kernel/drivers/net/wireguard/peerlookup.c

// SPDX-License-Identifier: GPL-2.0
/*
 * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
 */

#include "peerlookup.h"
#include "peer.h"
#include "noise.h"

static struct hlist_head *pubkey_bucket(struct pubkey_hashtable *table,
					const u8 pubkey[NOISE_PUBLIC_KEY_LEN])
{
	/* siphash gives us a secure 64bit number based on a random key. Since
	 * the bits are uniformly distributed, we can then mask off to get the
	 * bits we need.
	 */
	const u64 hash = siphash(pubkey, NOISE_PUBLIC_KEY_LEN, &table->key);

	return &table->hashtable[hash & (HASH_SIZE(table->hashtable) - 1)];
}

struct pubkey_hashtable *wg_pubkey_hashtable_alloc(void)
{
	struct pubkey_hashtable *table = kvmalloc(sizeof(*table), GFP_KERNEL);

	if (!table)
		return NULL;

	get_random_bytes(&table->key, sizeof(table->key));
	hash_init(table->hashtable);
	mutex_init(&table->lock);
	return table;
}

void wg_pubkey_hashtable_add(struct pubkey_hashtable *table,
			     struct wg_peer *peer)
{
	mutex_lock(&table->lock);
	hlist_add_head_rcu(&peer->pubkey_hash,
			   pubkey_bucket(table, peer->handshake.remote_static));
	mutex_unlock(&table->lock);
}

void wg_pubkey_hashtable_remove(struct pubkey_hashtable *table,
				struct wg_peer *peer)
{
	mutex_lock(&table->lock);
	hlist_del_init_rcu(&peer->pubkey_hash);
	mutex_unlock(&table->lock);
}

/* Returns a strong reference to a peer */
struct wg_peer *
wg_pubkey_hashtable_lookup(struct pubkey_hashtable *table,
			   const u8 pubkey[NOISE_PUBLIC_KEY_LEN])
{
	struct wg_peer *iter_peer, *peer = NULL;

	rcu_read_lock_bh();
	hlist_for_each_entry_rcu_bh(iter_peer, pubkey_bucket(table, pubkey),
				    pubkey_hash) {
		if (!memcmp(pubkey, iter_peer->handshake.remote_static,
			    NOISE_PUBLIC_KEY_LEN)) {
			peer = iter_peer;
			break;
		}
	}
	peer = wg_peer_get_maybe_zero(peer);
	rcu_read_unlock_bh();
	return peer;
}

static struct hlist_head *index_bucket(struct index_hashtable *table,
				       const __le32 index)
{
	/* Since the indices are random and thus all bits are uniformly
	 * distributed, we can find its bucket simply by masking.
	 */
	return &table->hashtable[(__force u32)index &
				 (HASH_SIZE(table->hashtable) - 1)];
}

struct index_hashtable *wg_index_hashtable_alloc(void)
{
	struct index_hashtable *table = kvmalloc(sizeof(*table), GFP_KERNEL);

	if (!table)
		return NULL;

	hash_init(table->hashtable);
	spin_lock_init(&table->lock);
	return table;
}

/* At the moment, we limit ourselves to 2^20 total peers, which generally might
 * amount to 2^20*3 items in this hashtable. The algorithm below works by
 * picking a random number and testing it. We can see that these limits mean we
 * usually succeed pretty quickly:
 *
 * >>> def calculation(tries, size):
 * ...     return (size / 2**32)**(tries - 1) *  (1 - (size / 2**32))
 * ...
 * >>> calculation(1, 2**20 * 3)
 * 0.999267578125
 * >>> calculation(2, 2**20 * 3)
 * 0.0007318854331970215
 * >>> calculation(3, 2**20 * 3)
 * 5.360489012673497e-07
 * >>> calculation(4, 2**20 * 3)
 * 3.9261394135792216e-10
 *
 * At the moment, we don't do any masking, so this algorithm isn't exactly
 * constant time in either the random guessing or in the hash list lookup. We
 * could require a minimum of 3 tries, which would successfully mask the
 * guessing. this would not, however, help with the growing hash lengths, which
 * is another thing to consider moving forward.
 */

