1 /*
2 * xfrm_state.c
3 *
4 * Changes:
5 * Mitsuru KANDA @USAGI
6 * Kazunori MIYAZAWA @USAGI
7 * Kunihiro Ishiguro <kunihiro@ipinfusion.com>
8 * IPv6 support
9 * YOSHIFUJI Hideaki @USAGI
10 * Split up af-specific functions
11 * Derek Atkins <derek@ihtfp.com>
12 * Add UDP Encapsulation
13 *
14 */
15
16 #include <linux/workqueue.h>
17 #include <net/xfrm.h>
18 #include <linux/pfkeyv2.h>
19 #include <linux/ipsec.h>
20 #include <linux/module.h>
21 #include <linux/cache.h>
22 #include <linux/audit.h>
23 #include <asm/uaccess.h>
24 #include <linux/ktime.h>
25 #include <linux/interrupt.h>
26 #include <linux/kernel.h>
27
28 #include "xfrm_hash.h"
29
30 /* Each xfrm_state may be linked to two tables:
31
32 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
33 2. Hash table by (daddr,family,reqid) to find what SAs exist for given
34 destination/tunnel endpoint. (output)
35 */
36
37 static DEFINE_SPINLOCK(xfrm_state_lock);
38
39 static unsigned int xfrm_state_hashmax __read_mostly = 1 * 1024 * 1024;
40 static unsigned int xfrm_state_genid;
41
42 static struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family);
43 static void xfrm_state_put_afinfo(struct xfrm_state_afinfo *afinfo);
44
45 #ifdef CONFIG_AUDITSYSCALL
46 static void xfrm_audit_state_replay(struct xfrm_state *x,
47 struct sk_buff *skb, __be32 net_seq);
48 #else
49 #define xfrm_audit_state_replay(x, s, sq) do { ; } while (0)
50 #endif /* CONFIG_AUDITSYSCALL */
51
52 static inline unsigned int xfrm_dst_hash(struct net *net,
53 xfrm_address_t *daddr,
54 xfrm_address_t *saddr,
55 u32 reqid,
56 unsigned short family)
57 {
58 return __xfrm_dst_hash(daddr, saddr, reqid, family, net->xfrm.state_hmask);
59 }
60
61 static inline unsigned int xfrm_src_hash(struct net *net,
62 xfrm_address_t *daddr,
63 xfrm_address_t *saddr,
64 unsigned short family)
65 {
66 return __xfrm_src_hash(daddr, saddr, family, net->xfrm.state_hmask);
67 }
68
69 static inline unsigned int
70 xfrm_spi_hash(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
71 {
72 return __xfrm_spi_hash(daddr, spi, proto, family, net->xfrm.state_hmask);
73 }
74
75 static void xfrm_hash_transfer(struct hlist_head *list,
76 struct hlist_head *ndsttable,
77 struct hlist_head *nsrctable,
78 struct hlist_head *nspitable,
79 unsigned int nhashmask)
80 {
81 struct hlist_node *entry, *tmp;
82 struct xfrm_state *x;
83
84 hlist_for_each_entry_safe(x, entry, tmp, list, bydst) {
85 unsigned int h;
86
87 h = __xfrm_dst_hash(&x->id.daddr, &x->props.saddr,
88 x->props.reqid, x->props.family,
89 nhashmask);
90 hlist_add_head(&x->bydst, ndsttable+h);
91
92 h = __xfrm_src_hash(&x->id.daddr, &x->props.saddr,
93 x->props.family,
94 nhashmask);
95 hlist_add_head(&x->bysrc, nsrctable+h);
96
97 if (x->id.spi) {
98 h = __xfrm_spi_hash(&x->id.daddr, x->id.spi,
99 x->id.proto, x->props.family,
100 nhashmask);
101 hlist_add_head(&x->byspi, nspitable+h);
102 }
103 }
104 }
105
106 static unsigned long xfrm_hash_new_size(unsigned int state_hmask)
107 {
108 return ((state_hmask + 1) << 1) * sizeof(struct hlist_head);
109 }
110
111 static DEFINE_MUTEX(hash_resize_mutex);
112
113 static void xfrm_hash_resize(struct work_struct *work)
114 {
115 struct net *net = container_of(work, struct net, xfrm.state_hash_work);
116 struct hlist_head *ndst, *nsrc, *nspi, *odst, *osrc, *ospi;
