net/wireguard/peer.c

e7096c13SJason A. Donenfeld// SPDX-License-Identifier: GPL-2.0
e7096c13SJason A. Donenfeld/*
e7096c13SJason A. Donenfeld * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
e7096c13SJason A. Donenfeld */
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld#include "peer.h"
e7096c13SJason A. Donenfeld#include "device.h"
e7096c13SJason A. Donenfeld#include "queueing.h"
e7096c13SJason A. Donenfeld#include "timers.h"
e7096c13SJason A. Donenfeld#include "peerlookup.h"
e7096c13SJason A. Donenfeld#include "noise.h"
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld#include <linux/kref.h>
e7096c13SJason A. Donenfeld#include <linux/lockdep.h>
e7096c13SJason A. Donenfeld#include <linux/rcupdate.h>
e7096c13SJason A. Donenfeld#include <linux/list.h>
e7096c13SJason A. Donenfeld
a4e9f8e3SJason A. Donenfeldstatic struct kmem_cache *peer_cache;
e7096c13SJason A. Donenfeldstatic atomic64_t peer_counter = ATOMIC64_INIT(0);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeldstruct wg_peer *wg_peer_create(struct wg_device *wg,
e7096c13SJason A. Donenfeld			       const u8 public_key[NOISE_PUBLIC_KEY_LEN],
e7096c13SJason A. Donenfeld			       const u8 preshared_key[NOISE_SYMMETRIC_KEY_LEN])
e7096c13SJason A. Donenfeld{
e7096c13SJason A. Donenfeld	struct wg_peer *peer;
e7096c13SJason A. Donenfeld	int ret = -ENOMEM;
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	lockdep_assert_held(&wg->device_update_lock);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	if (wg->num_peers >= MAX_PEERS_PER_DEVICE)
e7096c13SJason A. Donenfeld		return ERR_PTR(ret);
e7096c13SJason A. Donenfeld
a4e9f8e3SJason A. Donenfeld	peer = kmem_cache_zalloc(peer_cache, GFP_KERNEL);
e7096c13SJason A. Donenfeld	if (unlikely(!peer))
e7096c13SJason A. Donenfeld		return ERR_PTR(ret);
a4e9f8e3SJason A. Donenfeld	if (unlikely(dst_cache_init(&peer->endpoint_cache, GFP_KERNEL)))
8b5553acSJason A. Donenfeld		goto err;
e7096c13SJason A. Donenfeld
8b5553acSJason A. Donenfeld	peer->device = wg;
11a7686aSJason A. Donenfeld	wg_noise_handshake_init(&peer->handshake, &wg->static_identity,
11a7686aSJason A. Donenfeld				public_key, preshared_key, peer);
e7096c13SJason A. Donenfeld	peer->internal_id = atomic64_inc_return(&peer_counter);
e7096c13SJason A. Donenfeld	peer->serial_work_cpu = nr_cpumask_bits;
e7096c13SJason A. Donenfeld	wg_cookie_init(&peer->latest_cookie);
e7096c13SJason A. Donenfeld	wg_timers_init(peer);
e7096c13SJason A. Donenfeld	wg_cookie_checker_precompute_peer_keys(peer);
e7096c13SJason A. Donenfeld	spin_lock_init(&peer->keypairs.keypair_update_lock);
8b5553acSJason A. Donenfeld	INIT_WORK(&peer->transmit_handshake_work, wg_packet_handshake_send_worker);
8b5553acSJason A. Donenfeld	INIT_WORK(&peer->transmit_packet_work, wg_packet_tx_worker);
8b5553acSJason A. Donenfeld	wg_prev_queue_init(&peer->tx_queue);
8b5553acSJason A. Donenfeld	wg_prev_queue_init(&peer->rx_queue);
e7096c13SJason A. Donenfeld	rwlock_init(&peer->endpoint_lock);
e7096c13SJason A. Donenfeld	kref_init(&peer->refcount);
e7096c13SJason A. Donenfeld	skb_queue_head_init(&peer->staged_packet_queue);
e7096c13SJason A. Donenfeld	wg_noise_reset_last_sent_handshake(&peer->last_sent_handshake);
e7096c13SJason A. Donenfeld	set_bit(NAPI_STATE_NO_BUSY_POLL, &peer->napi.state);
*b48b89f9SJakub Kicinski	netif_napi_add(wg->dev, &peer->napi, wg_packet_rx_poll);
