www.infradead.org Git - users/dwmw2/linux.git/commit

author	Jason A. Donenfeld <Jason@zx2c4.com>
	Tue, 2 Aug 2022 12:56:12 +0000 (14:56 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 21 Aug 2022 13:15:52 +0000 (15:15 +0200)
commit	38c9cc68e36f2cb82d4129e1e00692b76355bef6
tree	a818478439a9ff1d5786ec5584b26015466ed9cc	tree
parent	17541a4aab811593cddcd055cd9052a1bd2b206a	commit \| diff

wireguard: allowedips: don't corrupt stack when detecting overflow

[ Upstream commit c31b14d86dfe7174361e8c6e5df6c2c3a4d5918c ]

In case push_rcu() and related functions are buggy, there's a
WARN_ON(len >= 128), which the selftest tries to hit by being tricky. In
case it is hit, we shouldn't corrupt the kernel's stack, though;
otherwise it may be hard to even receive the report that it's buggy. So
conditionalize the stack write based on that WARN_ON()'s return value.

Note that this never *actually* happens anyway. The WARN_ON() in the
first place is bounded by IS_ENABLED(DEBUG), and isn't expected to ever
actually hit. This is just a debugging sanity check.

Additionally, hoist the constant 128 into a named enum,
MAX_ALLOWEDIPS_BITS, so that it's clear why this value is chosen.

Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/all/CAHk-=wjJZGA6w_DxA+k7Ejbqsq+uGK==koPai3sqdsfJqemvag@mail.gmail.com/
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/net/wireguard/allowedips.c		diff \| blob \| history
drivers/net/wireguard/selftest/allowedips.c		diff \| blob \| history