117 unsigned long nsize, osize;
118 unsigned int nhashmask, ohashmask;
119 int i;
120
121 mutex_lock(&hash_resize_mutex);
122
123 nsize = xfrm_hash_new_size(net->xfrm.state_hmask);
124 ndst = xfrm_hash_alloc(nsize);
125 if (!ndst)
126 goto out_unlock;
127 nsrc = xfrm_hash_alloc(nsize);
128 if (!nsrc) {
129 xfrm_hash_free(ndst, nsize);
130 goto out_unlock;
131 }
132 nspi = xfrm_hash_alloc(nsize);
133 if (!nspi) {
134 xfrm_hash_free(ndst, nsize);
135 xfrm_hash_free(nsrc, nsize);
136 goto out_unlock;
137 }
138
139 spin_lock_bh(&xfrm_state_lock);
140
141 nhashmask = (nsize / sizeof(struct hlist_head)) - 1U;
142 for (i = net->xfrm.state_hmask; i >= 0; i--)
143 xfrm_hash_transfer(net->xfrm.state_bydst+i, ndst, nsrc, nspi,
144 nhashmask);
145
146 odst = net->xfrm.state_bydst;
147 osrc = net->xfrm.state_bysrc;
148 ospi = net->xfrm.state_byspi;
149 ohashmask = net->xfrm.state_hmask;
150
151 net->xfrm.state_bydst = ndst;
152 net->xfrm.state_bysrc = nsrc;
153 net->xfrm.state_byspi = nspi;
154 net->xfrm.state_hmask = nhashmask;
155
156 spin_unlock_bh(&xfrm_state_lock);
157
158 osize = (ohashmask + 1) * sizeof(struct hlist_head);
159 xfrm_hash_free(odst, osize);
160 xfrm_hash_free(osrc, osize);
161 xfrm_hash_free(ospi, osize);
162
163 out_unlock:
164 mutex_unlock(&hash_resize_mutex);
165 }
166
167 static DEFINE_RWLOCK(xfrm_state_afinfo_lock);
168 static struct xfrm_state_afinfo *xfrm_state_afinfo[NPROTO];
169
170 static DEFINE_SPINLOCK(xfrm_state_gc_lock);
171
172 int __xfrm_state_delete(struct xfrm_state *x);
173
174 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
175 void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
176
177 static struct xfrm_state_afinfo *xfrm_state_lock_afinfo(unsigned int family)
178 {
179 struct xfrm_state_afinfo *afinfo;
180 if (unlikely(family >= NPROTO))
181 return NULL;
182 write_lock_bh(&xfrm_state_afinfo_lock);
183 afinfo = xfrm_state_afinfo[family];
184 if (unlikely(!afinfo))
185 write_unlock_bh(&xfrm_state_afinfo_lock);
186 return afinfo;
187 }
188
189 static void xfrm_state_unlock_afinfo(struct xfrm_state_afinfo *afinfo)
190 __releases(xfrm_state_afinfo_lock)
191 {
192 write_unlock_bh(&xfrm_state_afinfo_lock);
193 }
194
195 int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
196 {
197 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
198 const struct xfrm_type **typemap;
199 int err = 0;
200
201 if (unlikely(afinfo == NULL))
202 return -EAFNOSUPPORT;
203 typemap = afinfo->type_map;
204
205 if (likely(typemap[type->proto] == NULL))
206 typemap[type->proto] = type;
207 else
208 err = -EEXIST;
209 xfrm_state_unlock_afinfo(afinfo);
210 return err;
211 }
212 EXPORT_SYMBOL(xfrm_register_type);
213
214 int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
215 {
216 struct xfrm_state_afinfo *afinfo = xfrm_state_lock_afinfo(family);
217 const struct xfrm_type **typemap;
218 int err = 0;
219
220 if (unlikely(afinfo == NULL))
221 return -EAFNOSUPPORT;
222 typemap = afinfo->type_map;
223
224 if (unlikely(typemap[type->proto] != type))
225 err = -ENOENT;
226 else
227 typemap[type->proto] = NULL;
228 xfrm_state_unlock_afinfo(afinfo);
229 return err;
230 }
231 EXPORT_SYMBOL(xfrm_unregister_type);
232
233 static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
234 {
