18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * NetLabel Domain Hash Table 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * This file manages the domain hash table that NetLabel uses to determine 68c2ecf20Sopenharmony_ci * which network labeling protocol to use for a given domain. The NetLabel 78c2ecf20Sopenharmony_ci * system manages static and dynamic label mappings for network protocols such 88c2ecf20Sopenharmony_ci * as CIPSO and RIPSO. 98c2ecf20Sopenharmony_ci * 108c2ecf20Sopenharmony_ci * Author: Paul Moore <paul@paul-moore.com> 118c2ecf20Sopenharmony_ci */ 128c2ecf20Sopenharmony_ci 138c2ecf20Sopenharmony_ci/* 148c2ecf20Sopenharmony_ci * (c) Copyright Hewlett-Packard Development Company, L.P., 2006, 2008 158c2ecf20Sopenharmony_ci */ 168c2ecf20Sopenharmony_ci 178c2ecf20Sopenharmony_ci#include <linux/types.h> 188c2ecf20Sopenharmony_ci#include <linux/rculist.h> 198c2ecf20Sopenharmony_ci#include <linux/skbuff.h> 208c2ecf20Sopenharmony_ci#include <linux/spinlock.h> 218c2ecf20Sopenharmony_ci#include <linux/string.h> 228c2ecf20Sopenharmony_ci#include <linux/audit.h> 238c2ecf20Sopenharmony_ci#include <linux/slab.h> 248c2ecf20Sopenharmony_ci#include <net/netlabel.h> 258c2ecf20Sopenharmony_ci#include <net/cipso_ipv4.h> 268c2ecf20Sopenharmony_ci#include <net/calipso.h> 278c2ecf20Sopenharmony_ci#include <asm/bug.h> 288c2ecf20Sopenharmony_ci 298c2ecf20Sopenharmony_ci#include "netlabel_mgmt.h" 308c2ecf20Sopenharmony_ci#include "netlabel_addrlist.h" 318c2ecf20Sopenharmony_ci#include "netlabel_calipso.h" 328c2ecf20Sopenharmony_ci#include "netlabel_domainhash.h" 338c2ecf20Sopenharmony_ci#include "netlabel_user.h" 348c2ecf20Sopenharmony_ci 358c2ecf20Sopenharmony_cistruct netlbl_domhsh_tbl { 368c2ecf20Sopenharmony_ci struct list_head *tbl; 378c2ecf20Sopenharmony_ci u32 size; 388c2ecf20Sopenharmony_ci}; 398c2ecf20Sopenharmony_ci 408c2ecf20Sopenharmony_ci/* Domain hash table */ 418c2ecf20Sopenharmony_ci/* updates should be so rare that having one spinlock for the entire hash table 428c2ecf20Sopenharmony_ci * should be okay */ 438c2ecf20Sopenharmony_cistatic DEFINE_SPINLOCK(netlbl_domhsh_lock); 448c2ecf20Sopenharmony_ci#define netlbl_domhsh_rcu_deref(p) \ 458c2ecf20Sopenharmony_ci rcu_dereference_check(p, lockdep_is_held(&netlbl_domhsh_lock)) 468c2ecf20Sopenharmony_cistatic struct netlbl_domhsh_tbl __rcu *netlbl_domhsh; 478c2ecf20Sopenharmony_cistatic struct netlbl_dom_map __rcu *netlbl_domhsh_def_ipv4; 488c2ecf20Sopenharmony_cistatic struct netlbl_dom_map __rcu *netlbl_domhsh_def_ipv6; 498c2ecf20Sopenharmony_ci 508c2ecf20Sopenharmony_ci/* 518c2ecf20Sopenharmony_ci * Domain Hash Table Helper Functions 528c2ecf20Sopenharmony_ci */ 538c2ecf20Sopenharmony_ci 548c2ecf20Sopenharmony_ci/** 558c2ecf20Sopenharmony_ci * netlbl_domhsh_free_entry - Frees a domain hash table entry 568c2ecf20Sopenharmony_ci * @entry: the entry's RCU field 578c2ecf20Sopenharmony_ci * 588c2ecf20Sopenharmony_ci * Description: 598c2ecf20Sopenharmony_ci * This function is designed to be used as a callback to the call_rcu() 608c2ecf20Sopenharmony_ci * function so that the memory allocated to a hash table entry can be released 618c2ecf20Sopenharmony_ci * safely. 628c2ecf20Sopenharmony_ci * 638c2ecf20Sopenharmony_ci */ 648c2ecf20Sopenharmony_cistatic void netlbl_domhsh_free_entry(struct rcu_head *entry) 658c2ecf20Sopenharmony_ci{ 668c2ecf20Sopenharmony_ci struct netlbl_dom_map *ptr; 678c2ecf20Sopenharmony_ci struct netlbl_af4list *iter4; 688c2ecf20Sopenharmony_ci struct netlbl_af4list *tmp4; 698c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 708c2ecf20Sopenharmony_ci struct netlbl_af6list *iter6; 718c2ecf20Sopenharmony_ci struct netlbl_af6list *tmp6; 728c2ecf20Sopenharmony_ci#endif /* IPv6 */ 738c2ecf20Sopenharmony_ci 748c2ecf20Sopenharmony_ci ptr = container_of(entry, struct netlbl_dom_map, rcu); 758c2ecf20Sopenharmony_ci if (ptr->def.type == NETLBL_NLTYPE_ADDRSELECT) { 768c2ecf20Sopenharmony_ci netlbl_af4list_foreach_safe(iter4, tmp4, 778c2ecf20Sopenharmony_ci &ptr->def.addrsel->list4) { 788c2ecf20Sopenharmony_ci netlbl_af4list_remove_entry(iter4); 798c2ecf20Sopenharmony_ci kfree(netlbl_domhsh_addr4_entry(iter4)); 808c2ecf20Sopenharmony_ci } 818c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 828c2ecf20Sopenharmony_ci netlbl_af6list_foreach_safe(iter6, tmp6, 838c2ecf20Sopenharmony_ci &ptr->def.addrsel->list6) { 848c2ecf20Sopenharmony_ci netlbl_af6list_remove_entry(iter6); 858c2ecf20Sopenharmony_ci kfree(netlbl_domhsh_addr6_entry(iter6)); 868c2ecf20Sopenharmony_ci } 878c2ecf20Sopenharmony_ci#endif /* IPv6 */ 888c2ecf20Sopenharmony_ci kfree(ptr->def.addrsel); 898c2ecf20Sopenharmony_ci } 908c2ecf20Sopenharmony_ci kfree(ptr->domain); 918c2ecf20Sopenharmony_ci kfree(ptr); 928c2ecf20Sopenharmony_ci} 938c2ecf20Sopenharmony_ci 948c2ecf20Sopenharmony_ci/** 958c2ecf20Sopenharmony_ci * netlbl_domhsh_hash - Hashing function for the domain hash table 968c2ecf20Sopenharmony_ci * @key: the domain name to hash 978c2ecf20Sopenharmony_ci * 988c2ecf20Sopenharmony_ci * Description: 998c2ecf20Sopenharmony_ci * This is the hashing function for the domain hash table, it returns the 1008c2ecf20Sopenharmony_ci * correct bucket number for the domain. The caller is responsible for 1018c2ecf20Sopenharmony_ci * ensuring that the hash table is protected with either a RCU read lock or the 1028c2ecf20Sopenharmony_ci * hash table lock. 1038c2ecf20Sopenharmony_ci * 1048c2ecf20Sopenharmony_ci */ 1058c2ecf20Sopenharmony_cistatic u32 netlbl_domhsh_hash(const char *key) 1068c2ecf20Sopenharmony_ci{ 1078c2ecf20Sopenharmony_ci u32 iter; 1088c2ecf20Sopenharmony_ci u32 val; 1098c2ecf20Sopenharmony_ci u32 len; 1108c2ecf20Sopenharmony_ci 1118c2ecf20Sopenharmony_ci /* This is taken (with slight modification) from 1128c2ecf20Sopenharmony_ci * security/selinux/ss/symtab.c:symhash() */ 1138c2ecf20Sopenharmony_ci 1148c2ecf20Sopenharmony_ci for (iter = 0, val = 0, len = strlen(key); iter < len; iter++) 1158c2ecf20Sopenharmony_ci val = (val << 4 | (val >> (8 * sizeof(u32) - 4))) ^ key[iter]; 1168c2ecf20Sopenharmony_ci return val & (netlbl_domhsh_rcu_deref(netlbl_domhsh)->size - 1); 1178c2ecf20Sopenharmony_ci} 1188c2ecf20Sopenharmony_ci 1198c2ecf20Sopenharmony_cistatic bool netlbl_family_match(u16 f1, u16 f2) 1208c2ecf20Sopenharmony_ci{ 1218c2ecf20Sopenharmony_ci return (f1 == f2) || (f1 == AF_UNSPEC) || (f2 == AF_UNSPEC); 1228c2ecf20Sopenharmony_ci} 1238c2ecf20Sopenharmony_ci 1248c2ecf20Sopenharmony_ci/** 1258c2ecf20Sopenharmony_ci * netlbl_domhsh_search - Search for a domain entry 1268c2ecf20Sopenharmony_ci * @domain: the domain 1278c2ecf20Sopenharmony_ci * @family: the address family 1288c2ecf20Sopenharmony_ci * 1298c2ecf20Sopenharmony_ci * Description: 1308c2ecf20Sopenharmony_ci * Searches the domain hash table and returns a pointer to the hash table 1318c2ecf20Sopenharmony_ci * entry if found, otherwise NULL is returned. @family may be %AF_UNSPEC 1328c2ecf20Sopenharmony_ci * which matches any address family entries. The caller is responsible for 1338c2ecf20Sopenharmony_ci * ensuring that the hash table is protected with either a RCU read lock or the 1348c2ecf20Sopenharmony_ci * hash table lock. 1358c2ecf20Sopenharmony_ci * 1368c2ecf20Sopenharmony_ci */ 1378c2ecf20Sopenharmony_cistatic struct netlbl_dom_map *netlbl_domhsh_search(const char *domain, 1388c2ecf20Sopenharmony_ci u16 family) 1398c2ecf20Sopenharmony_ci{ 1408c2ecf20Sopenharmony_ci u32 bkt; 1418c2ecf20Sopenharmony_ci struct list_head *bkt_list; 1428c2ecf20Sopenharmony_ci struct netlbl_dom_map *iter; 1438c2ecf20Sopenharmony_ci 1448c2ecf20Sopenharmony_ci if (domain != NULL) { 1458c2ecf20Sopenharmony_ci bkt = netlbl_domhsh_hash(domain); 1468c2ecf20Sopenharmony_ci bkt_list = &netlbl_domhsh_rcu_deref(netlbl_domhsh)->tbl[bkt]; 1478c2ecf20Sopenharmony_ci list_for_each_entry_rcu(iter, bkt_list, list, 1488c2ecf20Sopenharmony_ci lockdep_is_held(&netlbl_domhsh_lock)) 1498c2ecf20Sopenharmony_ci if (iter->valid && 1508c2ecf20Sopenharmony_ci netlbl_family_match(iter->family, family) && 1518c2ecf20Sopenharmony_ci strcmp(iter->domain, domain) == 0) 1528c2ecf20Sopenharmony_ci return iter; 1538c2ecf20Sopenharmony_ci } 1548c2ecf20Sopenharmony_ci 1558c2ecf20Sopenharmony_ci return NULL; 1568c2ecf20Sopenharmony_ci} 1578c2ecf20Sopenharmony_ci 1588c2ecf20Sopenharmony_ci/** 1598c2ecf20Sopenharmony_ci * netlbl_domhsh_search_def - Search for a domain entry 1608c2ecf20Sopenharmony_ci * @domain: the domain 1618c2ecf20Sopenharmony_ci * @family: the address family 1628c2ecf20Sopenharmony_ci * 1638c2ecf20Sopenharmony_ci * Description: 1648c2ecf20Sopenharmony_ci * Searches the domain hash table and returns a pointer to the hash table 1658c2ecf20Sopenharmony_ci * entry if an exact match is found, if an exact match is not present in the 1668c2ecf20Sopenharmony_ci * hash table then the default entry is returned if valid otherwise NULL is 1678c2ecf20Sopenharmony_ci * returned. @family may be %AF_UNSPEC which matches any address family 1688c2ecf20Sopenharmony_ci * entries. The caller is responsible ensuring that the hash table is 1698c2ecf20Sopenharmony_ci * protected with either a RCU read lock or the hash table lock. 1708c2ecf20Sopenharmony_ci * 1718c2ecf20Sopenharmony_ci */ 1728c2ecf20Sopenharmony_cistatic struct netlbl_dom_map *netlbl_domhsh_search_def(const char *domain, 1738c2ecf20Sopenharmony_ci u16 family) 1748c2ecf20Sopenharmony_ci{ 1758c2ecf20Sopenharmony_ci struct netlbl_dom_map *entry; 1768c2ecf20Sopenharmony_ci 1778c2ecf20Sopenharmony_ci entry = netlbl_domhsh_search(domain, family); 1788c2ecf20Sopenharmony_ci if (entry != NULL) 1798c2ecf20Sopenharmony_ci return entry; 1808c2ecf20Sopenharmony_ci if (family == AF_INET || family == AF_UNSPEC) { 1818c2ecf20Sopenharmony_ci entry = netlbl_domhsh_rcu_deref(netlbl_domhsh_def_ipv4); 1828c2ecf20Sopenharmony_ci if (entry != NULL && entry->valid) 1838c2ecf20Sopenharmony_ci return entry; 1848c2ecf20Sopenharmony_ci } 1858c2ecf20Sopenharmony_ci if (family == AF_INET6 || family == AF_UNSPEC) { 1868c2ecf20Sopenharmony_ci entry = netlbl_domhsh_rcu_deref(netlbl_domhsh_def_ipv6); 1878c2ecf20Sopenharmony_ci if (entry != NULL && entry->valid) 1888c2ecf20Sopenharmony_ci return entry; 1898c2ecf20Sopenharmony_ci } 1908c2ecf20Sopenharmony_ci 1918c2ecf20Sopenharmony_ci return NULL; 1928c2ecf20Sopenharmony_ci} 1938c2ecf20Sopenharmony_ci 1948c2ecf20Sopenharmony_ci/** 1958c2ecf20Sopenharmony_ci * netlbl_domhsh_audit_add - Generate an audit entry for an add event 1968c2ecf20Sopenharmony_ci * @entry: the entry being added 1978c2ecf20Sopenharmony_ci * @addr4: the IPv4 address information 1988c2ecf20Sopenharmony_ci * @addr6: the IPv6 address information 1998c2ecf20Sopenharmony_ci * @result: the result code 2008c2ecf20Sopenharmony_ci * @audit_info: NetLabel audit information 2018c2ecf20Sopenharmony_ci * 2028c2ecf20Sopenharmony_ci * Description: 2038c2ecf20Sopenharmony_ci * Generate an audit record for adding a new NetLabel/LSM mapping entry with 2048c2ecf20Sopenharmony_ci * the given information. Caller is responsible for holding the necessary 2058c2ecf20Sopenharmony_ci * locks. 2068c2ecf20Sopenharmony_ci * 2078c2ecf20Sopenharmony_ci */ 2088c2ecf20Sopenharmony_cistatic void netlbl_domhsh_audit_add(struct netlbl_dom_map *entry, 2098c2ecf20Sopenharmony_ci struct netlbl_af4list *addr4, 2108c2ecf20Sopenharmony_ci struct netlbl_af6list *addr6, 2118c2ecf20Sopenharmony_ci int result, 2128c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 2138c2ecf20Sopenharmony_ci{ 2148c2ecf20Sopenharmony_ci struct audit_buffer *audit_buf; 2158c2ecf20Sopenharmony_ci struct cipso_v4_doi *cipsov4 = NULL; 2168c2ecf20Sopenharmony_ci struct calipso_doi *calipso = NULL; 2178c2ecf20Sopenharmony_ci u32 type; 2188c2ecf20Sopenharmony_ci 2198c2ecf20Sopenharmony_ci audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD, audit_info); 2208c2ecf20Sopenharmony_ci if (audit_buf != NULL) { 2218c2ecf20Sopenharmony_ci audit_log_format(audit_buf, " nlbl_domain=%s", 2228c2ecf20Sopenharmony_ci entry->domain ? entry->domain : "(default)"); 2238c2ecf20Sopenharmony_ci if (addr4 != NULL) { 2248c2ecf20Sopenharmony_ci struct netlbl_domaddr4_map *map4; 2258c2ecf20Sopenharmony_ci map4 = netlbl_domhsh_addr4_entry(addr4); 2268c2ecf20Sopenharmony_ci type = map4->def.type; 2278c2ecf20Sopenharmony_ci cipsov4 = map4->def.cipso; 2288c2ecf20Sopenharmony_ci netlbl_af4list_audit_addr(audit_buf, 0, NULL, 2298c2ecf20Sopenharmony_ci addr4->addr, addr4->mask); 2308c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 2318c2ecf20Sopenharmony_ci } else if (addr6 != NULL) { 2328c2ecf20Sopenharmony_ci struct netlbl_domaddr6_map *map6; 2338c2ecf20Sopenharmony_ci map6 = netlbl_domhsh_addr6_entry(addr6); 2348c2ecf20Sopenharmony_ci type = map6->def.type; 2358c2ecf20Sopenharmony_ci calipso = map6->def.calipso; 2368c2ecf20Sopenharmony_ci netlbl_af6list_audit_addr(audit_buf, 0, NULL, 2378c2ecf20Sopenharmony_ci &addr6->addr, &addr6->mask); 2388c2ecf20Sopenharmony_ci#endif /* IPv6 */ 2398c2ecf20Sopenharmony_ci } else { 2408c2ecf20Sopenharmony_ci type = entry->def.type; 2418c2ecf20Sopenharmony_ci cipsov4 = entry->def.cipso; 2428c2ecf20Sopenharmony_ci calipso = entry->def.calipso; 2438c2ecf20Sopenharmony_ci } 2448c2ecf20Sopenharmony_ci switch (type) { 2458c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_UNLABELED: 2468c2ecf20Sopenharmony_ci audit_log_format(audit_buf, " nlbl_protocol=unlbl"); 2478c2ecf20Sopenharmony_ci break; 2488c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CIPSOV4: 2498c2ecf20Sopenharmony_ci BUG_ON(cipsov4 == NULL); 2508c2ecf20Sopenharmony_ci audit_log_format(audit_buf, 2518c2ecf20Sopenharmony_ci " nlbl_protocol=cipsov4 cipso_doi=%u", 2528c2ecf20Sopenharmony_ci cipsov4->doi); 2538c2ecf20Sopenharmony_ci break; 2548c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CALIPSO: 2558c2ecf20Sopenharmony_ci BUG_ON(calipso == NULL); 2568c2ecf20Sopenharmony_ci audit_log_format(audit_buf, 2578c2ecf20Sopenharmony_ci " nlbl_protocol=calipso calipso_doi=%u", 2588c2ecf20Sopenharmony_ci calipso->doi); 2598c2ecf20Sopenharmony_ci break; 2608c2ecf20Sopenharmony_ci } 2618c2ecf20Sopenharmony_ci audit_log_format(audit_buf, " res=%u", result == 0 ? 1 : 0); 2628c2ecf20Sopenharmony_ci audit_log_end(audit_buf); 2638c2ecf20Sopenharmony_ci } 2648c2ecf20Sopenharmony_ci} 2658c2ecf20Sopenharmony_ci 2668c2ecf20Sopenharmony_ci/** 2678c2ecf20Sopenharmony_ci * netlbl_domhsh_validate - Validate a new domain mapping entry 2688c2ecf20Sopenharmony_ci * @entry: the entry to validate 2698c2ecf20Sopenharmony_ci * 2708c2ecf20Sopenharmony_ci * This function validates the new domain mapping entry to ensure that it is 2718c2ecf20Sopenharmony_ci * a valid entry. Returns zero on success, negative values on failure. 2728c2ecf20Sopenharmony_ci * 2738c2ecf20Sopenharmony_ci */ 2748c2ecf20Sopenharmony_cistatic int netlbl_domhsh_validate(const struct netlbl_dom_map *entry) 2758c2ecf20Sopenharmony_ci{ 2768c2ecf20Sopenharmony_ci struct netlbl_af4list *iter4; 2778c2ecf20Sopenharmony_ci struct netlbl_domaddr4_map *map4; 2788c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 2798c2ecf20Sopenharmony_ci struct netlbl_af6list *iter6; 2808c2ecf20Sopenharmony_ci struct netlbl_domaddr6_map *map6; 2818c2ecf20Sopenharmony_ci#endif /* IPv6 */ 2828c2ecf20Sopenharmony_ci 2838c2ecf20Sopenharmony_ci if (entry == NULL) 2848c2ecf20Sopenharmony_ci return -EINVAL; 2858c2ecf20Sopenharmony_ci 2868c2ecf20Sopenharmony_ci if (entry->family != AF_INET && entry->family != AF_INET6 && 2878c2ecf20Sopenharmony_ci (entry->family != AF_UNSPEC || 2888c2ecf20Sopenharmony_ci entry->def.type != NETLBL_NLTYPE_UNLABELED)) 2898c2ecf20Sopenharmony_ci return -EINVAL; 2908c2ecf20Sopenharmony_ci 2918c2ecf20Sopenharmony_ci switch (entry->def.type) { 2928c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_UNLABELED: 2938c2ecf20Sopenharmony_ci if (entry->def.cipso != NULL || entry->def.calipso != NULL || 2948c2ecf20Sopenharmony_ci entry->def.addrsel != NULL) 2958c2ecf20Sopenharmony_ci return -EINVAL; 2968c2ecf20Sopenharmony_ci break; 2978c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CIPSOV4: 2988c2ecf20Sopenharmony_ci if (entry->family != AF_INET || 2998c2ecf20Sopenharmony_ci entry->def.cipso == NULL) 3008c2ecf20Sopenharmony_ci return -EINVAL; 3018c2ecf20Sopenharmony_ci break; 3028c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CALIPSO: 3038c2ecf20Sopenharmony_ci if (entry->family != AF_INET6 || 3048c2ecf20Sopenharmony_ci entry->def.calipso == NULL) 3058c2ecf20Sopenharmony_ci return -EINVAL; 3068c2ecf20Sopenharmony_ci break; 3078c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_ADDRSELECT: 3088c2ecf20Sopenharmony_ci netlbl_af4list_foreach(iter4, &entry->def.addrsel->list4) { 3098c2ecf20Sopenharmony_ci map4 = netlbl_domhsh_addr4_entry(iter4); 3108c2ecf20Sopenharmony_ci switch (map4->def.type) { 3118c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_UNLABELED: 3128c2ecf20Sopenharmony_ci if (map4->def.cipso != NULL) 3138c2ecf20Sopenharmony_ci return -EINVAL; 3148c2ecf20Sopenharmony_ci break; 3158c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CIPSOV4: 3168c2ecf20Sopenharmony_ci if (map4->def.cipso == NULL) 3178c2ecf20Sopenharmony_ci return -EINVAL; 3188c2ecf20Sopenharmony_ci break; 3198c2ecf20Sopenharmony_ci default: 3208c2ecf20Sopenharmony_ci return -EINVAL; 3218c2ecf20Sopenharmony_ci } 3228c2ecf20Sopenharmony_ci } 3238c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 3248c2ecf20Sopenharmony_ci netlbl_af6list_foreach(iter6, &entry->def.addrsel->list6) { 3258c2ecf20Sopenharmony_ci map6 = netlbl_domhsh_addr6_entry(iter6); 3268c2ecf20Sopenharmony_ci switch (map6->def.type) { 3278c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_UNLABELED: 3288c2ecf20Sopenharmony_ci if (map6->def.calipso != NULL) 3298c2ecf20Sopenharmony_ci return -EINVAL; 3308c2ecf20Sopenharmony_ci break; 3318c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CALIPSO: 3328c2ecf20Sopenharmony_ci if (map6->def.calipso == NULL) 3338c2ecf20Sopenharmony_ci return -EINVAL; 3348c2ecf20Sopenharmony_ci break; 3358c2ecf20Sopenharmony_ci default: 3368c2ecf20Sopenharmony_ci return -EINVAL; 3378c2ecf20Sopenharmony_ci } 3388c2ecf20Sopenharmony_ci } 3398c2ecf20Sopenharmony_ci#endif /* IPv6 */ 3408c2ecf20Sopenharmony_ci break; 3418c2ecf20Sopenharmony_ci default: 3428c2ecf20Sopenharmony_ci return -EINVAL; 3438c2ecf20Sopenharmony_ci } 3448c2ecf20Sopenharmony_ci 3458c2ecf20Sopenharmony_ci return 0; 3468c2ecf20Sopenharmony_ci} 3478c2ecf20Sopenharmony_ci 3488c2ecf20Sopenharmony_ci/* 3498c2ecf20Sopenharmony_ci * Domain Hash Table Functions 3508c2ecf20Sopenharmony_ci */ 3518c2ecf20Sopenharmony_ci 3528c2ecf20Sopenharmony_ci/** 3538c2ecf20Sopenharmony_ci * netlbl_domhsh_init - Init for the domain hash 3548c2ecf20Sopenharmony_ci * @size: the number of bits to use for the hash buckets 3558c2ecf20Sopenharmony_ci * 3568c2ecf20Sopenharmony_ci * Description: 3578c2ecf20Sopenharmony_ci * Initializes the domain hash table, should be called only by 3588c2ecf20Sopenharmony_ci * netlbl_user_init() during initialization. Returns zero on success, non-zero 3598c2ecf20Sopenharmony_ci * values on error. 