diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-10-03 14:55:33 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-10-03 14:55:33 +0200 |
commit | 113faae1721bf918cb6993e13752063f73f0b173 (patch) | |
tree | 3c1299478c7b6156a77a4db67a7a093f320505ca /src | |
parent | 323636085e1a6c063818a697b30e074578db258e (diff) |
global: add space around variable declarations
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/cookie.c | 1 | ||||
-rw-r--r-- | src/device.c | 3 | ||||
-rw-r--r-- | src/hashtables.c | 2 | ||||
-rw-r--r-- | src/netlink.c | 6 | ||||
-rw-r--r-- | src/noise.c | 11 | ||||
-rw-r--r-- | src/peer.c | 4 | ||||
-rw-r--r-- | src/queueing.c | 2 | ||||
-rw-r--r-- | src/queueing.h | 6 | ||||
-rw-r--r-- | src/receive.c | 5 | ||||
-rw-r--r-- | src/routingtable.c | 9 | ||||
-rw-r--r-- | src/send.c | 1 | ||||
-rw-r--r-- | src/socket.c | 4 | ||||
-rw-r--r-- | src/timers.c | 6 |
13 files changed, 59 insertions, 1 deletions
diff --git a/src/cookie.c b/src/cookie.c index ec58903..d25f9ec 100644 --- a/src/cookie.c +++ b/src/cookie.c @@ -27,6 +27,7 @@ static const u8 cookie_key_label[COOKIE_KEY_LABEL_LEN] = "cookie--"; static void precompute_key(u8 key[NOISE_SYMMETRIC_KEY_LEN], const u8 pubkey[NOISE_PUBLIC_KEY_LEN], const u8 label[COOKIE_KEY_LABEL_LEN]) { struct blake2s_state blake; + blake2s_init(&blake, NOISE_SYMMETRIC_KEY_LEN); blake2s_update(&blake, label, COOKIE_KEY_LABEL_LEN); blake2s_update(&blake, pubkey, NOISE_PUBLIC_KEY_LEN); diff --git a/src/device.c b/src/device.c index 1868027..fdade83 100644 --- a/src/device.c +++ b/src/device.c @@ -81,7 +81,6 @@ static int suspending_clear_noise_peers(struct notifier_block *nb, unsigned long } rtnl_unlock(); rcu_barrier_bh(); - return 0; } static struct notifier_block clear_peers_on_suspend = { .notifier_call = suspending_clear_noise_peers }; @@ -91,6 +90,7 @@ static int stop(struct net_device *dev) { struct wireguard_device *wg = netdev_priv(dev); struct wireguard_peer *peer, *temp; + peer_for_each (wg, peer, temp, true) { skb_queue_purge(&peer->staged_packet_queue); timers_stop(peer); @@ -348,6 +348,7 @@ int __init device_init(void) { #ifdef CONFIG_PM_SLEEP int ret = register_pm_notifier(&clear_peers_on_suspend); + if (ret) return ret; #endif diff --git a/src/hashtables.c b/src/hashtables.c index 978997a..a0cfa44 100644 --- a/src/hashtables.c +++ b/src/hashtables.c @@ -36,6 +36,7 @@ void pubkey_hashtable_remove(struct pubkey_hashtable *table, struct wireguard_pe struct wireguard_peer *pubkey_hashtable_lookup(struct pubkey_hashtable *table, const u8 pubkey[NOISE_PUBLIC_KEY_LEN]) { struct wireguard_peer *iter_peer, *peer = NULL; + rcu_read_lock_bh(); hlist_for_each_entry_rcu_bh (iter_peer, pubkey_bucket(table, pubkey), pubkey_hash) { if (!memcmp(pubkey, iter_peer->handshake.remote_static, NOISE_PUBLIC_KEY_LEN)) { @@ -142,6 +143,7 @@ void index_hashtable_remove(struct index_hashtable *table, struct index_hashtabl struct index_hashtable_entry *index_hashtable_lookup(struct index_hashtable *table, const enum index_hashtable_type type_mask, const __le32 index) { struct index_hashtable_entry *iter_entry, *entry = NULL; + rcu_read_lock_bh(); hlist_for_each_entry_rcu_bh (iter_entry, index_bucket(table, index), index_hash) { if (iter_entry->index == index) { diff --git a/src/netlink.c b/src/netlink.c index 84ca850..8734ddd 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -70,6 +70,7 @@ static int get_allowedips(void *ctx, union nf_inet_addr ip, u8 cidr, int family) { struct nlattr *allowedip_nest; struct