From 568950c856a4855cb371b0c52fe63356a39ce3f6 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 12 Jun 2017 05:45:34 +0200 Subject: [PATCH] net-vpn/wireguard: version bump Package-Manager: Portage-2.3.6, Repoman-2.3.2 --- net-vpn/wireguard/Manifest | 2 +- ...d-0.0.20170531-remove-padata-hotplug.patch | 188 ------------------ ...uard-0.0.20170531-simultaneous-start.patch | 135 ------------- ...2.ebuild => wireguard-0.0.20170612.ebuild} | 5 - 4 files changed, 1 insertion(+), 329 deletions(-) delete mode 100644 net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch delete mode 100644 net-vpn/wireguard/files/wireguard-0.0.20170531-simultaneous-start.patch rename net-vpn/wireguard/{wireguard-0.0.20170531-r2.ebuild => wireguard-0.0.20170612.ebuild} (97%) diff --git a/net-vpn/wireguard/Manifest b/net-vpn/wireguard/Manifest index 57562cde9685..989d1ae06fdc 100644 --- a/net-vpn/wireguard/Manifest +++ b/net-vpn/wireguard/Manifest @@ -1 +1 @@ -DIST WireGuard-0.0.20170531.tar.xz 162816 SHA256 2eb7d9aaf11dcb35e5066837bb1c768398ad3655744fdeb656bd7e7c7ad7cacc SHA512 82ad68e61ccd2844837f817065f7576839cb19e278d28c140d168620fe257f41f201de069105f3b4e2a104d9390460409e831581f2dc02a1bfda18c13c410bed WHIRLPOOL eabf39acf06ec88baa1ddbab31929bc48a48876cb26afe6129bb7dd30a712ed5230220c1bd832d43a546ccbb2b8229d4127af4767656c42d0e0a5e63c026bf73 +DIST WireGuard-0.0.20170612.tar.xz 160484 SHA256 842f338b0e8c3e79adb7a2b27a2c59fd73875d8bc1d6a9111e09a93538ed6f75 SHA512 9aecfcc5c3ef3987f8e9cf0350bd0522c8828ba2a07ced220da80cd93fc87d6b5d783ed788a4c882e1b70e64807e5e422d7dc8a90a8987a92c6bbfc98974eec6 WHIRLPOOL 63381926dc9556971ec3cd80fa4a176692a650aa7caaa08a4377f7910d5f818f0a582f127735a5a164a49ce5697d2db8889b61257b2b0f2b25fa60f725df052e diff --git a/net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch b/net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch deleted file mode 100644 index a1f4b80d01d3..000000000000 --- a/net-vpn/wireguard/files/wireguard-0.0.20170531-remove-padata-hotplug.patch +++ /dev/null @@ -1,188 +0,0 @@ -From 1e0405942cecfd6de2a7707f3027f326d6f2fdb4 Mon Sep 17 00:00:00 2001 -From: "Jason A. Donenfeld" -Date: Thu, 1 Jun 2017 16:55:20 +0200 -Subject: compat: remove padata hotplug code - -It's different on different kernel versions, and we're not using it -anyway, so it's easiest to just get rid of it, rather than having -another ifdef maze. ---- - src/compat/padata/padata.c | 149 --------------------------------------------- - 1 file changed, 149 deletions(-) - -diff --git a/src/compat/padata/padata.c b/src/compat/padata/padata.c -index 480c43f..25836db 100644 ---- a/src/compat/padata/padata.c -+++ b/src/compat/padata/padata.c -@@ -677,131 +677,8 @@ void padata_stop(struct padata_instance *pinst) - mutex_unlock(&pinst->lock); - } - --#ifdef CONFIG_HOTPLUG_CPU -- --static int __padata_add_cpu(struct padata_instance *pinst, int cpu) --{ -- struct parallel_data *pd; -- -- if (cpumask_test_cpu(cpu, cpu_online_mask)) { -- pd = padata_alloc_pd(pinst, pinst->cpumask.pcpu, -- pinst->cpumask.cbcpu); -- if (!pd) -- return -ENOMEM; -- -- padata_replace(pinst, pd); -- -- if (padata_validate_cpumask(pinst, pinst->cpumask.pcpu) && -- padata_validate_cpumask(pinst, pinst->cpumask.cbcpu)) -- __padata_start(pinst); -- } -- -- return 0; --} -- --static int __padata_remove_cpu(struct padata_instance *pinst, int cpu) --{ -- struct parallel_data *pd = NULL; -- -- if (cpumask_test_cpu(cpu, cpu_online_mask)) { -- -- if (!padata_validate_cpumask(pinst, pinst->cpumask.pcpu) || -- !padata_validate_cpumask(pinst, pinst->cpumask.cbcpu)) -- __padata_stop(pinst); -- -- pd = padata_alloc_pd(pinst, pinst->cpumask.pcpu, -- pinst->cpumask.cbcpu); -- if (!pd) -- return -ENOMEM; -- -- padata_replace(pinst, pd); -- -- cpumask_clear_cpu(cpu, pd->cpumask.cbcpu); -- cpumask_clear_cpu(cpu, pd->cpumask.pcpu); -- } -- -- return 0; --} -- -- /** -- * padata_remove_cpu - remove a cpu from the one or both(serial and parallel) -- * padata cpumasks. -- * -- * @pinst: padata instance -- * @cpu: cpu to remove -- * @mask: bitmask specifying from which cpumask @cpu should be removed -- * The @mask may be any combination of the following flags: -- * PADATA_CPU_SERIAL - serial cpumask -- * PADATA_CPU_PARALLEL - parallel cpumask -- */ --int padata_remove_cpu(struct padata_instance *pinst, int cpu, int mask) --{ -- int err; -- -- if (!(mask & (PADATA_CPU_SERIAL | PADATA_CPU_PARALLEL))) -- return -EINVAL; -- -- mutex_lock(&pinst->lock); -- -- get_online_cpus(); -- if (mask & PADATA_CPU_SERIAL) -- cpumask_clear_cpu(cpu, pinst->cpumask.cbcpu); -- if (mask & PADATA_CPU_PARALLEL) -- cpumask_clear_cpu(cpu, pinst->cpumask.pcpu); -- -- err = __padata_remove_cpu(pinst, cpu); -- put_online_cpus(); -- -- mutex_unlock(&pinst->lock); -- -- return err; --} -- --static inline int pinst_has_cpu(struct padata_instance *pinst, int cpu) --{ -- return cpumask_test_cpu(cpu, pinst->cpumask.pcpu) || -- cpumask_test_cpu(cpu, pinst->cpumask.cbcpu); --} -- --static int padata_cpu_online(unsigned int cpu, struct hlist_node *node) --{ -- struct padata_instance *pinst; -- int ret; -- -- pinst = hlist_entry_safe(node, struct padata_instance, node); -- if (!pinst_has_cpu(pinst, cpu)) -- return 0; -- -- mutex_lock(&pinst->lock); -- ret = __padata_add_cpu(pinst, cpu); -- mutex_unlock(&pinst->lock); -- return ret; --} -- --static int padata_cpu_prep_down(unsigned int cpu, struct hlist_node *node) --{ -- struct padata_instance *pinst; -- int ret; -- -- pinst = hlist_entry_safe(node, struct padata_instance, node); -- if (!pinst_has_cpu(pinst, cpu)) -- return 0; -- -- mutex_lock(&pinst->lock); -- ret = __padata_remove_cpu(pinst, cpu); -- mutex_unlock(&pinst->lock); -- return ret; --} -- --static enum cpuhp_state hp_online; --#endif -- - static void __padata_free(struct padata_instance *pinst) - { --#ifdef CONFIG_HOTPLUG_CPU -- cpuhp_state_remove_instance_nocalls(hp_online, &pinst->node); --#endif -- - padata_stop(pinst); - padata_free_pd(pinst->pd); - free_cpumask_var(pinst->cpumask.pcpu); -@@ -995,9 +872,6 @@ struct padata_instance *padata_alloc(struct workqueue_struct *wq, - kobject_init(&pinst->kobj, &padata_attr_type); - mutex_init(&pinst->lock); - --#ifdef CONFIG_HOTPLUG_CPU -- cpuhp_state_add_instance_nocalls(hp_online, &pinst->node); --#endif - return pinst; - - err_free_masks: -@@ -1019,26 +893,3 @@ void padata_free(struct padata_instance *pinst) - { - kobject_put(&pinst->kobj); - } -- --#ifdef CONFIG_HOTPLUG_CPU -- --static __init int padata_driver_init(void) --{ -- int ret; -- -- ret = cpuhp_setup_state_multi(CPUHP_AP_ONLINE_DYN, "padata:online", -- padata_cpu_online, -- padata_cpu_prep_down); -- if (ret < 0) -- return ret; -- hp_online = ret; -- return 0; --} --module_init(padata_driver_init); -- --static __exit void padata_driver_exit(void) --{ -- cpuhp_remove_multi_state(hp_online); --} --module_exit(padata_driver_exit); --#endif --- -cgit v1.1-9-ge9c1d - diff --git a/net-vpn/wireguard/files/wireguard-0.0.20170531-simultaneous-start.patch b/net-vpn/wireguard/files/wireguard-0.0.20170531-simultaneous-start.patch deleted file mode 100644 index 5d5ef64333d3..000000000000 --- a/net-vpn/wireguard/files/wireguard-0.0.20170531-simultaneous-start.patch +++ /dev/null @@ -1,135 +0,0 @@ -From 156280bcb881915701b25ad57e1efe2dcef73c6b Mon Sep 17 00:00:00 2001 -From: "Jason A. Donenfeld" -Date: Tue, 6 Jun 2017 21:49:29 +0200 -Subject: noise: fix race when replacing handshake - -Replacing an entry that's already been replaced is something that could -happen when processing handshake messages in parallel, when starting up -multiple instances on the same machine. - -Reported-by: Hubert Goisern ---- - src/hashtables.c | 5 ++++- - src/hashtables.h | 2 +- - src/noise.c | 28 +++++++++++++++++++--------- - 3 files changed, 24 insertions(+), 11 deletions(-) - -diff --git a/src/hashtables.c b/src/hashtables.c -index db97f7e..a01a899 100644 ---- a/src/hashtables.c -+++ b/src/hashtables.c -@@ -97,13 +97,16 @@ search_unused_slot: - return entry->index; - } - --void index_hashtable_replace(struct index_hashtable *table, struct index_hashtable_entry *old, struct index_hashtable_entry *new) -+bool index_hashtable_replace(struct index_hashtable *table, struct index_hashtable_entry *old, struct index_hashtable_entry *new) - { -+ if (unlikely(hlist_unhashed(&old->index_hash))) -+ return false; - spin_lock_bh(&table->lock); - new->index = old->index; - hlist_replace_rcu(&old->index_hash, &new->index_hash); - INIT_HLIST_NODE(&old->index_hash); - spin_unlock_bh(&table->lock); -+ return true; - } - - void index_hashtable_remove(struct index_hashtable *table, struct index_hashtable_entry *entry) -diff --git a/src/hashtables.h b/src/hashtables.h -index 9fa47d5..08a2a5d 100644 ---- a/src/hashtables.h -+++ b/src/hashtables.h -@@ -40,7 +40,7 @@ struct index_hashtable_entry { - }; - void index_hashtable_init(struct index_hashtable *table); - __le32 index_hashtable_insert(struct index_hashtable *table, struct index_hashtable_entry *entry); --void index_hashtable_replace(struct index_hashtable *table, struct index_hashtable_entry *old, struct index_hashtable_entry *new); -+bool index_hashtable_replace(struct index_hashtable *table, struct index_hashtable_entry *old, struct index_hashtable_entry *new); - void index_hashtable_remove(struct index_hashtable *table, struct index_hashtable_entry *entry); - struct index_hashtable_entry *index_hashtable_lookup(struct index_hashtable *table, const enum index_hashtable_type type_mask, const __le32 index); - -diff --git a/src/noise.c b/src/noise.c -index 7ca2a67..9583ab1 100644 ---- a/src/noise.c -+++ b/src/noise.c -@@ -59,16 +59,21 @@ bool noise_handshake_init(struct noise_handshake *handshake, struct noise_static - return noise_precompute_static_static(peer); - } - --void noise_handshake_clear(struct noise_handshake *handshake) -+static void handshake_zero(struct noise_handshake *handshake) - { -- index_hashtable_remove(&handshake->entry.peer->device->index_hashtable, &handshake->entry); -- down_write(&handshake->lock); - memset(&handshake->ephemeral_private, 0, NOISE_PUBLIC_KEY_LEN); - memset(&handshake->remote_ephemeral, 0, NOISE_PUBLIC_KEY_LEN); - memset(&handshake->hash, 