3608c2ecf20Sopenharmony_ci * 3618c2ecf20Sopenharmony_ci */ 3628c2ecf20Sopenharmony_ciint __init netlbl_domhsh_init(u32 size) 3638c2ecf20Sopenharmony_ci{ 3648c2ecf20Sopenharmony_ci u32 iter; 3658c2ecf20Sopenharmony_ci struct netlbl_domhsh_tbl *hsh_tbl; 3668c2ecf20Sopenharmony_ci 3678c2ecf20Sopenharmony_ci if (size == 0) 3688c2ecf20Sopenharmony_ci return -EINVAL; 3698c2ecf20Sopenharmony_ci 3708c2ecf20Sopenharmony_ci hsh_tbl = kmalloc(sizeof(*hsh_tbl), GFP_KERNEL); 3718c2ecf20Sopenharmony_ci if (hsh_tbl == NULL) 3728c2ecf20Sopenharmony_ci return -ENOMEM; 3738c2ecf20Sopenharmony_ci hsh_tbl->size = 1 << size; 3748c2ecf20Sopenharmony_ci hsh_tbl->tbl = kcalloc(hsh_tbl->size, 3758c2ecf20Sopenharmony_ci sizeof(struct list_head), 3768c2ecf20Sopenharmony_ci GFP_KERNEL); 3778c2ecf20Sopenharmony_ci if (hsh_tbl->tbl == NULL) { 3788c2ecf20Sopenharmony_ci kfree(hsh_tbl); 3798c2ecf20Sopenharmony_ci return -ENOMEM; 3808c2ecf20Sopenharmony_ci } 3818c2ecf20Sopenharmony_ci for (iter = 0; iter < hsh_tbl->size; iter++) 3828c2ecf20Sopenharmony_ci INIT_LIST_HEAD(&hsh_tbl->tbl[iter]); 3838c2ecf20Sopenharmony_ci 3848c2ecf20Sopenharmony_ci spin_lock(&netlbl_domhsh_lock); 3858c2ecf20Sopenharmony_ci rcu_assign_pointer(netlbl_domhsh, hsh_tbl); 3868c2ecf20Sopenharmony_ci spin_unlock(&netlbl_domhsh_lock); 3878c2ecf20Sopenharmony_ci 3888c2ecf20Sopenharmony_ci return 0; 3898c2ecf20Sopenharmony_ci} 3908c2ecf20Sopenharmony_ci 3918c2ecf20Sopenharmony_ci/** 3928c2ecf20Sopenharmony_ci * netlbl_domhsh_add - Adds a entry to the domain hash table 3938c2ecf20Sopenharmony_ci * @entry: the entry to add 3948c2ecf20Sopenharmony_ci * @audit_info: NetLabel audit information 3958c2ecf20Sopenharmony_ci * 3968c2ecf20Sopenharmony_ci * Description: 3978c2ecf20Sopenharmony_ci * Adds a new entry to the domain hash table and handles any updates to the 3988c2ecf20Sopenharmony_ci * lower level protocol handler (i.e. CIPSO). @entry->family may be set to 3998c2ecf20Sopenharmony_ci * %AF_UNSPEC which will add an entry that matches all address families. This 4008c2ecf20Sopenharmony_ci * is only useful for the unlabelled type and will only succeed if there is no 4018c2ecf20Sopenharmony_ci * existing entry for any address family with the same domain. Returns zero 4028c2ecf20Sopenharmony_ci * on success, negative on failure. 4038c2ecf20Sopenharmony_ci * 4048c2ecf20Sopenharmony_ci */ 4058c2ecf20Sopenharmony_ciint netlbl_domhsh_add(struct netlbl_dom_map *entry, 4068c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 4078c2ecf20Sopenharmony_ci{ 4088c2ecf20Sopenharmony_ci int ret_val = 0; 4098c2ecf20Sopenharmony_ci struct netlbl_dom_map *entry_old, *entry_b; 4108c2ecf20Sopenharmony_ci struct netlbl_af4list *iter4; 4118c2ecf20Sopenharmony_ci struct netlbl_af4list *tmp4; 4128c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 4138c2ecf20Sopenharmony_ci struct netlbl_af6list *iter6; 4148c2ecf20Sopenharmony_ci struct netlbl_af6list *tmp6; 4158c2ecf20Sopenharmony_ci#endif /* IPv6 */ 4168c2ecf20Sopenharmony_ci 4178c2ecf20Sopenharmony_ci ret_val = netlbl_domhsh_validate(entry); 4188c2ecf20Sopenharmony_ci if (ret_val != 0) 4198c2ecf20Sopenharmony_ci return ret_val; 4208c2ecf20Sopenharmony_ci 4218c2ecf20Sopenharmony_ci /* XXX - we can remove this RCU read lock as the spinlock protects the 4228c2ecf20Sopenharmony_ci * entire function, but before we do we need to fixup the 4238c2ecf20Sopenharmony_ci * netlbl_af[4,6]list RCU functions to do "the right thing" with 4248c2ecf20Sopenharmony_ci * respect to rcu_dereference() when only a spinlock is held. */ 4258c2ecf20Sopenharmony_ci rcu_read_lock(); 4268c2ecf20Sopenharmony_ci spin_lock(&netlbl_domhsh_lock); 4278c2ecf20Sopenharmony_ci if (entry->domain != NULL) 4288c2ecf20Sopenharmony_ci entry_old = netlbl_domhsh_search(entry->domain, entry->family); 4298c2ecf20Sopenharmony_ci else 4308c2ecf20Sopenharmony_ci entry_old = netlbl_domhsh_search_def(entry->domain, 4318c2ecf20Sopenharmony_ci entry->family); 4328c2ecf20Sopenharmony_ci if (entry_old == NULL) { 4338c2ecf20Sopenharmony_ci entry->valid = 1; 4348c2ecf20Sopenharmony_ci 4358c2ecf20Sopenharmony_ci if (entry->domain != NULL) { 4368c2ecf20Sopenharmony_ci u32 bkt = netlbl_domhsh_hash(entry->domain); 4378c2ecf20Sopenharmony_ci list_add_tail_rcu(&entry->list, 4388c2ecf20Sopenharmony_ci &rcu_dereference(netlbl_domhsh)->tbl[bkt]); 4398c2ecf20Sopenharmony_ci } else { 4408c2ecf20Sopenharmony_ci INIT_LIST_HEAD(&entry->list); 4418c2ecf20Sopenharmony_ci switch (entry->family) { 4428c2ecf20Sopenharmony_ci case AF_INET: 4438c2ecf20Sopenharmony_ci rcu_assign_pointer(netlbl_domhsh_def_ipv4, 4448c2ecf20Sopenharmony_ci entry); 4458c2ecf20Sopenharmony_ci break; 4468c2ecf20Sopenharmony_ci case AF_INET6: 4478c2ecf20Sopenharmony_ci rcu_assign_pointer(netlbl_domhsh_def_ipv6, 4488c2ecf20Sopenharmony_ci entry); 4498c2ecf20Sopenharmony_ci break; 4508c2ecf20Sopenharmony_ci case AF_UNSPEC: 4518c2ecf20Sopenharmony_ci if (entry->def.type != 4528c2ecf20Sopenharmony_ci NETLBL_NLTYPE_UNLABELED) { 4538c2ecf20Sopenharmony_ci ret_val = -EINVAL; 4548c2ecf20Sopenharmony_ci goto add_return; 4558c2ecf20Sopenharmony_ci } 4568c2ecf20Sopenharmony_ci entry_b = kzalloc(sizeof(*entry_b), GFP_ATOMIC); 4578c2ecf20Sopenharmony_ci if (entry_b == NULL) { 4588c2ecf20Sopenharmony_ci ret_val = -ENOMEM; 4598c2ecf20Sopenharmony_ci goto add_return; 4608c2ecf20Sopenharmony_ci } 4618c2ecf20Sopenharmony_ci entry_b->family = AF_INET6; 4628c2ecf20Sopenharmony_ci entry_b->def.type = NETLBL_NLTYPE_UNLABELED; 4638c2ecf20Sopenharmony_ci entry_b->valid = 1; 4648c2ecf20Sopenharmony_ci entry->family = AF_INET; 4658c2ecf20Sopenharmony_ci rcu_assign_pointer(netlbl_domhsh_def_ipv4, 4668c2ecf20Sopenharmony_ci entry); 4678c2ecf20Sopenharmony_ci rcu_assign_pointer(netlbl_domhsh_def_ipv6, 4688c2ecf20Sopenharmony_ci entry_b); 4698c2ecf20Sopenharmony_ci break; 4708c2ecf20Sopenharmony_ci default: 4718c2ecf20Sopenharmony_ci /* Already checked in 4728c2ecf20Sopenharmony_ci * netlbl_domhsh_validate(). */ 4738c2ecf20Sopenharmony_ci ret_val = -EINVAL; 4748c2ecf20Sopenharmony_ci goto add_return; 4758c2ecf20Sopenharmony_ci } 4768c2ecf20Sopenharmony_ci } 4778c2ecf20Sopenharmony_ci 4788c2ecf20Sopenharmony_ci if (entry->def.type == NETLBL_NLTYPE_ADDRSELECT) { 4798c2ecf20Sopenharmony_ci netlbl_af4list_foreach_rcu(iter4, 4808c2ecf20Sopenharmony_ci &entry->def.addrsel->list4) 4818c2ecf20Sopenharmony_ci netlbl_domhsh_audit_add(entry, iter4, NULL, 4828c2ecf20Sopenharmony_ci ret_val, audit_info); 4838c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 4848c2ecf20Sopenharmony_ci netlbl_af6list_foreach_rcu(iter6, 4858c2ecf20Sopenharmony_ci &entry->def.addrsel->list6) 4868c2ecf20Sopenharmony_ci netlbl_domhsh_audit_add(entry, NULL, iter6, 4878c2ecf20Sopenharmony_ci ret_val, audit_info); 4888c2ecf20Sopenharmony_ci#endif /* IPv6 */ 4898c2ecf20Sopenharmony_ci } else 4908c2ecf20Sopenharmony_ci netlbl_domhsh_audit_add(entry, NULL, NULL, 4918c2ecf20Sopenharmony_ci ret_val, audit_info); 4928c2ecf20Sopenharmony_ci } else if (entry_old->def.type == NETLBL_NLTYPE_ADDRSELECT && 4938c2ecf20Sopenharmony_ci entry->def.type == NETLBL_NLTYPE_ADDRSELECT) { 4948c2ecf20Sopenharmony_ci struct list_head *old_list4; 