the-tree/crypto/af_alg.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /*
0003  * af_alg: User-space algorithm interface
0004  *
0005  * This file provides the user-space API for algorithms.
0006  *
0007  * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
0008  */
0009
0010 #include <linux/atomic.h>
0011 #include <crypto/if_alg.h>
0012 #include <linux/crypto.h>
0013 #include <linux/init.h>
0014 #include <linux/kernel.h>
0015 #include <linux/list.h>
0016 #include <linux/module.h>
0017 #include <linux/net.h>
0018 #include <linux/rwsem.h>
0019 #include <linux/sched.h>
0020 #include <linux/sched/signal.h>
0021 #include <linux/security.h>
0022
0023 struct alg_type_list {
0024     const struct af_alg_type *type;
0025     struct list_head list;
0026 };
0027
0028 static struct proto alg_proto = {
0029     .name           = "ALG",
0030     .owner          = THIS_MODULE,
0031     .obj_size       = sizeof(struct alg_sock),
0032 };
0033
0034 static LIST_HEAD(alg_types);
0035 static DECLARE_RWSEM(alg_types_sem);
0036
0037 static const struct af_alg_type *alg_get_type(const char *name)
0038 {
0039     const struct af_alg_type *type = ERR_PTR(-ENOENT);
0040     struct alg_type_list *node;
0041
0042     down_read(&alg_types_sem);
0043     list_for_each_entry(node, &alg_types, list) {
0044         if (strcmp(node->type->name, name))
0045             continue;
0046
0047         if (try_module_get(node->type->owner))
0048             type = node->type;
0049         break;
0050     }
0051     up_read(&alg_types_sem);
0052
0053     return type;
0054 }
0055
0056 int af_alg_register_type(const struct af_alg_type *type)
0057 {
0058     struct alg_type_list *node;
0059     int err = -EEXIST;
0060
0061     down_write(&alg_types_sem);
0062     list_for_each_entry(node, &alg_types, list) {
0063         if (!strcmp(node->type->name, type->name))
0064             goto unlock;
0065     }
0066
0067     node = kmalloc(sizeof(*node), GFP_KERNEL);
0068     err = -ENOMEM;
0069     if (!node)
0070         goto unlock;
0071
0072     type->ops->owner = THIS_MODULE;
0073     if (type->ops_nokey)
0074         type->ops_nokey->owner = THIS_MODULE;
0075     node->type = type;
0076     list_add(&node->list, &alg_types);
0077     err = 0;
0078
0079 unlock:
0080     up_write(&alg_types_sem);
0081
0082     return err;
0083 }
0084 EXPORT_SYMBOL_GPL(af_alg_register_type);
0085
0086 int af_alg_unregister_type(const struct af_alg_type *type)
0087 {
0088     struct alg_type_list *node;
0089     int err = -ENOENT;
0090
0091     down_write(&alg_types_sem);
0092     list_for_each_entry(node, &alg_types, list) {
0093         if (strcmp(node->type->name, type->name))
0094             continue;
0095
0096         list_del(&node->list);
0097         kfree(node);
0098         err = 0;
0099         break;
0100     }
0101     up_write(&alg_types_sem);
0102
0103     return err;
0104 }
0105 EXPORT_SYMBOL_GPL(af_alg_unregister_type);
0106
0107 static void alg_do_release(const struct af_alg_type *type, void *private)
0108 {
0109     if (!type)
0110         return;
0111
0112     type->release(private);
0113     module_put(type->owner);
0114 }
0115
0116 int af_alg_release(struct socket *sock)
0117 {
0118     if (sock->sk) {
0119         sock_put(sock->sk);
0120         sock->sk = NULL;
0121     }
0122     return 0;
0123 }
0124 EXPORT_SYMBOL_GPL(af_alg_release);
0125
0126 void af_alg_release_parent(struct sock *sk)
0127 {
0128     struct alg_sock *ask = alg_sk(sk);
0129     unsigned int nokey = atomic_read(&ask->nokey_refcnt);
0130
0131     sk = ask->parent;
0132     ask = alg_sk(sk);
0133
0134     if (nokey)
0135         atomic_dec(&ask->nokey_refcnt);
0136
0137     if (atomic_dec_and_test(&ask->refcnt))
0138         sock_put(sk);
0139 }
0140 EXPORT_SYMBOL_GPL(af_alg_release_parent);
0141
0142 static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
0143 {
0144     const u32 allowed = CRYPTO_ALG_KERN_DRIVER_ONLY;
0145     struct sock *sk = sock->sk;
0146     struct alg_sock *ask = alg_sk(sk);
0147     struct sockaddr_alg_new *sa = (void *)uaddr;
0148     const struct af_alg_type *type;
0149     void *private;
0150     int err;
0151
0152     if (sock->state == SS_CONNECTED)
