1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-or-later
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * IP Payload Compression Protocol (IPComp) - RFC3173.
4*4882a593Smuzhiyun *
5*4882a593Smuzhiyun * Copyright (c) 2003 James Morris <jmorris@intercode.com.au>
6*4882a593Smuzhiyun * Copyright (c) 2003-2008 Herbert Xu <herbert@gondor.apana.org.au>
7*4882a593Smuzhiyun *
8*4882a593Smuzhiyun * Todo:
9*4882a593Smuzhiyun * - Tunable compression parameters.
10*4882a593Smuzhiyun * - Compression stats.
11*4882a593Smuzhiyun * - Adaptive compression.
12*4882a593Smuzhiyun */
13*4882a593Smuzhiyun
14*4882a593Smuzhiyun #include <linux/crypto.h>
15*4882a593Smuzhiyun #include <linux/err.h>
16*4882a593Smuzhiyun #include <linux/list.h>
17*4882a593Smuzhiyun #include <linux/module.h>
18*4882a593Smuzhiyun #include <linux/mutex.h>
19*4882a593Smuzhiyun #include <linux/percpu.h>
20*4882a593Smuzhiyun #include <linux/slab.h>
21*4882a593Smuzhiyun #include <linux/smp.h>
22*4882a593Smuzhiyun #include <linux/vmalloc.h>
23*4882a593Smuzhiyun #include <net/ip.h>
24*4882a593Smuzhiyun #include <net/ipcomp.h>
25*4882a593Smuzhiyun #include <net/xfrm.h>
26*4882a593Smuzhiyun
27*4882a593Smuzhiyun struct ipcomp_tfms {
28*4882a593Smuzhiyun struct list_head list;
29*4882a593Smuzhiyun struct crypto_comp * __percpu *tfms;
30*4882a593Smuzhiyun int users;
31*4882a593Smuzhiyun };
32*4882a593Smuzhiyun
33*4882a593Smuzhiyun static DEFINE_MUTEX(ipcomp_resource_mutex);
34*4882a593Smuzhiyun static void * __percpu *ipcomp_scratches;
35*4882a593Smuzhiyun static int ipcomp_scratch_users;
36*4882a593Smuzhiyun static LIST_HEAD(ipcomp_tfms_list);
37*4882a593Smuzhiyun
ipcomp_decompress(struct xfrm_state * x,struct sk_buff * skb)38*4882a593Smuzhiyun static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb)
39*4882a593Smuzhiyun {
40*4882a593Smuzhiyun struct ipcomp_data *ipcd = x->data;
41*4882a593Smuzhiyun const int plen = skb->len;
42*4882a593Smuzhiyun int dlen = IPCOMP_SCRATCH_SIZE;
43*4882a593Smuzhiyun const u8 *start = skb->data;
44*4882a593Smuzhiyun const int cpu = get_cpu();
45*4882a593Smuzhiyun u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
46*4882a593Smuzhiyun struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
47*4882a593Smuzhiyun int err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);
48*4882a593Smuzhiyun int len;
49*4882a593Smuzhiyun
50*4882a593Smuzhiyun if (err)
51*4882a593Smuzhiyun goto out;
52*4882a593Smuzhiyun
53*4882a593Smuzhiyun if (dlen < (plen + sizeof(struct ip_comp_hdr))) {
54*4882a593Smuzhiyun err = -EINVAL;
55*4882a593Smuzhiyun goto out;
56*4882a593Smuzhiyun }
57*4882a593Smuzhiyun
58*4882a593Smuzhiyun len = dlen - plen;
59*4882a593Smuzhiyun if (len > skb_tailroom(skb))
