The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=7a4d1d1df0b2e369adcb32aea9ef8c180f885751
commit 7a4d1d1df0b2e369adcb32aea9ef8c180f885751 Author: Aaron LI <[email protected]> AuthorDate: 2024-01-17 23:29:23 +0000 Commit: Kyle Evans <[email protected]> CommitDate: 2024-01-17 23:29:54 +0000 if_wg: fix access to noise_local->l_has_identity and l_private These members are protected by the identity lock, so rlock it in noise_remote_alloc() and then assert that we have it held to some extent in noise_precompute_ss(). PR: 276392 --- sys/dev/wg/wg_noise.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/dev/wg/wg_noise.c b/sys/dev/wg/wg_noise.c index 3db74ac9580f..a727a2f99d15 100644 --- a/sys/dev/wg/wg_noise.c +++ b/sys/dev/wg/wg_noise.c @@ -281,6 +281,7 @@ noise_local_keys(struct noise_local *l, uint8_t public[NOISE_PUBLIC_KEY_LEN], static void noise_precompute_ss(struct noise_local *l, struct noise_remote *r) { + rw_assert(&l->l_identity_lock, RA_LOCKED); rw_wlock(&r->r_handshake_lock); if (!l->l_has_identity || !curve25519(r->r_ss, l->l_private, r->r_public)) @@ -302,7 +303,10 @@ noise_remote_alloc(struct noise_local *l, void *arg, r->r_handshake_state = HANDSHAKE_DEAD; r->r_last_sent = TIMER_RESET; r->r_last_init_recv = TIMER_RESET; + + rw_rlock(&l->l_identity_lock); noise_precompute_ss(l, r); + rw_runlock(&l->l_identity_lock); refcount_init(&r->r_refcnt, 1); r->r_local = noise_local_ref(l);
