
1799         xfrm_state_bysrc = xfrm_hash_alloc(sz);
1800         xfrm_state_byspi = xfrm_hash_alloc(sz);
1801         if (!xfrm_state_bydst || !xfrm_state_bysrc || !xfrm_state_byspi)
1802                 panic("XFRM: Cannot allocate bydst/bysrc/byspi hashes.");
1803         xfrm_state_hmask = ((sz / sizeof(struct hlist_head)) - 1);
1804
1805         INIT_WORK(&xfrm_state_gc_work, xfrm_state_gc_task);
1806 }
1807
1808 #ifdef CONFIG_AUDITSYSCALL
1809 static inline void xfrm_audit_common_stateinfo(struct xfrm_state *x,
1810                                                struct audit_buffer *audit_buf)
1811 {
1812         if (x->security)
1813                 audit_log_format(audit_buf, " sec_alg=%u sec_doi=%u sec_obj=%s",
1814                                  x->security->ctx_alg, x->security->ctx_doi,
1815                                  x->security->ctx_str);
1816
1817         switch(x->props.family) {
1818         case AF_INET:
1819                 audit_log_format(audit_buf, " src=%u.%u.%u.%u dst=%u.%u.%u.%u",
1820                                  NIPQUAD(x->props.saddr.a4),
1821                                  NIPQUAD(x->id.daddr.a4));
1822                 break;
1823         case AF_INET6:
1824                 {
1825                         struct in6_addr saddr6, daddr6;
1826
1827                         memcpy(&saddr6, x->props.saddr.a6,
1828                                 sizeof(struct in6_addr));
1829                         memcpy(&daddr6, x->id.daddr.a6,
1830                                 sizeof(struct in6_addr));
1831                         audit_log_format(audit_buf,
1832                                          " src=" NIP6_FMT " dst=" NIP6_FMT,
1833                                          NIP6(saddr6), NIP6(daddr6));
1834                 }
1835                 break;
1836         }
1837 }
1838
1839 void
1840 xfrm_audit_state_add(struct xfrm_state *x, int result, u32 auid, u32 sid)
1841 {
1842         struct audit_buffer *audit_buf;
1843         extern int audit_enabled;
1844
1845         if (audit_enabled == 0)
1846                 return;
1847         audit_buf = xfrm_audit_start(sid, auid);
1848         if (audit_buf == NULL)
1849                 return;
1850         audit_log_format(audit_buf, " op=SAD-add res=%u",result);
1851         xfrm_audit_common_stateinfo(x, audit_buf);
1852         audit_log_format(audit_buf, " spi=%lu(0x%lx)",
1853                          (unsigned long)x->id.spi, (unsigned long)x->id.spi);
1854         audit_log_end(audit_buf);
1855 }
1856 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
1857
1858 void
1859 xfrm_audit_state_delete(struct xfrm_state *x, int result, u32 auid, u32 sid)
1860 {
1861         struct audit_buffer *audit_buf;
1862         extern int audit_enabled;
1863
1864         if (audit_enabled == 0)
1865                 return;
1866         audit_buf = xfrm_audit_start(sid, auid);
1867         if (audit_buf == NULL)
1868                 return;
1869         audit_log_format(audit_buf, " op=SAD-delete res=%u",result);
1870         xfrm_audit_common_stateinfo(x, audit_buf);
1871         audit_log_format(audit_buf, " spi=%lu(0x%lx)",
1872                          (unsigned long)x->id.spi, (unsigned long)x->id.spi);
1873         audit_log_end(audit_buf);
1874 }
1875 EXPORT_SYMBOL_GPL(xfrm_audit_state_delete);
1876 #endif /* CONFIG_AUDITSYSCALL */