mutex_init(&spec->lock) was called in jp_spec_setup while another
thread could be holding the lock in jp_spec_applymods. Re-initializing
a locked mutex corrupts its state, allowing both threads to enter
the critical section simultaneously.
This caused use-after-free when:
1. send.c holds spec->lock, uses spec->pkt
2. jp_spec_setup re-inits the locked mutex (broken state)
3. jp_spec_setup acquires the "lock" immediately
4. jp_spec_setup does kfree(spec->pkt)
5. send.c continues using freed memory -> crash
Fix: move mutex_init to wg_newlink where it's called once during
device creation, before any concurrent access.
When I1-I5 parameters are configured, jp_spec_setup() had two critical bugs:
1. spec->mods_size was not reset to 0 before the fill loop, causing
out-of-bounds write to spec->mods array. This resulted in garbage
function pointers being called in jp_spec_applymods(), triggering
'kernel tried to execute NX-protected page' crash.
2. Memory leaks: old pkt, mods, and desc were not freed on reconfiguration.
Fixes:
- Reset spec->mods_size = 0 before fill loop in jp_spec_setup()
- Free old pkt/mods before reallocation in jp_spec_setup()
- Free old desc before reallocation in netlink.c
- Complete cleanup in jp_spec_free()
* compat: fix compilation on kernels >= 6.19 (blake2s API change)
Kernel 6.19 refactored the blake2s API in include/crypto/blake2s.h:
- struct blake2s_state was renamed to blake2s_ctx
- blake2s() argument order changed from (out, in, key, outlen, inlen, keylen)
to (key, keylen, in, inlen, out, outlen)
Add a compat macro to alias blake2s_state to blake2s_ctx, and guard the
three blake2s() call sites in noise.c and cookie.c with ifdef to use the
correct argument order depending on kernel version.
Tested on kernel 6.19.6-zen1-1-zen (Arch Linux).
* compat: use new blake2s API as default, add fallback for old kernels
Rework the blake2s compat approach per maintainer feedback: use the
kernel 6.19+ API (blake2s_ctx struct, new argument order) directly in
source files, and provide a self-referencing macro in compat.h that
remaps the call to the old signature on kernels < 6.19.
This follows the project convention of keeping sources aligned with
mainline and isolating all backward compatibility in compat.h.
* fix: add blake2s inclusion before using its internal method for compat
---------
Co-authored-by: Yaroslav Gurov <ygurov@proton.me>
Driver has compat switch, where new reporting method is activated for modern kernels (see issue #120 and PR #129 ).
Ubuntu 24.04 has kernel version 6.8.0-100 as default via `linux-image` package where `tstat` reporting method looks broken, and compat mode has to be relaxed to cover 6.8 kernels as well
Debian provides dh-sequence-dkms since at least 10, but Ubuntu
does not at least in 20.04.
dh-dkms is also packaged separately only on the latest Ubuntu version.
Use "or" hack to select the most preferable package.