60*4882a593Smuzhiyun len = skb_tailroom(skb);
61*4882a593Smuzhiyun
62*4882a593Smuzhiyun __skb_put(skb, len);
63*4882a593Smuzhiyun
64*4882a593Smuzhiyun len += plen;
65*4882a593Smuzhiyun skb_copy_to_linear_data(skb, scratch, len);
66*4882a593Smuzhiyun
67*4882a593Smuzhiyun while ((scratch += len, dlen -= len) > 0) {
68*4882a593Smuzhiyun skb_frag_t *frag;
69*4882a593Smuzhiyun struct page *page;
70*4882a593Smuzhiyun
71*4882a593Smuzhiyun err = -EMSGSIZE;
72*4882a593Smuzhiyun if (WARN_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS))
73*4882a593Smuzhiyun goto out;
74*4882a593Smuzhiyun
75*4882a593Smuzhiyun frag = skb_shinfo(skb)->frags + skb_shinfo(skb)->nr_frags;
76*4882a593Smuzhiyun page = alloc_page(GFP_ATOMIC);
77*4882a593Smuzhiyun
78*4882a593Smuzhiyun err = -ENOMEM;
79*4882a593Smuzhiyun if (!page)
80*4882a593Smuzhiyun goto out;
81*4882a593Smuzhiyun
82*4882a593Smuzhiyun __skb_frag_set_page(frag, page);
83*4882a593Smuzhiyun
84*4882a593Smuzhiyun len = PAGE_SIZE;
85*4882a593Smuzhiyun if (dlen < len)
86*4882a593Smuzhiyun len = dlen;
87*4882a593Smuzhiyun
88*4882a593Smuzhiyun skb_frag_off_set(frag, 0);
89*4882a593Smuzhiyun skb_frag_size_set(frag, len);
90*4882a593Smuzhiyun memcpy(skb_frag_address(frag), scratch, len);
91*4882a593Smuzhiyun
92*4882a593Smuzhiyun skb->truesize += len;
93*4882a593Smuzhiyun skb->data_len += len;
94*4882a593Smuzhiyun skb->len += len;
95*4882a593Smuzhiyun
96*4882a593Smuzhiyun skb_shinfo(skb)->nr_frags++;
97*4882a593Smuzhiyun }
98*4882a593Smuzhiyun
99*4882a593Smuzhiyun err = 0;
100*4882a593Smuzhiyun
101*4882a593Smuzhiyun out:
102*4882a593Smuzhiyun put_cpu();
103*4882a593Smuzhiyun return err;
104*4882a593Smuzhiyun }
105*4882a593Smuzhiyun
ipcomp_input(struct xfrm_state * x,struct sk_buff * skb)106*4882a593Smuzhiyun int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
107*4882a593Smuzhiyun {
108*4882a593Smuzhiyun int nexthdr;
109*4882a593Smuzhiyun int err = -ENOMEM;
110*4882a593Smuzhiyun struct ip_comp_hdr *ipch;
111*4882a593Smuzhiyun
112*4882a593Smuzhiyun if (skb_linearize_cow(skb))
113*4882a593Smuzhiyun goto out;
114*4882a593Smuzhiyun
115*4882a593Smuzhiyun skb->ip_summed = CHECKSUM_NONE;
116*4882a593Smuzhiyun
117*4882a593Smuzhiyun /* Remove ipcomp header and decompress original payload */
118*4882a593Smuzhiyun ipch = (void *)skb->data;
119*4882a593Smuzhiyun nexthdr = ipch->nexthdr;
120*4882a593Smuzhiyun
121*4882a593Smuzhiyun skb->transport_header = skb->network_header + sizeof(*ipch);
122*4882a593Smuzhiyun __skb_pull(skb, sizeof(*ipch));
123*4882a593Smuzhiyun err = ipcomp_decompress(x, skb);
124*4882a593Smuzhiyun if (err)
125*4882a593Smuzhiyun goto out;
126*4882a593Smuzhiyun
127*4882a593Smuzhiyun err = nexthdr;