0153         return -EINVAL;
0154
0155     BUILD_BUG_ON(offsetof(struct sockaddr_alg_new, salg_name) !=
0156              offsetof(struct sockaddr_alg, salg_name));
0157     BUILD_BUG_ON(offsetof(struct sockaddr_alg, salg_name) != sizeof(*sa));
0158
0159     if (addr_len < sizeof(*sa) + 1)
0160         return -EINVAL;
0161
0162     /* If caller uses non-allowed flag, return error. */
0163     if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed))
0164         return -EINVAL;
0165
0166     sa->salg_type[sizeof(sa->salg_type) - 1] = 0;
0167     sa->salg_name[addr_len - sizeof(*sa) - 1] = 0;
0168
0169     type = alg_get_type(sa->salg_type);
0170     if (PTR_ERR(type) == -ENOENT) {
0171         request_module("algif-%s", sa->salg_type);
0172         type = alg_get_type(sa->salg_type);
0173     }
0174
0175     if (IS_ERR(type))
0176         return PTR_ERR(type);
0177
0178     private = type->bind(sa->salg_name, sa->salg_feat, sa->salg_mask);
0179     if (IS_ERR(private)) {
0180         module_put(type->owner);
0181         return PTR_ERR(private);
0182     }
0183
0184     err = -EBUSY;
0185     lock_sock(sk);
0186     if (atomic_read(&ask->refcnt))
0187         goto unlock;
0188
0189     swap(ask->type, type);
0190     swap(ask->private, private);
0191
0192     err = 0;
0193
0194 unlock:
0195     release_sock(sk);
0196
0197     alg_do_release(type, private);
0198
0199     return err;
0200 }
0201
0202 static int alg_setkey(struct sock *sk, sockptr_t ukey, unsigned int keylen)
0203 {
0204     struct alg_sock *ask = alg_sk(sk);
0205     const struct af_alg_type *type = ask->type;
0206     u8 *key;
0207     int err;
0208
0209     key = sock_kmalloc(sk, keylen, GFP_KERNEL);
0210     if (!key)
0211         return -ENOMEM;
0212
0213     err = -EFAULT;
0214     if (copy_from_sockptr(key, ukey, keylen))
0215         goto out;
0216
0217     err = type->setkey(ask->private, key, keylen);
0218
0219 out:
0220     sock_kzfree_s(sk, key, keylen);
0221
0222     return err;
0223 }
0224
0225 static int alg_setsockopt(struct socket *sock, int level, int optname,
0226               sockptr_t optval, unsigned int optlen)
0227 {
0228     struct sock *sk = sock->sk;
0229     struct alg_sock *ask = alg_sk(sk);
0230     const struct af_alg_type *type;
0231     int err = -EBUSY;
0232
0233     lock_sock(sk);
0234     if (atomic_read(&ask->refcnt) != atomic_read(&ask->nokey_refcnt))
0235         goto unlock;
0236
0237     type = ask->type;
0238
0239     err = -ENOPROTOOPT;
0240     if (level != SOL_ALG || !type)
0241         goto unlock;
0242
0243     switch (optname) {
0244     case ALG_SET_KEY:
0245         if (sock->state == SS_CONNECTED)
0246             goto unlock;
0247         if (!type->setkey)
0248             goto unlock;
0249
0250         err = alg_setkey(sk, optval, optlen);
0251         break;
0252     case ALG_SET_AEAD_AUTHSIZE:
0253         if (sock->state == SS_CONNECTED)
0254             goto unlock;
0255         if (!type->setauthsize)
0256             goto unlock;
0257         err = type->setauthsize(ask->private, optlen);
0258         break;
0259     case ALG_SET_DRBG_ENTROPY:
0260         if (sock->state == SS_CONNECTED)
0261             goto unlock;
0262         if (!type->setentropy)
0263             goto unlock;
0264
0265         err = type->setentropy(ask->private, optval, optlen);
0266     }
0267
0268 unlock:
0269     release_sock(sk);
0270
0271     return err;
0272 }
0273
0274 int af_alg_accept(struct sock *sk, struct socket *newsock, bool kern)
0275 {
0276     struct alg_sock *ask = alg_sk(sk);
0277     const struct af_alg_type *type;
0278     struct sock *sk2;
0279     unsigned int nokey;
0280     int err;
0281
0282     lock_sock(sk);
0283     type = ask->type;
0284
0285     err = -EINVAL;
0286     if (!type)
0287         goto unlock;
0288
0289     sk2 = sk_alloc(sock_net(sk), PF_ALG, GFP_KERNEL, &alg_proto, kern);
0290     err = -ENOMEM;
0291     if (!sk2)
0292         goto unlock;
0293
0294     sock_init_data(newsock, sk2);
0295     security_sock_graft(sk2, newsock);
0296     security_sk_clone(sk, sk2);
0297
0298     /*
0299      * newsock->ops assigned here to allow type->accept call to override
0300      * them when required.
