Blame - drivers/net/wireguard/timers.c - hafnium/third_party/linux

blob: d54d32ac9bc41531e1b5a71c55bb989fb6d15c45 [file] [log] [blame]

Olivier Deprez	157378f	2022-04-04 15:47:50 +0200	[diff] [blame^]	1	// SPDX-License-Identifier: GPL-2.0
				2	/*
				3	* Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
				4	*/
				5
				6	#include "timers.h"
				7	#include "device.h"
				8	#include "peer.h"
				9	#include "queueing.h"
				10	#include "socket.h"
				11
				12	/*
				13	* - Timer for retransmitting the handshake if we don't hear back after
				14	* `REKEY_TIMEOUT + jitter` ms.
				15	*
				16	* - Timer for sending empty packet if we have received a packet but after have
				17	* not sent one for `KEEPALIVE_TIMEOUT` ms.
				18	*
				19	* - Timer for initiating new handshake if we have sent a packet but after have
				20	* not received one (even empty) for `(KEEPALIVE_TIMEOUT + REKEY_TIMEOUT) +
				21	* jitter` ms.
				22	*
				23	* - Timer for zeroing out all ephemeral keys after `(REJECT_AFTER_TIME * 3)` ms
				24	* if no new keys have been received.
				25	*
				26	* - Timer for, if enabled, sending an empty authenticated packet every user-
				27	* specified seconds.
				28	*/
				29
				30	static inline void mod_peer_timer(struct wg_peer *peer,
				31	struct timer_list *timer,
				32	unsigned long expires)
				33	{
				34	rcu_read_lock_bh();
				35	if (likely(netif_running(peer->device->dev) &&
				36	!READ_ONCE(peer->is_dead)))
				37	mod_timer(timer, expires);
				38	rcu_read_unlock_bh();
				39	}
				40
				41	static void wg_expired_retransmit_handshake(struct timer_list *timer)
				42	{
				43	struct wg_peer *peer = from_timer(peer, timer,
				44	timer_retransmit_handshake);
				45
				46	if (peer->timer_handshake_attempts > MAX_TIMER_HANDSHAKES) {
				47	pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d attempts, giving up\n",
				48	peer->device->dev->name, peer->internal_id,
				49	&peer->endpoint.addr, MAX_TIMER_HANDSHAKES + 2);
				50
				51	del_timer(&peer->timer_send_keepalive);
				52	/* We drop all packets without a keypair and don't try again,
				53	* if we try unsuccessfully for too long to make a handshake.
				54	*/
				55	wg_packet_purge_staged_packets(peer);
				56
				57	/* We set a timer for destroying any residue that might be left
				58	* of a partial exchange.
				59	*/
				60	if (!timer_pending(&peer->timer_zero_key_material))
				61	mod_peer_timer(peer, &peer->timer_zero_key_material,
				62	jiffies + REJECT_AFTER_TIME * 3 * HZ);
				63	} else {
				64	++peer->timer_handshake_attempts;
				65	pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d seconds, retrying (try %d)\n",
				66	peer->device->dev->name, peer->internal_id,
				67	&peer->endpoint.addr, REKEY_TIMEOUT,
				68	peer->timer_handshake_attempts + 1);
				69
				70	/* We clear the endpoint address src address, in case this is
				71	* the cause of trouble.
				72	*/
				73	wg_socket_clear_peer_endpoint_src(peer);
				74
				75	wg_packet_send_queued_handshake_initiation(peer, true);
				76	}
				77	}
				78
				79	static void wg_expired_send_keepalive(struct timer_list *timer)
				80	{
				81	struct wg_peer *peer = from_timer(peer, timer, timer_send_keepalive);
				82
				83	wg_packet_send_keepalive(peer);
				84	if (peer->timer_need_another_keepalive) {
				85	peer->timer_need_another_keepalive = false;
				86	mod_peer_timer(peer, &peer->timer_send_keepalive,
				87	jiffies + KEEPALIVE_TIMEOUT * HZ);
				88	}
				89	}
				90
				91	static void wg_expired_new_handshake(struct timer_list *timer)
				92	{
				93	struct wg_peer *peer = from_timer(peer, timer, timer_new_handshake);
				94
				95	pr_debug("%s: Retrying handshake with peer %llu (%pISpfsc) because we stopped hearing back after %d seconds\n",
				96	peer->device->dev->name, peer->internal_id,
				97	&peer->endpoint.addr, KEEPALIVE_TIMEOUT + REKEY_TIMEOUT);
				98	/* We clear the endpoint address src address, in case this is the cause
				99	* of trouble.
				100	*/
				101	wg_socket_clear_peer_endpoint_src(peer);
				102	wg_packet_send_queued_handshake_initiation(peer, false);
				103	}
				104
				105	static void wg_expired_zero_key_material(struct timer_list *timer)
				106	{
				107	struct wg_peer *peer = from_timer(peer, timer, timer_zero_key_material);
				108
				109	rcu_read_lock_bh();
				110	if (!READ_ONCE(peer->is_dead)) {
				111	wg_peer_get(peer);
				112	if (!queue_work(peer->device->handshake_send_wq,
				113	&peer->clear_peer_work))
				114	/* If the work was already on the queue, we want to drop
				115	* the extra reference.
