aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_policy.c38
-rw-r--r--net/xfrm/xfrm_state.c2
-rw-r--r--net/xfrm/xfrm_user.c58
3 files changed, 63 insertions, 35 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index ba924d40df7d..f6c77bd36fdd 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -50,6 +50,40 @@ static void xfrm_policy_put_afinfo(struct xfrm_policy_afinfo *afinfo);
50static struct xfrm_policy_afinfo *xfrm_policy_lock_afinfo(unsigned int family); 50static struct xfrm_policy_afinfo *xfrm_policy_lock_afinfo(unsigned int family);
51static void xfrm_policy_unlock_afinfo(struct xfrm_policy_afinfo *afinfo); 51static void xfrm_policy_unlock_afinfo(struct xfrm_policy_afinfo *afinfo);
52 52
53static inline int
54__xfrm4_selector_match(struct xfrm_selector *sel, struct flowi *fl)
55{
56 return addr_match(&fl->fl4_dst, &sel->daddr, sel->prefixlen_d) &&
57 addr_match(&fl->fl4_src, &sel->saddr, sel->prefixlen_s) &&
58 !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) &&
59 !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) &&
60 (fl->proto == sel->proto || !sel->proto) &&
61 (fl->oif == sel->ifindex || !sel->ifindex);
62}
63
64static inline int
65__xfrm6_selector_match(struct xfrm_selector *sel, struct flowi *fl)
66{
67 return addr_match(&fl->fl6_dst, &sel->daddr, sel->prefixlen_d) &&
68 addr_match(&fl->fl6_src, &sel->saddr, sel->prefixlen_s) &&
69 !((xfrm_flowi_dport(fl) ^ sel->dport) & sel->dport_mask) &&
70 !((xfrm_flowi_sport(fl) ^ sel->sport) & sel->sport_mask) &&
71 (fl->proto == sel->proto || !sel->proto) &&
72 (fl->oif == sel->ifindex || !sel->ifindex);
73}
74
75int xfrm_selector_match(struct xfrm_selector *sel, struct flowi *fl,
76 unsigned short family)
77{
78 switch (family) {
79 case AF_INET:
80 return __xfrm4_selector_match(sel, fl);
81 case AF_INET6:
82 return __xfrm6_selector_match(sel, fl);
83 }
84 return 0;
85}
86
53int xfrm_register_type(struct xfrm_type *type, unsigned short family) 87int xfrm_register_type(struct xfrm_type *type, unsigned short family)
54{ 88{
55 struct xfrm_policy_afinfo *afinfo = xfrm_policy_lock_afinfo(family); 89 struct xfrm_policy_afinfo *afinfo = xfrm_policy_lock_afinfo(family);
@@ -1177,6 +1211,7 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, struct flowi *fl,
1177 if (tmpl->mode == XFRM_MODE_TUNNEL) { 1211 if (tmpl->mode == XFRM_MODE_TUNNEL) {
1178 remote = &tmpl->id.daddr; 1212 remote = &tmpl->id.daddr;
1179 local = &tmpl->saddr; 1213 local = &tmpl->saddr;
1214 family = tmpl->encap_family;
1180 if (xfrm_addr_any(local, family)) { 1215 if (xfrm_addr_any(local, family)) {
1181 error = xfrm_get_saddr(&tmp, remote, family); 1216 error = xfrm_get_saddr(&tmp, remote, family);
1182 if (error) 1217 if (error)
@@ -1894,7 +1929,8 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
1894 1929
1895 if (fl && !xfrm_selector_match(&dst->xfrm->sel, fl, family)) 1930 if (fl && !xfrm_selector_match(&dst->xfrm->sel, fl, family))
1896 return 0; 1931 return 0;
1897 if (fl && !security_xfrm_flow_state_match(fl, dst->xfrm, pol)) 1932 if (fl && pol &&
1933 !security_xfrm_state_pol_flow_match(dst->xfrm, pol, fl))
1898 return 0; 1934 return 0;
1899 if (dst->xfrm->km.state != XFRM_STATE_VALID) 1935 if (dst->xfrm->km.state != XFRM_STATE_VALID)
1900 return 0; 1936 return 0;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 40c527179843..da54a64ccfa3 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1304,7 +1304,7 @@ int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol)
1304} 1304}
1305EXPORT_SYMBOL(km_query); 1305EXPORT_SYMBOL(km_query);
1306 1306
1307int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport) 1307int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport)
1308{ 1308{
1309 int err = -EINVAL; 1309 int err = -EINVAL;
1310 struct xfrm_mgr *km; 1310 struct xfrm_mgr *km;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index c4cde57d9216..6f97665983d2 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -244,11 +244,10 @@ static int attach_one_algo(struct xfrm_algo **algpp, u8 *props,
244 *props = algo->desc.sadb_alg_id; 244 *props = algo->desc.sadb_alg_id;
245 245
246 len = sizeof(*ualg) + (ualg->alg_key_len + 7U) / 8; 246 len = sizeof(*ualg) + (ualg->alg_key_len + 7U) / 8;
247 p = kmalloc(len, GFP_KERNEL); 247 p = kmemdup(ualg, len, GFP_KERNEL);
248 if (!p) 248 if (!p)
249 return -ENOMEM; 249 return -ENOMEM;
250 250
251 memcpy(p, ualg, len);
252 strcpy(p->alg_name, algo->name); 251 strcpy(p->alg_name, algo->name);
253 *algpp = p; 252 *algpp = p;
254 return 0; 253 return 0;
@@ -263,11 +262,10 @@ static int attach_encap_tmpl(struct xfrm_encap_tmpl **encapp, struct rtattr *u_a
263 return 0; 262 return 0;
264 263
265 uencap = RTA_DATA(rta); 264 uencap = RTA_DATA(rta);
266 p = kmalloc(sizeof(*p), GFP_KERNEL); 265 p = kmemdup(uencap, sizeof(*p), GFP_KERNEL);
267 if (!p) 266 if (!p)
268 return -ENOMEM; 267 return -ENOMEM;
269 268
270 memcpy(p, uencap, sizeof(*p));
271 *encapp = p; 269 *encapp = p;
272 return 0; 270 return 0;
273} 271}
@@ -305,11 +303,10 @@ static int attach_one_addr(xfrm_address_t **addrpp, struct rtattr *u_arg)
305 return 0; 303 return 0;
306 304
307 uaddrp = RTA_DATA(rta); 305 uaddrp = RTA_DATA(rta);
308 p = kmalloc(sizeof(*p), GFP_KERNEL); 306 p = kmemdup(uaddrp, sizeof(*p), GFP_KERNEL);
309 if (!p) 307 if (!p)
310 return -ENOMEM; 308 return -ENOMEM;
311 309
312 memcpy(p, uaddrp, sizeof(*p));
313 *addrpp = p; 310 *addrpp = p;
314 return 0; 311 return 0;
315} 312}
@@ -495,6 +492,7 @@ static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p,
495 goto out; 492 goto out;
496 } 493 }
497 494
495 err = -ESRCH;
498 x = xfrm_state_lookup_byaddr(&p->daddr, saddr, p->proto, 496 x = xfrm_state_lookup_byaddr(&p->daddr, saddr, p->proto,
499 p->family); 497 p->family);
500 } 498 }
@@ -652,7 +650,6 @@ static struct sk_buff *xfrm_state_netlink(struct sk_buff *in_skb,
652 if (!skb) 650 if (!skb)
653 return ERR_PTR(-ENOMEM); 651 return ERR_PTR(-ENOMEM);
654 652
655 NETLINK_CB(skb).dst_pid = NETLINK_CB(in_skb).pid;
656 info.in_skb = in_skb; 653 info.in_skb = in_skb;
657 info.out_skb = skb; 654 info.out_skb = skb;
658 info.nlmsg_seq = seq; 655 info.nlmsg_seq = seq;
@@ -772,7 +769,7 @@ out_noput:
772 return err; 769 return err;
773} 770}
774 771
775static int verify_policy_dir(__u8 dir) 772static int verify_policy_dir(u8 dir)