__le32 wg_index_hashtable_insert(struct index_hashtable *table,
				 struct index_hashtable_entry *entry)
{
	struct index_hashtable_entry *existing_entry;

	spin_lock_bh(&table->lock);
	hlist_del_init_rcu(&entry->index_hash);
	spin_unlock_bh(&table->lock);

	rcu_read_lock_bh();

search_unused_slot:
	/* First we try to find an unused slot, randomly, while unlocked. */
	entry->index = (__force __le32)get_random_u32();
	hlist_for_each_entry_rcu_bh(existing_entry,
				    index_bucket(table, entry->index),
				    index_hash) {
		if (existing_entry->index == entry->index)
			/* If it's already in use, we continue searching. */
			goto search_unused_slot;
	}

	/* Once we've found an unused slot, we lock it, and then double-check
	 * that nobody else stole it from us.
	 */
	spin_lock_bh(&table->lock);
	hlist_for_each_entry_rcu_bh(existing_entry,
				    index_bucket(table, entry->index),
				    index_hash) {
		if (existing_entry->index == entry->index) {
			spin_unlock_bh(&table->lock);
			/* If it was stolen, we start over. */
			goto search_unused_slot;
		}
	}
	/* Otherwise, we know we have it exclusively (since we're locked),
	 * so we insert.
	 */
	hlist_add_head_rcu(&entry->index_hash,
			   index_bucket(table, entry->index));
	spin_unlock_bh(&table->lock);

	rcu_read_unlock_bh();

	return entry->index;
}

bool wg_index_hashtable_replace(struct index_hashtable *table,
				struct index_hashtable_entry *old,
				struct index_hashtable_entry *new)
{
	bool ret;

	spin_lock_bh(&table->lock);
	ret = !hlist_unhashed(&old->index_hash);
	if (unlikely(!ret))
		goto out;

	new->index = old->index;
	hlist_replace_rcu(&old->index_hash, &new->index_hash);

	/* Calling init here NULLs out index_hash, and in fact after this
	 * function returns, it's theoretically possible for this to get
	 * reinserted elsewhere. That means the RCU lookup below might either
	 * terminate early or jump between buckets, in which case the packet
	 * simply gets dropped, which isn't terrible.
	 */
	INIT_HLIST_NODE(&old->index_hash);
out:
	spin_unlock_bh(&table->lock);
	return ret;
}

void wg_index_hashtable_remove(struct index_hashtable *table,
			       struct index_hashtable_entry *entry)
{
	spin_lock_bh(&table->lock);
	hlist_del_init_rcu(&entry->index_hash);
	spin_unlock_bh(&table->lock);
}

/* Returns a strong reference to a entry->peer */
struct index_hashtable_entry *
wg_index_hashtable_lookup(struct index_hashtable *table,
			  const enum index_hashtable_type type_mask,
			  const __le32 index, struct wg_peer **peer)
{
	struct index_hashtable_entry *iter_entry, *entry = NULL;

	rcu_read_lock_bh();
	hlist_for_each_entry_rcu_bh(iter_entry, index_bucket(table, index),
				    index_hash) {
		if (iter_entry->index == index) {
			if (likely(iter_entry->type & type_mask))
				entry = iter_entry;
			break;
		}
	}
	if (likely(entry)) {
		entry->peer = wg_peer_get_maybe_zero(entry->peer);
		if (likely(entry->peer))
			*peer = entry->peer;
		else
			entry = NULL;
	}
	rcu_read_unlock_bh();
	return entry;
}
init repo. 2024-07-22 17:22:30 +08:00			`// SPDX-License-Identifier: GPL-2.0`
			`/*`
			`* Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.`
			`*/`

			`#include "peerlookup.h"`
			`#include "peer.h"`
			`#include "noise.h"`

			`static struct hlist_head pubkey_bucket(struct pubkey_hashtable table,`
			`const u8 pubkey[NOISE_PUBLIC_KEY_LEN])`
			`{`
			`/* siphash gives us a secure 64bit number based on a random key. Since`
			`* the bits are uniformly distributed, we can then mask off to get the`
			`* bits we need.`
			`*/`
			`const u64 hash = siphash(pubkey, NOISE_PUBLIC_KEY_LEN, &table->key);`