				116	*/
				117	wg_peer_put(peer);
				118	}
				119	rcu_read_unlock_bh();
				120	}
				121
				122	static void wg_queued_expired_zero_key_material(struct work_struct *work)
				123	{
				124	struct wg_peer *peer = container_of(work, struct wg_peer,
				125	clear_peer_work);
				126
				127	pr_debug("%s: Zeroing out all keys for peer %llu (%pISpfsc), since we haven't received a new one in %d seconds\n",
				128	peer->device->dev->name, peer->internal_id,
				129	&peer->endpoint.addr, REJECT_AFTER_TIME * 3);
				130	wg_noise_handshake_clear(&peer->handshake);
				131	wg_noise_keypairs_clear(&peer->keypairs);
				132	wg_peer_put(peer);
				133	}
				134
				135	static void wg_expired_send_persistent_keepalive(struct timer_list *timer)
				136	{
				137	struct wg_peer *peer = from_timer(peer, timer,
				138	timer_persistent_keepalive);
				139
				140	if (likely(peer->persistent_keepalive_interval))
				141	wg_packet_send_keepalive(peer);
				142	}
				143
				144	/* Should be called after an authenticated data packet is sent. */
				145	void wg_timers_data_sent(struct wg_peer *peer)
				146	{
				147	if (!timer_pending(&peer->timer_new_handshake))
				148	mod_peer_timer(peer, &peer->timer_new_handshake,
				149	jiffies + (KEEPALIVE_TIMEOUT + REKEY_TIMEOUT) * HZ +
				150	prandom_u32_max(REKEY_TIMEOUT_JITTER_MAX_JIFFIES));
				151	}
				152
				153	/* Should be called after an authenticated data packet is received. */
				154	void wg_timers_data_received(struct wg_peer *peer)
				155	{
				156	if (likely(netif_running(peer->device->dev))) {
				157	if (!timer_pending(&peer->timer_send_keepalive))
				158	mod_peer_timer(peer, &peer->timer_send_keepalive,
				159	jiffies + KEEPALIVE_TIMEOUT * HZ);
				160	else
				161	peer->timer_need_another_keepalive = true;
				162	}
				163	}
				164
				165	/* Should be called after any type of authenticated packet is sent, whether
				166	* keepalive, data, or handshake.
				167	*/
				168	void wg_timers_any_authenticated_packet_sent(struct wg_peer *peer)
				169	{
				170	del_timer(&peer->timer_send_keepalive);
				171	}
				172
				173	/* Should be called after any type of authenticated packet is received, whether
				174	* keepalive, data, or handshake.
				175	*/
				176	void wg_timers_any_authenticated_packet_received(struct wg_peer *peer)
				177	{
				178	del_timer(&peer->timer_new_handshake);
				179	}
				180
				181	/* Should be called after a handshake initiation message is sent. */
				182	void wg_timers_handshake_initiated(struct wg_peer *peer)
				183	{
				184	mod_peer_timer(peer, &peer->timer_retransmit_handshake,
				185	jiffies + REKEY_TIMEOUT * HZ +
				186	prandom_u32_max(REKEY_TIMEOUT_JITTER_MAX_JIFFIES));
				187	}
				188
				189	/* Should be called after a handshake response message is received and processed
				190	* or when getting key confirmation via the first data message.
				191	*/
				192	void wg_timers_handshake_complete(struct wg_peer *peer)
				193	{
				194	del_timer(&peer->timer_retransmit_handshake);
				195	peer->timer_handshake_attempts = 0;
				196	peer->sent_lastminute_handshake = false;
				197	ktime_get_real_ts64(&peer->walltime_last_handshake);
				198	}
				199
				200	/* Should be called after an ephemeral key is created, which is before sending a
				201	* handshake response or after receiving a handshake response.
				202	*/
				203	void wg_timers_session_derived(struct wg_peer *peer)
				204	{
				205	mod_peer_timer(peer, &peer->timer_zero_key_material,
				206	jiffies + REJECT_AFTER_TIME * 3 * HZ);
				207	}
				208
				209	/* Should be called before a packet with authentication, whether
				210	* keepalive, data, or handshakem is sent, or after one is received.
				211	*/
				212	void wg_timers_any_authenticated_packet_traversal(struct wg_peer *peer)
				213	{
				214	if (peer->persistent_keepalive_interval)
				215	mod_peer_timer(peer, &peer->timer_persistent_keepalive,
				216	jiffies + peer->persistent_keepalive_interval * HZ);
				217	}
				218
				219	void wg_timers_init(struct wg_peer *peer)
				220	{
				221	timer_setup(&peer->timer_retransmit_handshake,
				222	wg_expired_retransmit_handshake, 0);
				223	timer_setup(&peer->timer_send_keepalive, wg_expired_send_keepalive, 0);
				224	timer_setup(&peer->timer_new_handshake, wg_expired_new_handshake, 0);
				225	timer_setup(&peer->timer_zero_key_material,
				226	wg_expired_zero_key_material, 0);
				227	timer_setup(&peer->timer_persistent_keepalive,
				228	wg_expired_send_persistent_keepalive, 0);
				229	INIT_WORK(&peer->clear_peer_work, wg_queued_expired_zero_key_material);
				230	peer->timer_handshake_attempts = 0;
				231	peer->sent_lastminute_handshake = false;
				232	peer->timer_need_another_keepalive = false;
				233	}
				234
				235	void wg_timers_stop(struct wg_peer *peer)
				236	{
				237	del_timer_sync(&peer->timer_retransmit_handshake);
				238	del_timer_sync(&peer->timer_send_keepalive);
				239	del_timer_sync(&peer->timer_new_handshake);
				240	del_timer_sync(&peer->timer_zero_key_material);
				241	del_timer_sync(&peer->timer_persistent_keepalive);
				242	flush_work(&peer->clear_peer_work);
				243	}