0, NOISE_HASH_LEN); - memset(&handshake->chaining_key, 0, NOISE_HASH_LEN); - handshake->remote_index = 0; - handshake->state = HANDSHAKE_ZEROED; -+} -+ -+void noise_handshake_clear(struct noise_handshake *handshake) -+{ -+ index_hashtable_remove(&handshake->entry.peer->device->index_hashtable, &handshake->entry); -+ down_write(&handshake->lock); -+ handshake_zero(handshake); - up_write(&handshake->lock); - index_hashtable_remove(&handshake->entry.peer->device->index_hashtable, &handshake->entry); - } -@@ -371,8 +376,8 @@ bool noise_handshake_create_initiation(struct message_handshake_initiation *dst, - - dst->sender_index = index_hashtable_insert(&handshake->entry.peer->device->index_hashtable, &handshake->entry); - -- ret = true; - handshake->state = HANDSHAKE_CREATED_INITIATION; -+ ret = true; - - out: - up_write(&handshake->lock); -@@ -548,6 +553,11 @@ struct wireguard_peer *noise_handshake_consume_response(struct message_handshake - - /* Success! Copy everything to peer */ - down_write(&handshake->lock); -+ /* It's important to check that the state is still the same, while we have an exclusive lock */ -+ if (handshake->state != state) { -+ up_write(&handshake->lock); -+ goto fail; -+ } - memcpy(handshake->remote_ephemeral, e, NOISE_PUBLIC_KEY_LEN); - memcpy(handshake->hash, hash, NOISE_HASH_LEN); - memcpy(handshake->chaining_key, chaining_key, NOISE_HASH_LEN); -@@ -573,7 +583,7 @@ bool noise_handshake_begin_session(struct noise_handshake *handshake, struct noi - { - struct noise_keypair *new_keypair; - -- down_read(&handshake->lock); -+ down_write(&handshake->lock); - if (handshake->state != HANDSHAKE_CREATED_RESPONSE && handshake->state != HANDSHAKE_CONSUMED_RESPONSE) - goto fail; - -@@ -587,16 +597,16 @@ bool noise_handshake_begin_session(struct noise_handshake *handshake, struct noi - derive_keys(&new_keypair->sending, &new_keypair->receiving, handshake->chaining_key); - else - derive_keys(&new_keypair->receiving, &new_keypair->sending, handshake->chaining_key); -- up_read(&handshake->lock); - -+ handshake_zero(handshake); - add_new_keypair(keypairs, new_keypair); -- index_hashtable_replace(&handshake->entry.peer->device->index_hashtable, &handshake->entry, &new_keypair->entry); -- noise_handshake_clear(handshake); - net_dbg_ratelimited("%s: Keypair %Lu created for peer %Lu\n", netdev_pub(new_keypair->entry.peer->device)->name, new_keypair->internal_id, new_keypair->entry.peer->internal_id); -+ WARN_ON(!index_hashtable_replace(&handshake->entry.peer->device->index_hashtable, &handshake->entry, &new_keypair->entry)); -+ up_write(&handshake->lock); - - return true; - - fail: -- up_read(&handshake->lock); -+ up_write(&handshake->lock); - return false; - } --- -cgit v1.1-9-ge9c1d - diff --git a/net-vpn/wireguard/wireguard-0.0.20170531-r2.ebuild b/net-vpn/wireguard/wireguard-0.0.20170612.ebuild similarity index 97% rename from net-vpn/wireguard/wireguard-0.0.20170531-r2.ebuild rename to net-vpn/wireguard/wireguard-0.0.20170612.ebuild index db171b012c3b..1406c6d3ade9 100644 --- a/net-vpn/wireguard/wireguard-0.0.20170531-r2.ebuild +++ b/net-vpn/wireguard/wireguard-0.0.20170612.ebuild @@ -39,11 +39,6 @@ pkg_setup() { fi } -PATCHES=( - "${FILESDIR}/${P}-remove-padata-hotplug.patch" - "${FILESDIR}/${P}-simultaneous-start.patch" -) - src_compile() { use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}" use module && linux-mod_src_compile -- 2.26.2