diff options
| author | Paolo Abeni <pabeni@redhat.com> | 2024-03-19 11:22:54 +0100 |
|---|---|---|
| committer | Paolo Abeni <pabeni@redhat.com> | 2024-03-19 11:22:54 +0100 |
| commit | 2699c54746dcffd5a5a3496b32e47c3ee55e8a4e (patch) | |
| tree | 730375e5a960f94bea535199a50139aeb5d49236 /drivers/net/wireguard/netlink.c | |
| parent | 6114b0466c19d9335624451dc18c81b0ef97f9c3 (diff) | |
| parent | 28e0c21e1ec879752388b0d552a1b0e938c2982c (diff) | |
| download | wireguard-linux-trimmed-2699c54746dcffd5a5a3496b32e47c3ee55e8a4e.tar.gz wireguard-linux-trimmed-2699c54746dcffd5a5a3496b32e47c3ee55e8a4e.zip | |
Merge branch 'wireguard-fixes-for-6-9-rc1'
Jason A. Donenfeld says:
====================
wireguard fixes for 6.9-rc1
This series has four WireGuard fixes:
1) Annotate a data race that KCSAN found by using READ_ONCE/WRITE_ONCE,
which has been causing syzkaller noise.
2) Use the generic netdev tstats allocation and stats getters instead of
doing this within the driver.
3) Explicitly check a flag variable instead of an empty list in the
netlink code, to prevent a UaF situation when paging through GET
results during a remove-all SET operation.
4) Set a flag in the RISC-V CI config so the selftests continue to boot.
====================
Link: https://lore.kernel.org/r/20240314224911.6653-1-Jason@zx2c4.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Diffstat (limited to 'drivers/net/wireguard/netlink.c')
| -rw-r--r-- | drivers/net/wireguard/netlink.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c index e220d76..f705518 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -164,8 +164,8 @@ get_peer(struct wg_peer *peer, struct sk_buff *skb, struct dump_ctx *ctx) if (!allowedips_node) goto no_allowedips; if (!ctx->allowedips_seq) - ctx->allowedips_seq = peer->device->peer_allowedips.seq; - else if (ctx->allowedips_seq != peer->device->peer_allowedips.seq) + ctx->allowedips_seq = ctx->wg->peer_allowedips.seq; + else if (ctx->allowedips_seq != ctx->wg->peer_allowedips.seq) goto no_allowedips; allowedips_nest = nla_nest_start(skb, WGPEER_A_ALLOWEDIPS); @@ -255,17 +255,17 @@ static int wg_get_device_dump(struct sk_buff *skb, struct netlink_callback *cb) if (!peers_nest) goto out; ret = 0; - /* If the last cursor was removed via list_del_init in peer_remove, then + lockdep_assert_held(&wg->device_update_lock); + /* If the last cursor was removed in peer_remove or peer_remove_all, then * we just treat this the same as there being no more peers left. The * reason is that seq_nr should indicate to userspace that this isn't a * coherent dump anyway, so they'll try again. */ if (list_empty(&wg->peer_list) || - (ctx->next_peer && list_empty(&ctx->next_peer->peer_list))) { + (ctx->next_peer && ctx->next_peer->is_dead)) { nla_nest_cancel(skb, peers_nest); goto out; } - lockdep_assert_held(&wg->device_update_lock); peer = list_prepare_entry(ctx->next_peer, &wg->peer_list, peer_list); list_for_each_entry_continue(peer, &wg->peer_list, peer_list) { if (get_peer(peer, skb, ctx)) { |