0301      */
0302     newsock->ops = type->ops;
0303     err = type->accept(ask->private, sk2);
0304
0305     nokey = err == -ENOKEY;
0306     if (nokey && type->accept_nokey)
0307         err = type->accept_nokey(ask->private, sk2);
0308
0309     if (err)
0310         goto unlock;
0311
0312     if (atomic_inc_return_relaxed(&ask->refcnt) == 1)
0313         sock_hold(sk);
0314     if (nokey) {
0315         atomic_inc(&ask->nokey_refcnt);
0316         atomic_set(&alg_sk(sk2)->nokey_refcnt, 1);
0317     }
0318     alg_sk(sk2)->parent = sk;
0319     alg_sk(sk2)->type = type;
0320
0321     newsock->state = SS_CONNECTED;
0322
0323     if (nokey)
0324         newsock->ops = type->ops_nokey;
0325
0326     err = 0;
0327
0328 unlock:
0329     release_sock(sk);
0330
0331     return err;
0332 }
0333 EXPORT_SYMBOL_GPL(af_alg_accept);
0334
0335 static int alg_accept(struct socket *sock, struct socket *newsock, int flags,
0336               bool kern)
0337 {
0338     return af_alg_accept(sock->sk, newsock, kern);
0339 }
0340
0341 static const struct proto_ops alg_proto_ops = {
0342     .family     =   PF_ALG,
0343     .owner      =   THIS_MODULE,
0344
0345     .connect    =   sock_no_connect,
0346     .socketpair =   sock_no_socketpair,
0347     .getname    =   sock_no_getname,
0348     .ioctl      =   sock_no_ioctl,
0349     .listen     =   sock_no_listen,
0350     .shutdown   =   sock_no_shutdown,
0351     .mmap       =   sock_no_mmap,
0352     .sendpage   =   sock_no_sendpage,
0353     .sendmsg    =   sock_no_sendmsg,
0354     .recvmsg    =   sock_no_recvmsg,
0355
0356     .bind       =   alg_bind,
0357     .release    =   af_alg_release,
0358     .setsockopt =   alg_setsockopt,
0359     .accept     =   alg_accept,
0360 };
0361
0362 static void alg_sock_destruct(struct sock *sk)
0363 {
0364     struct alg_sock *ask = alg_sk(sk);
0365
0366     alg_do_release(ask->type, ask->private);
0367 }
0368
0369 static int alg_create(struct net *net, struct socket *sock, int protocol,
0370               int kern)
0371 {
0372     struct sock *sk;
0373     int err;
0374
0375     if (sock->type != SOCK_SEQPACKET)
0376         return -ESOCKTNOSUPPORT;
0377     if (protocol != 0)
0378         return -EPROTONOSUPPORT;
0379
0380     err = -ENOMEM;
0381     sk = sk_alloc(net, PF_ALG, GFP_KERNEL, &alg_proto, kern);
0382     if (!sk)
0383         goto out;
0384
0385     sock->ops = &alg_proto_ops;
0386     sock_init_data(sock, sk);
0387
0388     sk->sk_destruct = alg_sock_destruct;
0389
0390     return 0;
0391 out:
0392     return err;
0393 }
0394
0395 static const struct net_proto_family alg_family = {
0396     .family =   PF_ALG,
0397     .create =   alg_create,
0398     .owner  =   THIS_MODULE,
0399 };
0400
0401 int af_alg_make_sg(struct af_alg_sgl *sgl, struct iov_iter *iter, int len)
0402 {
0403     size_t off;
0404     ssize_t n;
0405     int npages, i;
0406
0407     n = iov_iter_get_pages2(iter, sgl->pages, len, ALG_MAX_PAGES, &off);
0408     if (n < 0)
0409         return n;
0410
0411     npages = DIV_ROUND_UP(off + n, PAGE_SIZE);
0412     if (WARN_ON(npages == 0))
0413         return -EINVAL;
0414     /* Add one extra for linking */
0415     sg_init_table(sgl->sg, npages + 1);
0416
0417     for (i = 0, len = n; i < npages; i++) {
0418         int plen = min_t(int, len, PAGE_SIZE - off);
0419
0420         sg_set_page(sgl->sg + i, sgl->pages[i], plen, off);
0421
0422         off = 0;
0423         len -= plen;
0424     }
0425     sg_mark_end(sgl->sg + npages - 1);
0426     sgl->npages = npages;
0427
0428     return n;
0429 }
0430 EXPORT_SYMBOL_GPL(af_alg_make_sg);
0431
0432 static void af_alg_link_sg(struct af_alg_sgl *sgl_prev,
0433                struct af_alg_sgl *sgl_new)
0434 {
0435     sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1);
0436     sg_chain(sgl_prev->sg, sgl_prev->npages + 1, sgl_new->sg);
0437 }
0438
0439 void af_alg_free_sg(struct af_alg_sgl *sgl)
0440 {
0441     int i;
0442
0443     for (i = 0; i < sgl->npages; i++)
0444         put_page(sgl->pages[i]);
0445 }
0446 EXPORT_SYMBOL_GPL(af_alg_free_sg);
0447
0448 static int af_alg_cmsg_send(struct msghdr *msg, struct af_alg_control *con)
0449 {
0450     struct cmsghdr *cmsg;
0451
0452     for_each_cmsghdr(cmsg, msg) {
0453         if (!CMSG_OK(msg, cmsg))
0454             return -EINVAL;
0455         if (cmsg->cmsg_level != SOL_ALG)
0456             continue;
0457
0458         switch (cmsg->cmsg_type) {
0459         case ALG_SET_IV:
0460             if (cmsg->cmsg_len < CMSG_LEN(sizeof(*con->iv)))
0461                 return -EINVAL;
0462             con->iv = (void *)CMSG_DATA(cmsg);
0463             if (cmsg->cmsg_len < CMSG_LEN(con->iv->ivlen +
0464                               sizeof(*con->iv)))
0465                 return -EINVAL;
0466             break;
0467
0468         case ALG_SET_OP:
0469             if (cmsg->cmsg_len < CMSG_LEN(sizeof(u32)))
