]> git.baikalelectronics.ru Git - kernel.git/commit
wireguard: allowedips: don't corrupt stack when detecting overflow
authorJason A. Donenfeld <Jason@zx2c4.com>
Tue, 2 Aug 2022 12:56:12 +0000 (14:56 +0200)
committerJakub Kicinski <kuba@kernel.org>
Tue, 2 Aug 2022 20:47:50 +0000 (13:47 -0700)
commita313fee039f0afc9f1aef49a19d5bf4418eeffc3
treeb0534543570abe674a6e28be6ce9dee2a103f212
parentcc82dac8812f70fff3ffd0eb31f058b0a7142cb5
wireguard: allowedips: don't corrupt stack when detecting overflow

In case push_rcu() and related functions are buggy, there's a
WARN_ON(len >= 128), which the selftest tries to hit by being tricky. In
case it is hit, we shouldn't corrupt the kernel's stack, though;
otherwise it may be hard to even receive the report that it's buggy. So
conditionalize the stack write based on that WARN_ON()'s return value.

Note that this never *actually* happens anyway. The WARN_ON() in the
first place is bounded by IS_ENABLED(DEBUG), and isn't expected to ever
actually hit. This is just a debugging sanity check.

Additionally, hoist the constant 128 into a named enum,
MAX_ALLOWEDIPS_BITS, so that it's clear why this value is chosen.

Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/all/CAHk-=wjJZGA6w_DxA+k7Ejbqsq+uGK==koPai3sqdsfJqemvag@mail.gmail.com/
Fixes: 4dff5496e367 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
drivers/net/wireguard/allowedips.c
drivers/net/wireguard/selftest/allowedips.c