转到文件
Martin Basovnik 12269c2761 device: fix possible deadlock in close method
There is a possible deadlock in `device.Close()` when you try to close
the device very soon after its start. The problem is that two different
methods acquire the same locks in different order:

1. device.Close()
 - device.ipcMutex.Lock()
 - device.state.Lock()

2. device.changeState(deviceState)
 - device.state.Lock()
 - device.ipcMutex.Lock()

Reproducer:

    func TestDevice_deadlock(t *testing.T) {
    	d := randDevice(t)
    	d.Close()
    }

Problem:

    $ go clean -testcache && go test -race -timeout 3s -run TestDevice_deadlock ./device | grep -A 10 sync.runtime_SemacquireMutex
    sync.runtime_SemacquireMutex(0xc000117d20?, 0x94?, 0x0?)
            /usr/local/opt/go/libexec/src/runtime/sema.go:77 +0x25
    sync.(*Mutex).lockSlow(0xc000130518)
            /usr/local/opt/go/libexec/src/sync/mutex.go:171 +0x213
    sync.(*Mutex).Lock(0xc000130518)
            /usr/local/opt/go/libexec/src/sync/mutex.go:90 +0x55
    golang.zx2c4.com/wireguard/device.(*Device).Close(0xc000130500)
            /Users/martin.basovnik/git/basovnik/wireguard-go/device/device.go:373 +0xb6
    golang.zx2c4.com/wireguard/device.TestDevice_deadlock(0x0?)
            /Users/martin.basovnik/git/basovnik/wireguard-go/device/device_test.go:480 +0x2c
    testing.tRunner(0xc00014c000, 0x131d7b0)
    --
    sync.runtime_SemacquireMutex(0xc000130564?, 0x60?, 0xc000130548?)
            /usr/local/opt/go/libexec/src/runtime/sema.go:77 +0x25
    sync.(*Mutex).lockSlow(0xc000130750)
            /usr/local/opt/go/libexec/src/sync/mutex.go:171 +0x213
    sync.(*Mutex).Lock(0xc000130750)
            /usr/local/opt/go/libexec/src/sync/mutex.go:90 +0x55
    sync.(*RWMutex).Lock(0xc000130750)
            /usr/local/opt/go/libexec/src/sync/rwmutex.go:147 +0x45
    golang.zx2c4.com/wireguard/device.(*Device).upLocked(0xc000130500)
            /Users/martin.basovnik/git/basovnik/wireguard-go/device/device.go:179 +0x72
    golang.zx2c4.com/wireguard/device.(*Device).changeState(0xc000130500, 0x1)

Signed-off-by: Martin Basovnik <martin.basovnik@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2023-12-11 16:38:47 +01:00
conn conn: set unused OOB to zero length 2023-10-21 19:32:07 +02:00
device device: fix possible deadlock in close method 2023-12-11 16:38:47 +01:00
ipc all: adjust build tags for wasip1/wasm 2023-07-04 15:54:42 +02:00
ratelimiter global: bump copyright year 2023-02-07 20:39:29 -03:00
replay global: bump copyright year 2023-02-07 20:39:29 -03:00
rwcancel all: adjust build tags for wasip1/wasm 2023-07-04 15:54:42 +02:00
tai64n global: bump copyright year 2023-02-07 20:39:29 -03:00
tests device: combine debug and info log levels into 'verbose' 2021-01-26 23:05:48 +01:00
tun tun: implement UDP GSO/GRO for Linux 2023-12-11 16:27:22 +01:00
.gitignore gitignore: remove old hacks 2021-02-11 15:48:56 +01:00
LICENSE mod: rename COPYING to LICENSE 2021-03-06 09:09:21 -07:00
Makefile Makefile: don't use test -v because it hides failures in scrollback 2021-11-16 21:07:31 +01:00
README.md go.mod: bump to Go 1.20 2023-03-17 15:18:04 +01:00
format_test.go global: bump copyright year 2023-02-07 20:39:29 -03:00
go.mod go.mod,tun/netstack: bump gvisor 2023-10-10 15:37:17 +02:00
go.sum go.mod,tun/netstack: bump gvisor 2023-10-10 15:37:17 +02:00
main.go conn, device, tun: implement vectorized I/O plumbing 2023-03-10 14:52:13 +01:00
main_windows.go conn, device, tun: implement vectorized I/O plumbing 2023-03-10 14:52:13 +01:00
version.go version: bump snapshot 2023-02-23 19:12:33 +01:00

README.md

Go Implementation of WireGuard

This is an implementation of WireGuard in Go.

Usage

Most Linux kernel WireGuard users are used to adding an interface with ip link add wg0 type wireguard. With wireguard-go, instead simply run:

$ wireguard-go wg0

This will create an interface and fork into the background. To remove the interface, use the usual ip link del wg0, or if your system does not support removing interfaces directly, you may instead remove the control socket via rm -f /var/run/wireguard/wg0.sock, which will result in wireguard-go shutting down.

To run wireguard-go without forking to the background, pass -f or --foreground:

$ wireguard-go -f wg0

When an interface is running, you may use wg(8) to configure it, as well as the usual ip(8) and ifconfig(8) commands.

To run with more logging you may set the environment variable LOG_LEVEL=debug.

Platforms

Linux

This will run on Linux; however you should instead use the kernel module, which is faster and better integrated into the OS. See the installation page for instructions.

macOS

This runs on macOS using the utun driver. It does not yet support sticky sockets, and won't support fwmarks because of Darwin limitations. Since the utun driver cannot have arbitrary interface names, you must either use utun[0-9]+ for an explicit interface name or utun to have the kernel select one for you. If you choose utun as the interface name, and the environment variable WG_TUN_NAME_FILE is defined, then the actual name of the interface chosen by the kernel is written to the file specified by that variable.

Windows

This runs on Windows, but you should instead use it from the more fully featured Windows app, which uses this as a module.

FreeBSD

This will run on FreeBSD. It does not yet support sticky sockets. Fwmark is mapped to SO_USER_COOKIE.

OpenBSD

This will run on OpenBSD. It does not yet support sticky sockets. Fwmark is mapped to SO_RTABLE. Since the tun driver cannot have arbitrary interface names, you must either use tun[0-9]+ for an explicit interface name or tun to have the program select one for you. If you choose tun as the interface name, and the environment variable WG_TUN_NAME_FILE is defined, then the actual name of the interface chosen by the kernel is written to the file specified by that variable.

Building

This requires an installation of the latest version of Go.

$ git clone https://git.zx2c4.com/wireguard-go
$ cd wireguard-go
$ make

License

Copyright (C) 2017-2023 WireGuard LLC. All Rights Reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.