e7096c13SJason A. Donenfeld	napi_enable(&peer->napi);
e7096c13SJason A. Donenfeld	list_add_tail(&peer->peer_list, &wg->peer_list);
e7096c13SJason A. Donenfeld	INIT_LIST_HEAD(&peer->allowedips_list);
e7096c13SJason A. Donenfeld	wg_pubkey_hashtable_add(wg->peer_hashtable, peer);
e7096c13SJason A. Donenfeld	++wg->num_peers;
e7096c13SJason A. Donenfeld	pr_debug("%s: Peer %llu created\n", wg->dev->name, peer->internal_id);
e7096c13SJason A. Donenfeld	return peer;
e7096c13SJason A. Donenfeld
8b5553acSJason A. Donenfelderr:
a4e9f8e3SJason A. Donenfeld	kmem_cache_free(peer_cache, peer);
e7096c13SJason A. Donenfeld	return ERR_PTR(ret);
e7096c13SJason A. Donenfeld}
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeldstruct wg_peer *wg_peer_get_maybe_zero(struct wg_peer *peer)
e7096c13SJason A. Donenfeld{
e7096c13SJason A. Donenfeld	RCU_LOCKDEP_WARN(!rcu_read_lock_bh_held(),
e7096c13SJason A. Donenfeld			 "Taking peer reference without holding the RCU read lock");
e7096c13SJason A. Donenfeld	if (unlikely(!peer || !kref_get_unless_zero(&peer->refcount)))
e7096c13SJason A. Donenfeld		return NULL;
e7096c13SJason A. Donenfeld	return peer;
e7096c13SJason A. Donenfeld}
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeldstatic void peer_make_dead(struct wg_peer *peer)
e7096c13SJason A. Donenfeld{
e7096c13SJason A. Donenfeld	/* Remove from configuration-time lookup structures. */
e7096c13SJason A. Donenfeld	list_del_init(&peer->peer_list);
e7096c13SJason A. Donenfeld	wg_allowedips_remove_by_peer(&peer->device->peer_allowedips, peer,
e7096c13SJason A. Donenfeld				     &peer->device->device_update_lock);
e7096c13SJason A. Donenfeld	wg_pubkey_hashtable_remove(peer->device->peer_hashtable, peer);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	/* Mark as dead, so that we don't allow jumping contexts after. */
e7096c13SJason A. Donenfeld	WRITE_ONCE(peer->is_dead, true);
e7096c13SJason A. Donenfeld
24b70eeeSJason A. Donenfeld	/* The caller must now synchronize_net() for this to take effect. */
e7096c13SJason A. Donenfeld}
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeldstatic void peer_remove_after_dead(struct wg_peer *peer)
e7096c13SJason A. Donenfeld{
e7096c13SJason A. Donenfeld	WARN_ON(!peer->is_dead);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	/* No more keypairs can be created for this peer, since is_dead protects
e7096c13SJason A. Donenfeld	 * add_new_keypair, so we can now destroy existing ones.
e7096c13SJason A. Donenfeld	 */
e7096c13SJason A. Donenfeld	wg_noise_keypairs_clear(&peer->keypairs);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	/* Destroy all ongoing timers that were in-flight at the beginning of
e7096c13SJason A. Donenfeld	 * this function.
e7096c13SJason A. Donenfeld	 */
e7096c13SJason A. Donenfeld	wg_timers_stop(peer);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	/* The transition between packet encryption/decryption queues isn't
e7096c13SJason A. Donenfeld	 * guarded by is_dead, but each reference's life is strictly bounded by
e7096c13SJason A. Donenfeld	 * two generations: once for parallel crypto and once for serial
e7096c13SJason A. Donenfeld	 * ingestion, so we can simply flush twice, and be sure that we no
e7096c13SJason A. Donenfeld	 * longer have references inside these queues.