128*4882a593Smuzhiyun
129*4882a593Smuzhiyun out:
130*4882a593Smuzhiyun return err;
131*4882a593Smuzhiyun }
132*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(ipcomp_input);
133*4882a593Smuzhiyun
ipcomp_compress(struct xfrm_state * x,struct sk_buff * skb)134*4882a593Smuzhiyun static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
135*4882a593Smuzhiyun {
136*4882a593Smuzhiyun struct ipcomp_data *ipcd = x->data;
137*4882a593Smuzhiyun const int plen = skb->len;
138*4882a593Smuzhiyun int dlen = IPCOMP_SCRATCH_SIZE;
139*4882a593Smuzhiyun u8 *start = skb->data;
140*4882a593Smuzhiyun struct crypto_comp *tfm;
141*4882a593Smuzhiyun u8 *scratch;
142*4882a593Smuzhiyun int err;
143*4882a593Smuzhiyun
144*4882a593Smuzhiyun local_bh_disable();
145*4882a593Smuzhiyun scratch = *this_cpu_ptr(ipcomp_scratches);
146*4882a593Smuzhiyun tfm = *this_cpu_ptr(ipcd->tfms);
147*4882a593Smuzhiyun err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
148*4882a593Smuzhiyun if (err)
149*4882a593Smuzhiyun goto out;
150*4882a593Smuzhiyun
151*4882a593Smuzhiyun if ((dlen + sizeof(struct ip_comp_hdr)) >= plen) {
152*4882a593Smuzhiyun err = -EMSGSIZE;
153*4882a593Smuzhiyun goto out;
154*4882a593Smuzhiyun }
155*4882a593Smuzhiyun
156*4882a593Smuzhiyun memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
157*4882a593Smuzhiyun local_bh_enable();
158*4882a593Smuzhiyun
159*4882a593Smuzhiyun pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr));
160*4882a593Smuzhiyun return 0;
161*4882a593Smuzhiyun
162*4882a593Smuzhiyun out:
163*4882a593Smuzhiyun local_bh_enable();
164*4882a593Smuzhiyun return err;
165*4882a593Smuzhiyun }
166*4882a593Smuzhiyun
ipcomp_output(struct xfrm_state * x,struct sk_buff * skb)167*4882a593Smuzhiyun int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
168*4882a593Smuzhiyun {
169*4882a593Smuzhiyun int err;
170*4882a593Smuzhiyun struct ip_comp_hdr *ipch;
171*4882a593Smuzhiyun struct ipcomp_data *ipcd = x->data;
172*4882a593Smuzhiyun
173*4882a593Smuzhiyun if (skb->len < ipcd->threshold) {
174*4882a593Smuzhiyun /* Don't bother compressing */
175*4882a593Smuzhiyun goto out_ok;
176*4882a593Smuzhiyun }
177*4882a593Smuzhiyun
178*4882a593Smuzhiyun if (skb_linearize_cow(skb))
179*4882a593Smuzhiyun goto out_ok;
180*4882a593Smuzhiyun
181*4882a593Smuzhiyun err = ipcomp_compress(x, skb);
182*4882a593Smuzhiyun
183*4882a593Smuzhiyun if (err) {
184*4882a593Smuzhiyun goto out_ok;
185*4882a593Smuzhiyun }
186*4882a593Smuzhiyun
187*4882a593Smuzhiyun /* Install ipcomp header, convert into ipcomp datagram. */
188*4882a593Smuzhiyun ipch = ip_comp_hdr(skb);
189*4882a593Smuzhiyun ipch->nexthdr = *skb_mac_header(skb);
190*4882a593Smuzhiyun ipch->flags = 0;
