Commit 35d9e00d authored by John Baldwin's avatar John Baldwin
Browse files

IPsec: Use protocol-specific malloc types instead of M_XDATA.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33992
parent 8f3f3fdf
......@@ -42,6 +42,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
#include <sys/syslog.h>
......@@ -108,6 +109,8 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, stats, struct ahstat,
ahstat, "AH statistics (struct ahstat, netipsec/ah_var.h)");
#endif
static MALLOC_DEFINE(M_AH, "ah", "IPsec AH");
static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */
static int ah_input_cb(struct cryptop*);
......@@ -426,7 +429,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
if (m->m_len <= skip) {
ptr = (unsigned char *) malloc(
skip - sizeof(struct ip6_hdr),
M_XDATA, M_NOWAIT);
M_AH, M_NOWAIT);
if (ptr == NULL) {
DPRINTF(("%s: failed to allocate memory"
"for IPv6 headers\n",__func__));
......@@ -505,7 +508,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
__func__, off));
error6:
if (alloc)
free(ptr, M_XDATA);
free(ptr, M_AH);
m_freem(m);
return EINVAL;
}
......@@ -514,7 +517,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out)
if (alloc) {
m_copyback(m, sizeof(struct ip6_hdr),
skip - sizeof(struct ip6_hdr), ptr);
free(ptr, M_XDATA);
free(ptr, M_AH);
}
break;
......@@ -615,7 +618,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
crp->crp_digest_start = skip + rplen;
/* Allocate IPsec-specific opaque crypto info. */
xd = malloc(sizeof(*xd) + skip + rplen + authsize, M_XDATA,
xd = malloc(sizeof(*xd) + skip + rplen + authsize, M_AH,
M_NOWAIT | M_ZERO);
if (xd == NULL) {
DPRINTF(("%s: failed to allocate xform_data\n", __func__));
......@@ -643,7 +646,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
if (error != 0) {
/* NB: mbuf is free'd by ah_massage_headers */
AHSTAT_INC(ahs_hdrops);
free(xd, M_XDATA);
free(xd, M_AH);
crypto_freereq(crp);
key_freesav(&sav);
return (error);
......@@ -761,7 +764,7 @@ ah_input_cb(struct cryptop *crp)
/* Copyback the saved (uncooked) network headers. */
m_copyback(m, 0, skip, ptr);
free(xd, M_XDATA), xd = NULL; /* No longer needed */
free(xd, M_AH), xd = NULL; /* No longer needed */
/*
* Header is now authenticated.
......@@ -822,7 +825,7 @@ ah_input_cb(struct cryptop *crp)
if (m != NULL)
m_freem(m);
if (xd != NULL)
free(xd, M_XDATA);
free(xd, M_AH);
if (crp != NULL)
crypto_freereq(crp);
return error;
......@@ -975,7 +978,7 @@ ah_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
crp->crp_digest_start = skip + rplen;
/* Allocate IPsec-specific opaque crypto info. */
xd = malloc(sizeof(struct xform_data) + skip, M_XDATA,
xd = malloc(sizeof(struct xform_data) + skip, M_AH,
M_NOWAIT | M_ZERO);
if (xd == NULL) {
crypto_freereq(crp);
......@@ -1029,7 +1032,7 @@ ah_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
skip, ahx->type, 1);
if (error != 0) {
m = NULL; /* mbuf was free'd by ah_massage_headers. */
free(xd, M_XDATA);
free(xd, M_AH);
crypto_freereq(crp);
goto bad;
}
......@@ -1121,7 +1124,7 @@ ah_output_cb(struct cryptop *crp)
*/
m_copyback(m, 0, skip, ptr);
free(xd, M_XDATA);
free(xd, M_AH);
crypto_freereq(crp);
AHSTAT_INC(ahs_hist[sav->alg_auth]);
#ifdef REGRESSION
......@@ -1144,7 +1147,7 @@ ah_output_cb(struct cryptop *crp)
return (error);
bad:
CURVNET_RESTORE();
free(xd, M_XDATA);
free(xd, M_AH);
crypto_freereq(crp);
key_freesav(&sav);
key_freesp(&sp);
......