776{ 773{
777 switch (dir) { 774 switch (dir) {
778 case XFRM_POLICY_IN: 775 case XFRM_POLICY_IN:
@@ -787,7 +784,7 @@ static int verify_policy_dir(__u8 dir)
787 return 0; 784 return 0;
788} 785}
789 786
790static int verify_policy_type(__u8 type) 787static int verify_policy_type(u8 type)
791{ 788{
792 switch (type) { 789 switch (type) {
793 case XFRM_POLICY_TYPE_MAIN: 790 case XFRM_POLICY_TYPE_MAIN:
@@ -861,6 +858,7 @@ static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut,
861 int i; 858 int i;
862 859
863 xp->xfrm_nr = nr; 860 xp->xfrm_nr = nr;
861 xp->family = ut->family;
864 for (i = 0; i < nr; i++, ut++) { 862 for (i = 0; i < nr; i++, ut++) {
865 struct xfrm_tmpl *t = &xp->xfrm_vec[i]; 863 struct xfrm_tmpl *t = &xp->xfrm_vec[i];
866 864
@@ -874,6 +872,7 @@ static void copy_templates(struct xfrm_policy *xp, struct xfrm_user_tmpl *ut,
874 t->aalgos = ut->aalgos; 872 t->aalgos = ut->aalgos;
875 t->ealgos = ut->ealgos; 873 t->ealgos = ut->ealgos;
876 t->calgos = ut->calgos; 874 t->calgos = ut->calgos;
875 t->encap_family = ut->family;
877 } 876 }
878} 877}
879 878
@@ -900,7 +899,7 @@ static int copy_from_user_policy_type(u8 *tp, struct rtattr **xfrma)
900{ 899{
901 struct rtattr *rt = xfrma[XFRMA_POLICY_TYPE-1]; 900 struct rtattr *rt = xfrma[XFRMA_POLICY_TYPE-1];
902 struct xfrm_userpolicy_type *upt; 901 struct xfrm_userpolicy_type *upt;
903 __u8 type = XFRM_POLICY_TYPE_MAIN; 902 u8 type = XFRM_POLICY_TYPE_MAIN;
904 int err; 903 int err;
905 904
906 if (rt) { 905 if (rt) {
@@ -1027,7 +1026,7 @@ static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb)
1027 struct xfrm_tmpl *kp = &xp->xfrm_vec[i]; 1026 struct xfrm_tmpl *kp = &xp->xfrm_vec[i];
1028 1027
1029 memcpy(&up->id, &kp->id, sizeof(up->id)); 1028 memcpy(&up->id, &kp->id, sizeof(up->id));
1030 up->family = xp->family; 1029 up->family = kp->encap_family;
1031 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr)); 1030 memcpy(&up->saddr, &kp->saddr, sizeof(up->saddr));
1032 up->reqid = kp->reqid; 1031 up->reqid = kp->reqid;
1033 up->mode = kp->mode; 1032 up->mode = kp->mode;
@@ -1082,12 +1081,12 @@ static inline int copy_to_user_sec_ctx(struct xfrm_policy *xp, struct sk_buff *s
1082} 1081}
1083 1082
1084#ifdef CONFIG_XFRM_SUB_POLICY 1083#ifdef CONFIG_XFRM_SUB_POLICY
1085static int copy_to_user_policy_type(struct xfrm_policy *xp, struct sk_buff *skb) 1084static int copy_to_user_policy_type(u8 type, struct sk_buff *skb)
1086{ 1085{
1087 struct xfrm_userpolicy_type upt; 1086 struct xfrm_userpolicy_type upt;
1088 1087
1089 memset(&upt, 0, sizeof(upt)); 1088 memset(&upt, 0, sizeof(upt));
1090 upt.type = xp->type; 1089 upt.type = type;
1091 1090
1092 RTA_PUT(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt); 1091 RTA_PUT(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt);
1093 1092
@@ -1098,7 +1097,7 @@ rtattr_failure:
1098} 1097}
1099 1098
1100#else 1099#else
1101static inline int copy_to_user_policy_type(struct xfrm_policy *xp, struct sk_buff *skb) 1100static inline int copy_to_user_policy_type(u8 type, struct sk_buff *skb)
1102{ 1101{
1103 return 0; 1102 return 0;
