diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-04-20 15:50:23 -0600 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-04-20 16:01:55 -0600 |
commit | 0cf31116d73ab5fee76d71671de31c11261b3921 (patch) | |
tree | c4f556e26621e0f0f139c1331a5708ba7547bc71 | |
parent | global: use ck for loads/stores, rather than macro maze (diff) | |
download | wireguard-freebsd-0cf31116d73ab5fee76d71671de31c11261b3921.tar.xz wireguard-freebsd-0cf31116d73ab5fee76d71671de31c11261b3921.zip |
global: cleanup openbsd lock defines
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r-- | src/compat.h | 4 | ||||
-rw-r--r-- | src/support.h | 41 | ||||
-rw-r--r-- | src/wg_cookie.c | 34 | ||||
-rw-r--r-- | src/wg_noise.c | 7 |
4 files changed, 26 insertions, 60 deletions
diff --git a/src/compat.h b/src/compat.h index 66798f9..d173eb2 100644 --- a/src/compat.h +++ b/src/compat.h @@ -2,8 +2,8 @@ * * Copyright (C) 2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. * - * compat.h contains functions that are backported from FreeBSD's main branch. It is different from - * support.h, which is for things that aren't _yet_ upstream or from OpenBSD. + * compat.h contains code that is backported from FreeBSD's main branch. + * It is different from support.h, which is for code that is not _yet_ upstream. */ #include <sys/param.h> diff --git a/src/support.h b/src/support.h index 5eff4fb..d1c326c 100644 --- a/src/support.h +++ b/src/support.h @@ -1,53 +1,19 @@ /* SPDX-License-Identifier: ISC * * Copyright (C) 2021 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. - * Copyright (C) 2021 Matt Dunwoodie <ncon@noconroy.net> + * Copyright (c) 2021 Kyle Evans <kevans@FreeBSD.org> * - * support.h contains functions that are either not _yet_ upstream in FreeBSD 14, or are shimmed - * from OpenBSD. It is different from compat.h, which is strictly for backports. + * support.h contains code that is not _yet_ upstream in FreeBSD's main branch. + * It is different from compat.h, which is strictly for backports. */ #ifndef _WG_SUPPORT #define _WG_SUPPORT -#include <sys/types.h> -#include <sys/limits.h> -#include <sys/endian.h> #include <sys/socket.h> -#include <sys/libkern.h> -#include <sys/malloc.h> -#include <sys/proc.h> -#include <sys/lock.h> #include <sys/socketvar.h> #include <sys/protosw.h> #include <net/vnet.h> -#include <vm/uma.h> - -/* TODO the following is openbsd compat defines to allow us to copy the wg_* - * files from openbsd (almost) verbatim. this will greatly increase maintenance - * across the platforms. it should be moved to it's own file. the only thing - * we're missing from this is struct pool (freebsd: uma_zone_t), which isn't a - * show stopper, but is something worth considering in the future. - * - md */ - -#define rw_assert_wrlock(x) rw_assert(x, RA_WLOCKED) -#define rw_enter_write rw_wlock -#define rw_exit_write rw_wunlock -#define rw_enter_read rw_rlock -#define rw_exit_read