summaryrefslogtreecommitdiffhomepage
path: root/src
AgeCommit message (Collapse)Author
2019-06-18qemu: show signal when failingJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-03blake2s: spacingJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-02curve25519: not all linkers support bmi2 and adxJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-01version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31compat: don't call xgetbv on cpus with no XSAVEJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31blake2s: add ssse3 to nobsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31blake2s: do not use xgetbv for ssse3 detectionJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29zinc: update copyrightJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29blake2s: shorten ssse3 loopSamuel Neves
This (mostly) preserves the performance (as measured on Haswell and *lake) of last commit, but it drastically reduces code size. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29blake2s,chacha: latency tweakSamuel Neves
In every odd-numbered round, instead of operating over the state x00 x01 x02 x03 x05 x06 x07 x04 x10 x11 x08 x09 x15 x12 x13 x14 we operate over the rotated state x03 x00 x01 x02 x04 x05 x06 x07 x09 x10 x11 x08 x14 x15 x12 x13 The advantage here is that this requires no changes to the 'x04 x05 x06 x07' row, which is in the critical path. This results in a noticeable latency improvement of roughly R cycles, for R diagonal rounds in the primitive. In the case of BLAKE2s, which I also moved from requiring AVX to only requiring SSSE3, we save approximately 30 cycles per compression function call on Haswell and Skylake. In other words, this is an improvement of ~0.6 cpb. This idea was pointed out to me by Shunsuke Shimizu, though it appears to have been around for longer. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29qemu: do not check for alignment with ubsanJason A. Donenfeld
It insta-crashes on x86. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2Jason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29kbuild: account for recent upstream changesJason A. Donenfeld
Apparently cdd750bfb1f76fe9be8cfb53cbe77b2e811081ab changed things, so we fall back onto this hack. Reported-by: Alex Xu <alex@alxu.ca> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29timers: add jitter on ack failure reinitiationJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29qemu: build iproute2 with libmnl supportJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29netlink: use new strict length types in policy for 5.2Jason A. Donenfeld
Reported-by: Bruno Wolff III <bruno@wolff.to> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29qemu: use newer iproute2 and kernelJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-29socket: set ignore_df=1 on xmitJoe Holden
This allows the kernel to generate ipv6 fragments. Apply the same to ipv4 for consistency. Signed-off-by: Joe Holden <jwh@zorins.us> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-04-14compat: udp_tunnel: force cast sk_data_readyJason A. Donenfeld
Reference: https://lists.zx2c4.com/pipermail/wireguard/2019-April/004081.html Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-04-06version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-04-06allowedips: initialize list head when removing intermediate nodesJason A. Donenfeld
Otherwise if this list item is later reused, we'll crash on list poison or worse. Also, add a version of Mimka's reproducer to netns.sh to catch these types of bugs in the future. Reported-by: Mimka <mikma.wg@lists.m7n.se> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-29compat: backport skb_mark_not_on_listJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-27blake2s: remove outlen parameter from finalJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-27blake2s: simplifySamuel Neves
Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-25qemu: set framewarn 1280 for 64bit and 1024 for 32bitJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-25device: use skb accessor functions where possibleJason A. Donenfeld
Suggested-by: David Miller <davem@davemloft.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-25allowedips: do not use __always_inlineJason A. Donenfeld
DaveM doth forbid. Suggested-by: David Miller <davem@davemloft.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-25peerlookup: rename from hashtablesJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-17global: the _bh variety of rcu helpers have been unifiedJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-03-14compat: nf_nat_core.h was removed upstreamBruno Wolff III
In d2c5c103b133 ("netfilter: nat: remove nf_nat_l3proto.h and nf_nat_core.h"). Signed-off-by: Bruno Wolff III <bruno@wolff.to> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-27version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-27queueing: net-next has changed signature of skb_probe_transport_headerJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-26allowedips: maintain per-peer list of allowedipsJason A. Donenfeld
This makes `wg show` and `wg showconf` and the like significantly faster, since we don't have to iterate through every node of the trie for every single peer. It also makes netlink cursor resumption much less problematic, since we're just iterating through a list, rather than having to save a traversal stack. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-25peer: only synchronize_rcu_bh and traverse trie once when removing all peersJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-25netlink: don't remove allowed ips for new peersJason A. Donenfeld
This causes needless traversal of the trie. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-17Makefile: make the depmod path configurableLuis Ressel
Signed-off-by: Luis Ressel <aranea@aixah.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-17Makefile: don't duplicate code in install and modules-installLuis Ressel
Signed-off-by: Luis Ressel <aranea@aixah.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-17compat: backport ALIGN_DOWNJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-17compat: ipv6_stub is sometimes nullJason A. Donenfeld
On ancient kernels, ipv6_stub is sometimes null in cases where IPv6 has been disabled with a command line flag or other failures. Reported-by: Anatoli <me@anatoli.ws> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-04chacha20: name enumsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-03noise: store clamped key instead of raw keyJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-03chacha20poly1305: permit unaligned strides on certain platformsJason A. Donenfeld
The map allocations required to fix this are mostly slower than unaligned paths. Reported-by: Louis Sautier <sbraz@gentoo.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-03hashtables: decouple hashtable allocations from the main device allocationSultan Alsawaf
The hashtable allocations are quite large, and cause the device allocation in the net framework to stall sometimes while it tries to find a contiguous region that can fit the device struct: [<0000000000000000>] __switch_to+0x94/0xb8 [<0000000000000000>] __alloc_pages_nodemask+0x764/0x7e8 [<0000000000000000>] kmalloc_order+0x20/0x40 [<0000000000000000>] __kmalloc+0x144/0x1a0 [<0000000000000000>] alloc_netdev_mqs+0x5c/0x368 [<0000000000000000>] rtnl_create_link+0x48/0x180 [<0000000000000000>] rtnl_newlink+0x410/0x708 [<0000000000000000>] rtnetlink_rcv_msg+0x190/0x1f8 [<0000000000000000>] netlink_rcv_skb+0x4c/0xf8 [<0000000000000000>] rtnetlink_rcv+0x30/0x40 [<0000000000000000>] netlink_unicast+0x18c/0x208 [<0000000000000000>] netlink_sendmsg+0x19c/0x348 [<0000000000000000>] sock_sendmsg+0x3c/0x58 [<0000000000000000>] ___sys_sendmsg+0x290/0x2b0 [<0000000000000000>] __sys_sendmsg+0x58/0xa0 [<0000000000000000>] SyS_sendmsg+0x10/0x20 [<0000000000000000>] el0_svc_naked+0x34/0x38 [<0000000000000000>] 0xffffffffffffffff To fix the allocation stalls, decouple the hashtable allocations from the device allocation and allocate the hashtables with kvmalloc's implicit __GFP_NORETRY so that the allocations fall back to vmalloc with little resistance. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-03queueing: more reasonable allocator function conventionJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-03noise: whiten the nanoseconds portion of the timestampJason A. Donenfeld
This mitigates unrelated sidechannel attacks that think they can turn WireGuard into a useful time oracle. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23version: bump snapshotJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23netlink: use __kernel_timespec for handshake timeJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23global: normalize -> clampJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23qemu: enable FP on MIPSJason A. Donenfeld
This is a change for Linux 5.0. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>