191*4882a593Smuzhiyun ipch->cpi = htons((u16 )ntohl(x->id.spi));
192*4882a593Smuzhiyun *skb_mac_header(skb) = IPPROTO_COMP;
193*4882a593Smuzhiyun out_ok:
194*4882a593Smuzhiyun skb_push(skb, -skb_network_offset(skb));
195*4882a593Smuzhiyun return 0;
196*4882a593Smuzhiyun }
197*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(ipcomp_output);
198*4882a593Smuzhiyun
ipcomp_free_scratches(void)199*4882a593Smuzhiyun static void ipcomp_free_scratches(void)
200*4882a593Smuzhiyun {
201*4882a593Smuzhiyun int i;
202*4882a593Smuzhiyun void * __percpu *scratches;
203*4882a593Smuzhiyun
204*4882a593Smuzhiyun if (--ipcomp_scratch_users)
205*4882a593Smuzhiyun return;
206*4882a593Smuzhiyun
207*4882a593Smuzhiyun scratches = ipcomp_scratches;
208*4882a593Smuzhiyun if (!scratches)
209*4882a593Smuzhiyun return;
210*4882a593Smuzhiyun
211*4882a593Smuzhiyun for_each_possible_cpu(i)
212*4882a593Smuzhiyun vfree(*per_cpu_ptr(scratches, i));
213*4882a593Smuzhiyun
214*4882a593Smuzhiyun free_percpu(scratches);
215*4882a593Smuzhiyun ipcomp_scratches = NULL;
216*4882a593Smuzhiyun }
217*4882a593Smuzhiyun
ipcomp_alloc_scratches(void)218*4882a593Smuzhiyun static void * __percpu *ipcomp_alloc_scratches(void)
219*4882a593Smuzhiyun {
220*4882a593Smuzhiyun void * __percpu *scratches;
221*4882a593Smuzhiyun int i;
222*4882a593Smuzhiyun
223*4882a593Smuzhiyun if (ipcomp_scratch_users++)
224*4882a593Smuzhiyun return ipcomp_scratches;
225*4882a593Smuzhiyun
226*4882a593Smuzhiyun scratches = alloc_percpu(void *);
227*4882a593Smuzhiyun if (!scratches)
228*4882a593Smuzhiyun return NULL;
229*4882a593Smuzhiyun
230*4882a593Smuzhiyun ipcomp_scratches = scratches;
231*4882a593Smuzhiyun
232*4882a593Smuzhiyun for_each_possible_cpu(i) {
233*4882a593Smuzhiyun void *scratch;
234*4882a593Smuzhiyun
235*4882a593Smuzhiyun scratch = vmalloc_node(IPCOMP_SCRATCH_SIZE, cpu_to_node(i));
236*4882a593Smuzhiyun if (!scratch)
237*4882a593Smuzhiyun return NULL;
238*4882a593Smuzhiyun *per_cpu_ptr(scratches, i) = scratch;
239*4882a593Smuzhiyun }
240*4882a593Smuzhiyun
241*4882a593Smuzhiyun return scratches;
242*4882a593Smuzhiyun }
243*4882a593Smuzhiyun
ipcomp_free_tfms(struct crypto_comp * __percpu * tfms)244*4882a593Smuzhiyun static void ipcomp_free_tfms(struct crypto_comp * __percpu *tfms)
245*4882a593Smuzhiyun {
246*4882a593Smuzhiyun struct ipcomp_tfms *pos;
247*4882a593Smuzhiyun int cpu;
248*4882a593Smuzhiyun
249*4882a593Smuzhiyun list_for_each_entry(pos, &ipcomp_tfms_list, list) {
250*4882a593Smuzhiyun if (pos->tfms == tfms)
251*4882a593Smuzhiyun break;
252*4882a593Smuzhiyun }
253*4882a593Smuzhiyun
254*4882a593Smuzhiyun WARN_ON(list_entry_is_head(pos, &ipcomp_tfms_list, list));
255*4882a593Smuzhiyun