4958c2ecf20Sopenharmony_ci struct list_head *old_list6; 4968c2ecf20Sopenharmony_ci 4978c2ecf20Sopenharmony_ci old_list4 = &entry_old->def.addrsel->list4; 4988c2ecf20Sopenharmony_ci old_list6 = &entry_old->def.addrsel->list6; 4998c2ecf20Sopenharmony_ci 5008c2ecf20Sopenharmony_ci /* we only allow the addition of address selectors if all of 5018c2ecf20Sopenharmony_ci * the selectors do not exist in the existing domain map */ 5028c2ecf20Sopenharmony_ci netlbl_af4list_foreach_rcu(iter4, &entry->def.addrsel->list4) 5038c2ecf20Sopenharmony_ci if (netlbl_af4list_search_exact(iter4->addr, 5048c2ecf20Sopenharmony_ci iter4->mask, 5058c2ecf20Sopenharmony_ci old_list4)) { 5068c2ecf20Sopenharmony_ci ret_val = -EEXIST; 5078c2ecf20Sopenharmony_ci goto add_return; 5088c2ecf20Sopenharmony_ci } 5098c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 5108c2ecf20Sopenharmony_ci netlbl_af6list_foreach_rcu(iter6, &entry->def.addrsel->list6) 5118c2ecf20Sopenharmony_ci if (netlbl_af6list_search_exact(&iter6->addr, 5128c2ecf20Sopenharmony_ci &iter6->mask, 5138c2ecf20Sopenharmony_ci old_list6)) { 5148c2ecf20Sopenharmony_ci ret_val = -EEXIST; 5158c2ecf20Sopenharmony_ci goto add_return; 5168c2ecf20Sopenharmony_ci } 5178c2ecf20Sopenharmony_ci#endif /* IPv6 */ 5188c2ecf20Sopenharmony_ci 5198c2ecf20Sopenharmony_ci netlbl_af4list_foreach_safe(iter4, tmp4, 5208c2ecf20Sopenharmony_ci &entry->def.addrsel->list4) { 5218c2ecf20Sopenharmony_ci netlbl_af4list_remove_entry(iter4); 5228c2ecf20Sopenharmony_ci iter4->valid = 1; 5238c2ecf20Sopenharmony_ci ret_val = netlbl_af4list_add(iter4, old_list4); 5248c2ecf20Sopenharmony_ci netlbl_domhsh_audit_add(entry_old, iter4, NULL, 5258c2ecf20Sopenharmony_ci ret_val, audit_info); 5268c2ecf20Sopenharmony_ci if (ret_val != 0) 5278c2ecf20Sopenharmony_ci goto add_return; 5288c2ecf20Sopenharmony_ci } 5298c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 5308c2ecf20Sopenharmony_ci netlbl_af6list_foreach_safe(iter6, tmp6, 5318c2ecf20Sopenharmony_ci &entry->def.addrsel->list6) { 5328c2ecf20Sopenharmony_ci netlbl_af6list_remove_entry(iter6); 5338c2ecf20Sopenharmony_ci iter6->valid = 1; 5348c2ecf20Sopenharmony_ci ret_val = netlbl_af6list_add(iter6, old_list6); 5358c2ecf20Sopenharmony_ci netlbl_domhsh_audit_add(entry_old, NULL, iter6, 5368c2ecf20Sopenharmony_ci ret_val, audit_info); 5378c2ecf20Sopenharmony_ci if (ret_val != 0) 5388c2ecf20Sopenharmony_ci goto add_return; 5398c2ecf20Sopenharmony_ci } 5408c2ecf20Sopenharmony_ci#endif /* IPv6 */ 5418c2ecf20Sopenharmony_ci /* cleanup the new entry since we've moved everything over */ 5428c2ecf20Sopenharmony_ci netlbl_domhsh_free_entry(&entry->rcu); 5438c2ecf20Sopenharmony_ci } else 5448c2ecf20Sopenharmony_ci ret_val = -EINVAL; 5458c2ecf20Sopenharmony_ci 5468c2ecf20Sopenharmony_ciadd_return: 5478c2ecf20Sopenharmony_ci spin_unlock(&netlbl_domhsh_lock); 5488c2ecf20Sopenharmony_ci rcu_read_unlock(); 5498c2ecf20Sopenharmony_ci return ret_val; 5508c2ecf20Sopenharmony_ci} 5518c2ecf20Sopenharmony_ci 5528c2ecf20Sopenharmony_ci/** 5538c2ecf20Sopenharmony_ci * netlbl_domhsh_add_default - Adds the default entry to the domain hash table 5548c2ecf20Sopenharmony_ci * @entry: the entry to add 5558c2ecf20Sopenharmony_ci * @audit_info: NetLabel audit information 5568c2ecf20Sopenharmony_ci * 5578c2ecf20Sopenharmony_ci * Description: 5588c2ecf20Sopenharmony_ci * Adds a new default entry to the domain hash table and handles any updates 5598c2ecf20Sopenharmony_ci * to the lower level protocol handler (i.e. CIPSO). Returns zero on success, 5608c2ecf20Sopenharmony_ci * negative on failure. 5618c2ecf20Sopenharmony_ci * 5628c2ecf20Sopenharmony_ci */ 5638c2ecf20Sopenharmony_ciint netlbl_domhsh_add_default(struct netlbl_dom_map *entry, 5648c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 5658c2ecf20Sopenharmony_ci{ 5668c2ecf20Sopenharmony_ci return netlbl_domhsh_add(entry, audit_info); 5678c2ecf20Sopenharmony_ci} 5688c2ecf20Sopenharmony_ci 5698c2ecf20Sopenharmony_ci/** 5708c2ecf20Sopenharmony_ci * netlbl_domhsh_remove_entry - Removes a given entry from the domain table 5718c2ecf20Sopenharmony_ci * @entry: the entry to remove 5728c2ecf20Sopenharmony_ci * @audit_info: NetLabel audit information 5738c2ecf20Sopenharmony_ci * 5748c2ecf20Sopenharmony_ci * Description: 5758c2ecf20Sopenharmony_ci * Removes an entry from the domain hash table and handles any updates to the 5768c2ecf20Sopenharmony_ci * lower level protocol handler (i.e. CIPSO). Caller is responsible for 5778c2ecf20Sopenharmony_ci * ensuring that the RCU read lock is held. Returns zero on success, negative 5788c2ecf20Sopenharmony_ci * on failure. 5798c2ecf20Sopenharmony_ci * 5808c2ecf20Sopenharmony_ci */ 5818c2ecf20Sopenharmony_ciint netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry, 5828c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 5838c2ecf20Sopenharmony_ci{ 5848c2ecf20Sopenharmony_ci int ret_val = 0; 5858c2ecf20Sopenharmony_ci struct audit_buffer *audit_buf; 5868c2ecf20Sopenharmony_ci struct netlbl_af4list *iter4; 5878c2ecf20Sopenharmony_ci struct netlbl_domaddr4_map *map4; 5888c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 5898c2ecf20Sopenharmony_ci struct netlbl_af6list *iter6; 5908c2ecf20Sopenharmony_ci struct netlbl_domaddr6_map *map6; 5918c2ecf20Sopenharmony_ci#endif /* IPv6 */ 5928c2ecf20Sopenharmony_ci 5938c2ecf20Sopenharmony_ci if (entry == NULL) 5948c2ecf20Sopenharmony_ci return -ENOENT; 5958c2ecf20Sopenharmony_ci 5968c2ecf20Sopenharmony_ci spin_lock(&netlbl_domhsh_lock); 5978c2ecf20Sopenharmony_ci if (entry->valid) { 5988c2ecf20Sopenharmony_ci entry->valid = 0; 5998c2ecf20Sopenharmony_ci if (entry == rcu_dereference(netlbl_domhsh_def_ipv4)) 6008c2ecf20Sopenharmony_ci RCU_INIT_POINTER(netlbl_domhsh_def_ipv4, NULL); 6018c2ecf20Sopenharmony_ci else if (entry == rcu_dereference(netlbl_domhsh_def_ipv6)) 6028c2ecf20Sopenharmony_ci RCU_INIT_POINTER(netlbl_domhsh_def_ipv6, NULL); 6038c2ecf20Sopenharmony_ci else 6048c2ecf20Sopenharmony_ci list_del_rcu(&entry->list); 6058c2ecf20Sopenharmony_ci } else 6068c2ecf20Sopenharmony_ci ret_val = -ENOENT; 6078c2ecf20Sopenharmony_ci spin_unlock(&netlbl_domhsh_lock); 6088c2ecf20Sopenharmony_ci 6098c2ecf20Sopenharmony_ci if (ret_val) 6108c2ecf20Sopenharmony_ci return ret_val; 6118c2ecf20Sopenharmony_ci 6128c2ecf20Sopenharmony_ci audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info); 6138c2ecf20Sopenharmony_ci if (audit_buf != NULL) { 6148c2ecf20Sopenharmony_ci audit_log_format(audit_buf, 6158c2ecf20Sopenharmony_ci " nlbl_domain=%s res=1", 6168c2ecf20Sopenharmony_ci entry->domain ? entry->domain : "(default)"); 6178c2ecf20Sopenharmony_ci audit_log_end(audit_buf); 6188c2ecf20Sopenharmony_ci } 6198c2ecf20Sopenharmony_ci 6208c2ecf20Sopenharmony_ci switch (entry->def.type) { 6218c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_ADDRSELECT: 6228c2ecf20Sopenharmony_ci netlbl_af4list_foreach_rcu(iter4, &entry->def.addrsel->list4) { 6238c2ecf20Sopenharmony_ci map4 = netlbl_domhsh_addr4_entry(iter4); 6248c2ecf20Sopenharmony_ci cipso_v4_doi_putdef(map4->def.cipso); 6258c2ecf20Sopenharmony_ci } 6268c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 6278c2ecf20Sopenharmony_ci netlbl_af6list_foreach_rcu(iter6, &entry->def.addrsel->list6) { 6288c2ecf20Sopenharmony_ci map6 = netlbl_domhsh_addr6_entry(iter6); 6298c2ecf20Sopenharmony_ci calipso_doi_putdef(map6->def.calipso); 6308c2ecf20Sopenharmony_ci } 6318c2ecf20Sopenharmony_ci#endif /* IPv6 */ 6328c2ecf20Sopenharmony_ci break; 6338c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CIPSOV4: 6348c2ecf20Sopenharmony_ci cipso_v4_doi_putdef(entry->def.cipso); 6358c2ecf20Sopenharmony_ci break; 6368c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 6378c2ecf20Sopenharmony_ci case NETLBL_NLTYPE_CALIPSO: 6388c2ecf20Sopenharmony_ci calipso_doi_putdef(entry->def.calipso); 6398c2ecf20Sopenharmony_ci break; 6408c2ecf20Sopenharmony_ci#endif /* IPv6 */ 6418c2ecf20Sopenharmony_ci } 6428c2ecf20Sopenharmony_ci call_rcu(&entry->rcu, netlbl_domhsh_free_entry); 6438c2ecf20Sopenharmony_ci 6448c2ecf20Sopenharmony_ci return ret_val; 6458c2ecf20Sopenharmony_ci} 6468c2ecf20Sopenharmony_ci 6478c2ecf20Sopenharmony_ci/** 6488c2ecf20Sopenharmony_ci * netlbl_domhsh_remove_af4 - Removes an address selector entry 6498c2ecf20Sopenharmony_ci * @domain: the domain 6508c2ecf20Sopenharmony_ci * @addr: IPv4 address 6518c2ecf20Sopenharmony_ci * @mask: IPv4 address mask 6528c2ecf20Sopenharmony_ci * @audit_info: NetLabel audit information 6538c2ecf20Sopenharmony_ci * 6548c2ecf20Sopenharmony_ci * Description: 6558c2ecf20Sopenharmony_ci * Removes an individual address selector from a domain mapping and potentially 6568c2ecf20Sopenharmony_ci * the entire mapping if it is empty. Returns zero on success, negative values 6578c2ecf20Sopenharmony_ci * on failure. 6588c2ecf20Sopenharmony_ci * 6598c2ecf20Sopenharmony_ci */ 6608c2ecf20Sopenharmony_ciint netlbl_domhsh_remove_af4(const char *domain, 6618c2ecf20Sopenharmony_ci const struct in_addr *addr, 6628c2ecf20Sopenharmony_ci const struct in_addr *mask, 6638c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 6648c2ecf20Sopenharmony_ci{ 6658c2ecf20Sopenharmony_ci struct netlbl_dom_map *entry_map; 6668c2ecf20Sopenharmony_ci struct netlbl_af4list *entry_addr; 6678c2ecf20Sopenharmony_ci struct netlbl_af4list *iter4; 6688c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 6698c2ecf20Sopenharmony_ci struct netlbl_af6list *iter6; 6708c2ecf20Sopenharmony_ci#endif /* IPv6 */ 6718c2ecf20Sopenharmony_ci struct netlbl_domaddr4_map *entry; 6728c2ecf20Sopenharmony_ci 6738c2ecf20Sopenharmony_ci rcu_read_lock(); 6748c2ecf20Sopenharmony_ci 6758c2ecf20Sopenharmony_ci if (domain) 6768c2ecf20Sopenharmony_ci entry_map = netlbl_domhsh_search(domain, AF_INET); 6778c2ecf20Sopenharmony_ci else 6788c2ecf20Sopenharmony_ci entry_map = netlbl_domhsh_search_def(domain, AF_INET); 6798c2ecf20Sopenharmony_ci if (entry_map == NULL || 6808c2ecf20Sopenharmony_ci entry_map->def.type != NETLBL_NLTYPE_ADDRSELECT) 6818c2ecf20Sopenharmony_ci goto remove_af4_failure; 6828c2ecf20Sopenharmony_ci 6838c2ecf20Sopenharmony_ci spin_lock(&netlbl_domhsh_lock); 6848c2ecf20Sopenharmony_ci entry_addr = netlbl_af4list_remove(addr->s_addr, mask->s_addr, 6858c2ecf20Sopenharmony_ci &entry_map->def.addrsel->list4); 6868c2ecf20Sopenharmony_ci spin_unlock(&netlbl_domhsh_lock); 6878c2ecf20Sopenharmony_ci 6888c2ecf20Sopenharmony_ci if (entry_addr == NULL) 6898c2ecf20Sopenharmony_ci goto remove_af4_failure; 6908c2ecf20Sopenharmony_ci netlbl_af4list_foreach_rcu(iter4, &entry_map->def.addrsel->list4) 6918c2ecf20Sopenharmony_ci goto remove_af4_single_addr; 6928c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 6938c2ecf20Sopenharmony_ci netlbl_af6list_foreach_rcu(iter6, &entry_map->def.addrsel->list6) 6948c2ecf20Sopenharmony_ci goto remove_af4_single_addr; 6958c2ecf20Sopenharmony_ci#endif /* IPv6 */ 6968c2ecf20Sopenharmony_ci /* the domain mapping is empty so remove it from the mapping table */ 6978c2ecf20Sopenharmony_ci netlbl_domhsh_remove_entry(entry_map, audit_info); 6988c2ecf20Sopenharmony_ci 6998c2ecf20Sopenharmony_ciremove_af4_single_addr: 7008c2ecf20Sopenharmony_ci rcu_read_unlock(); 7018c2ecf20Sopenharmony_ci /* yick, we can't use call_rcu here because we don't have a rcu head 7028c2ecf20Sopenharmony_ci * pointer but hopefully this should be a rare case so the pause 7038c2ecf20Sopenharmony_ci * shouldn't be a problem */ 7048c2ecf20Sopenharmony_ci synchronize_rcu(); 7058c2ecf20Sopenharmony_ci entry = netlbl_domhsh_addr4_entry(entry_addr); 7068c2ecf20Sopenharmony_ci cipso_v4_doi_putdef(entry->def.cipso); 7078c2ecf20Sopenharmony_ci kfree(entry); 7088c2ecf20Sopenharmony_ci return 0; 7098c2ecf20Sopenharmony_ci 7108c2ecf20Sopenharmony_ciremove_af4_failure: 7118c2ecf20Sopenharmony_ci rcu_read_unlock(); 7128c2ecf20Sopenharmony_ci return -ENOENT; 7138c2ecf20Sopenharmony_ci} 7148c2ecf20Sopenharmony_ci 7158c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 7168c2ecf20Sopenharmony_ci/** 7178c2ecf20Sopenharmony_ci * netlbl_domhsh_remove_af6 - Removes an address selector entry 7188c2ecf20Sopenharmony_ci * @domain: the domain 7198c2ecf20Sopenharmony_ci * @addr: IPv6 address 7208c2ecf20Sopenharmony_ci * @mask: IPv6 address mask 7218c2ecf20Sopenharmony_ci * @audit_info: NetLabel audit information 7228c2ecf20Sopenharmony_ci * 7238c2ecf20Sopenharmony_ci * Description: 7248c2ecf20Sopenharmony_ci * Removes an individual address selector from a domain mapping and potentially 7258c2ecf20Sopenharmony_ci * the entire mapping if it is empty. Returns zero on success, negative values 7268c2ecf20Sopenharmony_ci * on failure. 