235 struct xfrm_state_afinfo *afinfo;
236 const struct xfrm_type **typemap;
237 const struct xfrm_type *type;
238 int modload_attempted = 0;
239
240 retry:
241 afinfo = xfrm_state_get_afinfo(family);
242 if (unlikely(afinfo == NULL))
243 return NULL;
244 typemap = afinfo->type_map;
245
246 type = typemap[proto];
247 if (unlikely(type && !try_module_get(type->owner)))
248 type = NULL;
249 if (!type && !modload_attempted) {
250 xfrm_state_put_afinfo(afinfo);
251 request_module("xfrm-type-%d-%d", family, proto);
252 modload_attempted = 1;
253 goto retry;
254 }
255
256 xfrm_state_put_afinfo(afinfo);
257 return type;
258 }
259
260 static void xfrm_put_type(const struct xfrm_type *type)
261 {
262 module_put(type->owner);
263 }
264
265 int xfrm_register_mode(struct xfrm_mode *mode, int family)
266 {
267 struct xfrm_state_afinfo *afinfo;
268 struct xfrm_mode **modemap;
269 int err;
270
271 if (unlikely(mode->encap >= XFRM_MODE_MAX))
272 return -EINVAL;
273
274 afinfo = xfrm_state_lock_afinfo(family);
275 if (unlikely(afinfo == NULL))
276 return -EAFNOSUPPORT;
277
278 err = -EEXIST;
279 modemap = afinfo->mode_map;
280 if (modemap[mode->encap])
281 goto out;
282
283 err = -ENOENT;
284 if (!try_module_get(afinfo->owner))
285 goto out;
286
287 mode->afinfo = afinfo;
288 modemap[mode->encap] = mode;
289 err = 0;
290
291 out:
292 xfrm_state_unlock_afinfo(afinfo);
293 return err;
294 }
295 EXPORT_SYMBOL(xfrm_register_mode);
296
297 int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
298 {
299 struct xfrm_state_afinfo *afinfo;
300 struct xfrm_mode **modemap;
301 int err;
302
303 if (unlikely(mode->encap >= XFRM_MODE_MAX))
304 return -EINVAL;
305
306 afinfo = xfrm_state_lock_afinfo(family);
307 if (unlikely(afinfo == NULL))
308 return -EAFNOSUPPORT;
309
310 err = -ENOENT;
311 modemap = afinfo->mode_map;
312 if (likely(modemap[mode->encap] == mode)) {
313 modemap[mode->encap] = NULL;
314 module_put(mode->afinfo->owner);
315 err = 0;
316 }
317
318 xfrm_state_unlock_afinfo(afinfo);
319 return err;
320 }
321 EXPORT_SYMBOL(xfrm_unregister_mode);
322
323 static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
324 {
325 struct xfrm_state_afinfo *afinfo;
326 struct xfrm_mode *mode;
327 int modload_attempted = 0;
328
329 if (unlikely(encap >= XFRM_MODE_MAX))
330 return NULL;
331
332 retry:
333 afinfo = xfrm_state_get_afinfo(family);
334 if (unlikely(afinfo == NULL))
335 return NULL;
336
337 mode = afinfo->mode_map[encap];
338 if (unlikely(mode && !try_module_get(mode->owner)))
339 mode = NULL;
340 if (!mode && !modload_attempted) {
341 xfrm_state_put_afinfo(afinfo);
342 request_module("xfrm-mode-%d-%d", family, encap);
343 modload_attempted = 1;
344 goto retry;
345 }
346
347 xfrm_state_put_afinfo(afinfo);
348 return mode;
349 }
350
351 static void xfrm_put_mode(struct xfrm_mode *mode)
352 {
353 module_put(mode->owner);
354 }
355
356 static void xfrm_state_gc_destroy(struct xfrm_state *x)
357 {
358 tasklet_hrtimer_cancel(&x->mtimer);
359 del_timer_sync(&x->rtimer);
360 kfree(x->aalg);
361 kfree(x->ealg);
362 kfree(x->calg);
363 kfree(x->encap);
364 kfree(x->coaddr);
365 if (x->inner_mode)
366 xfrm_put_mode(x->inner_mode);
367 if (x->inner_mode_iaf)
368 xfrm_put_mode(x->inner_mode_iaf);
369 if (x->outer_mode)
370 xfrm_put_mode(x->outer_mode);