1104} 1103}
@@ -1127,7 +1126,7 @@ static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr
1127 goto nlmsg_failure; 1126 goto nlmsg_failure;
1128 if (copy_to_user_sec_ctx(xp, skb)) 1127 if (copy_to_user_sec_ctx(xp, skb))
1129 goto nlmsg_failure; 1128 goto nlmsg_failure;
1130 if (copy_to_user_policy_type(xp, skb) < 0) 1129 if (copy_to_user_policy_type(xp->type, skb) < 0)
1131 goto nlmsg_failure; 1130 goto nlmsg_failure;
1132 1131
1133 nlh->nlmsg_len = skb->tail - b; 1132 nlh->nlmsg_len = skb->tail - b;
@@ -1170,7 +1169,6 @@ static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb,
1170 if (!skb) 1169 if (!skb)
1171 return ERR_PTR(-ENOMEM); 1170 return ERR_PTR(-ENOMEM);
1172 1171
1173 NETLINK_CB(skb).dst_pid = NETLINK_CB(in_skb).pid;
1174 info.in_skb = in_skb; 1172 info.in_skb = in_skb;
1175 info.out_skb = skb; 1173 info.out_skb = skb;
1176 info.nlmsg_seq = seq; 1174 info.nlmsg_seq = seq;
@@ -1189,7 +1187,7 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
1189{ 1187{
1190 struct xfrm_policy *xp; 1188 struct xfrm_policy *xp;
1191 struct xfrm_userpolicy_id *p; 1189 struct xfrm_userpolicy_id *p;
1192 __u8 type = XFRM_POLICY_TYPE_MAIN; 1190 u8 type = XFRM_POLICY_TYPE_MAIN;
1193 int err; 1191 int err;
1194 struct km_event c; 1192 struct km_event c;
1195 int delete; 1193 int delete;
@@ -1283,10 +1281,12 @@ static int build_aevent(struct sk_buff *skb, struct xfrm_state *x, struct km_eve
1283 id = NLMSG_DATA(nlh); 1281 id = NLMSG_DATA(nlh);
1284 nlh->nlmsg_flags = 0; 1282 nlh->nlmsg_flags = 0;
1285 1283
1286 id->sa_id.daddr = x->id.daddr; 1284 memcpy(&id->sa_id.daddr, &x->id.daddr,sizeof(x->id.daddr));
1287 id->sa_id.spi = x->id.spi; 1285 id->sa_id.spi = x->id.spi;
1288 id->sa_id.family = x->props.family; 1286 id->sa_id.family = x->props.family;
1289 id->sa_id.proto = x->id.proto; 1287 id->sa_id.proto = x->id.proto;
1288 memcpy(&id->saddr, &x->props.saddr,sizeof(x->props.saddr));
1289 id->reqid = x->props.reqid;
1290 id->flags = c->data.aevent; 1290 id->flags = c->data.aevent;
1291 1291
1292 RTA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay); 1292 RTA_PUT(skb, XFRMA_REPLAY_VAL, sizeof(x->replay), &x->replay);
@@ -1407,7 +1407,7 @@ out:
1407static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma) 1407static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfrma)
1408{ 1408{
1409 struct km_event c; 1409 struct km_event c;
1410 __u8 type = XFRM_POLICY_TYPE_MAIN; 1410 u8 type = XFRM_POLICY_TYPE_MAIN;
1411 int err; 1411 int err;
1412 1412
1413 err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma); 1413 err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma);
@@ -1428,7 +1428,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, void *
1428 struct xfrm_policy *xp; 1428 struct xfrm_policy *xp;
1429 struct xfrm_user_polexpire *up = NLMSG_DATA(nlh); 1429 struct xfrm_user_polexpire *up = NLMSG_DATA(nlh);
1430 struct xfrm_userpolicy_info *p = &up->pol; 1430 struct xfrm_userpolicy_info *p = &up->pol;
1431 __u8 type = XFRM_POLICY_TYPE_MAIN; 1431 u8 type = XFRM_POLICY_TYPE_MAIN;
1432 int err = -ENOENT; 1432 int err = -ENOENT;
1433 1433