e7096c13SJason A. Donenfeld	 */
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	/* a) For encrypt/decrypt. */
e7096c13SJason A. Donenfeld	flush_workqueue(peer->device->packet_crypt_wq);
e7096c13SJason A. Donenfeld	/* b.1) For send (but not receive, since that's napi). */
e7096c13SJason A. Donenfeld	flush_workqueue(peer->device->packet_crypt_wq);
e7096c13SJason A. Donenfeld	/* b.2.1) For receive (but not send, since that's wq). */
e7096c13SJason A. Donenfeld	napi_disable(&peer->napi);
e7096c13SJason A. Donenfeld	/* b.2.1) It's now safe to remove the napi struct, which must be done
e7096c13SJason A. Donenfeld	 * here from process context.
e7096c13SJason A. Donenfeld	 */
e7096c13SJason A. Donenfeld	netif_napi_del(&peer->napi);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	/* Ensure any workstructs we own (like transmit_handshake_work or
e7096c13SJason A. Donenfeld	 * clear_peer_work) no longer are in use.
e7096c13SJason A. Donenfeld	 */
e7096c13SJason A. Donenfeld	flush_workqueue(peer->device->handshake_send_wq);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	/* After the above flushes, a peer might still be active in a few
e7096c13SJason A. Donenfeld	 * different contexts: 1) from xmit(), before hitting is_dead and
e7096c13SJason A. Donenfeld	 * returning, 2) from wg_packet_consume_data(), before hitting is_dead
e7096c13SJason A. Donenfeld	 * and returning, 3) from wg_receive_handshake_packet() after a point
e7096c13SJason A. Donenfeld	 * where it has processed an incoming handshake packet, but where
e7096c13SJason A. Donenfeld	 * all calls to pass it off to timers fails because of is_dead. We won't
e7096c13SJason A. Donenfeld	 * have new references in (1) eventually, because we're removed from
e7096c13SJason A. Donenfeld	 * allowedips; we won't have new references in (2) eventually, because
e7096c13SJason A. Donenfeld	 * wg_index_hashtable_lookup will always return NULL, since we removed
e7096c13SJason A. Donenfeld	 * all existing keypairs and no more can be created; we won't have new
e7096c13SJason A. Donenfeld	 * references in (3) eventually, because we're removed from the pubkey
e7096c13SJason A. Donenfeld	 * hash table, which allows for a maximum of one handshake response,
e7096c13SJason A. Donenfeld	 * via the still-uncleared index hashtable entry, but not more than one,
e7096c13SJason A. Donenfeld	 * and in wg_cookie_message_consume, the lookup eventually gets a peer
e7096c13SJason A. Donenfeld	 * with a refcount of zero, so no new reference is taken.
e7096c13SJason A. Donenfeld	 */
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	--peer->device->num_peers;
e7096c13SJason A. Donenfeld	wg_peer_put(peer);
e7096c13SJason A. Donenfeld}
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld/* We have a separate "remove" function make sure that all active places where
e7096c13SJason A. Donenfeld * a peer is currently operating will eventually come to an end and not pass
e7096c13SJason A. Donenfeld * their reference onto another context.