256*4882a593Smuzhiyun if (--pos->users)
257*4882a593Smuzhiyun return;
258*4882a593Smuzhiyun
259*4882a593Smuzhiyun list_del(&pos->list);
260*4882a593Smuzhiyun kfree(pos);
261*4882a593Smuzhiyun
262*4882a593Smuzhiyun if (!tfms)
263*4882a593Smuzhiyun return;
264*4882a593Smuzhiyun
265*4882a593Smuzhiyun for_each_possible_cpu(cpu) {
266*4882a593Smuzhiyun struct crypto_comp *tfm = *per_cpu_ptr(tfms, cpu);
267*4882a593Smuzhiyun crypto_free_comp(tfm);
268*4882a593Smuzhiyun }
269*4882a593Smuzhiyun free_percpu(tfms);
270*4882a593Smuzhiyun }
271*4882a593Smuzhiyun
ipcomp_alloc_tfms(const char * alg_name)272*4882a593Smuzhiyun static struct crypto_comp * __percpu *ipcomp_alloc_tfms(const char *alg_name)
273*4882a593Smuzhiyun {
274*4882a593Smuzhiyun struct ipcomp_tfms *pos;
275*4882a593Smuzhiyun struct crypto_comp * __percpu *tfms;
276*4882a593Smuzhiyun int cpu;
277*4882a593Smuzhiyun
278*4882a593Smuzhiyun
279*4882a593Smuzhiyun list_for_each_entry(pos, &ipcomp_tfms_list, list) {
280*4882a593Smuzhiyun struct crypto_comp *tfm;
281*4882a593Smuzhiyun
282*4882a593Smuzhiyun /* This can be any valid CPU ID so we don't need locking. */
283*4882a593Smuzhiyun tfm = this_cpu_read(*pos->tfms);
284*4882a593Smuzhiyun
285*4882a593Smuzhiyun if (!strcmp(crypto_comp_name(tfm), alg_name)) {
286*4882a593Smuzhiyun pos->users++;
287*4882a593Smuzhiyun return pos->tfms;
288*4882a593Smuzhiyun }
289*4882a593Smuzhiyun }
290*4882a593Smuzhiyun
291*4882a593Smuzhiyun pos = kmalloc(sizeof(*pos), GFP_KERNEL);
292*4882a593Smuzhiyun if (!pos)
293*4882a593Smuzhiyun return NULL;
294*4882a593Smuzhiyun
295*4882a593Smuzhiyun pos->users = 1;
296*4882a593Smuzhiyun INIT_LIST_HEAD(&pos->list);
297*4882a593Smuzhiyun list_add(&pos->list, &ipcomp_tfms_list);
298*4882a593Smuzhiyun
299*4882a593Smuzhiyun pos->tfms = tfms = alloc_percpu(struct crypto_comp *);
300*4882a593Smuzhiyun if (!tfms)
301*4882a593Smuzhiyun goto error;
302*4882a593Smuzhiyun
303*4882a593Smuzhiyun for_each_possible_cpu(cpu) {
304*4882a593Smuzhiyun struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
305*4882a593Smuzhiyun CRYPTO_ALG_ASYNC);
306*4882a593Smuzhiyun if (IS_ERR(tfm))
307*4882a593Smuzhiyun goto error;
308*4882a593Smuzhiyun *per_cpu_ptr(tfms, cpu) = tfm;
309*4882a593Smuzhiyun }
310*4882a593Smuzhiyun
311*4882a593Smuzhiyun return tfms;
312*4882a593Smuzhiyun
313*4882a593Smuzhiyun error:
314*4882a593Smuzhiyun ipcomp_free_tfms(tfms);
315*4882a593Smuzhiyun return NULL;
316*4882a593Smuzhiyun }
317*4882a593Smuzhiyun
ipcomp_free_data(struct ipcomp_data * ipcd)318*4882a593Smuzhiyun static void ipcomp_free_data(struct ipcomp_data *ipcd)
319*4882a593Smuzhiyun {
320*4882a593Smuzhiyun if (ipcd->tfms)
321*4882a593Smuzhiyun ipcomp_free_tfms(ipcd->tfms);
