diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2016-11-01 20:05:15 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-11-01 20:08:14 +0100 |
| commit | 662b948fec1549edd2cbec521a039fd2f9d34065 (patch) | |
| tree | c614e53bc6d2493f5a0d1fe0b8f823709d616c79 /src | |
| parent | peer: kref is most likely to succeed (diff) | |
| download | wireguard-monolithic-historical-662b948fec1549edd2cbec521a039fd2f9d34065.tar.xz wireguard-monolithic-historical-662b948fec1549edd2cbec521a039fd2f9d34065.zip | |
data: do not allow usage of keypair just before hash removal
Diffstat (limited to 'src')
| -rw-r--r-- | src/data.c | 6 | ||||
| -rw-r--r-- | src/noise.c | 10 | ||||
| -rw-r--r-- | src/noise.h | 1 |
3 files changed, 13 insertions, 4 deletions
@@ -191,10 +191,9 @@ int packet_create_data(struct sk_buff *skb, struct wireguard_peer *peer, void(*c unsigned int num_frags; rcu_read_lock(); - keypair = rcu_dereference(peer->keypairs.current_keypair); + keypair = noise_keypair_get(rcu_dereference(peer->keypairs.current_keypair)); if (unlikely(!keypair)) goto err_rcu; - kref_get(&keypair->refcount); rcu_read_unlock(); if (unlikely(!get_encryption_nonce(&nonce, &keypair->sending))) @@ -367,12 +366,11 @@ void packet_consume_data(struct sk_buff *skb, size_t offset, struct wireguard_de goto err; ret = -EINVAL; rcu_read_lock(); - keypair = (struct noise_keypair *)index_hashtable_lookup(&wg->index_hashtable, INDEX_HASHTABLE_KEYPAIR, idx); + keypair = noise_keypair_get((struct noise_keypair *)index_hashtable_lookup(&wg->index_hashtable, INDEX_HASHTABLE_KEYPAIR, idx)); if (unlikely(!keypair)) { rcu_read_unlock(); goto err; } - kref_get(&keypair->refcount); rcu_read_unlock(); #ifdef CONFIG_WIREGUARD_PARALLEL if (cpumask_weight(cpu_online_mask) > 1) { diff --git a/src/noise.c b/src/noise.c index b24b483..cefedee 100644 --- a/src/noise.c +++ b/src/noise.c @@ -95,6 +95,16 @@ void noise_keypair_put(struct noise_keypair *keypair) kref_put(&keypair->refcount, keypair_free_kref); } +struct noise_keypair *noise_keypair_get(struct noise_keypair *keypair) +{ + RCU_LOCKDEP_WARN(!rcu_read_lock_held(), "Calling noise_keypair_get without holding the RCU read lock."); + if (unlikely(!keypair)) + return NULL; + if (unlikely(!kref_get_unless_zero(&keypair->refcount))) + return NULL; + return keypair; +} + void noise_keypairs_clear(struct noise_keypairs *keypairs) { struct noise_keypair *old; diff --git a/src/noise.h b/src/noise.h index ca865f8..a849dc9 100644 --- a/src/noise.h +++ b/src/noise.h @@ -105,6 +105,7 @@ void noise_init(void); void noise_handshake_init(struct noise_handshake *handshake, struct noise_static_identity *static_identity, const u8 peer_public_key[static NOISE_PUBLIC_KEY_LEN], struct wireguard_peer *peer); void noise_handshake_clear(struct noise_handshake *handshake); void noise_keypair_put(struct noise_keypair *keypair); +struct noise_keypair *noise_keypair_get(struct noise_keypair *keypair); void noise_keypairs_clear(struct noise_keypairs *keypairs); bool noise_received_with_keypair(struct noise_keypairs *keypairs, struct noise_keypair *received_keypair); |