7278c2ecf20Sopenharmony_ci * 7288c2ecf20Sopenharmony_ci */ 7298c2ecf20Sopenharmony_ciint netlbl_domhsh_remove_af6(const char *domain, 7308c2ecf20Sopenharmony_ci const struct in6_addr *addr, 7318c2ecf20Sopenharmony_ci const struct in6_addr *mask, 7328c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 7338c2ecf20Sopenharmony_ci{ 7348c2ecf20Sopenharmony_ci struct netlbl_dom_map *entry_map; 7358c2ecf20Sopenharmony_ci struct netlbl_af6list *entry_addr; 7368c2ecf20Sopenharmony_ci struct netlbl_af4list *iter4; 7378c2ecf20Sopenharmony_ci struct netlbl_af6list *iter6; 7388c2ecf20Sopenharmony_ci struct netlbl_domaddr6_map *entry; 7398c2ecf20Sopenharmony_ci 7408c2ecf20Sopenharmony_ci rcu_read_lock(); 7418c2ecf20Sopenharmony_ci 7428c2ecf20Sopenharmony_ci if (domain) 7438c2ecf20Sopenharmony_ci entry_map = netlbl_domhsh_search(domain, AF_INET6); 7448c2ecf20Sopenharmony_ci else 7458c2ecf20Sopenharmony_ci entry_map = netlbl_domhsh_search_def(domain, AF_INET6); 7468c2ecf20Sopenharmony_ci if (entry_map == NULL || 7478c2ecf20Sopenharmony_ci entry_map->def.type != NETLBL_NLTYPE_ADDRSELECT) 7488c2ecf20Sopenharmony_ci goto remove_af6_failure; 7498c2ecf20Sopenharmony_ci 7508c2ecf20Sopenharmony_ci spin_lock(&netlbl_domhsh_lock); 7518c2ecf20Sopenharmony_ci entry_addr = netlbl_af6list_remove(addr, mask, 7528c2ecf20Sopenharmony_ci &entry_map->def.addrsel->list6); 7538c2ecf20Sopenharmony_ci spin_unlock(&netlbl_domhsh_lock); 7548c2ecf20Sopenharmony_ci 7558c2ecf20Sopenharmony_ci if (entry_addr == NULL) 7568c2ecf20Sopenharmony_ci goto remove_af6_failure; 7578c2ecf20Sopenharmony_ci netlbl_af4list_foreach_rcu(iter4, &entry_map->def.addrsel->list4) 7588c2ecf20Sopenharmony_ci goto remove_af6_single_addr; 7598c2ecf20Sopenharmony_ci netlbl_af6list_foreach_rcu(iter6, &entry_map->def.addrsel->list6) 7608c2ecf20Sopenharmony_ci goto remove_af6_single_addr; 7618c2ecf20Sopenharmony_ci /* the domain mapping is empty so remove it from the mapping table */ 7628c2ecf20Sopenharmony_ci netlbl_domhsh_remove_entry(entry_map, audit_info); 7638c2ecf20Sopenharmony_ci 7648c2ecf20Sopenharmony_ciremove_af6_single_addr: 7658c2ecf20Sopenharmony_ci rcu_read_unlock(); 7668c2ecf20Sopenharmony_ci /* yick, we can't use call_rcu here because we don't have a rcu head 7678c2ecf20Sopenharmony_ci * pointer but hopefully this should be a rare case so the pause 7688c2ecf20Sopenharmony_ci * shouldn't be a problem */ 7698c2ecf20Sopenharmony_ci synchronize_rcu(); 7708c2ecf20Sopenharmony_ci entry = netlbl_domhsh_addr6_entry(entry_addr); 7718c2ecf20Sopenharmony_ci calipso_doi_putdef(entry->def.calipso); 7728c2ecf20Sopenharmony_ci kfree(entry); 7738c2ecf20Sopenharmony_ci return 0; 7748c2ecf20Sopenharmony_ci 7758c2ecf20Sopenharmony_ciremove_af6_failure: 7768c2ecf20Sopenharmony_ci rcu_read_unlock(); 7778c2ecf20Sopenharmony_ci return -ENOENT; 7788c2ecf20Sopenharmony_ci} 7798c2ecf20Sopenharmony_ci#endif /* IPv6 */ 7808c2ecf20Sopenharmony_ci 7818c2ecf20Sopenharmony_ci/** 7828c2ecf20Sopenharmony_ci * netlbl_domhsh_remove - Removes an entry from the domain hash table 7838c2ecf20Sopenharmony_ci * @domain: the domain to remove 7848c2ecf20Sopenharmony_ci * @family: address family 7858c2ecf20Sopenharmony_ci * @audit_info: NetLabel audit information 7868c2ecf20Sopenharmony_ci * 7878c2ecf20Sopenharmony_ci * Description: 7888c2ecf20Sopenharmony_ci * Removes an entry from the domain hash table and handles any updates to the 7898c2ecf20Sopenharmony_ci * lower level protocol handler (i.e. CIPSO). @family may be %AF_UNSPEC which 7908c2ecf20Sopenharmony_ci * removes all address family entries. Returns zero on success, negative on 7918c2ecf20Sopenharmony_ci * failure. 7928c2ecf20Sopenharmony_ci * 7938c2ecf20Sopenharmony_ci */ 7948c2ecf20Sopenharmony_ciint netlbl_domhsh_remove(const char *domain, u16 family, 7958c2ecf20Sopenharmony_ci struct netlbl_audit *audit_info) 7968c2ecf20Sopenharmony_ci{ 7978c2ecf20Sopenharmony_ci int ret_val = -EINVAL; 7988c2ecf20Sopenharmony_ci struct netlbl_dom_map *entry; 7998c2ecf20Sopenharmony_ci 8008c2ecf20Sopenharmony_ci rcu_read_lock(); 8018c2ecf20Sopenharmony_ci 8028c2ecf20Sopenharmony_ci if (family == AF_INET || family == AF_UNSPEC) { 8038c2ecf20Sopenharmony_ci if (domain) 8048c2ecf20Sopenharmony_ci entry = netlbl_domhsh_search(domain, AF_INET); 8058c2ecf20Sopenharmony_ci else 8068c2ecf20Sopenharmony_ci entry = netlbl_domhsh_search_def(domain, AF_INET); 8078c2ecf20Sopenharmony_ci ret_val = netlbl_domhsh_remove_entry(entry, audit_info); 8088c2ecf20Sopenharmony_ci if (ret_val && ret_val != -ENOENT) 8098c2ecf20Sopenharmony_ci goto done; 8108c2ecf20Sopenharmony_ci } 8118c2ecf20Sopenharmony_ci if (family == AF_INET6 || family == AF_UNSPEC) { 8128c2ecf20Sopenharmony_ci int ret_val2; 8138c2ecf20Sopenharmony_ci 8148c2ecf20Sopenharmony_ci if (domain) 8158c2ecf20Sopenharmony_ci entry = netlbl_domhsh_search(domain, AF_INET6); 8168c2ecf20Sopenharmony_ci else 8178c2ecf20Sopenharmony_ci entry = netlbl_domhsh_search_def(domain, AF_INET6); 8188c2ecf20Sopenharmony_ci ret_val2 = netlbl_domhsh_remove_entry(entry, audit_info); 8198c2ecf20Sopenharmony_ci if (ret_val2 != -ENOENT) 8208c2ecf20Sopenharmony_ci ret_val = ret_val2; 8218c2ecf20Sopenharmony_ci } 8228c2ecf20Sopenharmony_cidone: 8238c2ecf20Sopenharmony_ci rcu_read_unlock(); 8248c2ecf20Sopenharmony_ci 8258c2ecf20Sopenharmony_ci return ret_val; 8268c2ecf20Sopenharmony_ci} 8278c2ecf20Sopenharmony_ci 8288c2ecf20Sopenharmony_ci/** 8298c2ecf20Sopenharmony_ci * netlbl_domhsh_remove_default - Removes the default entry from the table 8308c2ecf20Sopenharmony_ci * @family: address family 8318c2ecf20Sopenharmony_ci * @audit_info: NetLabel audit information 8328c2ecf20Sopenharmony_ci * 8338c2ecf20Sopenharmony_ci * Description: 8348c2ecf20Sopenharmony_ci * Removes/resets the default entry corresponding to @family from the domain 8358c2ecf20Sopenharmony_ci * hash table and handles any updates to the lower level protocol handler 8368c2ecf20Sopenharmony_ci * (i.e. CIPSO). @family may be %AF_UNSPEC which removes all address family 8378c2ecf20Sopenharmony_ci * entries. Returns zero on success, negative on failure. 8388c2ecf20Sopenharmony_ci * 8398c2ecf20Sopenharmony_ci */ 8408c2ecf20Sopenharmony_ciint netlbl_domhsh_remove_default(u16 family, struct netlbl_audit *audit_info) 8418c2ecf20Sopenharmony_ci{ 8428c2ecf20Sopenharmony_ci return netlbl_domhsh_remove(NULL, family, audit_info); 8438c2ecf20Sopenharmony_ci} 8448c2ecf20Sopenharmony_ci 8458c2ecf20Sopenharmony_ci/** 8468c2ecf20Sopenharmony_ci * netlbl_domhsh_getentry - Get an entry from the domain hash table 8478c2ecf20Sopenharmony_ci * @domain: the domain name to search for 8488c2ecf20Sopenharmony_ci * @family: address family 8498c2ecf20Sopenharmony_ci * 8508c2ecf20Sopenharmony_ci * Description: 8518c2ecf20Sopenharmony_ci * Look through the domain hash table searching for an entry to match @domain, 8528c2ecf20Sopenharmony_ci * with address family @family, return a pointer to a copy of the entry or 8538c2ecf20Sopenharmony_ci * NULL. The caller is responsible for ensuring that rcu_read_[un]lock() is 8548c2ecf20Sopenharmony_ci * called. 