Hi Jon,
On Fri, Jul 01, 2022 at 02:22:38PM -0600, Jonathan Corbet wrote:
So please forgive the noise from the peanut gallery
Yuh oh, I sure hope this isn't newsworthy for LWN. This has already consumed me for two days...
myself wondering...do you really need a knob for this? The kernel itself can observe how often (and for how long) the system is suspended, and might well be able to do the right thing without explicit input from user space. If it works it would eliminate a potential configuration problem and also perhaps respond correctly to changing workloads.
For example, rather than testing a knob, avoid resetting keys on resume if the suspend time is less than (say) 30s?
Educate me on what I'm missing here, please :)
What you're missing is that wireguard needs to do this before going to sleep, not when waking up, because one of the objectives is forward secrecy. See https://git.zx2c4.com/wireguard-linux/tree/drivers/net/wireguard/device.c#n6...
if (IS_ENABLED(CONFIG_PM_AUTOSLEEP) || IS_ENABLED(CONFIG_ANDROID)) return 0; if (action != PM_HIBERNATION_PREPARE && action != PM_SUSPEND_PREPARE) return 0; [...] wg_noise_handshake_clear(&peer->handshake); wg_noise_keypairs_clear(&peer->keypairs);
Somebody asked the same question on wgml here - https://lore.kernel.org/wireguard/CAHmME9p2OYSTX2C5M0faKtw2N8jiyohvRqnAPKa=e... - and then eventually suggested that I should wake up computers from sleep to clear that memory. No way jose.
Anyway, this matter has been resolved in this thread here: https://lore.kernel.org/lkml/20220630191230.235306-1-kaleshsingh@google.com/... And this Android change: https://android-review.googlesource.com/c/kernel/common/+/2142693/1 Resulting in these two commits landing in Greg's tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/... https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git/commit/... So hopefully this thread can come to an end and I can get back to work.
Jason