rw_runlock -#define rw_exit rw_unlock - -#define RW_DOWNGRADE 1 -#define rw_enter(x, y) do { \ - CTASSERT(y == RW_DOWNGRADE); \ - rw_downgrade(x); \ -} while (0) - -MALLOC_DECLARE(M_WG); - -#ifndef ARRAY_SIZE -#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) -#endif #ifndef PRIV_NET_WG #define PRIV_NET_WG PRIV_NET_HWIOCTL @@ -65,7 +31,6 @@ MALLOC_DECLARE(M_WG); #define ck_pr_load_bool(src) ((bool)ck_pr_load_8((uint8_t *)(src))) #endif - static inline int sogetsockaddr(struct socket *so, struct sockaddr **nam) { diff --git a/src/wg_cookie.c b/src/wg_cookie.c index 734249c..0a9d988 100644 --- a/src/wg_cookie.c +++ b/src/wg_cookie.c @@ -64,7 +64,7 @@ void cookie_checker_update(struct cookie_checker *cc, const uint8_t key[COOKIE_INPUT_SIZE]) { - rw_enter_write(&cc->cc_key_lock); + rw_wlock(&cc->cc_key_lock); if (key) { cookie_precompute_key(cc->cc_mac1_key, key, COOKIE_MAC1_KEY_LABEL); cookie_precompute_key(cc->cc_cookie_key, key, COOKIE_COOKIE_KEY_LABEL); @@ -72,7 +72,7 @@ cookie_checker_update(struct cookie_checker *cc, bzero(cc->cc_mac1_key, sizeof(cc->cc_mac1_key)); bzero(cc->cc_cookie_key, sizeof(cc->cc_cookie_key)); } - rw_exit_write(&cc->cc_key_lock); + rw_wunlock(&cc->cc_key_lock); } void @@ -94,10 +94,10 @@ cookie_checker_create_payload(struct cookie_checker *cc, cookie_checker_make_cookie(cc, cookie, sa); arc4random_buf(nonce, COOKIE_NONCE_SIZE); - rw_enter_read(&cc->cc_key_lock); + rw_rlock(&cc->cc_key_lock); xchacha20poly1305_encrypt(ecookie, cookie, COOKIE_COOKIE_SIZE, cm->mac1, COOKIE_MAC_SIZE, nonce, cc->cc_cookie_key); - rw_exit_read(&cc->cc_key_lock); + rw_runlock(&cc->cc_key_lock); explicit_bzero(cookie, sizeof(cookie)); } @@ -109,7 +109,7 @@ cookie_maker_consume_payload(struct cookie_maker *cp, int ret = 0; uint8_t cookie[COOKIE_COOKIE_SIZE]; - rw_enter_write(&cp->cp_lock); + rw_wlock(&cp->cp_lock); if (!cp->cp_mac1_valid) { ret = ETIMEDOUT; @@ -127,7 +127,7 @@ cookie_maker_consume_payload(struct cookie_maker *cp, cp->cp_mac1_valid = false; error: - rw_exit_write(&cp->cp_lock); + rw_wunlock(&cp->cp_lock); return ret; } @@ -135,7 +135,7 @@ void cookie_maker_mac(struct cookie_maker *cp, struct cookie_macs *cm, void *buf, size_t len) { - rw_enter_read(&cp->cp_lock); + rw_rlock(&cp->cp_lock); cookie_macs_mac1(cm, buf, len, cp->cp_mac1_key); @@ -148,7 +148,7 @@ cookie_maker_mac(struct cookie_maker *cp, struct cookie_macs *cm, void *buf, else bzero(cm->mac2, COOKIE_MAC_SIZE); - rw_exit_read(&cp->cp_lock); + rw_runlock(&cp->cp_lock); } int @@ -159,9 +159,9 @@ cookie_checker_validate_macs(struct cookie_checker *cc, struct cookie_macs *cm, uint8_t cookie[COOKIE_COOKIE_SIZE]; /* Validate incoming MACs */ - rw_enter_read(&cc->cc_key_lock); + rw_rlock(&cc->cc_key_lock); cookie_macs_mac1(&our_cm, buf, len, cc->cc_mac1_key); - rw_exit_read(&cc->cc_key_lock); + rw_runlock(&cc->cc_key_lock); /* If mac1 is invald, we want to drop the packet */ if (timingsafe_bcmp(our_cm.mac1, cm->mac1, COOKIE_MAC_SIZE) != 0) @@ -240,7 +240,7 @@ cookie_checker_make_cookie(struct cookie_checker *cc, { struct blake2s_state state; - rw_enter_write(&cc->cc_secret_lock); + rw_wlock(&cc->cc_secret_lock); if (cookie_timer_expired(cc->cc_secret_birthdate, COOKIE_SECRET_MAX_AGE, 0)) { arc4random_buf(cc->cc_secret, COOKIE_SECRET_SIZE); @@ -248,7 +248,7 @@ cookie_checker_make_cookie(struct cookie_checker *cc, } blake2s_init_key(&state, COOKIE_COOKIE_SIZE, cc->cc_secret, COOKIE_SECRET_SIZE); - rw_exit_write(&cc->cc_secret_lock); + rw_wunlock(&cc->cc_secret_lock); if (sa->sa_family == AF_INET) { blake2s_update(&state, (uint8_t *)&satosin(sa)->sin_addr, @@ -284,10 +284,10 @@ ratelimit_init(struct ratelimit *rl, uma_zone_t zone) static void ratelimit_deinit(struct ratelimit *rl) { - rw_enter_write(&rl->rl_lock); + rw_wlock(&rl->rl_lock); ratelimit_gc(rl, 1); hashdestroy(rl->rl_table, M_DEVBUF, rl->rl_table_mask); - rw_exit_write(&rl->rl_lock); + rw_wunlock(&rl->rl_lock); } static void @@ -297,7 +297,7 @@ ratelimit_gc(struct ratelimit *rl, int force) struct ratelimit_entry *r, *tr; sbintime_t expiry, now; - rw_assert_wrlock(&rl->rl_lock); + rw_assert(&rl->rl_lock, RA_WLOCKED); if (force) { for (i = 0; i < RATELIMIT_SIZE; i++) { @@ -347,7 +347,7 @@ ratelimit_allow(struct ratelimit *rl, struct sockaddr *sa) else return ret; - rw_enter_write(&rl->rl_lock); + rw_wlock(&rl->rl_lock); LIST_FOREACH(r, &rl->rl_table[key & rl->rl_table_mask], r_entry) { if (r->r_af != sa->sa_family) @@ -416,7 +416,7 @@ ratelimit_allow(struct ratelimit *rl, struct sockaddr *sa) ok: ret = 0; error: - rw_exit_write(&rl->rl_lock); + rw_wunlock(&rl->rl_lock); return ret; } diff --git a/src/wg_noise.c b/src/wg_noise.c index 4beb9fd..4595dc7 100644 --- a/src/wg_noise.c +++ b/src/wg_noise.c @@ -13,6 +13,7 @@ #include <sys/refcount.h> #include <sys/epoch.h> #include <sys/ck.h> +#include <sys/endian.h> #include <crypto/siphash/siphash.h> #include "crypto.h" @@ -442,7 +443,7 @@ noise_remote_index(struct noise_local *l, uint32_t idx) { static int noise_remote_index_remove(struct noise_local *l, struct noise_remote *r) { - rw_assert_wrlock(&r->r_handshake_lock); + rw_assert(&r->r_handshake_lock, RA_WLOCKED); if (r->r_handshake_state != HANDSHAKE_DEAD) { rw_wlock(&l->l_index_lock); CK_LIST_REMOVE(&r->r_index, i_entry); @@ -626,7 +627,7 @@ noise_add_new_keypair(struct noise_local *l, struct noise_remote *r, rw_wunlock(&r->r_keypair_lock); /* Insert into index table */ - rw_assert_wrlock(&r->r_handshake_lock); + rw_assert(&r->r_handshake_lock, RA_WLOCKED); kp->kp_index.i_is_keypair = true; kp->kp_index.i_local_index = r_i->i_local_index; @@ -645,7 +646,7 @@ noise_begin_session(struct noise_remote *r) { struct noise_keypair *kp; - rw_assert_wrlock(&r->r_handshake_lock); + rw_assert(&r->r_handshake_lock, RA_WLOCKED); if ((kp = malloc(sizeof(*kp), M_NOISE, M_NOWAIT)) == NULL) return (ENOSPC); |