Commit 1f686f2b authored by Jakub Kicinski's avatar Jakub Kicinski

Merge branch 'wireguard-patches-for-5-18-rc1'

Jason A. Donenfeld says:

====================
wireguard patches for 5.18-rc1

Here's a small set of fixes for the next net push:

1) Pipacs reported a CFI violation in a cleanup routine, which he
   triggered using grsec's RAP. I haven't seen reports of this yet from
   the Android/CFI world yet, but it's only a matter of time there.

2) A small rng cleanup to the self test harness to make it initialize
   faster on 5.18.

3) Wang reported and fixed a skb leak for CONFIG_IPV6=n.

4) After Wang's fix for the direct leak, I investigated how that code
   path even could be hit, and found that the netlink layer still
   handles IPv6 endpoints, when it probably shouldn't.
====================

Link: https://lore.kernel.org/r/20220330013127.426620-1-Jason@zx2c4.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents c9ad266b 77fc73ac
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
*/ */
#include "queueing.h" #include "queueing.h"
#include <linux/skb_array.h>
struct multicore_worker __percpu * struct multicore_worker __percpu *
wg_packet_percpu_multicore_worker_alloc(work_func_t function, void *ptr) wg_packet_percpu_multicore_worker_alloc(work_func_t function, void *ptr)
...@@ -42,7 +43,7 @@ void wg_packet_queue_free(struct crypt_queue *queue, bool purge) ...@@ -42,7 +43,7 @@ void wg_packet_queue_free(struct crypt_queue *queue, bool purge)
{ {
free_percpu(queue->worker); free_percpu(queue->worker);
WARN_ON(!purge && !__ptr_ring_empty(&queue->ring)); WARN_ON(!purge && !__ptr_ring_empty(&queue->ring));
ptr_ring_cleanup(&queue->ring, purge ? (void(*)(void*))kfree_skb : NULL); ptr_ring_cleanup(&queue->ring, purge ? __skb_array_destroy_skb : NULL);
} }
#define NEXT(skb) ((skb)->prev) #define NEXT(skb) ((skb)->prev)
......
...@@ -160,6 +160,7 @@ static int send6(struct wg_device *wg, struct sk_buff *skb, ...@@ -160,6 +160,7 @@ static int send6(struct wg_device *wg, struct sk_buff *skb,
rcu_read_unlock_bh(); rcu_read_unlock_bh();
return ret; return ret;
#else #else
kfree_skb(skb);
return -EAFNOSUPPORT; return -EAFNOSUPPORT;
#endif #endif
} }
...@@ -241,7 +242,7 @@ int wg_socket_endpoint_from_skb(struct endpoint *endpoint, ...@@ -241,7 +242,7 @@ int wg_socket_endpoint_from_skb(struct endpoint *endpoint,
endpoint->addr4.sin_addr.s_addr = ip_hdr(skb)->saddr; endpoint->addr4.sin_addr.s_addr = ip_hdr(skb)->saddr;
endpoint->src4.s_addr = ip_hdr(skb)->daddr; endpoint->src4.s_addr = ip_hdr(skb)->daddr;
endpoint->src_if4 = skb->skb_iif; endpoint->src_if4 = skb->skb_iif;
} else if (skb->protocol == htons(ETH_P_IPV6)) { } else if (IS_ENABLED(CONFIG_IPV6) && skb->protocol == htons(ETH_P_IPV6)) {
endpoint->addr6.sin6_family = AF_INET6; endpoint->addr6.sin6_family = AF_INET6;
endpoint->addr6.sin6_port = udp_hdr(skb)->source; endpoint->addr6.sin6_port = udp_hdr(skb)->source;
endpoint->addr6.sin6_addr = ipv6_hdr(skb)->saddr; endpoint->addr6.sin6_addr = ipv6_hdr(skb)->saddr;
...@@ -284,7 +285,7 @@ void wg_socket_set_peer_endpoint(struct wg_peer *peer, ...@@ -284,7 +285,7 @@ void wg_socket_set_peer_endpoint(struct wg_peer *peer,
peer->endpoint.addr4 = endpoint->addr4; peer->endpoint.addr4 = endpoint->addr4;
peer->endpoint.src4 = endpoint->src4; peer->endpoint.src4 = endpoint->src4;
peer->endpoint.src_if4 = endpoint->src_if4; peer->endpoint.src_if4 = endpoint->src_if4;
} else if (endpoint->addr.sa_family == AF_INET6) { } else if (IS_ENABLED(CONFIG_IPV6) && endpoint->addr.sa_family == AF_INET6) {
peer->endpoint.addr6 = endpoint->addr6; peer->endpoint.addr6 = endpoint->addr6;
peer->endpoint.src6 = endpoint->src6; peer->endpoint.src6 = endpoint->src6;
} else { } else {
......
...@@ -56,26 +56,14 @@ static void print_banner(void) ...@@ -56,26 +56,14 @@ static void print_banner(void)
static void seed_rng(void) static void seed_rng(void)
{ {
int fd; int bits = 256, fd;
struct {
int entropy_count;
int buffer_size;
unsigned char buffer[256];
} entropy = {
.entropy_count = sizeof(entropy.buffer) * 8,
.buffer_size = sizeof(entropy.buffer),
.buffer = "Adding real entropy is not actually important for these tests. Don't try this at home, kids!"
};
if (mknod("/dev/urandom", S_IFCHR | 0644, makedev(1, 9))) pretty_message("[+] Fake seeding RNG...");
panic("mknod(/dev/urandom)"); fd = open("/dev/random", O_WRONLY);
fd = open("/dev/urandom", O_WRONLY);
if (fd < 0) if (fd < 0)
panic("open(urandom)"); panic("open(random)");
for (int i = 0; i < 256; ++i) { if (ioctl(fd, RNDADDTOENTCNT, &bits) < 0)
if (ioctl(fd, RNDADDENTROPY, &entropy) < 0) panic("ioctl(RNDADDTOENTCNT)");
panic("ioctl(urandom)");
}
close(fd); close(fd);
} }
...@@ -270,10 +258,10 @@ static void check_leaks(void) ...@@ -270,10 +258,10 @@ static void check_leaks(void)
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
seed_rng();
ensure_console(); ensure_console();
print_banner(); print_banner();
mount_filesystems(); mount_filesystems();
seed_rng();
kmod_selftests(); kmod_selftests();
enable_logging(); enable_logging();
clear_leaks(); clear_leaks();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment