Commit graph

12 commits

Author SHA1 Message Date
Kyle Evans
b08ee10c06 wg: fix a number of issues with module load failure handling
If MOD_LOAD fails, then MOD_UNLOAD will be called to unwind module
state, but wg_module_init() will have already deinitialized everything
it needs to in a manner that renders it unsafe to call MOD_UNLOAD
after (e.g., freed zone not reset to NULL, wg_osd_jail_slot not reset
to 0).  Let's simply stop trying to handle freeing everything in
wg_module_init() to simplify it; let the subsequent MOD_UNLOAD deal with
it, and let's make that robust against partially-constructed state.

jhb@ notes that MOD_UNLOAD being called if MOD_LOAD fails is kind of an
anomaly that doesn't match other paradigms in the kernel; e.g., if
device_attach() fails, we don't invoke device_detach().  It's likely
that a future commit will revert this and instead stop calling
MOD_UNLOAD if MOD_LOAD fails, expecting modules to clean up after
themselves in MOD_LOAD upon failure.  Some other modules already do this
and may see similar problems to the wg module (see: carp).  The proper
fix is decidedly a bit too invasive to do this close to 14 branching,
and it requires auditing all kmods (base + ports) for potential leaks.

PR:		272089
Reviewed by:	emaste
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D40708
2023-06-23 12:00:09 -05:00
Kyle Evans
ad9f4e6351 wg: fix MOD_LOAD to fail properly if cookie_init() fails
Previously we'd jump to the `free_crypto` label, but never set `ret` to
a failure value -- it would retain success from the call just prior.

Set ret up properly.

This is part of D40708, but not the main point of the change.
2023-06-23 11:55:00 -05:00
Kristof Provost
61b95bcb42 wg: change module name to if_wg
Other virtual interface drivers (e.g. if_gif, if_stf, if_ovpn) all start
with if_. The wireguard file is also named if_wg, but the module name
was 'wg'.

Fix this inconsistency.

Reported by:	Christian McDonald <cmcdonald@netgate.com>
Reviewed by:	zlei, kevans
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D39853
2023-04-29 18:30:24 +02:00
Justin Hibbits
87e728340b Mechanically convert wg(4) to IfAPI
Reviewed By:	jhb
Sponsored by:	Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D38307
2023-02-03 09:38:03 -05:00
Alan Somers
eb3f9a7aec Switch wg(4) to the new if_clone KPI
MFC after:	2 weeks
Reviewed by:	jhb
Differential Revision: https://reviews.freebsd.org/D37740
2023-01-09 19:54:14 -07:00
Zhenlei Huang
f948cb717f wg: Use NET_EPOCH_DRAIN_CALLBACKS macro
Reviewed by:	jhb, kp
Approved by:	kp (mentor)
Differential Revision:	https://reviews.freebsd.org/D37734
2022-12-28 23:28:15 +08:00
John Baldwin
573bd1fcf5 wg: Drop the compat shim for sbcreatecontrol().
I had to make a few other changes when merging the driver to stable/13
anyway, so adjusting this as well isn't really a big deal.

MFC after:	3 days
2022-11-11 14:18:48 -08:00
John Baldwin
854d066251 wg: Trim compat shims for versions older than current stable/13.
Reviewed by:	kevans, markj, emaste
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D36913
2022-10-28 13:36:13 -07:00
John Baldwin
c640d1af2c wg: Retire now unused support.h.
Reviewed by:	kevans, markj, emaste
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D36912
2022-10-28 13:36:13 -07:00
John Baldwin
dcf581bb49 wg: Use zfree.
Reviewed by:	kevans, markj, emaste
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D36911
2022-10-28 13:36:13 -07:00
John Baldwin
e32e1a160e wg: Use atomic(9) instead of concurrency-kit atomics.
Kernel sanitizers only support atomic(9) operations.

Reviewed by:	kevans, markj, emaste
Reported by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D36910
2022-10-28 13:36:13 -07:00
John Baldwin
744bfb2131 Import the WireGuard driver from zx2c4.com.
This commit brings back the driver from FreeBSD commit
f187d6dfbf plus subsequent fixes from
upstream.

Relative to upstream this commit includes a few other small fixes such
as additional INET and INET6 #ifdef's, #include cleanups, and updates
for recent API changes in main.

Reviewed by:	pauamma, gbe, kevans, emaste
Obtained from:	git@git.zx2c4.com:wireguard-freebsd @ 3cc22b2
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D36909
2022-10-28 13:36:12 -07:00