Searched hist:"2 d6919c3205b141ba85fb733b2a67937ff85dc7f" (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/drivers/net/wireguard/ |
| H A D | device.c | diff 2d6919c3205b141ba85fb733b2a67937ff85dc7f Tue Mar 01 16:26:55 CST 2022 Jason A. Donenfeld <Jason@zx2c4.com> wireguard: device: clear keys on VM fork
When a virtual machine forks, it's important that WireGuard clear
existing sessions so that different plaintexts are not transmitted using
the same key+nonce, which can result in catastrophic cryptographic
failure. To accomplish this, we simply hook into the newly added vmfork
notifier.
As a bonus, it turns out that, like the vmfork registration function,
the PM registration function is stubbed out when CONFIG_PM_SLEEP is not
set, so we can actually just remove the maze of ifdefs, which makes it
really quite clean to support both notifiers at once.
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Theodore Ts'o <tytso@mit.edu>
Acked-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|