From 83c06904bcfa89feb798b601f0de6082c32d83be Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Mon, 18 Jun 2018 20:44:32 +0200
Subject: netlink: maintain static_identity lock over entire private key update

We don't want the local private key to not correspond with a precomputed
ss or precomputed cookie hash at any intermediate point.
---
 src/netlink.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/netlink.c')

diff --git a/src/netlink.c b/src/netlink.c
index c61657c..2f5157d 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -435,12 +435,14 @@ static int set_device(struct sk_buff *skb, struct genl_info *info)
 			}
 		}
 
+		down_write(&wg->static_identity.lock);
 		noise_set_static_identity_private_key(&wg->static_identity, private_key);
 		list_for_each_entry_safe(peer, temp, &wg->peer_list, peer_list) {
 			if (!noise_precompute_static_static(peer))
 				peer_remove(peer);
 		}
 		cookie_checker_precompute_device_keys(&wg->cookie_checker);
+		up_write(&wg->static_identity.lock);
 	}
 
 	if (info->attrs[WGDEVICE_A_PEERS]) {
-- 
cgit v1.2.3-59-g8ed1b