322*4882a593Smuzhiyun ipcomp_free_scratches();
323*4882a593Smuzhiyun }
324*4882a593Smuzhiyun
ipcomp_destroy(struct xfrm_state * x)325*4882a593Smuzhiyun void ipcomp_destroy(struct xfrm_state *x)
326*4882a593Smuzhiyun {
327*4882a593Smuzhiyun struct ipcomp_data *ipcd = x->data;
328*4882a593Smuzhiyun if (!ipcd)
329*4882a593Smuzhiyun return;
330*4882a593Smuzhiyun xfrm_state_delete_tunnel(x);
331*4882a593Smuzhiyun mutex_lock(&ipcomp_resource_mutex);
332*4882a593Smuzhiyun ipcomp_free_data(ipcd);
333*4882a593Smuzhiyun mutex_unlock(&ipcomp_resource_mutex);
334*4882a593Smuzhiyun kfree(ipcd);
335*4882a593Smuzhiyun }
336*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(ipcomp_destroy);
337*4882a593Smuzhiyun
ipcomp_init_state(struct xfrm_state * x)338*4882a593Smuzhiyun int ipcomp_init_state(struct xfrm_state *x)
339*4882a593Smuzhiyun {
340*4882a593Smuzhiyun int err;
341*4882a593Smuzhiyun struct ipcomp_data *ipcd;
342*4882a593Smuzhiyun struct xfrm_algo_desc *calg_desc;
343*4882a593Smuzhiyun
344*4882a593Smuzhiyun err = -EINVAL;
345*4882a593Smuzhiyun if (!x->calg)
346*4882a593Smuzhiyun goto out;
347*4882a593Smuzhiyun
348*4882a593Smuzhiyun if (x->encap)
349*4882a593Smuzhiyun goto out;
350*4882a593Smuzhiyun
351*4882a593Smuzhiyun err = -ENOMEM;
352*4882a593Smuzhiyun ipcd = kzalloc(sizeof(*ipcd), GFP_KERNEL);
353*4882a593Smuzhiyun if (!ipcd)
354*4882a593Smuzhiyun goto out;
355*4882a593Smuzhiyun
356*4882a593Smuzhiyun mutex_lock(&ipcomp_resource_mutex);
357*4882a593Smuzhiyun if (!ipcomp_alloc_scratches())
358*4882a593Smuzhiyun goto error;
359*4882a593Smuzhiyun
360*4882a593Smuzhiyun ipcd->tfms = ipcomp_alloc_tfms(x->calg->alg_name);
361*4882a593Smuzhiyun if (!ipcd->tfms)
362*4882a593Smuzhiyun goto error;
363*4882a593Smuzhiyun mutex_unlock(&ipcomp_resource_mutex);
364*4882a593Smuzhiyun
365*4882a593Smuzhiyun calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
366*4882a593Smuzhiyun BUG_ON(!calg_desc);
367*4882a593Smuzhiyun ipcd->threshold = calg_desc->uinfo.comp.threshold;
368*4882a593Smuzhiyun x->data = ipcd;
369*4882a593Smuzhiyun err = 0;
370*4882a593Smuzhiyun out:
371*4882a593Smuzhiyun return err;
372*4882a593Smuzhiyun
373*4882a593Smuzhiyun error:
374*4882a593Smuzhiyun ipcomp_free_data(ipcd);
375*4882a593Smuzhiyun mutex_unlock(&ipcomp_resource_mutex);
376*4882a593Smuzhiyun kfree(ipcd);
377*4882a593Smuzhiyun goto out;
378*4882a593Smuzhiyun }
379*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(ipcomp_init_state);
380*4882a593Smuzhiyun
381*4882a593Smuzhiyun MODULE_LICENSE("GPL");
382*4882a593Smuzhiyun MODULE_DESCRIPTION("IP Payload Compression Protocol (IPComp) - RFC3173");
383*4882a593Smuzhiyun MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");
384