git: 7a4d1d1df0b2 - main - if_wg: fix access to noise_local->l_has_identity and l_private

From: Kyle Evans <kevans_at_FreeBSD.org>
Date: Wed, 17 Jan 2024 23:30:42 UTC
The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=7a4d1d1df0b2e369adcb32aea9ef8c180f885751

commit 7a4d1d1df0b2e369adcb32aea9ef8c180f885751
Author:     Aaron LI <aly@aaronly.me>
AuthorDate: 2024-01-17 23:29:23 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2024-01-17 23:29:54 +0000

    if_wg: fix access to noise_local->l_has_identity and l_private
    
    These members are protected by the identity lock, so rlock it in
    noise_remote_alloc() and then assert that we have it held to some extent
    in noise_precompute_ss().
    
    PR:             276392
---
 sys/dev/wg/wg_noise.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sys/dev/wg/wg_noise.c b/sys/dev/wg/wg_noise.c
index 3db74ac9580f..a727a2f99d15 100644
--- a/sys/dev/wg/wg_noise.c
+++ b/sys/dev/wg/wg_noise.c
@@ -281,6 +281,7 @@ noise_local_keys(struct noise_local *l, uint8_t public[NOISE_PUBLIC_KEY_LEN],
 static void
 noise_precompute_ss(struct noise_local *l, struct noise_remote *r)
 {
+	rw_assert(&l->l_identity_lock, RA_LOCKED);
 	rw_wlock(&r->r_handshake_lock);
 	if (!l->l_has_identity ||
 	    !curve25519(r->r_ss, l->l_private, r->r_public))
@@ -302,7 +303,10 @@ noise_remote_alloc(struct noise_local *l, void *arg,
 	r->r_handshake_state = HANDSHAKE_DEAD;
 	r->r_last_sent = TIMER_RESET;
 	r->r_last_init_recv = TIMER_RESET;
+
+	rw_rlock(&l->l_identity_lock);
 	noise_precompute_ss(l, r);
+	rw_runlock(&l->l_identity_lock);
 
 	refcount_init(&r->r_refcnt, 1);
 	r->r_local = noise_local_ref(l);