0470                 return -EINVAL;
0471             con->op = *(u32 *)CMSG_DATA(cmsg);
0472             break;
0473
0474         case ALG_SET_AEAD_ASSOCLEN:
0475             if (cmsg->cmsg_len < CMSG_LEN(sizeof(u32)))
0476                 return -EINVAL;
0477             con->aead_assoclen = *(u32 *)CMSG_DATA(cmsg);
0478             break;
0479
0480         default:
0481             return -EINVAL;
0482         }
0483     }
0484
0485     return 0;
0486 }
0487
0488 /**
0489  * af_alg_alloc_tsgl - allocate the TX SGL
0490  *
0491  * @sk: socket of connection to user space
0492  * Return: 0 upon success, < 0 upon error
0493  */
0494 static int af_alg_alloc_tsgl(struct sock *sk)
0495 {
0496     struct alg_sock *ask = alg_sk(sk);
0497     struct af_alg_ctx *ctx = ask->private;
0498     struct af_alg_tsgl *sgl;
0499     struct scatterlist *sg = NULL;
0500
0501     sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl, list);
0502     if (!list_empty(&ctx->tsgl_list))
0503         sg = sgl->sg;
0504
0505     if (!sg || sgl->cur >= MAX_SGL_ENTS) {
0506         sgl = sock_kmalloc(sk,
0507                    struct_size(sgl, sg, (MAX_SGL_ENTS + 1)),
0508                    GFP_KERNEL);
0509         if (!sgl)
0510             return -ENOMEM;
0511
0512         sg_init_table(sgl->sg, MAX_SGL_ENTS + 1);
0513         sgl->cur = 0;
0514
0515         if (sg)
0516             sg_chain(sg, MAX_SGL_ENTS + 1, sgl->sg);
0517
0518         list_add_tail(&sgl->list, &ctx->tsgl_list);
0519     }
0520
0521     return 0;
0522 }
0523
0524 /**
0525  * af_alg_count_tsgl - Count number of TX SG entries
0526  *
0527  * The counting starts from the beginning of the SGL to @bytes. If
0528  * an @offset is provided, the counting of the SG entries starts at the @offset.
0529  *
0530  * @sk: socket of connection to user space
0531  * @bytes: Count the number of SG entries holding given number of bytes.
0532  * @offset: Start the counting of SG entries from the given offset.
0533  * Return: Number of TX SG entries found given the constraints
0534  */
0535 unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset)
0536 {
0537     const struct alg_sock *ask = alg_sk(sk);
0538     const struct af_alg_ctx *ctx = ask->private;
0539     const struct af_alg_tsgl *sgl;
0540     unsigned int i;
0541     unsigned int sgl_count = 0;
0542
0543     if (!bytes)
0544         return 0;
0545
0546     list_for_each_entry(sgl, &ctx->tsgl_list, list) {
0547         const struct scatterlist *sg = sgl->sg;
0548
0549         for (i = 0; i < sgl->cur; i++) {
0550             size_t bytes_count;
0551
0552             /* Skip offset */
0553             if (offset >= sg[i].length) {
0554                 offset -= sg[i].length;
0555                 bytes -= sg[i].length;
0556                 continue;
0557             }
0558
0559             bytes_count = sg[i].length - offset;
0560
0561             offset = 0;
0562             sgl_count++;
0563
0564             /* If we have seen requested number of bytes, stop */
0565             if (bytes_count >= bytes)
0566                 return sgl_count;
0567
0568             bytes -= bytes_count;
0569         }
0570     }
0571
0572     return sgl_count;
0573 }
0574 EXPORT_SYMBOL_GPL(af_alg_count_tsgl);
0575
0576 /**
0577  * af_alg_pull_tsgl - Release the specified buffers from TX SGL
0578  *
0579  * If @dst is non-null, reassign the pages to @dst. The caller must release
0580  * the pages. If @dst_offset is given only reassign the pages to @dst starting
0581  * at the @dst_offset (byte). The caller must ensure that @dst is large
0582  * enough (e.g. by using af_alg_count_tsgl with the same offset).
0583  *
0584  * @sk: socket of connection to user space
0585  * @used: Number of bytes to pull from TX SGL
0586  * @dst: If non-NULL, buffer is reassigned to dst SGL instead of releasing. The
0587  *   caller must release the buffers in dst.
0588  * @dst_offset: Reassign the TX SGL from given offset. All buffers before
0589  *          reaching the offset is released.
0590  */
0591 void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst,
0592               size_t dst_offset)
0593 {
0594     struct alg_sock *ask = alg_sk(sk);
0595     struct af_alg_ctx *ctx = ask->private;
0596     struct af_alg_tsgl *sgl;
0597     struct scatterlist *sg;
0598     unsigned int i, j = 0;
0599
0600     while (!list_empty(&ctx->tsgl_list)) {
0601         sgl = list_first_entry(&ctx->tsgl_list, struct af_alg_tsgl,
0602                        list);
0603         sg = sgl->sg;
0604
0605         for (i = 0; i < sgl->cur; i++) {
0606             size_t plen = min_t(size_t, used, sg[i].length);
0607             struct page *page = sg_page(sg + i);
0608
0609             if (!page)
0610                 continue;
0611
0612             /*
0613              * Assumption: caller created af_alg_count_tsgl(len)
0614              * SG entries in dst.
