1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#include <linux/crypto.h>
19#include <linux/err.h>
20#include <linux/list.h>
21#include <linux/module.h>
22#include <linux/mutex.h>
23#include <linux/percpu.h>
24#include <linux/slab.h>
25#include <linux/smp.h>
26#include <linux/vmalloc.h>
27#include <net/ip.h>
28#include <net/ipcomp.h>
29#include <net/xfrm.h>
30
31struct ipcomp_tfms {
32 struct list_head list;
33 struct crypto_comp * __percpu *tfms;
34 int users;
35};
36
37static DEFINE_MUTEX(ipcomp_resource_mutex);
38static void * __percpu *ipcomp_scratches;
39static int ipcomp_scratch_users;
40static LIST_HEAD(ipcomp_tfms_list);
41
42static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb)
43{
44 struct ipcomp_data *ipcd = x->data;
45 const int plen = skb->len;
46 int dlen = IPCOMP_SCRATCH_SIZE;
47 const u8 *start = skb->data;
48 const int cpu = get_cpu();
49 u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
50 struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
51 int err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);
52 int len;
53
54 if (err)
55 goto out;
56
57 if (dlen < (plen + sizeof(struct ip_comp_hdr))) {
58 err = -EINVAL;
59 goto out;
60 }
61
62 len = dlen - plen;
63 if (len > skb_tailroom(skb))
64 len = skb_tailroom(skb);
65
66 __skb_put(skb, len);
67
68 len += plen;
69 skb_copy_to_linear_data(skb, scratch, len);
70
71 while ((scratch += len, dlen -= len) > 0) {
72 skb_frag_t *frag;
73 struct page *page;
74
75 err = -EMSGSIZE;
76 if (WARN_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS))
77 goto out;
78
79 frag = skb_shinfo(skb)->frags + skb_shinfo(skb)->nr_frags;
80 page = alloc_page(GFP_ATOMIC);
81
82 err = -ENOMEM;
83 if (!page)
84 goto out;
85
86 __skb_frag_set_page(frag, page);
87
88 len = PAGE_SIZE;
89 if (dlen < len)
90 len = dlen;
91
92 frag->page_offset = 0;
93 skb_frag_size_set(frag, len);
94 memcpy(skb_frag_address(frag), scratch, len);
95
96 skb->truesize += len;
97 skb->data_len += len;
98 skb->len += len;
99
100 skb_shinfo(skb)->nr_frags++;
101 }
102
103 err = 0;
104
105out:
106 put_cpu();
107 return err;
108}
109
110int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
111{
112 int nexthdr;
113 int err = -ENOMEM;
114 struct ip_comp_hdr *ipch;
115
116 if (skb_linearize_cow(skb))
117 goto out;
118
119 skb->ip_summed = CHECKSUM_NONE;
120
121
122 ipch = (void *)skb->data;
123 nexthdr = ipch->nexthdr;
124
125 skb->transport_header = skb->network_header + sizeof(*ipch);
126 __skb_pull(skb, sizeof(*ipch));
127 err = ipcomp_decompress(x, skb);
128 if (err)
129 goto out;
130
131 err = nexthdr;
132
133out:
134 return err;
135}
136EXPORT_SYMBOL_GPL(ipcomp_input);
137
138static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
139{
140 struct ipcomp_data *ipcd = x->data;
141 const int plen = skb->len;
142 int dlen = IPCOMP_SCRATCH_SIZE;
143 u8 *start = skb->data;
144 const int cpu = get_cpu();
145 u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
146 struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
147 int err;
148
149 local_bh_disable();
150 err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
151 local_bh_enable();
152 if (err)
153 goto out;
154
155 if ((dlen + sizeof(struct ip_comp_hdr)) >= plen) {
156 err = -EMSGSIZE;
157 goto out;
158 }
159
160 memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
161 put_cpu();
162
163 pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr));
164 return 0;
165
166out:
167 put_cpu();
168 return err;
169}
170
171int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
172{
173 int err;
174 struct ip_comp_hdr *ipch;
175 struct ipcomp_data *ipcd = x->data;
176
177 if (skb->len < ipcd->threshold) {
178
179 goto out_ok;
180 }
181
182 if (skb_linearize_cow(skb))
183 goto out_ok;
184
185 err = ipcomp_compress(x, skb);
186
187 if (err) {
188 goto out_ok;
189 }
190
191
192 ipch = ip_comp_hdr(skb);
193 ipch->nexthdr = *skb_mac_header(skb);
194 ipch->flags = 0;
195 ipch->cpi = htons((u16 )ntohl(x->id.spi));
196 *skb_mac_header(skb) = IPPROTO_COMP;