371 if (x->type) {
372 x->type->destructor(x);
373 xfrm_put_type(x->type);
374 }
375 security_xfrm_state_free(x);
376 kfree(x);
377 }
378
379 static void xfrm_state_gc_task(struct work_struct *work)
380 {
381 struct net *net = container_of(work, struct net, xfrm.state_gc_work);
382 struct xfrm_state *x;
383 struct hlist_node *entry, *tmp;
384 struct hlist_head gc_list;
385
386 spin_lock_bh(&xfrm_state_gc_lock);
387 hlist_move_list(&net->xfrm.state_gc_list, &gc_list);
388 spin_unlock_bh(&xfrm_state_gc_lock);
389
390 hlist_for_each_entry_safe(x, entry, tmp, &gc_list, gclist)
391 xfrm_state_gc_destroy(x);
392
393 wake_up(&net->xfrm.km_waitq);
394 }
395
396 static inline unsigned long make_jiffies(long secs)
397 {
398 if (secs >= (MAX_SCHEDULE_TIMEOUT-1)/HZ)
399 return MAX_SCHEDULE_TIMEOUT-1;
400 else
401 return secs*HZ;
402 }
403
404 static enum hrtimer_restart xfrm_timer_handler(struct hrtimer * me)
405 {
406 struct tasklet_hrtimer *thr = container_of(me, struct tasklet_hrtimer, timer);
407 struct xfrm_state *x = container_of(thr, struct xfrm_state, mtimer);
408 struct net *net = xs_net(x);
409 unsigned long now = get_seconds();
410 long next = LONG_MAX;
411 int warn = 0;
412 int err = 0;
413
414 spin_lock(&x->lock);
415 if (x->km.state == XFRM_STATE_DEAD)
416 goto out;
417 if (x->km.state == XFRM_STATE_EXPIRED)
418 goto expired;
419 if (x->lft.hard_add_expires_seconds) {
420 long tmo = x->lft.hard_add_expires_seconds +
421 x->curlft.add_time - now;
422 if (tmo <= 0)
423 goto expired;
424 if (tmo < next)
425 next = tmo;
426 }
427 if (x->lft.hard_use_expires_seconds) {
428 long tmo = x->lft.hard_use_expires_seconds +
429 (x->curlft.use_time ? : now) - now;
430 if (tmo <= 0)
431 goto expired;
432 if (tmo < next)
433 next = tmo;
434 }
435 if (x->km.dying)
436 goto resched;
437 if (x->lft.soft_add_expires_seconds) {
438 long tmo = x->lft.soft_add_expires_seconds +
439 x->curlft.add_time - now;
440 if (tmo <= 0)
441 warn = 1;
442 else if (tmo < next)
443 next = tmo;
444 }
445 if (x->lft.soft_use_expires_seconds) {
446 long tmo = x->lft.soft_use_expires_seconds +
447 (x->curlft.use_time ? : now) - now;
448 if (tmo <= 0)
449 warn = 1;
450 else if (tmo < next)
451 next = tmo;
452 }
453
454 x->km.dying = warn;
455 if (warn)
456 km_state_expired(x, 0, 0);
457 resched:
458 if (next != LONG_MAX){
459 tasklet_hrtimer_start(&x->mtimer, ktime_set(next, 0), HRTIMER_MODE_REL);
460 }
461
462 goto out;
463
464 expired:
465 if (x->km.state == XFRM_STATE_ACQ && x->id.spi == 0) {
466 x->km.state = XFRM_STATE_EXPIRED;
467 wake_up(&net->xfrm.km_waitq);
468 next = 2;
469 goto resched;
470 }
471
472 err = __xfrm_state_delete(x);
473 if (!err && x->id.spi)
474 km_state_expired(x, 1, 0);
475
476 xfrm_audit_state_delete(x, err ? 0 : 1,
477 audit_get_loginuid(current),
478 audit_get_sessionid(current), 0);
479
480 out:
481 spin_unlock(&x->lock);
482 return HRTIMER_NORESTART;
483 }
484
485 static void xfrm_replay_timer_handler(unsigned long data);
486
487 struct xfrm_state *xfrm_state_alloc(struct net *net)
488 {
489 struct xfrm_state *x;
490
491 x = kzalloc(sizeof(struct xfrm_state), GFP_ATOMIC);
492
493 if (x) {
494 write_pnet(&x->xs_net, net);
495 atomic_set(&x->refcnt, 1);
496 atomic_set(&x->tunnel_users, 0);
497 INIT_LIST_HEAD(&x->km.all);