allowedips_ctx *actx = ctx; + if (++actx->idx < actx->idx_cursor) return 0; allowedip_nest = nla_nest_start(actx->skb, actx->idx - 1); @@ -91,6 +92,7 @@ static int get_peer(struct wireguard_peer *peer, unsigned int index, unsigned in struct allowedips_ctx ctx = { .skb = skb, .idx_cursor = *allowedips_idx_cursor }; struct nlattr *allowedips_nest, *peer_nest = nla_nest_start(skb, index); bool fail; + if (!peer_nest) return -EMSGSIZE; @@ -144,6 +146,7 @@ static int get_start(struct netlink_callback *cb) struct wireguard_device *wg; struct nlattr **attrs = genl_family_attrbuf(&genl_family); int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + genl_family.hdrsize, attrs, genl_family.maxattr, device_policy, NULL); + if (ret < 0) return ret; wg = lookup_interface(attrs, cb->skb); @@ -246,6 +249,7 @@ static int get_done(struct netlink_callback *cb) { struct wireguard_device *wg = (struct wireguard_device *)cb->args[0]; struct wireguard_peer *peer = (struct wireguard_peer *)cb->args[1]; + if (wg) dev_put(wg->dev); peer_put(peer); @@ -255,6 +259,7 @@ static int get_done(struct netlink_callback *cb) static int set_device_port(struct wireguard_device *wg, u16 port) { struct wireguard_peer *peer, *temp; + if (wg->incoming_port == port) return 0; socket_uninit(wg); @@ -384,6 +389,7 @@ static int set(struct sk_buff *skb, struct genl_info *info) { int ret; struct wireguard_device *wg = lookup_interface(info->attrs, skb); + if (IS_ERR(wg)) { ret = PTR_ERR(wg); goto out_nodev; diff --git a/src/noise.c b/src/noise.c index cbe3f39..f4d4deb 100644 --- a/src/noise.c +++ b/src/noise.c @@ -31,6 +31,7 @@ static atomic64_t keypair_counter = ATOMIC64_INIT(0); void __init noise_init(void) { struct blake2s_state blake; + blake2s(handshake_init_chaining_key, handshake_name, NULL, NOISE_HASH_LEN, sizeof(handshake_name), 0); blake2s_init(&blake, NOISE_HASH_LEN); blake2s_update(&blake, handshake_init_chaining_key, NOISE_HASH_LEN); @@ -82,6 +83,7 @@ void noise_handshake_clear(struct noise_handshake *handshake) static struct noise_keypair *keypair_create(struct wireguard_peer *peer) { struct noise_keypair *keypair = kzalloc(sizeof(struct noise_keypair), GFP_KERNEL); + if (unlikely(!keypair)) return NULL; keypair->internal_id = atomic64_inc_return(&keypair_counter); @@ -94,6 +96,7 @@ static struct noise_keypair *keypair_create(struct wireguard_peer *peer) static void keypair_free_rcu(struct rcu_head *rcu) { struct noise_keypair *keypair = container_of(rcu, struct noise_keypair, rcu); + net_dbg_ratelimited("%s: Keypair %Lu destroyed for peer %Lu\n", keypair->entry.peer->device->dev->name, keypair->internal_id, keypair->entry.peer->internal_id); kzfree(keypair); } @@ -101,6 +104,7 @@ static void keypair_free_rcu(struct rcu_head *rcu) static void keypair_free_kref(struct kref *kref) { struct noise_keypair *keypair = container_of(kref, struct noise_keypair, refcount); + index_hashtable_remove(&keypair->entry.peer->device->index_hashtable, &keypair->entry); call_rcu_bh(&keypair->rcu, keypair_free_rcu); } @@ -123,6 +127,7 @@ struct noise_keypair *noise_keypair_get(struct noise_keypair *keypair) void noise_keypairs_clear(struct noise_keypairs *keypairs) { struct noise_keypair *old; + spin_lock_bh(&keypairs->keypair_update_lock); old = rcu_dereference_protected(keypairs->previous_keypair, lockdep_is_held(&keypairs->keypair_update_lock)); rcu_assign_pointer(keypairs->previous_keypair, NULL); @@ -225,6 +230,7 @@ static void kdf(u8 *first_dst, u8 *second_dst, u8 *third_dst, const u8 *data, si { u8 