1434 err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma); 1434 err = copy_from_user_policy_type(&type, (struct rtattr **)xfrma);
@@ -1907,7 +1907,7 @@ static int build_acquire(struct sk_buff *skb, struct xfrm_state *x,
1907 goto nlmsg_failure; 1907 goto nlmsg_failure;
1908 if (copy_to_user_state_sec_ctx(x, skb)) 1908 if (copy_to_user_state_sec_ctx(x, skb))
1909 goto nlmsg_failure; 1909 goto nlmsg_failure;
1910 if (copy_to_user_policy_type(xp, skb) < 0) 1910 if (copy_to_user_policy_type(xp->type, skb) < 0)
1911 goto nlmsg_failure; 1911 goto nlmsg_failure;
1912 1912
1913 nlh->nlmsg_len = skb->tail - b; 1913 nlh->nlmsg_len = skb->tail - b;
@@ -2017,7 +2017,7 @@ static int build_polexpire(struct sk_buff *skb, struct xfrm_policy *xp,
2017 goto nlmsg_failure; 2017 goto nlmsg_failure;
2018 if (copy_to_user_sec_ctx(xp, skb)) 2018 if (copy_to_user_sec_ctx(xp, skb))
2019 goto nlmsg_failure; 2019 goto nlmsg_failure;
2020 if (copy_to_user_policy_type(xp, skb) < 0) 2020 if (copy_to_user_policy_type(xp->type, skb) < 0)
2021 goto nlmsg_failure; 2021 goto nlmsg_failure;
2022 upe->hard = !!hard; 2022 upe->hard = !!hard;
2023 2023
@@ -2096,7 +2096,7 @@ static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *
2096 copy_to_user_policy(xp, p, dir); 2096 copy_to_user_policy(xp, p, dir);
2097 if (copy_to_user_tmpl(xp, skb) < 0) 2097 if (copy_to_user_tmpl(xp, skb) < 0)
2098 goto nlmsg_failure; 2098 goto nlmsg_failure;
2099 if (copy_to_user_policy_type(xp, skb) < 0) 2099 if (copy_to_user_policy_type(xp->type, skb) < 0)
2100 goto nlmsg_failure; 2100 goto nlmsg_failure;
2101 2101
2102 nlh->nlmsg_len = skb->tail - b; 2102 nlh->nlmsg_len = skb->tail - b;
@@ -2117,7 +2117,6 @@ static int xfrm_notify_policy_flush(struct km_event *c)
2117 unsigned char *b; 2117 unsigned char *b;
2118 int len = 0; 2118 int len = 0;
2119#ifdef CONFIG_XFRM_SUB_POLICY 2119#ifdef CONFIG_XFRM_SUB_POLICY
2120 struct xfrm_userpolicy_type upt;
2121 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type)); 2120 len += RTA_SPACE(sizeof(struct xfrm_userpolicy_type));
2122#endif 2121#endif
2123 len += NLMSG_LENGTH(0); 2122 len += NLMSG_LENGTH(0);
@@ -2130,12 +2129,8 @@ static int xfrm_notify_policy_flush(struct km_event *c)
2130 2129
2131 nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0); 2130 nlh = NLMSG_PUT(skb, c->pid, c->seq, XFRM_MSG_FLUSHPOLICY, 0);
2132 nlh->nlmsg_flags = 0; 2131 nlh->nlmsg_flags = 0;
2133 2132 if (copy_to_user_policy_type(c->data.type, skb) < 0)
2134#ifdef CONFIG_XFRM_SUB_POLICY 2133 goto nlmsg_failure;
2135 memset(&upt, 0, sizeof(upt));
2136 upt.type = c->data.type;
2137 RTA_PUT(skb, XFRMA_POLICY_TYPE, sizeof(upt), &upt);
2138#endif
2139 2134
2140 nlh->nlmsg_len = skb->tail - b; 2135 nlh->nlmsg_len = skb->tail - b;
2141 2136
@@ -2143,9 +2138,6 @@ static int xfrm_notify_policy_flush(struct km_event *c)
2143 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC); 2138 return netlink_broadcast(xfrm_nl, skb, 0, XFRMNLGRP_POLICY, GFP_ATOMIC);
2144 2139
2145nlmsg_failure: 2140nlmsg_failure:
2146#ifdef CONFIG_XFRM_SUB_POLICY
2147rtattr_failure:
2148#endif
2149 kfree_skb(skb); 2141 kfree_skb(skb);
2150 return -1; 2142 return -1;
2151} 2143}