498 INIT_HLIST_NODE(&x->bydst);
499 INIT_HLIST_NODE(&x->bysrc);
500 INIT_HLIST_NODE(&x->byspi);
501 tasklet_hrtimer_init(&x->mtimer, xfrm_timer_handler, CLOCK_REALTIME, HRTIMER_MODE_ABS);
502 setup_timer(&x->rtimer, xfrm_replay_timer_handler,
503 (unsigned long)x);
504 x->curlft.add_time = get_seconds();
505 x->lft.soft_byte_limit = XFRM_INF;
506 x->lft.soft_packet_limit = XFRM_INF;
507 x->lft.hard_byte_limit = XFRM_INF;
508 x->lft.hard_packet_limit = XFRM_INF;
509 x->replay_maxage = 0;
510 x->replay_maxdiff = 0;
511 x->inner_mode = NULL;
512 x->inner_mode_iaf = NULL;
513 spin_lock_init(&x->lock);
514 }
515 return x;
516 }
517 EXPORT_SYMBOL(xfrm_state_alloc);
518
519 void __xfrm_state_destroy(struct xfrm_state *x)
520 {
521 struct net *net = xs_net(x);
522
523 WARN_ON(x->km.state != XFRM_STATE_DEAD);
524
525 spin_lock_bh(&xfrm_state_gc_lock);
526 hlist_add_head(&x->gclist, &net->xfrm.state_gc_list);
527 spin_unlock_bh(&xfrm_state_gc_lock);
528 schedule_work(&net->xfrm.state_gc_work);
529 }
530 EXPORT_SYMBOL(__xfrm_state_destroy);
531
532 int __xfrm_state_delete(struct xfrm_state *x)
533 {
534 struct net *net = xs_net(x);
535 int err = -ESRCH;
536
537 if (x->km.state != XFRM_STATE_DEAD) {
538 x->km.state = XFRM_STATE_DEAD;
539 spin_lock(&xfrm_state_lock);
540 list_del(&x->km.all);
541 hlist_del(&x->bydst);
542 hlist_del(&x->bysrc);
543 if (x->id.spi)
544 hlist_del(&x->byspi);
545 net->xfrm.state_num--;
546 spin_unlock(&xfrm_state_lock);
547
548 /* All xfrm_state objects are created by xfrm_state_alloc.
549 * The xfrm_state_alloc call gives a reference, and that
550 * is what we are dropping here.
551 */
552 xfrm_state_put(x);
553 err = 0;
554 }
555
556 return err;
557 }
558 EXPORT_SYMBOL(__xfrm_state_delete);
559
560 int xfrm_state_delete(struct xfrm_state *x)
561 {
562 int err;
563
564 spin_lock_bh(&x->lock);
565 err = __xfrm_state_delete(x);
566 spin_unlock_bh(&x->lock);
567
568 return err;
569 }
570 EXPORT_SYMBOL(xfrm_state_delete);
571
572 #ifdef CONFIG_SECURITY_NETWORK_XFRM
573 static inline int
574 xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
575 {
576 int i, err = 0;
577
578 for (i = 0; i <= net->xfrm.state_hmask; i++) {
579 struct hlist_node *entry;
580 struct xfrm_state *x;
581
582 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
583 if (xfrm_id_proto_match(x->id.proto, proto) &&
584 (err = security_xfrm_state_delete(x)) != 0) {
585 xfrm_audit_state_delete(x, 0,
586 audit_info->loginuid,
587 audit_info->sessionid,
588 audit_info->secid);
589 return err;
590 }
591 }
592 }
593
594 return err;
595 }
596 #else
597 static inline int
598 xfrm_state_flush_secctx_check(struct net *net, u8 proto, struct xfrm_audit *audit_info)
599 {
600 return 0;
601 }
602 #endif
603
604 int xfrm_state_flush(struct net *net, u8 proto, struct xfrm_audit *audit_info)
605 {
606 int i, err = 0;
607
608 spin_lock_bh(&xfrm_state_lock);
609 err = xfrm_state_flush_secctx_check(net, proto, audit_info);
610 if (err)
611 goto out;
612
613 for (i = 0; i <= net->xfrm.state_hmask; i++) {
614 struct hlist_node *entry;
615 struct xfrm_state *x;
616 restart:
617 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+i, bydst) {
618 if (!xfrm_state_kern(x) &&
619 xfrm_id_proto_match(x->id.proto, proto)) {
620 xfrm_state_hold(x);
621 spin_unlock_bh(&xfrm_state_lock);