secret[BLAKE2S_OUTBYTES]; u8 output[BLAKE2S_OUTBYTES + 1]; + BUG_ON(first_len > BLAKE2S_OUTBYTES || second_len > BLAKE2S_OUTBYTES || third_len > BLAKE2S_OUTBYTES || ((second_len || second_dst || third_len || third_dst) && (!first_len || !first_dst)) || ((third_len || third_dst) && (!second_len || !second_dst))); /* Extract entropy from data into secret */ @@ -279,6 +285,7 @@ static void derive_keys(struct noise_symmetric_key *first_dst, struct noise_symm static bool __must_check mix_dh(u8 chaining_key[NOISE_HASH_LEN], u8 key[NOISE_SYMMETRIC_KEY_LEN], const u8 private[NOISE_PUBLIC_KEY_LEN], const u8 public[NOISE_PUBLIC_KEY_LEN]) { u8 dh_calculation[NOISE_PUBLIC_KEY_LEN]; + if (unlikely(!curve25519(dh_calculation, private, public))) return false; kdf(chaining_key, key, NULL, dh_calculation, NOISE_HASH_LEN, NOISE_SYMMETRIC_KEY_LEN, 0, NOISE_PUBLIC_KEY_LEN, chaining_key); @@ -289,6 +296,7 @@ static bool __must_check mix_dh(u8 chaining_key[NOISE_HASH_LEN], u8 key[NOISE_SY static void mix_hash(u8 hash[NOISE_HASH_LEN], const u8 *src, size_t src_len) { struct blake2s_state blake; + blake2s_init(&blake, NOISE_HASH_LEN); blake2s_update(&blake, hash, NOISE_HASH_LEN); blake2s_update(&blake, src, src_len); @@ -298,6 +306,7 @@ static void mix_hash(u8 hash[NOISE_HASH_LEN], const u8 *src, size_t src_len) static void mix_psk(u8 chaining_key[NOISE_HASH_LEN], u8 hash[NOISE_HASH_LEN], u8 key[NOISE_SYMMETRIC_KEY_LEN], const u8 psk[NOISE_SYMMETRIC_KEY_LEN]) { u8 temp_hash[NOISE_HASH_LEN]; + kdf(chaining_key, temp_hash, key, psk, NOISE_HASH_LEN, NOISE_HASH_LEN, NOISE_SYMMETRIC_KEY_LEN, NOISE_SYMMETRIC_KEY_LEN, chaining_key); mix_hash(hash, temp_hash, NOISE_HASH_LEN); memzero_explicit(temp_hash, NOISE_HASH_LEN); @@ -335,6 +344,7 @@ static void message_ephemeral(u8 ephemeral_dst[NOISE_PUBLIC_KEY_LEN], const u8 e static void tai64n_now(u8 output[NOISE_TIMESTAMP_LEN]) { struct timeval now; + do_gettimeofday(&now); /* https://cr.yp.to/libtai/tai64.html */ *(__be64 *)output = cpu_to_be64(4611686018427387914ULL + now.tv_sec); @@ -464,6 +474,7 @@ bool noise_handshake_create_response(struct message_handshake_response *dst, str { bool ret = false; u8 key[NOISE_SYMMETRIC_KEY_LEN]; + down_read(&handshake->static_identity->lock); down_write(&handshake->lock); @@ -17,6 +17,7 @@ static atomic64_t peer_counter = ATOMIC64_INIT(0); struct wireguard_peer *peer_create(struct wireguard_device *wg, const u8 public_key[NOISE_PUBLIC_KEY_LEN], const u8 preshared_key[NOISE_SYMMETRIC_KEY_LEN]) { struct wireguard_peer *peer; + lockdep_assert_held(&wg->device_update_lock); if (peer_total_count(wg) >= MAX_PEERS_PER_DEVICE) @@ -102,6 +103,7 @@ static void rcu_release(struct rcu_head *rcu) static void kref_release(struct kref *refcount) { struct wireguard_peer *peer = container_of(refcount, struct wireguard_peer, refcount); + index_hashtable_remove(&peer->device->index_hashtable, &peer->handshake.entry); skb_queue_purge(&peer->staged_packet_queue); call_rcu_bh(&peer->rcu, rcu_release); @@ -117,6 +119,7 @@ void peer_put(struct wireguard_peer *peer) void peer_remove_all(struct wireguard_device *wg) { struct wireguard_peer *peer, *temp; + lockdep_assert_held(&wg->device_update_lock); list_for_each_entry_safe (peer, temp, &wg->peer_list, peer_list) peer_remove(peer); @@ -126,6 +129,7 @@ unsigned int peer_total_count(struct wireguard_device *wg) { unsigned int i = 0; struct wireguard_peer *peer; + lockdep_assert_held(&wg->device_update_lock); list_for_each_entry (peer, &wg->peer_list, peer_list) ++i; diff --git a/src/queueing.c