......@@ -41,6 +41,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
#include <sys/syslog.h>
......@@ -102,6 +103,8 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, stats,
struct espstat, espstat,
"ESP statistics (struct espstat, netipsec/esp_var.h");
static MALLOC_DEFINE(M_ESP, "esp", "IPsec ESP");
static int esp_input_cb(struct cryptop *op);
static int esp_output_cb(struct cryptop *crp);
......@@ -355,7 +358,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
}
/* Get IPsec-specific opaque pointer */
xd = malloc(sizeof(*xd), M_XDATA, M_NOWAIT | M_ZERO);
xd = malloc(sizeof(*xd), M_ESP, M_NOWAIT | M_ZERO);
if (xd == NULL) {
DPRINTF(("%s: failed to allocate xform_data\n", __func__));
goto xd_fail;
......@@ -374,7 +377,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
int aad_skip;
crp->crp_aad_length += sizeof(seqh);
crp->crp_aad = malloc(crp->crp_aad_length, M_XDATA, M_NOWAIT);
crp->crp_aad = malloc(crp->crp_aad_length, M_ESP, M_NOWAIT);
if (crp->crp_aad == NULL) {
DPRINTF(("%s: failed to allocate xform_data\n",
__func__));
......@@ -464,7 +467,7 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
return (crypto_dispatch(crp));
crp_aad_fail:
free(xd, M_XDATA);
free(xd, M_ESP);
xd_fail:
crypto_freereq(crp);
ESPSTAT_INC(esps_crypto);
......@@ -550,8 +553,8 @@ esp_input_cb(struct cryptop *crp)
}
/* Release the crypto descriptors */
free(xd, M_XDATA), xd = NULL;
free(crp->crp_aad, M_XDATA), crp->crp_aad = NULL;
free(xd, M_ESP), xd = NULL;
free(crp->crp_aad, M_ESP), crp->crp_aad = NULL;
crypto_freereq(crp), crp = NULL;
/*
......@@ -660,9 +663,9 @@ esp_input_cb(struct cryptop *crp)
if (m != NULL)
m_freem(m);
if (xd != NULL)
free(xd, M_XDATA);
free(xd, M_ESP);
if (crp != NULL) {
free(crp->crp_aad, M_XDATA);
free(crp->crp_aad, M_ESP);
crypto_freereq(crp);
}
return error;
......@@ -854,7 +857,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
}
/* IPsec-specific opaque crypto info. */
xd = malloc(sizeof(struct xform_data), M_XDATA, M_NOWAIT | M_ZERO);
xd = malloc(sizeof(struct xform_data), M_ESP, M_NOWAIT | M_ZERO);
if (xd == NULL) {
DPRINTF(("%s: failed to allocate xform_data\n", __func__));
goto xd_fail;
......@@ -914,7 +917,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
int aad_skip;
crp->crp_aad_length += sizeof(seqh);
crp->crp_aad = malloc(crp->crp_aad_length, M_XDATA, M_NOWAIT);
crp->crp_aad = malloc(crp->crp_aad_length, M_ESP, M_NOWAIT);
if (crp->crp_aad == NULL) {
DPRINTF(("%s: failed to allocate xform_data\n",
__func__));
......@@ -949,7 +952,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
return (crypto_dispatch(crp));
crp_aad_fail:
free(xd, M_XDATA);
free(xd, M_ESP);
xd_fail:
crypto_freereq(crp);
ESPSTAT_INC(esps_crypto);
......@@ -1007,8 +1010,8 @@ esp_output_cb(struct cryptop *crp)
error = EINVAL;
goto bad;
}
free(xd, M_XDATA);
free(crp->crp_aad, M_XDATA);
free(xd, M_ESP);
free(crp->crp_aad, M_ESP);
crypto_freereq(crp);
ESPSTAT_INC(esps_hist[sav->alg_enc]);
if (sav->tdb_authalgxform != NULL)
......@@ -1041,8 +1044,8 @@ esp_output_cb(struct cryptop *crp)
return (error);
bad:
CURVNET_RESTORE();
free(xd, M_XDATA);
free(crp->crp_aad, M_XDATA);
free(xd, M_ESP);
free(crp->crp_aad, M_ESP);
crypto_freereq(crp);
key_freesav(&sav);
key_freesp(&sp);
......
......@@ -37,6 +37,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/lock.h>
#include <sys/mutex.h>
......@@ -90,6 +91,8 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ipcomp, IPSECCTL_STATS, stats,
struct ipcompstat, ipcompstat,
"IPCOMP statistics (struct ipcompstat, netipsec/ipcomp_var.h");
static MALLOC_DEFINE(M_IPCOMP, "ipcomp", "IPCOMP");
static int ipcomp_input_cb(struct cryptop *crp);
static int ipcomp_output_cb(struct cryptop *crp);
......@@ -235,7 +238,7 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff)
goto bad;
}
/* Get IPsec-specific opaque pointer */
xd = malloc(sizeof(*xd), M_XDATA, M_NOWAIT | M_ZERO);
xd = malloc(sizeof(*xd), M_IPCOMP, M_NOWAIT | M_ZERO);
if (xd == NULL) {
DPRINTF(("%s: cannot allocate xform_data\n", __func__));
IPCOMPSTAT_INC(ipcomps_crypto);
......@@ -328,7 +331,7 @@ ipcomp_input_cb(struct cryptop *crp)
clen = crp->crp_olen; /* Length of data after processing */
/* Release the crypto descriptors */
free(xd, M_XDATA), xd = NULL;
free(xd, M_IPCOMP), xd = NULL;
crypto_freereq(crp), crp = NULL;
/* In case it's not done already, adjust the size of the mbuf chain */
......@@ -382,7 +385,7 @@ ipcomp_input_cb(struct cryptop *crp)
if (m != NULL)
m_freem(m);
if (xd != NULL)
free(xd, M_XDATA);
free(xd, M_IPCOMP);
if (crp != NULL)
crypto_freereq(crp);
return error;
......@@ -486,7 +489,7 @@ ipcomp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
crp->crp_payload_length = ralen;
/* IPsec-specific opaque crypto info */
xd = malloc(sizeof(struct xform_data), M_XDATA, M_NOWAIT | M_ZERO);
xd = malloc(sizeof(struct xform_data), M_IPCOMP, M_NOWAIT | M_ZERO);
if (xd == NULL) {
IPCOMPSTAT_INC(ipcomps_crypto);
DPRINTF(("%s: failed to allocate xform_data\n", __func__));
......@@ -641,7 +644,7 @@ ipcomp_output_cb(struct cryptop *crp)
}
/* Release the crypto descriptor */
free(xd, M_XDATA);
free(xd, M_IPCOMP);
crypto_freereq(crp);
/* NB: m is reclaimed by ipsec_process_done. */
......@@ -652,7 +655,7 @@ ipcomp_output_cb(struct cryptop *crp)
if (m)
m_freem(m);
CURVNET_RESTORE();
free(xd, M_XDATA);
free(xd, M_IPCOMP);
crypto_freereq(crp);
key_freesav(&sav);
key_freesp(&sp);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment