diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-03-01 23:26:55 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-03-12 18:00:56 -0700 |
| commit | 0c854e53be0cb97653f9bba38a65d3c7221f7a83 (patch) | |
| tree | 0c26377fba9c0cb792aebec5c4c7cb19b49983aa /drivers/net/wireguard/queueing.c | |
| parent | b46d5b3116abb0a6f872912b5a74778e02ca49c3 (diff) | |
| download | wireguard-linux-trimmed-0c854e53be0cb97653f9bba38a65d3c7221f7a83.tar.gz wireguard-linux-trimmed-0c854e53be0cb97653f9bba38a65d3c7221f7a83.zip | |
wireguard: device: clear keys on VM fork
When a virtual machine forks, it's important that WireGuard clear
existing sessions so that different plaintexts are not transmitted using
the same key+nonce, which can result in catastrophic cryptographic
failure. To accomplish this, we simply hook into the newly added vmfork
notifier.
As a bonus, it turns out that, like the vmfork registration function,
the PM registration function is stubbed out when CONFIG_PM_SLEEP is not
set, so we can actually just remove the maze of ifdefs, which makes it
really quite clean to support both notifiers at once.
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Theodore Ts'o <tytso@mit.edu>
Acked-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'drivers/net/wireguard/queueing.c')
0 files changed, 0 insertions, 0 deletions