b/src/queueing.c index dec02ee..2e00d63 100644 --- a/src/queueing.c +++ b/src/queueing.c @@ -9,8 +9,10 @@ struct multicore_worker __percpu *packet_alloc_percpu_multicore_worker(work_func { int cpu; struct multicore_worker __percpu *worker = alloc_percpu(struct multicore_worker); + if (!worker) return NULL; + for_each_possible_cpu (cpu) { per_cpu_ptr(worker, cpu)->ptr = ptr; INIT_WORK(&per_cpu_ptr(worker, cpu)->work, function); diff --git a/src/queueing.h b/src/queueing.h index be3d15d..503445c 100644 --- a/src/queueing.h +++ b/src/queueing.h @@ -75,6 +75,7 @@ static inline unsigned int skb_padding(struct sk_buff *skb) * shouldn't be a real problem, and this can likely be removed. But, caution! */ unsigned int last_unit = skb->len % skb->dev->mtu; unsigned int padded_size = (last_unit + MESSAGE_PADDING_MULTIPLE - 1) & ~(MESSAGE_PADDING_MULTIPLE - 1); + if (padded_size > skb->dev->mtu) padded_size = skb->dev->mtu; return padded_size - last_unit; @@ -103,6 +104,7 @@ static inline void skb_reset(struct sk_buff *skb) static inline int cpumask_choose_online(int *stored_cpu, unsigned int id) { unsigned int cpu = *stored_cpu, cpu_index, i; + if (unlikely(cpu == nr_cpumask_bits || !cpumask_test_cpu(cpu, cpu_online_mask))) { cpu_index = id % cpumask_weight(cpu_online_mask); cpu = cpumask_first(cpu_online_mask); @@ -122,6 +124,7 @@ static inline int cpumask_choose_online(int *stored_cpu, unsigned int id) static inline int cpumask_next_online(int *next) { int cpu = *next; + while (unlikely(!cpumask_test_cpu(cpu, cpu_online_mask))) cpu = cpumask_next(cpu, cpu_online_mask) % nr_cpumask_bits; *next = cpumask_next(cpu, cpu_online_mask) % nr_cpumask_bits; @@ -131,6 +134,7 @@ static inline int cpumask_next_online(int *next) static inline struct list_head *queue_dequeue(struct crypt_queue *queue) { struct list_head *node; + spin_lock_bh(&queue->lock); node = queue->queue.next; if (&queue->queue == node) { @@ -159,6 +163,7 @@ static inline bool queue_enqueue(struct crypt_queue *queue, struct list_head *no static inline struct crypt_ctx *queue_dequeue_per_device(struct crypt_queue *queue) { struct list_head *node = queue_dequeue(queue); + return node ? list_entry(node, struct crypt_ctx, per_device_node) : NULL; } @@ -170,6 +175,7 @@ static inline struct crypt_ctx *queue_first_per_peer(struct crypt_queue *queue) static inline bool queue_enqueue_per_device_and_peer(struct crypt_queue *device_queue, struct crypt_queue *peer_queue, struct crypt_ctx *ctx, struct workqueue_struct *wq, int *next_cpu) { int cpu; + if (unlikely(!queue_enqueue(peer_queue, &ctx->per_peer_node, MAX_QUEUED_PACKETS))) return false; cpu = cpumask_next_online(next_cpu); diff --git a/src/receive.c b/src/receive.c index 7177c59..aab8b32 100644 --- a/src/receive.c +++ b/src/receive.c @@ -16,6 +16,7 @@ static inline void rx_stats(struct wireguard_peer *peer, size_t len) { struct pcpu_sw_netstats *tstats = get_cpu_ptr(peer->device->dev->tstats); + u64_stats_update_begin(&tstats->syncp); tstats->rx_bytes += len; ++tstats->rx_packets; @@ -27,6 +28,7 @@ static inline void rx_stats(struct wireguard_peer *peer, size_t len) static inline void update_latest_addr(struct wireguard_peer *peer, struct sk_buff *skb) { struct endpoint endpoint; + if (!socket_endpoint_from_skb(&endpoint, skb)) socket_set_peer_endpoint(peer, &endpoint); } @@ -52,6 +54,7 @@ static inline int skb_prepare_header(struct sk_buff *skb, struct wireguard_devic { struct udphdr *udp; size_t data_offset, data_len, header_len; + if (unlikely(skb_examine_untrusted_ip_hdr(skb) != skb->protocol || skb_transport_header(skb) < skb->head || (skb_transport_header(skb) + sizeof(struct udphdr)) > skb_tail_pointer(skb))) return -EINVAL; /* Bogus IP header */ udp = udp_hdr(skb); @@ -177,6 +180,7 @@ static inline void keep_key_fresh(struct wireguard_peer *peer) { struct noise_keypair *keypair; bool send = false; + if (peer->sent_lastminute_handshake) return; @@ -228,6 +232,7 @@ static inline bool counter_validate(union noise_counter *counter, u64 their_coun { bool ret = false; unsigned long index, index_current, top, i; + spin_lock_bh(&counter->receive.lock); if (unlikely(counter->receive.counter >= REJECT_AFTER_MESSAGES + 1 || their_counter >= REJECT_AFTER_MESSAGES)) diff --git a/src/routingtable.c b/src/routingtable.c index 6fdad8a..781c758 100644 --- a/src/routingtable.c +++ b/src/routingtable.c @@ -40,6 +40,7 @@ static void node_free_rcu(struct rcu_head *rcu) static void free_root_node(struct routing_table_node __rcu *top, struct mutex *lock) { walk_prep; + walk (top, lock) call_rcu_bh(&node->rcu, node_free_rcu); } @@ -48,6 +49,7 @@ static size_t count_nodes(struct routing_table_node __rcu *top) { size_t ret = 0; walk_prep; + walk (top, NULL) { if (node->peer) ++ret; @@ -258,6 +260,7 @@ void routing_table_free(struct routing_table *table) int routing_table_insert_v4(struct routing_table *table, const struct in_addr *ip, u8 cidr, struct wireguard_peer *peer) { int ret; + if (unlikely(cidr > 32 || !peer)) return -EINVAL; mutex_lock(&table->table_update_lock); @@ -269,6 +272,7 @@ int routing_table_insert_v4(struct routing_table *table, const struct in_addr *i int routing_table_insert_v6(struct routing_table *table, const struct in6_addr *ip, u8 cidr, struct wireguard_peer *peer) { int ret; + if (unlikely(cidr > 128 || !peer)) return -EINVAL; mutex_lock(&table->table_update_lock); @@ -288,6 +292,7 @@ void routing_table_remove_by_peer(struct routing_table *table, struct wireguard_ size_t routing_table_count_nodes(struct routing_table *table) { size_t ret; + rcu_read_lock_bh(); ret = count_nodes(table->root4) + count_nodes(table->root6); rcu_read_unlock_bh(); @@ -297,11 +302,13 @@ size_t routing_table_count_nodes(struct routing_table *table) int routing_table_walk_ips_by_peer(struct routing_table *table, void *ctx, struct wireguard_peer *peer, int (*func)(void *ctx, union nf_inet_addr ip, u8 cidr, int family)) { int ret; + rcu_read_lock_bh(); ret = walk_ips_by_peer(table->root4, AF_INET, ctx, peer, func, NULL); rcu_read_unlock_bh(); if (ret) return ret; + rcu_read_lock_bh(); ret = walk_ips_by_peer(table->root6, AF_INET6, ctx, peer, func, NULL); rcu_read_unlock_bh(); @@ -311,11 +318,13 @@ int routing_table_walk_ips_by_peer(struct routing_table *table, void *ctx, struc int routing_table_walk_ips_by_peer_sleepable(struct routing_table *table, void *ctx, struct wireguard_peer *peer, int (*func)(void *ctx, union nf_inet_addr ip, u8 cidr, int family)) { int ret; + mutex_lock(&table->table_update_lock); ret = walk_ips_by_peer(table->root4, AF_INET, ctx, peer, func, &table->table_update_lock); mutex_unlock(&table->table_update_lock); if (ret) return ret; + mutex_lock(&table->table_update_lock); ret = walk_ips_by_peer(table->root6, AF_INET6, ctx, peer, func, &table->table_update_lock); mutex_unlock(&table->table_update_lock); @@ -41,6 +41,7 @@ static void packet_send_handshake_initiation(struct wireguard_peer *peer) void packet_handshake_send_worker(struct work_struct *work) { struct wireguard_peer *peer = container_of(work, struct