0615              */
0616             if (dst) {
0617                 if (dst_offset >= plen) {
0618                     /* discard page before offset */
0619                     dst_offset -= plen;
0620                 } else {
0621                     /* reassign page to dst after offset */
0622                     get_page(page);
0623                     sg_set_page(dst + j, page,
0624                             plen - dst_offset,
0625                             sg[i].offset + dst_offset);
0626                     dst_offset = 0;
0627                     j++;
0628                 }
0629             }
0630
0631             sg[i].length -= plen;
0632             sg[i].offset += plen;
0633
0634             used -= plen;
0635             ctx->used -= plen;
0636
0637             if (sg[i].length)
0638                 return;
0639
0640             put_page(page);
0641             sg_assign_page(sg + i, NULL);
0642         }
0643
0644         list_del(&sgl->list);
0645         sock_kfree_s(sk, sgl, struct_size(sgl, sg, MAX_SGL_ENTS + 1));
0646     }
0647
0648     if (!ctx->used)
0649         ctx->merge = 0;
0650     ctx->init = ctx->more;
0651 }
0652 EXPORT_SYMBOL_GPL(af_alg_pull_tsgl);
0653
0654 /**
0655  * af_alg_free_areq_sgls - Release TX and RX SGLs of the request
0656  *
0657  * @areq: Request holding the TX and RX SGL
0658  */
0659 static void af_alg_free_areq_sgls(struct af_alg_async_req *areq)
0660 {
0661     struct sock *sk = areq->sk;
0662     struct alg_sock *ask = alg_sk(sk);
0663     struct af_alg_ctx *ctx = ask->private;
0664     struct af_alg_rsgl *rsgl, *tmp;
0665     struct scatterlist *tsgl;
0666     struct scatterlist *sg;
0667     unsigned int i;
0668
0669     list_for_each_entry_safe(rsgl, tmp, &areq->rsgl_list, list) {
0670         atomic_sub(rsgl->sg_num_bytes, &ctx->rcvused);
0671         af_alg_free_sg(&rsgl->sgl);
0672         list_del(&rsgl->list);
0673         if (rsgl != &areq->first_rsgl)
0674             sock_kfree_s(sk, rsgl, sizeof(*rsgl));
0675     }
0676
0677     tsgl = areq->tsgl;
0678     if (tsgl) {
0679         for_each_sg(tsgl, sg, areq->tsgl_entries, i) {
0680             if (!sg_page(sg))
0681                 continue;
0682             put_page(sg_page(sg));
0683         }
0684
0685         sock_kfree_s(sk, tsgl, areq->tsgl_entries * sizeof(*tsgl));
0686     }
0687 }
0688
0689 /**
0690  * af_alg_wait_for_wmem - wait for availability of writable memory
0691  *
0692  * @sk: socket of connection to user space
0693  * @flags: If MSG_DONTWAIT is set, then only report if function would sleep
0694  * Return: 0 when writable memory is available, < 0 upon error
0695  */
0696 static int af_alg_wait_for_wmem(struct sock *sk, unsigned int flags)
0697 {
0698     DEFINE_WAIT_FUNC(wait, woken_wake_function);
0699     int err = -ERESTARTSYS;
0700     long timeout;
0701
0702     if (flags & MSG_DONTWAIT)
0703         return -EAGAIN;
0704
0705     sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
0706
0707     add_wait_queue(sk_sleep(sk), &wait);
0708     for (;;) {
0709         if (signal_pending(current))
0710             break;
0711         timeout = MAX_SCHEDULE_TIMEOUT;
0712         if (sk_wait_event(sk, &timeout, af_alg_writable(sk), &wait)) {
0713             err = 0;
0714             break;
0715         }
0716     }
0717     remove_wait_queue(sk_sleep(sk), &wait);
0718
0719     return err;
0720 }
0721
0722 /**
0723  * af_alg_wmem_wakeup - wakeup caller when writable memory is available
0724  *
0725  * @sk: socket of connection to user space
0726  */
0727 void af_alg_wmem_wakeup(struct sock *sk)
0728 {
0729     struct socket_wq *wq;
0730
0731     if (!af_alg_writable(sk))
0732         return;
0733
0734     rcu_read_lock();
0735     wq = rcu_dereference(sk->sk_wq);
0736     if (skwq_has_sleeper(wq))
0737         wake_up_interruptible_sync_poll(&wq->wait, EPOLLIN |
0738                                EPOLLRDNORM |
0739                                EPOLLRDBAND);
0740     sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
0741     rcu_read_unlock();
0742 }
0743 EXPORT_SYMBOL_GPL(af_alg_wmem_wakeup);
0744
0745 /**
0746  * af_alg_wait_for_data - wait for availability of TX data
0747  *
0748  * @sk: socket of connection to user space
0749  * @flags: If MSG_DONTWAIT is set, then only report if function would sleep
0750  * @min: Set to minimum request size if partial requests are allowed.
0751  * Return: 0 when writable memory is available, < 0 upon error
0752  */
0753 int af_alg_wait_for_data(struct sock *sk, unsigned flags, unsigned min)
0754 {
0755     DEFINE_WAIT_FUNC(wait, woken_wake_function);
0756     struct alg_sock *ask = alg_sk(sk);
0757     struct af_alg_ctx *ctx = ask->private;
0758     long timeout;
0759     int err = -ERESTARTSYS;
0760
0761     if (flags & MSG_DONTWAIT)
0762         return -EAGAIN;
0763
0764     sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
0765
0766     add_wait_queue(sk_sleep(sk), &wait);
0767     for (;;) {
0768         if (signal_pending(current))
0769             break;
0770         timeout = MAX_SCHEDULE_TIMEOUT;
0771         if (sk_wait_event(sk, &timeout,
0772                   ctx->init && (!ctx->more ||
0773                         (min && ctx->used >= min)),
0774                   &wait)) {
0775             err = 0;
0776             break;
0777         }
0778     }
0779     remove_wait_queue(sk_sleep(sk), &wait);
0780
0781     sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
0782
0783     return err;
0784 }
0785 EXPORT_SYMBOL_GPL(af_alg_wait_for_data);
0786
0787 /**
0788  * af_alg_data_wakeup - wakeup caller when new data can be sent to kernel
0789  *
0790  * @sk: socket of connection to user space
0791  */
0792 static void af_alg_data_wakeup(struct sock *sk)
0793 {
0794     struct alg_sock *ask = alg_sk(sk);
0795     struct af_alg_ctx *ctx = ask->private;
0796     struct socket_wq *wq;
0797
0798     if (!ctx->used)
0799         return;
0800
0801     rcu_read_lock();
0802     wq = rcu_dereference(sk->sk_wq);
0803     if (skwq_has_sleeper(wq))
0804         wake_up_interruptible_sync_poll(&wq->wait, EPOLLOUT |
0805                                EPOLLRDNORM |
0806                                EPOLLRDBAND);
0807     sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
0808     rcu_read_unlock();
0809 }
0810
0811 /**
0812  * af_alg_sendmsg - implementation of sendmsg system call handler
0813  *
0814  * The sendmsg system call handler obtains the user data and stores it
0815  * in ctx->tsgl_list. This implies allocation of the required numbers of
0816  * struct af_alg_tsgl.
0817  *
0818  * In addition, the ctx is filled with the information sent via CMSG.
0819  *
0820  * @sock: socket of connection to user space
0821  * @msg: message from user space
0822  * @size: size of message from user space
0823  * @ivsize: the size of the IV for the cipher operation to verify that the
0824  *     user-space-provided IV has the right size
0825  * Return: the number of copied data upon success, < 0 upon error
0826  */
0827 int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size,
0828            unsigned int ivsize)
0829 {
0830     struct sock *sk = sock->sk;
0831     struct alg_sock *ask = alg_sk(sk);
0832     struct af_alg_ctx *ctx = ask->private;
0833     struct af_alg_tsgl *sgl;
0834     struct af_alg_control con = {};
0835     long copied = 0;
0836     bool enc = false;
0837     bool init = false;
0838     int err = 0;
0839
0840     if (msg->msg_controllen) {
0841         err = af_alg_cmsg_send(msg, &con);
0842         if (err)
0843             return err;
0844
0845         init = true;
0846         switch (con.op) {
0847         case ALG_OP_ENCRYPT:
0848             enc = true;
0849             break;
0850         case ALG_OP_DECRYPT:
0851             enc = false;
0852             break;
0853         default:
0854             return -EINVAL;
0855         }
0856
0857         if (con.iv && con.iv->ivlen != ivsize)
0858             return -EINVAL;
0859     }
0860
0861     lock_sock(sk);
0862     if (ctx->init && !ctx->more) {
0863         if (ctx->used) {
0864             err = -EINVAL;
0865             goto unlock;
0866         }
0867
0868         pr_info_once(
0869             "%s sent an empty control message without MSG_MORE.\n",
0870             current->comm);
0871     }
0872     ctx->init = true;
0873
0874     if (init) {
0875         ctx->enc = enc;
0876         if (con.iv)
0877             memcpy(ctx->iv, con.iv->iv, ivsize);
0878
0879         ctx->aead_assoclen = con.aead_assoclen;
0880     }
0881
0882     while (size) {
0883         struct scatterlist *sg;
0884         size_t len = size;
0885         size_t plen;
0886
0887         /* use the existing memory in an allocated page */
0888         if (ctx->merge) {
0889             sgl = list_entry(ctx->tsgl_list.prev,
0890                      struct af_alg_tsgl, list);
0891             sg = sgl->sg + sgl->cur - 1;
0892             len = min_t(size_t, len,
0893                     PAGE_SIZE - sg->offset - sg->length);
0894
0895             err = memcpy_from_msg(page_address(sg_page(sg)) +
0896                           sg->offset + sg->length,
0897                           msg, len);
0898             if (err)
0899                 goto unlock;
0900