8558c2ecf20Sopenharmony_ci * 8568c2ecf20Sopenharmony_ci */ 8578c2ecf20Sopenharmony_cistruct netlbl_dom_map *netlbl_domhsh_getentry(const char *domain, u16 family) 8588c2ecf20Sopenharmony_ci{ 8598c2ecf20Sopenharmony_ci if (family == AF_UNSPEC) 8608c2ecf20Sopenharmony_ci return NULL; 8618c2ecf20Sopenharmony_ci return netlbl_domhsh_search_def(domain, family); 8628c2ecf20Sopenharmony_ci} 8638c2ecf20Sopenharmony_ci 8648c2ecf20Sopenharmony_ci/** 8658c2ecf20Sopenharmony_ci * netlbl_domhsh_getentry_af4 - Get an entry from the domain hash table 8668c2ecf20Sopenharmony_ci * @domain: the domain name to search for 8678c2ecf20Sopenharmony_ci * @addr: the IP address to search for 8688c2ecf20Sopenharmony_ci * 8698c2ecf20Sopenharmony_ci * Description: 8708c2ecf20Sopenharmony_ci * Look through the domain hash table searching for an entry to match @domain 8718c2ecf20Sopenharmony_ci * and @addr, return a pointer to a copy of the entry or NULL. The caller is 8728c2ecf20Sopenharmony_ci * responsible for ensuring that rcu_read_[un]lock() is called. 8738c2ecf20Sopenharmony_ci * 8748c2ecf20Sopenharmony_ci */ 8758c2ecf20Sopenharmony_cistruct netlbl_dommap_def *netlbl_domhsh_getentry_af4(const char *domain, 8768c2ecf20Sopenharmony_ci __be32 addr) 8778c2ecf20Sopenharmony_ci{ 8788c2ecf20Sopenharmony_ci struct netlbl_dom_map *dom_iter; 8798c2ecf20Sopenharmony_ci struct netlbl_af4list *addr_iter; 8808c2ecf20Sopenharmony_ci 8818c2ecf20Sopenharmony_ci dom_iter = netlbl_domhsh_search_def(domain, AF_INET); 8828c2ecf20Sopenharmony_ci if (dom_iter == NULL) 8838c2ecf20Sopenharmony_ci return NULL; 8848c2ecf20Sopenharmony_ci 8858c2ecf20Sopenharmony_ci if (dom_iter->def.type != NETLBL_NLTYPE_ADDRSELECT) 8868c2ecf20Sopenharmony_ci return &dom_iter->def; 8878c2ecf20Sopenharmony_ci addr_iter = netlbl_af4list_search(addr, &dom_iter->def.addrsel->list4); 8888c2ecf20Sopenharmony_ci if (addr_iter == NULL) 8898c2ecf20Sopenharmony_ci return NULL; 8908c2ecf20Sopenharmony_ci return &(netlbl_domhsh_addr4_entry(addr_iter)->def); 8918c2ecf20Sopenharmony_ci} 8928c2ecf20Sopenharmony_ci 8938c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 8948c2ecf20Sopenharmony_ci/** 8958c2ecf20Sopenharmony_ci * netlbl_domhsh_getentry_af6 - Get an entry from the domain hash table 8968c2ecf20Sopenharmony_ci * @domain: the domain name to search for 8978c2ecf20Sopenharmony_ci * @addr: the IP address to search for 8988c2ecf20Sopenharmony_ci * 8998c2ecf20Sopenharmony_ci * Description: 9008c2ecf20Sopenharmony_ci * Look through the domain hash table searching for an entry to match @domain 9018c2ecf20Sopenharmony_ci * and @addr, return a pointer to a copy of the entry or NULL. The caller is 9028c2ecf20Sopenharmony_ci * responsible for ensuring that rcu_read_[un]lock() is called. 9038c2ecf20Sopenharmony_ci * 9048c2ecf20Sopenharmony_ci */ 9058c2ecf20Sopenharmony_cistruct netlbl_dommap_def *netlbl_domhsh_getentry_af6(const char *domain, 9068c2ecf20Sopenharmony_ci const struct in6_addr *addr) 9078c2ecf20Sopenharmony_ci{ 9088c2ecf20Sopenharmony_ci struct netlbl_dom_map *dom_iter; 9098c2ecf20Sopenharmony_ci struct netlbl_af6list *addr_iter; 9108c2ecf20Sopenharmony_ci 9118c2ecf20Sopenharmony_ci dom_iter = netlbl_domhsh_search_def(domain, AF_INET6); 9128c2ecf20Sopenharmony_ci if (dom_iter == NULL) 9138c2ecf20Sopenharmony_ci return NULL; 9148c2ecf20Sopenharmony_ci 9158c2ecf20Sopenharmony_ci if (dom_iter->def.type != NETLBL_NLTYPE_ADDRSELECT) 9168c2ecf20Sopenharmony_ci return &dom_iter->def; 9178c2ecf20Sopenharmony_ci addr_iter = netlbl_af6list_search(addr, &dom_iter->def.addrsel->list6); 9188c2ecf20Sopenharmony_ci if (addr_iter == NULL) 9198c2ecf20Sopenharmony_ci return NULL; 9208c2ecf20Sopenharmony_ci return &(netlbl_domhsh_addr6_entry(addr_iter)->def); 9218c2ecf20Sopenharmony_ci} 9228c2ecf20Sopenharmony_ci#endif /* IPv6 */ 9238c2ecf20Sopenharmony_ci 9248c2ecf20Sopenharmony_ci/** 9258c2ecf20Sopenharmony_ci * netlbl_domhsh_walk - Iterate through the domain mapping hash table 9268c2ecf20Sopenharmony_ci * @skip_bkt: the number of buckets to skip at the start 9278c2ecf20Sopenharmony_ci * @skip_chain: the number of entries to skip in the first iterated bucket 9288c2ecf20Sopenharmony_ci * @callback: callback for each entry 9298c2ecf20Sopenharmony_ci * @cb_arg: argument for the callback function 9308c2ecf20Sopenharmony_ci * 9318c2ecf20Sopenharmony_ci * Description: 9328c2ecf20Sopenharmony_ci * Interate over the domain mapping hash table, skipping the first @skip_bkt 9338c2ecf20Sopenharmony_ci * buckets and @skip_chain entries. For each entry in the table call 9348c2ecf20Sopenharmony_ci * @callback, if @callback returns a negative value stop 'walking' through the 9358c2ecf20Sopenharmony_ci * table and return. Updates the values in @skip_bkt and @skip_chain on 9368c2ecf20Sopenharmony_ci * return. Returns zero on success, negative values on failure. 9378c2ecf20Sopenharmony_ci * 9388c2ecf20Sopenharmony_ci */ 9398c2ecf20Sopenharmony_ciint netlbl_domhsh_walk(u32 *skip_bkt, 9408c2ecf20Sopenharmony_ci u32 *skip_chain, 9418c2ecf20Sopenharmony_ci int (*callback) (struct netlbl_dom_map *entry, void *arg), 9428c2ecf20Sopenharmony_ci void *cb_arg) 9438c2ecf20Sopenharmony_ci{ 9448c2ecf20Sopenharmony_ci int ret_val = -ENOENT; 9458c2ecf20Sopenharmony_ci u32 iter_bkt; 9468c2ecf20Sopenharmony_ci struct list_head *iter_list; 9478c2ecf20Sopenharmony_ci struct netlbl_dom_map *iter_entry; 9488c2ecf20Sopenharmony_ci u32 chain_cnt = 0; 9498c2ecf20Sopenharmony_ci 9508c2ecf20Sopenharmony_ci rcu_read_lock(); 9518c2ecf20Sopenharmony_ci for (iter_bkt = *skip_bkt; 9528c2ecf20Sopenharmony_ci iter_bkt < rcu_dereference(netlbl_domhsh)->size; 9538c2ecf20Sopenharmony_ci iter_bkt++, chain_cnt = 0) { 9548c2ecf20Sopenharmony_ci iter_list = &rcu_dereference(netlbl_domhsh)->tbl[iter_bkt]; 9558c2ecf20Sopenharmony_ci list_for_each_entry_rcu(iter_entry, iter_list, list) 9568c2ecf20Sopenharmony_ci if (iter_entry->valid) { 9578c2ecf20Sopenharmony_ci if (chain_cnt++ < *skip_chain) 9588c2ecf20Sopenharmony_ci continue; 9598c2ecf20Sopenharmony_ci ret_val = callback(iter_entry, cb_arg); 9608c2ecf20Sopenharmony_ci if (ret_val < 0) { 9618c2ecf20Sopenharmony_ci chain_cnt--; 9628c2ecf20Sopenharmony_ci goto walk_return; 9638c2ecf20Sopenharmony_ci } 9648c2ecf20Sopenharmony_ci } 9658c2ecf20Sopenharmony_ci } 9668c2ecf20Sopenharmony_ci 9678c2ecf20Sopenharmony_ciwalk_return: 9688c2ecf20Sopenharmony_ci rcu_read_unlock(); 9698c2ecf20Sopenharmony_ci *skip_bkt = iter_bkt; 9708c2ecf20Sopenharmony_ci *skip_chain = chain_cnt; 9718c2ecf20Sopenharmony_ci return ret_val; 9728c2ecf20Sopenharmony_ci} 973