			`return &table->hashtable[hash & (HASH_SIZE(table->hashtable) - 1)];`
			`}`

			`struct pubkey_hashtable *wg_pubkey_hashtable_alloc(void)`
			`{`
			`struct pubkey_hashtable table = kvmalloc(sizeof(table), GFP_KERNEL);`

			`if (!table)`
			`return NULL;`

			`get_random_bytes(&table->key, sizeof(table->key));`
			`hash_init(table->hashtable);`
			`mutex_init(&table->lock);`
			`return table;`
			`}`

			`void wg_pubkey_hashtable_add(struct pubkey_hashtable *table,`
			`struct wg_peer *peer)`
			`{`
			`mutex_lock(&table->lock);`
			`hlist_add_head_rcu(&peer->pubkey_hash,`
			`pubkey_bucket(table, peer->handshake.remote_static));`
			`mutex_unlock(&table->lock);`
			`}`

			`void wg_pubkey_hashtable_remove(struct pubkey_hashtable *table,`
			`struct wg_peer *peer)`
			`{`
			`mutex_lock(&table->lock);`
			`hlist_del_init_rcu(&peer->pubkey_hash);`
			`mutex_unlock(&table->lock);`
			`}`

			`/* Returns a strong reference to a peer */`
			`struct wg_peer *`
			`wg_pubkey_hashtable_lookup(struct pubkey_hashtable *table,`
			`const u8 pubkey[NOISE_PUBLIC_KEY_LEN])`
			`{`
			`struct wg_peer iter_peer, peer = NULL;`

			`rcu_read_lock_bh();`
			`hlist_for_each_entry_rcu_bh(iter_peer, pubkey_bucket(table, pubkey),`
			`pubkey_hash) {`
			`if (!memcmp(pubkey, iter_peer->handshake.remote_static,`
			`NOISE_PUBLIC_KEY_LEN)) {`
			`peer = iter_peer;`
			`break;`
			`}`
			`}`
			`peer = wg_peer_get_maybe_zero(peer);`
			`rcu_read_unlock_bh();`
			`return peer;`
			`}`

			`static struct hlist_head index_bucket(struct index_hashtable table,`
			`const __le32 index)`
			`{`
			`/* Since the indices are random and thus all bits are uniformly`
			`* distributed, we can find its bucket simply by masking.`
			`*/`
			`return &table->hashtable[(__force u32)index &`
			`(HASH_SIZE(table->hashtable) - 1)];`
			`}`

			`struct index_hashtable *wg_index_hashtable_alloc(void)`
			`{`
			`struct index_hashtable table = kvmalloc(sizeof(table), GFP_KERNEL);`

			`if (!table)`
			`return NULL;`

			`hash_init(table->hashtable);`
			`spin_lock_init(&table->lock);`
			`return table;`
			`}`

			`/* At the moment, we limit ourselves to 2^20 total peers, which generally might`
			`* amount to 2^20*3 items in this hashtable. The algorithm below works by`
			`* picking a random number and testing it. We can see that these limits mean we`
			`* usually succeed pretty quickly:`
			`*`
			`* >>> def calculation(tries, size):`
			`* ... return (size / 232)(tries - 1) * (1 - (size / 2**32))`
			`* ...`
			`* >>> calculation(1, 2*20 3)`
			`* 0.999267578125`
			`* >>> calculation(2, 2*20 3)`
			`* 0.0007318854331970215`
			`* >>> calculation(3, 2*20 3)`
			`* 5.360489012673497e-07`
			`* >>> calculation(4, 2*20 3)`
			`* 3.9261394135792216e-10`
			`*`
			`* At the moment, we don't do any masking, so this algorithm isn't exactly`
			`* constant time in either the random guessing or in the hash list lookup. We`
			`* could require a minimum of 3 tries, which would successfully mask the`
			`* guessing. this would not, however, help with the growing hash lengths, which`
			`* is another thing to consider moving forward.`
			`*/`