wireguard_peer, transmit_handshake_work); + packet_send_handshake_initiation(peer); peer_put(peer); } diff --git a/src/socket.c b/src/socket.c index 4f78de1..da2236c 100644 --- a/src/socket.c +++ b/src/socket.c @@ -166,8 +166,10 @@ int socket_send_skb_to_peer(struct wireguard_peer *peer, struct sk_buff *skb, u8 int socket_send_buffer_to_peer(struct wireguard_peer *peer, void *buffer, size_t len, u8 ds) { struct sk_buff *skb = alloc_skb(len + SKB_HEADER_LEN, GFP_ATOMIC); + if (unlikely(!skb)) return -ENOMEM; + skb_reserve(skb, SKB_HEADER_LEN); memcpy(skb_put(skb, len), buffer, len); return socket_send_skb_to_peer(peer, skb, ds); @@ -326,6 +328,7 @@ int socket_init(struct wireguard_device *wg) .ipv6_v6only = true }; #endif + mutex_lock(&wg->socket_update_lock); #if IS_ENABLED(CONFIG_IPV6) retry: @@ -373,6 +376,7 @@ out: void socket_uninit(struct wireguard_device *wg) { struct sock *old4, *old6; + mutex_lock(&wg->socket_update_lock); old4 = rcu_dereference_protected(wg->sock4, lockdep_is_held(&wg->socket_update_lock)); old6 = rcu_dereference_protected(wg->sock6, lockdep_is_held(&wg->socket_update_lock)); diff --git a/src/timers.c b/src/timers.c index 42e188c..2838821 100644 --- a/src/timers.c +++ b/src/timers.c @@ -33,6 +33,7 @@ static inline bool timers_active(struct wireguard_peer *peer) static void expired_retransmit_handshake(unsigned long ptr) { peer_get_from_ptr(ptr); + if (peer->timer_handshake_attempts > MAX_TIMER_HANDSHAKES) { pr_debug("%s: Handshake for peer %Lu (%pISpfsc) did not complete after %d attempts, giving up\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, MAX_TIMER_HANDSHAKES + 2); @@ -61,6 +62,7 @@ static void expired_retransmit_handshake(unsigned long ptr) static void expired_send_keepalive(unsigned long ptr) { peer_get_from_ptr(ptr); + packet_send_keepalive(peer); if (peer->timer_need_another_keepalive) { peer->timer_need_another_keepalive = false; @@ -73,6 +75,7 @@ static void expired_send_keepalive(unsigned long ptr) static void expired_new_handshake(unsigned long ptr) { peer_get_from_ptr(ptr); + pr_debug("%s: Retrying handshake with peer %Lu (%pISpfsc) because we stopped hearing back after %d seconds\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, (KEEPALIVE_TIMEOUT + REKEY_TIMEOUT) / HZ); /* We clear the endpoint address src address, in case this is the cause of trouble. */ socket_clear_peer_endpoint_src(peer); @@ -83,12 +86,14 @@ static void expired_new_handshake(unsigned long ptr) static void expired_zero_key_material(unsigned long ptr) { peer_get_from_ptr(ptr); + if (!queue_work(peer->device->handshake_send_wq, &peer->clear_peer_work)) /* Takes our reference. */ peer_put(peer); /* If the work was already on the queue, we want to drop the extra reference */ } static void queued_expired_zero_key_material(struct work_struct *work) { struct wireguard_peer *peer = container_of(work, struct wireguard_peer, clear_peer_work); + pr_debug("%s: Zeroing out all keys for peer %Lu (%pISpfsc), since we haven't received a new one in %d seconds\n", peer->device->dev->name, peer->internal_id, &peer->endpoint.addr, (REJECT_AFTER_TIME * 3) / HZ); noise_handshake_clear(&peer->handshake); noise_keypairs_clear(&peer->keypairs); @@ -98,6 +103,7 @@ static void queued_expired_zero_key_material(struct work_struct *work) static void expired_send_persistent_keepalive(unsigned long ptr) { peer_get_from_ptr(ptr); + if (likely(peer->persistent_keepalive_interval)) { if (likely(timers_active(peer))) del_timer(&peer->timer_send_keepalive); |