900575aa33
Before, we took a reference to the creating netns if the new netns was
different. This caused issues with circular references, with two
wireguard interfaces swapping namespaces. The solution is to rather not
take any extra references at all, but instead simply invalidate the
creating netns pointer when that netns is deleted.
In order to prevent this from happening again, this commit improves the
rough object leak tracking by allowing it to account for created and
destroyed interfaces, aside from just peers and keys. That then makes it
possible to check for the object leak when having two interfaces take a
reference to each others' namespaces.
Fixes: e7096c131e
("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
65 lines
1.5 KiB
C
65 lines
1.5 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
|
*/
|
|
|
|
#ifndef _WG_DEVICE_H
|
|
#define _WG_DEVICE_H
|
|
|
|
#include "noise.h"
|
|
#include "allowedips.h"
|
|
#include "peerlookup.h"
|
|
#include "cookie.h"
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/netdevice.h>
|
|
#include <linux/workqueue.h>
|
|
#include <linux/mutex.h>
|
|
#include <linux/net.h>
|
|
#include <linux/ptr_ring.h>
|
|
|
|
struct wg_device;
|
|
|
|
struct multicore_worker {
|
|
void *ptr;
|
|
struct work_struct work;
|
|
};
|
|
|
|
struct crypt_queue {
|
|
struct ptr_ring ring;
|
|
union {
|
|
struct {
|
|
struct multicore_worker __percpu *worker;
|
|
int last_cpu;
|
|
};
|
|
struct work_struct work;
|
|
};
|
|
};
|
|
|
|
struct wg_device {
|
|
struct net_device *dev;
|
|
struct crypt_queue encrypt_queue, decrypt_queue;
|
|
struct sock __rcu *sock4, *sock6;
|
|
struct net __rcu *creating_net;
|
|
struct noise_static_identity static_identity;
|
|
struct workqueue_struct *handshake_receive_wq, *handshake_send_wq;
|
|
struct workqueue_struct *packet_crypt_wq;
|
|
struct sk_buff_head incoming_handshakes;
|
|
int incoming_handshake_cpu;
|
|
struct multicore_worker __percpu *incoming_handshakes_worker;
|
|
struct cookie_checker cookie_checker;
|
|
struct pubkey_hashtable *peer_hashtable;
|
|
struct index_hashtable *index_hashtable;
|
|
struct allowedips peer_allowedips;
|
|
struct mutex device_update_lock, socket_update_lock;
|
|
struct list_head device_list, peer_list;
|
|
unsigned int num_peers, device_update_gen;
|
|
u32 fwmark;
|
|
u16 incoming_port;
|
|
};
|
|
|
|
int wg_device_init(void);
|
|
void wg_device_uninit(void);
|
|
|
|
#endif /* _WG_DEVICE_H */
|