			`__le32 wg_index_hashtable_insert(struct index_hashtable *table,`
			`struct index_hashtable_entry *entry)`
			`{`
			`struct index_hashtable_entry *existing_entry;`

			`spin_lock_bh(&table->lock);`
			`hlist_del_init_rcu(&entry->index_hash);`
			`spin_unlock_bh(&table->lock);`

			`rcu_read_lock_bh();`

			`search_unused_slot:`
			`/* First we try to find an unused slot, randomly, while unlocked. */`
			`entry->index = (__force __le32)get_random_u32();`
			`hlist_for_each_entry_rcu_bh(existing_entry,`
			`index_bucket(table, entry->index),`
			`index_hash) {`
			`if (existing_entry->index == entry->index)`
			`/* If it's already in use, we continue searching. */`
			`goto search_unused_slot;`
			`}`

			`/* Once we've found an unused slot, we lock it, and then double-check`
			`* that nobody else stole it from us.`
			`*/`
			`spin_lock_bh(&table->lock);`
			`hlist_for_each_entry_rcu_bh(existing_entry,`
			`index_bucket(table, entry->index),`
			`index_hash) {`
			`if (existing_entry->index == entry->index) {`
			`spin_unlock_bh(&table->lock);`
			`/* If it was stolen, we start over. */`
			`goto search_unused_slot;`
			`}`
			`}`
			`/* Otherwise, we know we have it exclusively (since we're locked),`
			`* so we insert.`
			`*/`
			`hlist_add_head_rcu(&entry->index_hash,`
			`index_bucket(table, entry->index));`
			`spin_unlock_bh(&table->lock);`

			`rcu_read_unlock_bh();`

			`return entry->index;`
			`}`

			`bool wg_index_hashtable_replace(struct index_hashtable *table,`
			`struct index_hashtable_entry *old,`
			`struct index_hashtable_entry *new)`
			`{`
			`bool ret;`

			`spin_lock_bh(&table->lock);`
			`ret = !hlist_unhashed(&old->index_hash);`
			`if (unlikely(!ret))`
			`goto out;`

			`new->index = old->index;`
			`hlist_replace_rcu(&old->index_hash, &new->index_hash);`

			`/* Calling init here NULLs out index_hash, and in fact after this`
			`* function returns, it's theoretically possible for this to get`
			`* reinserted elsewhere. That means the RCU lookup below might either`
			`* terminate early or jump between buckets, in which case the packet`
			`* simply gets dropped, which isn't terrible.`
			`*/`
			`INIT_HLIST_NODE(&old->index_hash);`
			`out:`
			`spin_unlock_bh(&table->lock);`
			`return ret;`
			`}`

			`void wg_index_hashtable_remove(struct index_hashtable *table,`
			`struct index_hashtable_entry *entry)`
			`{`
			`spin_lock_bh(&table->lock);`
			`hlist_del_init_rcu(&entry->index_hash);`
			`spin_unlock_bh(&table->lock);`
			`}`

			`/* Returns a strong reference to a entry->peer */`
			`struct index_hashtable_entry *`
			`wg_index_hashtable_lookup(struct index_hashtable *table,`
			`const enum index_hashtable_type type_mask,`
			`const __le32 index, struct wg_peer **peer)`
			`{`
			`struct index_hashtable_entry iter_entry, entry = NULL;`

			`rcu_read_lock_bh();`
			`hlist_for_each_entry_rcu_bh(iter_entry, index_bucket(table, index),`
			`index_hash) {`
			`if (iter_entry->index == index) {`
			`if (likely(iter_entry->type & type_mask))`
			`entry = iter_entry;`
			`break;`
			`}`
			`}`
			`if (likely(entry)) {`
			`entry->peer = wg_peer_get_maybe_zero(entry->peer);`
			`if (likely(entry->peer))`
			`*peer = entry->peer;`
			`else`
			`entry = NULL;`
			`}`
			`rcu_read_unlock_bh();`
			`return entry;`
			`}`