622
623 err = xfrm_state_delete(x);
624 xfrm_audit_state_delete(x, err ? 0 : 1,
625 audit_info->loginuid,
626 audit_info->sessionid,
627 audit_info->secid);
628 xfrm_state_put(x);
629
630 spin_lock_bh(&xfrm_state_lock);
631 goto restart;
632 }
633 }
634 }
635 err = 0;
636
637 out:
638 spin_unlock_bh(&xfrm_state_lock);
639 wake_up(&net->xfrm.km_waitq);
640 return err;
641 }
642 EXPORT_SYMBOL(xfrm_state_flush);
643
644 void xfrm_sad_getinfo(struct net *net, struct xfrmk_sadinfo *si)
645 {
646 spin_lock_bh(&xfrm_state_lock);
647 si->sadcnt = net->xfrm.state_num;
648 si->sadhcnt = net->xfrm.state_hmask;
649 si->sadhmcnt = xfrm_state_hashmax;
650 spin_unlock_bh(&xfrm_state_lock);
651 }
652 EXPORT_SYMBOL(xfrm_sad_getinfo);
653
654 static int
655 xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl,
656 struct xfrm_tmpl *tmpl,
657 xfrm_address_t *daddr, xfrm_address_t *saddr,
658 unsigned short family)
659 {
660 struct xfrm_state_afinfo *afinfo = xfrm_state_get_afinfo(family);
661 if (!afinfo)
662 return -1;
663 afinfo->init_tempsel(x, fl, tmpl, daddr, saddr);
664 xfrm_state_put_afinfo(afinfo);
665 return 0;
666 }
667
668 static struct xfrm_state *__xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family)
669 {
670 unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family);
671 struct xfrm_state *x;
672 struct hlist_node *entry;
673
674 hlist_for_each_entry(x, entry, net->xfrm.state_byspi+h, byspi) {
675 if (x->props.family != family ||
676 x->id.spi != spi ||
677 x->id.proto != proto ||
678 xfrm_addr_cmp(&x->id.daddr, daddr, family))
679 continue;
680
681 xfrm_state_hold(x);
682 return x;
683 }
684
685 return NULL;
686 }
687
688 static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family)
689 {
690 unsigned int h = xfrm_src_hash(net, daddr, saddr, family);
691 struct xfrm_state *x;
692 struct hlist_node *entry;
693
694 hlist_for_each_entry(x, entry, net->xfrm.state_bysrc+h, bysrc) {
695 if (x->props.family != family ||
696 x->id.proto != proto ||
697 xfrm_addr_cmp(&x->id.daddr, daddr, family) ||
698 xfrm_addr_cmp(&x->props.saddr, saddr, family))
699 continue;
700
701 xfrm_state_hold(x);
702 return x;
703 }
704
705 return NULL;
706 }
707
708 static inline struct xfrm_state *
709 __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family)
710 {
711 struct net *net = xs_net(x);
712
713 if (use_spi)
714 return __xfrm_state_lookup(net, &x->id.daddr, x->id.spi,
715 x->id.proto, family);
716 else
717 return __xfrm_state_lookup_byaddr(net, &x->id.daddr,
718 &x->props.saddr,
719 x->id.proto, family);
720 }
721
722 static void xfrm_hash_grow_check(struct net *net, int have_hash_collision)
723 {
724 if (have_hash_collision &&
725 (net->xfrm.state_hmask + 1) < xfrm_state_hashmax &&
726 net->xfrm.state_num > net->xfrm.state_hmask)
727 schedule_work(&net->xfrm.state_hash_work);
728 }
729
730 static void xfrm_state_look_at(struct xfrm_policy *pol, struct xfrm_state *x,
731 struct flowi *fl, unsigned short family,
732 xfrm_address_t *daddr, xfrm_address_t *saddr,
733 struct xfrm_state **best, int *acq_in_progress,
734 int *error)
735 {
736 /* Resolution logic:
737 * 1. There is a valid state with matching selector. Done.
738 * 2. Valid state with inappropriate selector. Skip.
739 *
740 * Entering area of "sysdeps".