0901             sg->length += len;
0902             ctx->merge = (sg->offset + sg->length) &
0903                      (PAGE_SIZE - 1);
0904
0905             ctx->used += len;
0906             copied += len;
0907             size -= len;
0908             continue;
0909         }
0910
0911         if (!af_alg_writable(sk)) {
0912             err = af_alg_wait_for_wmem(sk, msg->msg_flags);
0913             if (err)
0914                 goto unlock;
0915         }
0916
0917         /* allocate a new page */
0918         len = min_t(unsigned long, len, af_alg_sndbuf(sk));
0919
0920         err = af_alg_alloc_tsgl(sk);
0921         if (err)
0922             goto unlock;
0923
0924         sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl,
0925                  list);
0926         sg = sgl->sg;
0927         if (sgl->cur)
0928             sg_unmark_end(sg + sgl->cur - 1);
0929
0930         do {
0931             struct page *pg;
0932             unsigned int i = sgl->cur;
0933
0934             plen = min_t(size_t, len, PAGE_SIZE);
0935
0936             pg = alloc_page(GFP_KERNEL);
0937             if (!pg) {
0938                 err = -ENOMEM;
0939                 goto unlock;
0940             }
0941
0942             sg_assign_page(sg + i, pg);
0943
0944             err = memcpy_from_msg(page_address(sg_page(sg + i)),
0945                           msg, plen);
0946             if (err) {
0947                 __free_page(sg_page(sg + i));
0948                 sg_assign_page(sg + i, NULL);
0949                 goto unlock;
0950             }
0951
0952             sg[i].length = plen;
0953             len -= plen;
0954             ctx->used += plen;
0955             copied += plen;
0956             size -= plen;
0957             sgl->cur++;
0958         } while (len && sgl->cur < MAX_SGL_ENTS);
0959
0960         if (!size)
0961             sg_mark_end(sg + sgl->cur - 1);
0962
0963         ctx->merge = plen & (PAGE_SIZE - 1);
0964     }
0965
0966     err = 0;
0967
0968     ctx->more = msg->msg_flags & MSG_MORE;
0969
0970 unlock:
0971     af_alg_data_wakeup(sk);
0972     release_sock(sk);
0973
0974     return copied ?: err;
0975 }
0976 EXPORT_SYMBOL_GPL(af_alg_sendmsg);
0977
0978 /**
0979  * af_alg_sendpage - sendpage system call handler
0980  * @sock: socket of connection to user space to write to
0981  * @page: data to send
0982  * @offset: offset into page to begin sending
0983  * @size: length of data
0984  * @flags: message send/receive flags
0985  *
0986  * This is a generic implementation of sendpage to fill ctx->tsgl_list.
0987  */
0988 ssize_t af_alg_sendpage(struct socket *sock, struct page *page,
0989             int offset, size_t size, int flags)
0990 {
0991     struct sock *sk = sock->sk;
0992     struct alg_sock *ask = alg_sk(sk);
0993     struct af_alg_ctx *ctx = ask->private;
0994     struct af_alg_tsgl *sgl;
0995     int err = -EINVAL;
0996
0997     if (flags & MSG_SENDPAGE_NOTLAST)
0998         flags |= MSG_MORE;
0999
1000     lock_sock(sk);
1001     if (!ctx->more && ctx->used)
1002         goto unlock;
1003
1004     if (!size)
1005         goto done;
1006
1007     if (!af_alg_writable(sk)) {
1008         err = af_alg_wait_for_wmem(sk, flags);
1009         if (err)
1010             goto unlock;
1011     }
1012
1013     err = af_alg_alloc_tsgl(sk);
1014     if (err)
1015         goto unlock;
1016
1017     ctx->merge = 0;
1018     sgl = list_entry(ctx->tsgl_list.prev, struct af_alg_tsgl, list);
1019
1020     if (sgl->cur)
1021         sg_unmark_end(sgl->sg + sgl->cur - 1);
1022
1023     sg_mark_end(sgl->sg + sgl->cur);
1024
1025     get_page(page);
1026     sg_set_page(sgl->sg + sgl->cur, page, size, offset);
1027     sgl->cur++;
1028     ctx->used += size;
1029
1030 done:
1031     ctx->more = flags & MSG_MORE;
1032
1033 unlock:
1034     af_alg_data_wakeup(sk);
1035     release_sock(sk);
1036
1037     return err ?: size;
1038 }
1039 EXPORT_SYMBOL_GPL(af_alg_sendpage);
1040
1041 /**
1042  * af_alg_free_resources - release resources required for crypto request
1043  * @areq: Request holding the TX and RX SGL
1044  */
1045 void af_alg_free_resources(struct af_alg_async_req *areq)
1046 {
1047     struct sock *sk = areq->sk;
1048
1049     af_alg_free_areq_sgls(areq);
1050     sock_kfree_s(sk, areq, areq->areqlen);
1051 }
1052 EXPORT_SYMBOL_GPL(af_alg_free_resources);
1053
1054 /**
1055  * af_alg_async_cb - AIO callback handler
1056  * @_req: async request info
1057  * @err: if non-zero, error result to be returned via ki_complete();
1058  *       otherwise return the AIO output length via ki_complete().
1059  *
1060  * This handler cleans up the struct af_alg_async_req upon completion of the
1061  * AIO operation.
1062  *
1063  * The number of bytes to be generated with the AIO operation must be set
1064  * in areq->outlen before the AIO callback handler is invoked.
