diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-08-02 14:56:12 +0200 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2022-08-02 13:47:50 -0700 |
commit | bd18bafaef337a437149edd5531e4d137cddc1a2 (patch) | |
tree | 2418f8bf1a5b797b4bd6a7269d524f0f208ea8e6 /drivers/net/wireguard/selftest | |
parent | b56cf61d29db79a557d53e1b60437c64be17408b (diff) | |
download | wireguard-linux-trimmed-bd18bafaef337a437149edd5531e4d137cddc1a2.tar.gz wireguard-linux-trimmed-bd18bafaef337a437149edd5531e4d137cddc1a2.zip |
wireguard: allowedips: don't corrupt stack when detecting overflow
In case push_rcu() and related functions are buggy, there's a
WARN_ON(len >= 128), which the selftest tries to hit by being tricky. In
case it is hit, we shouldn't corrupt the kernel's stack, though;
otherwise it may be hard to even receive the report that it's buggy. So
conditionalize the stack write based on that WARN_ON()'s return value.
Note that this never *actually* happens anyway. The WARN_ON() in the
first place is bounded by IS_ENABLED(DEBUG), and isn't expected to ever
actually hit. This is just a debugging sanity check.
Additionally, hoist the constant 128 into a named enum,
MAX_ALLOWEDIPS_BITS, so that it's clear why this value is chosen.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/all/CAHk-=wjJZGA6w_DxA+k7Ejbqsq+uGK==koPai3sqdsfJqemvag@mail.gmail.com/
Fixes: a8f1bc7bdea3 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'drivers/net/wireguard/selftest')
-rw-r--r-- | drivers/net/wireguard/selftest/allowedips.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/drivers/net/wireguard/selftest/allowedips.c b/drivers/net/wireguard/selftest/allowedips.c index e173204..41db10f 100644 --- a/drivers/net/wireguard/selftest/allowedips.c +++ b/drivers/net/wireguard/selftest/allowedips.c @@ -593,10 +593,10 @@ bool __init wg_allowedips_selftest(void) wg_allowedips_remove_by_peer(&t, a, &mutex); test_negative(4, a, 192, 168, 0, 1); - /* These will hit the WARN_ON(len >= 128) in free_node if something - * goes wrong. + /* These will hit the WARN_ON(len >= MAX_ALLOWEDIPS_BITS) in free_node + * if something goes wrong. */ - for (i = 0; i < 128; ++i) { + for (i = 0; i < MAX_ALLOWEDIPS_BITS; ++i) { part = cpu_to_be64(~(1LLU << (i % 64))); memset(&ip, 0xff, 16); memcpy((u8 *)&ip + (i < 64) * 8, &part, 8); |