741 *
742 * 3. If state is not valid, selector is temporary, it selects
743 * only session which triggered previous resolution. Key
744 * manager will do something to install a state with proper
745 * selector.
746 */
747 if (x->km.state == XFRM_STATE_VALID) {
748 if ((x->sel.family &&
749 !xfrm_selector_match(&x->sel, fl, x->sel.family)) ||
750 !security_xfrm_state_pol_flow_match(x, pol, fl))
751 return;
752
753 if (!*best ||
754 (*best)->km.dying > x->km.dying ||
755 ((*best)->km.dying == x->km.dying &&
756 (*best)->curlft.add_time < x->curlft.add_time))
757 *best = x;
758 } else if (x->km.state == XFRM_STATE_ACQ) {
759 *acq_in_progress = 1;
760 } else if (x->km.state == XFRM_STATE_ERROR ||
761 x->km.state == XFRM_STATE_EXPIRED) {
762 if (xfrm_selector_match(&x->sel, fl, x->sel.family) &&
763 security_xfrm_state_pol_flow_match(x, pol, fl))
764 *error = -ESRCH;
765 }
766 }
767
768 struct xfrm_state *
769 xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
770 struct flowi *fl, struct xfrm_tmpl *tmpl,
771 struct xfrm_policy *pol, int *err,
772 unsigned short family)
773 {
774 static xfrm_address_t saddr_wildcard = { };
775 struct net *net = xp_net(pol);
776 unsigned int h, h_wildcard;
777 struct hlist_node *entry;
778 struct xfrm_state *x, *x0, *to_put;
779 int acquire_in_progress = 0;
780 int error = 0;
781 struct xfrm_state *best = NULL;
782
783 to_put = NULL;
784
785 spin_lock_bh(&xfrm_state_lock);
786 h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, family);
787 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
788 if (x->props.family == family &&
789 x->props.reqid == tmpl->reqid &&
790 !(x->props.flags & XFRM_STATE_WILDRECV) &&
791 xfrm_state_addr_check(x, daddr, saddr, family) &&
792 tmpl->mode == x->props.mode &&
793 tmpl->id.proto == x->id.proto &&
794 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
795 xfrm_state_look_at(pol, x, fl, family, daddr, saddr,
796 &best, &acquire_in_progress, &error);
797 }
798 if (best)
799 goto found;
800
801 h_wildcard = xfrm_dst_hash(net, daddr, &saddr_wildcard, tmpl->reqid, family);
802 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h_wildcard, bydst) {
803 if (x->props.family == family &&
804 x->props.reqid == tmpl->reqid &&
805 !(x->props.flags & XFRM_STATE_WILDRECV) &&
806 xfrm_state_addr_check(x, daddr, saddr, family) &&
807 tmpl->mode == x->props.mode &&
808 tmpl->id.proto == x->id.proto &&
809 (tmpl->id.spi == x->id.spi || !tmpl->id.spi))
810 xfrm_state_look_at(pol, x, fl, family, daddr, saddr,
811 &best, &acquire_in_progress, &error);
812 }
813
814 found:
815 x = best;
816 if (!x && !error && !acquire_in_progress) {
817 if (tmpl->id.spi &&
818 (x0 = __xfrm_state_lookup(net, daddr, tmpl->id.spi,
819 tmpl->id.proto, family)) != NULL) {
820 to_put = x0;
821 error = -EEXIST;
822 goto out;
823 }
824 x = xfrm_state_alloc(net);
825 if (x == NULL) {
826 error = -ENOMEM;
827 goto out;
828 }
829 /* Initialize temporary selector matching only
830 * to current session. */
831 xfrm_init_tempsel(x, fl, tmpl, daddr, saddr, family);
832
833 error = security_xfrm_state_alloc_acquire(x, pol->security, fl->secid);
834 if (error) {
835 x->km.state = XFRM_STATE_DEAD;
836 to_put = x;
837 x = NULL;
838 goto out;
839 }
840
841 if (km_query(x, tmpl, pol) == 0) {
842 x->km.state = XFRM_STATE_ACQ;
843 list_add(&x->km.all, &net->xfrm.state_all);
844 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
845 h = xfrm_src_hash(net, daddr, saddr, family);
846 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