197out_ok:
198 skb_push(skb, -skb_network_offset(skb));
199 return 0;
200}
201EXPORT_SYMBOL_GPL(ipcomp_output);
202
203static void ipcomp_free_scratches(void)
204{
205 int i;
206 void * __percpu *scratches;
207
208 if (--ipcomp_scratch_users)
209 return;
210
211 scratches = ipcomp_scratches;
212 if (!scratches)
213 return;
214
215 for_each_possible_cpu(i)
216 vfree(*per_cpu_ptr(scratches, i));
217
218 free_percpu(scratches);
219}
220
221static void * __percpu *ipcomp_alloc_scratches(void)
222{
223 int i;
224 void * __percpu *scratches;
225
226 if (ipcomp_scratch_users++)
227 return ipcomp_scratches;
228
229 scratches = alloc_percpu(void *);
230 if (!scratches)
231 return NULL;
232
233 ipcomp_scratches = scratches;
234
235 for_each_possible_cpu(i) {
236 void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE);
237 if (!scratch)
238 return NULL;
239 *per_cpu_ptr(scratches, i) = scratch;
240 }
241
242 return scratches;
243}
244
245static void ipcomp_free_tfms(struct crypto_comp * __percpu *tfms)
246{
247 struct ipcomp_tfms *pos;
248 int cpu;
249
250 list_for_each_entry(pos, &ipcomp_tfms_list, list) {
251 if (pos->tfms == tfms)
252 break;
253 }
254
255 WARN_ON(!pos);
256
257 if (--pos->users)
258 return;
259
260 list_del(&pos->list);
261 kfree(pos);
262
263 if (!tfms)
264 return;
265
266 for_each_possible_cpu(cpu) {
267 struct crypto_comp *tfm = *per_cpu_ptr(tfms, cpu);
268 crypto_free_comp(tfm);
269 }
270 free_percpu(tfms);
271}
272
273static struct crypto_comp * __percpu *ipcomp_alloc_tfms(const char *alg_name)
274{
275 struct ipcomp_tfms *pos;
276 struct crypto_comp * __percpu *tfms;
277 int cpu;
278
279
280 list_for_each_entry(pos, &ipcomp_tfms_list, list) {
281 struct crypto_comp *tfm;
282
283
284 tfm = __this_cpu_read(*pos->tfms);
285
286 if (!strcmp(crypto_comp_name(tfm), alg_name)) {
287 pos->users++;
288 return pos->tfms;
289 }
290 }
291
292 pos = kmalloc(sizeof(*pos), GFP_KERNEL);
293 if (!pos)
294 return NULL;
295
296 pos->users = 1;
297 INIT_LIST_HEAD(&pos->list);
298 list_add(&pos->list, &ipcomp_tfms_list);
299
300 pos->tfms = tfms = alloc_percpu(struct crypto_comp *);
301 if (!tfms)
302 goto error;
303
304 for_each_possible_cpu(cpu) {
305 struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
306 CRYPTO_ALG_ASYNC);
307 if (IS_ERR(tfm))
308 goto error;
309 *per_cpu_ptr(tfms, cpu) = tfm;
310 }
311
312 return tfms;
313
314error:
315 ipcomp_free_tfms(tfms);
316 return NULL;
317}
318
319static void ipcomp_free_data(struct ipcomp_data *ipcd)
320{
321 if (ipcd->tfms)
322 ipcomp_free_tfms(ipcd->tfms);
323 ipcomp_free_scratches();
324}
325
326void ipcomp_destroy(struct xfrm_state *x)
327{
328 struct ipcomp_data *ipcd = x->data;
329 if (!ipcd)
330 return;
331 xfrm_state_delete_tunnel(x);
332 mutex_lock(&ipcomp_resource_mutex);
333 ipcomp_free_data(ipcd);
334 mutex_unlock(&ipcomp_resource_mutex);
335 kfree(ipcd);
336}
337EXPORT_SYMBOL_GPL(ipcomp_destroy);
338
339int ipcomp_init_state(struct xfrm_state *x)
340{
341 int err;
342 struct ipcomp_data *ipcd;
343 struct xfrm_algo_desc *calg_desc;
344
345 err = -EINVAL;
346 if (!x->calg)
347 goto out;
348
349 if (x->encap)
350 goto out;
351
352 err = -ENOMEM;
353 ipcd = kzalloc(sizeof(*ipcd), GFP_KERNEL);
354 if (!ipcd)
355 goto out;
356
357 mutex_lock(&ipcomp_resource_mutex);
358 if (!ipcomp_alloc_scratches())
359 goto error;
360
361 ipcd->tfms = ipcomp_alloc_tfms(x->calg->alg_name);
362 if (!ipcd->tfms)
363 goto error;
364 mutex_unlock(&ipcomp_resource_mutex);
365
366 calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
367 BUG_ON(!calg_desc);
368 ipcd->threshold = calg_desc->uinfo.comp.threshold;
369 x->data = ipcd;
370 err = 0;
371out:
372 return err;
373
374error:
375 ipcomp_free_data(ipcd);
376 mutex_unlock(&ipcomp_resource_mutex);
377 kfree(ipcd);
378 goto out;
379}
380EXPORT_SYMBOL_GPL(ipcomp_init_state);
381
382MODULE_LICENSE("GPL");
383MODULE_DESCRIPTION("IP Payload Compression Protocol (IPComp) - RFC3173");
384MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");
385