1065  */
1066 void af_alg_async_cb(struct crypto_async_request *_req, int err)
1067 {
1068     struct af_alg_async_req *areq = _req->data;
1069     struct sock *sk = areq->sk;
1070     struct kiocb *iocb = areq->iocb;
1071     unsigned int resultlen;
1072
1073     /* Buffer size written by crypto operation. */
1074     resultlen = areq->outlen;
1075
1076     af_alg_free_resources(areq);
1077     sock_put(sk);
1078
1079     iocb->ki_complete(iocb, err ? err : (int)resultlen);
1080 }
1081 EXPORT_SYMBOL_GPL(af_alg_async_cb);
1082
1083 /**
1084  * af_alg_poll - poll system call handler
1085  * @file: file pointer
1086  * @sock: socket to poll
1087  * @wait: poll_table
1088  */
1089 __poll_t af_alg_poll(struct file *file, struct socket *sock,
1090              poll_table *wait)
1091 {
1092     struct sock *sk = sock->sk;
1093     struct alg_sock *ask = alg_sk(sk);
1094     struct af_alg_ctx *ctx = ask->private;
1095     __poll_t mask;
1096
1097     sock_poll_wait(file, sock, wait);
1098     mask = 0;
1099
1100     if (!ctx->more || ctx->used)
1101         mask |= EPOLLIN | EPOLLRDNORM;
1102
1103     if (af_alg_writable(sk))
1104         mask |= EPOLLOUT | EPOLLWRNORM | EPOLLWRBAND;
1105
1106     return mask;
1107 }
1108 EXPORT_SYMBOL_GPL(af_alg_poll);
1109
1110 /**
1111  * af_alg_alloc_areq - allocate struct af_alg_async_req
1112  *
1113  * @sk: socket of connection to user space
1114  * @areqlen: size of struct af_alg_async_req + crypto_*_reqsize
1115  * Return: allocated data structure or ERR_PTR upon error
1116  */
1117 struct af_alg_async_req *af_alg_alloc_areq(struct sock *sk,
1118                        unsigned int areqlen)
1119 {
1120     struct af_alg_async_req *areq = sock_kmalloc(sk, areqlen, GFP_KERNEL);
1121
1122     if (unlikely(!areq))
1123         return ERR_PTR(-ENOMEM);
1124
1125     areq->areqlen = areqlen;
1126     areq->sk = sk;
1127     areq->last_rsgl = NULL;
1128     INIT_LIST_HEAD(&areq->rsgl_list);
1129     areq->tsgl = NULL;
1130     areq->tsgl_entries = 0;
1131
1132     return areq;
1133 }
1134 EXPORT_SYMBOL_GPL(af_alg_alloc_areq);
1135
1136 /**
1137  * af_alg_get_rsgl - create the RX SGL for the output data from the crypto
1138  *           operation
1139  *
1140  * @sk: socket of connection to user space
1141  * @msg: user space message
1142  * @flags: flags used to invoke recvmsg with
1143  * @areq: instance of the cryptographic request that will hold the RX SGL
1144  * @maxsize: maximum number of bytes to be pulled from user space
1145  * @outlen: number of bytes in the RX SGL
1146  * Return: 0 on success, < 0 upon error
1147  */
1148 int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags,
1149             struct af_alg_async_req *areq, size_t maxsize,
1150             size_t *outlen)
1151 {
1152     struct alg_sock *ask = alg_sk(sk);
1153     struct af_alg_ctx *ctx = ask->private;
1154     size_t len = 0;
1155
1156     while (maxsize > len && msg_data_left(msg)) {
1157         struct af_alg_rsgl *rsgl;
1158         size_t seglen;
1159         int err;
1160
1161         /* limit the amount of readable buffers */
1162         if (!af_alg_readable(sk))
1163             break;
1164
1165         seglen = min_t(size_t, (maxsize - len),
1166                    msg_data_left(msg));
1167
1168         if (list_empty(&areq->rsgl_list)) {
1169             rsgl = &areq->first_rsgl;
1170         } else {
1171             rsgl = sock_kmalloc(sk, sizeof(*rsgl), GFP_KERNEL);
1172             if (unlikely(!rsgl))
1173                 return -ENOMEM;
1174         }
1175
1176         rsgl->sgl.npages = 0;
1177         list_add_tail(&rsgl->list, &areq->rsgl_list);
1178
1179         /* make one iovec available as scatterlist */
1180         err = af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, seglen);
1181         if (err < 0) {
1182             rsgl->sg_num_bytes = 0;
1183             return err;
1184         }
1185
1186         /* chain the new scatterlist with previous one */
1187         if (areq->last_rsgl)
1188             af_alg_link_sg(&areq->last_rsgl->sgl, &rsgl->sgl);
1189
1190         areq->last_rsgl = rsgl;
1191         len += err;
1192         atomic_add(err, &ctx->rcvused);
1193         rsgl->sg_num_bytes = err;
1194     }
1195
1196     *outlen = len;
1197     return 0;
1198 }
1199 EXPORT_SYMBOL_GPL(af_alg_get_rsgl);
1200
1201 static int __init af_alg_init(void)
1202 {
1203     int err = proto_register(&alg_proto, 0);
1204
1205     if (err)
1206         goto out;
1207
1208     err = sock_register(&alg_family);
1209     if (err != 0)
1210         goto out_unregister_proto;
1211
1212 out:
1213     return err;
1214
1215 out_unregister_proto:
1216     proto_unregister(&alg_proto);
1217     goto out;
1218 }
1219
1220 static void __exit af_alg_exit(void)
1221 {
1222     sock_unregister(PF_ALG);
1223     proto_unregister(&alg_proto);
1224 }
1225
1226 module_init(af_alg_init);
1227 module_exit(af_alg_exit);
1228 MODULE_LICENSE("GPL");
1229 MODULE_ALIAS_NETPROTO(AF_ALG);