https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276392
Bug ID: 276392
Summary: if_wg: Fix noise_remote_alloc() to acquire
'l_identity_lock' lock
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
The 'l_identity_lock' lock must be acquired to access 'l_has_identity' and
'l_private' members; i.e., noise_precompute_ss() must be called with the
'l_identity_lock' locked.
Fix noise_remote_alloc() to acquire the lock before calling
noise_precompute_ss(). Meanwhile, add an assertion to the latter to assert the
required lock is held.
Below is my suggested patch:
--- wg_noise.c.orig 2024-01-16 22:53:33.518906792 +0800
+++ wg_noise.c 2024-01-16 23:21:16.069687841 +0800
@@ -281,6 +281,8 @@ noise_local_keys(struct noise_local *l,
static void
noise_precompute_ss(struct noise_local *l, struct noise_remote *r)
{
+ rw_assert(&l->l_identity_lock, RA_LOCKED);
+
rw_wlock(&r->r_handshake_lock);
if (!l->l_has_identity ||
!curve25519(r->r_ss, l->l_private, r->r_public))
@@ -302,7 +304,10 @@ noise_remote_alloc(struct noise_local *l
r->r_handshake_state = HANDSHAKE_DEAD;
r->r_last_sent = TIMER_RESET;
r->r_last_init_recv = TIMER_RESET;
+
+ rw_wlock(&l->l_identity_lock);
noise_precompute_ss(l, r);
+ rw_wunlock(&l->l_identity_lock);
refcount_init(&r->r_refcnt, 1);
r->r_local = noise_local_ref(l);
--
You are receiving this mail because:
You are the assignee for the bug.