e7096c13SJason A. Donenfeld */
e7096c13SJason A. Donenfeldvoid wg_peer_remove(struct wg_peer *peer)
e7096c13SJason A. Donenfeld{
e7096c13SJason A. Donenfeld	if (unlikely(!peer))
e7096c13SJason A. Donenfeld		return;
e7096c13SJason A. Donenfeld	lockdep_assert_held(&peer->device->device_update_lock);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	peer_make_dead(peer);
24b70eeeSJason A. Donenfeld	synchronize_net();
e7096c13SJason A. Donenfeld	peer_remove_after_dead(peer);
e7096c13SJason A. Donenfeld}
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeldvoid wg_peer_remove_all(struct wg_device *wg)
e7096c13SJason A. Donenfeld{
e7096c13SJason A. Donenfeld	struct wg_peer *peer, *temp;
e7096c13SJason A. Donenfeld	LIST_HEAD(dead_peers);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	lockdep_assert_held(&wg->device_update_lock);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	/* Avoid having to traverse individually for each one. */
e7096c13SJason A. Donenfeld	wg_allowedips_free(&wg->peer_allowedips, &wg->device_update_lock);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	list_for_each_entry_safe(peer, temp, &wg->peer_list, peer_list) {
e7096c13SJason A. Donenfeld		peer_make_dead(peer);
e7096c13SJason A. Donenfeld		list_add_tail(&peer->peer_list, &dead_peers);
e7096c13SJason A. Donenfeld	}
24b70eeeSJason A. Donenfeld	synchronize_net();
e7096c13SJason A. Donenfeld	list_for_each_entry_safe(peer, temp, &dead_peers, peer_list)
e7096c13SJason A. Donenfeld		peer_remove_after_dead(peer);
e7096c13SJason A. Donenfeld}
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeldstatic void rcu_release(struct rcu_head *rcu)
e7096c13SJason A. Donenfeld{
e7096c13SJason A. Donenfeld	struct wg_peer *peer = container_of(rcu, struct wg_peer, rcu);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	dst_cache_destroy(&peer->endpoint_cache);
8b5553acSJason A. Donenfeld	WARN_ON(wg_prev_queue_peek(&peer->tx_queue) || wg_prev_queue_peek(&peer->rx_queue));
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	/* The final zeroing takes care of clearing any remaining handshake key
e7096c13SJason A. Donenfeld	 * material and other potentially sensitive information.
e7096c13SJason A. Donenfeld	 */
a4e9f8e3SJason A. Donenfeld	memzero_explicit(peer, sizeof(*peer));
a4e9f8e3SJason A. Donenfeld	kmem_cache_free(peer_cache, peer);
e7096c13SJason A. Donenfeld}
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeldstatic void kref_release(struct kref *refcount)
e7096c13SJason A. Donenfeld{
e7096c13SJason A. Donenfeld	struct wg_peer *peer = container_of(refcount, struct wg_peer, refcount);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	pr_debug("%s: Peer %llu (%pISpfsc) destroyed\n",
e7096c13SJason A. Donenfeld		 peer->device->dev->name, peer->internal_id,
e7096c13SJason A. Donenfeld		 &peer->endpoint.addr);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	/* Remove ourself from dynamic runtime lookup structures, now that the
e7096c13SJason A. Donenfeld	 * last reference is gone.
e7096c13SJason A. Donenfeld	 */
e7096c13SJason A. Donenfeld	wg_index_hashtable_remove(peer->device->index_hashtable,
e7096c13SJason A. Donenfeld				  &peer->handshake.entry);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	/* Remove any lingering packets that didn't have a chance to be
e7096c13SJason A. Donenfeld	 * transmitted.
e7096c13SJason A. Donenfeld	 */
e7096c13SJason A. Donenfeld	wg_packet_purge_staged_packets(peer);
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeld	/* Free the memory used. */
e7096c13SJason A. Donenfeld	call_rcu(&peer->rcu, rcu_release);
e7096c13SJason A. Donenfeld}
e7096c13SJason A. Donenfeld
e7096c13SJason A. Donenfeldvoid wg_peer_put(struct wg_peer *peer)
e7096c13SJason A. Donenfeld{
e7096c13SJason A. Donenfeld	if (unlikely(!peer))
e7096c13SJason A. Donenfeld		return;
e7096c13SJason A. Donenfeld	kref_put(&peer->refcount, kref_release);
e7096c13SJason A. Donenfeld}
a4e9f8e3SJason A. Donenfeld
a4e9f8e3SJason A. Donenfeldint __init wg_peer_init(void)
a4e9f8e3SJason A. Donenfeld{
a4e9f8e3SJason A. Donenfeld	peer_cache = KMEM_CACHE(wg_peer, 0);
a4e9f8e3SJason A. Donenfeld	return peer_cache ? 0 : -ENOMEM;
a4e9f8e3SJason A. Donenfeld}
a4e9f8e3SJason A. Donenfeld
a4e9f8e3SJason A. Donenfeldvoid wg_peer_uninit(void)
a4e9f8e3SJason A. Donenfeld{
a4e9f8e3SJason A. Donenfeld	kmem_cache_destroy(peer_cache);
a4e9f8e3SJason A. Donenfeld}