847 if (x->id.spi) {
848 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, family);
849 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
850 }
851 x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
852 tasklet_hrtimer_start(&x->mtimer, ktime_set(net->xfrm.sysctl_acq_expires, 0), HRTIMER_MODE_REL);
853 net->xfrm.state_num++;
854 xfrm_hash_grow_check(net, x->bydst.next != NULL);
855 } else {
856 x->km.state = XFRM_STATE_DEAD;
857 to_put = x;
858 x = NULL;
859 error = -ESRCH;
860 }
861 }
862 out:
863 if (x)
864 xfrm_state_hold(x);
865 else
866 *err = acquire_in_progress ? -EAGAIN : error;
867 spin_unlock_bh(&xfrm_state_lock);
868 if (to_put)
869 xfrm_state_put(to_put);
870 return x;
871 }
872
873 struct xfrm_state *
874 xfrm_stateonly_find(struct net *net,
875 xfrm_address_t *daddr, xfrm_address_t *saddr,
876 unsigned short family, u8 mode, u8 proto, u32 reqid)
877 {
878 unsigned int h;
879 struct xfrm_state *rx = NULL, *x = NULL;
880 struct hlist_node *entry;
881
882 spin_lock(&xfrm_state_lock);
883 h = xfrm_dst_hash(net, daddr, saddr, reqid, family);
884 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
885 if (x->props.family == family &&
886 x->props.reqid == reqid &&
887 !(x->props.flags & XFRM_STATE_WILDRECV) &&
888 xfrm_state_addr_check(x, daddr, saddr, family) &&
889 mode == x->props.mode &&
890 proto == x->id.proto &&
891 x->km.state == XFRM_STATE_VALID) {
892 rx = x;
893 break;
894 }
895 }
896
897 if (rx)
898 xfrm_state_hold(rx);
899 spin_unlock(&xfrm_state_lock);
900
901
902 return rx;
903 }
904 EXPORT_SYMBOL(xfrm_stateonly_find);
905
906 static void __xfrm_state_insert(struct xfrm_state *x)
907 {
908 struct net *net = xs_net(x);
909 unsigned int h;
910
911 x->genid = ++xfrm_state_genid;
912
913 list_add(&x->km.all, &net->xfrm.state_all);
914
915 h = xfrm_dst_hash(net, &x->id.daddr, &x->props.saddr,
916 x->props.reqid, x->props.family);
917 hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
918
919 h = xfrm_src_hash(net, &x->id.daddr, &x->props.saddr, x->props.family);
920 hlist_add_head(&x->bysrc, net->xfrm.state_bysrc+h);
921
922 if (x->id.spi) {
923 h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto,
924 x->props.family);
925
926 hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
927 }
928
929 tasklet_hrtimer_start(&x->mtimer, ktime_set(1, 0), HRTIMER_MODE_REL);
930 if (x->replay_maxage)
931 mod_timer(&x->rtimer, jiffies + x->replay_maxage);
932
933 wake_up(&net->xfrm.km_waitq);
934
935 net->xfrm.state_num++;
936
937 xfrm_hash_grow_check(net, x->bydst.next != NULL);
938 }
939
940 /* xfrm_state_lock is held */
941 static void __xfrm_state_bump_genids(struct xfrm_state *xnew)
942 {
943 struct net *net = xs_net(xnew);
944 unsigned short family = xnew->props.family;
945 u32 reqid = xnew->props.reqid;
946 struct xfrm_state *x;
947 struct hlist_node *entry;
948 unsigned int h;
949
950 h = xfrm_dst_hash(net, &xnew->id.daddr, &xnew->props.saddr, reqid, family);
951 hlist_for_each_entry(x, entry, net->xfrm.state_bydst+h, bydst) {
952 if (x->props.family == family &&
953 x->props.reqid == reqid &&
954 !xfrm_addr_cmp(&x->id.daddr, &xnew->id.daddr, family) &&
955 !xfrm_addr_cmp(&x->props.saddr, &xnew->props.saddr, family))
956 x->genid = xfrm_state_genid;
957 }
958 }
959
960 void xfrm_state_insert(struct xfrm_state *x)
961 {
962 spin_lock_bh(&xfrm_state_lock);
963 __xfrm_state_bump_genids(x);
964 __xfrm_state_insert(x);
965 spin_unlock_bh(&xfrm_state_lock);
966 }
967 EXPORT_SYMBOL(xfrm_state_insert);
968
969 /* xfrm_state_lock is held */