[net,1/1] wireguard: allowedips: expand maximum node depth

Message ID	20230807132146.2191597-2-Jason@zx2c4.com (mailing list archive)
State	Accepted
Commit	46622219aae2b67813fe31a7b8cb7da5baff5c8a
Delegated to:	Netdev Maintainers
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A30AB10799 for <netdev@vger.kernel.org>; Mon, 7 Aug 2023 13:24:27 +0000 (UTC) From: "Jason A. Donenfeld" <Jason@zx2c4.com> To: netdev@vger.kernel.org, davem@davemloft.net, kuba@kernel.org Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>, stable@vger.kernel.org Subject: [PATCH net 1/1] wireguard: allowedips: expand maximum node depth Date: Mon, 7 Aug 2023 15:21:27 +0200 Message-ID: <20230807132146.2191597-2-Jason@zx2c4.com> In-Reply-To: <20230807132146.2191597-1-Jason@zx2c4.com> References: <20230807132146.2191597-1-Jason@zx2c4.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	wireguard fixes for 6.5-rc6 \| expand [net,0/1] wireguard fixes for 6.5-rc6 [net,1/1] wireguard: allowedips: expand maximum node depth

Message ID

20230807132146.2191597-2-Jason@zx2c4.com (mailing list archive)

State

Accepted

Commit

46622219aae2b67813fe31a7b8cb7da5baff5c8a

Delegated to:

Netdev Maintainers

Headers

show

Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A30AB10799
	for <netdev@vger.kernel.org>; Mon,  7 Aug 2023 13:24:27 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4F9D8C433C7;
	Mon,  7 Aug 2023 13:24:26 +0000 (UTC)
Authentication-Results: smtp.kernel.org;
	dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com
 header.b="fq0Ns74s"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105;
	t=1691414665;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=rcicnn3ynTAB6IFLFNRyVdMCpVfvSQ8Rr0HQSIv6cqk=;
	b=fq0Ns74s1vrhuuCLvS2+dSB77YSGER8h0UpJvsNBOebMIWcmNEAPelAZNVBhmJkqRxESd4
	CA7N/soEiDPkDaYOIC+BiCBgD7BQs4Juu67r0gzxNsez+LUPKpJ0b2Ald9/kr3estkOkx+
	SZW2eYFcvDaIIFgnU89yEZkO9r6ovKw=
Received: 
	by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 9573abe4
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
	Mon, 7 Aug 2023 13:24:24 +0000 (UTC)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: netdev@vger.kernel.org,
	davem@davemloft.net,
	kuba@kernel.org
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	stable@vger.kernel.org
Subject: [PATCH net 1/1] wireguard: allowedips: expand maximum node depth
Date: Mon,  7 Aug 2023 15:21:27 +0200
Message-ID: <20230807132146.2191597-2-Jason@zx2c4.com>
In-Reply-To: <20230807132146.2191597-1-Jason@zx2c4.com>
References: <20230807132146.2191597-1-Jason@zx2c4.com>
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Delegate: kuba@kernel.org

Series

wireguard fixes for 6.5-rc6 | expand

Context	Check	Description
netdev/series_format	success	Posting correctly formatted
netdev/tree_selection	success	Clearly marked for net
netdev/fixes_present	success	Fixes tag present in non-next series
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 1328 this patch: 1328
netdev/cc_maintainers	warning	6 maintainers not CCed: gregkh@linuxfoundation.org wireguard@lists.zx2c4.com pabeni@redhat.com yury.norov@gmail.com edumazet@google.com keescook@chromium.org
netdev/build_clang	success	Errors and warnings before: 1351 this patch: 1351
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/deprecated_api	success	None detected
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	Fixes tag looks correct
netdev/build_allmodconfig_warn	success	Errors and warnings before: 1351 this patch: 1351
netdev/checkpatch	warning	WARNING: IS_ENABLED(DEBUG) is normally used as IS_ENABLED(CONFIG_DEBUG)
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0

Context

Check

Description

netdev/series_format

success

Posting correctly formatted

netdev/tree_selection

success

Clearly marked for net

netdev/fixes_present

success

Fixes tag present in non-next series

netdev/header_inline

success

No static functions without inline keyword in header files

netdev/build_32bit

success

Errors and warnings before: 1328 this patch: 1328

netdev/cc_maintainers

warning

6 maintainers not CCed: gregkh@linuxfoundation.org wireguard@lists.zx2c4.com pabeni@redhat.com yury.norov@gmail.com edumazet@google.com keescook@chromium.org

netdev/build_clang

success

Errors and warnings before: 1351 this patch: 1351

netdev/verify_signedoff

success

Signed-off-by tag matches author and committer

netdev/deprecated_api

success

None detected

netdev/check_selftest

success

No net selftest shell script

netdev/verify_fixes

success

Fixes tag looks correct

netdev/build_allmodconfig_warn

success

Errors and warnings before: 1351 this patch: 1351

netdev/checkpatch

warning

WARNING: IS_ENABLED(DEBUG) is normally used as IS_ENABLED(CONFIG_DEBUG)

netdev/kdoc

success

Errors and warnings before: 0 this patch: 0

netdev/source_inline

success

Was 0 now: 0

Commit Message

Jason A. Donenfeld Aug. 7, 2023, 1:21 p.m. UTC

In the allowedips self-test, nodes are inserted into the tree, but it
generated an even amount of nodes, but for checking maximum node depth,
there is of course the root node, which makes the total number
necessarily odd. With two few nodes added, it never triggered the
maximum depth check like it should have. So, add 129 nodes instead of
128 nodes, and do so with a more straightforward scheme, starting with
all the bits set, and shifting over one each time. Then increase the
maximum depth to 129, and choose a better name for that variable to
make it clear that it represents depth as opposed to bits.

Cc: stable@vger.kernel.org
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 drivers/net/wireguard/allowedips.c          |  8 ++++----
 drivers/net/wireguard/selftest/allowedips.c | 16 ++++++++++------
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/drivers/net/wireguard/allowedips.c b/drivers/net/wireguard/allowedips.c
index 5bf7822c53f1..0ba714ca5185 100644
--- a/drivers/net/wireguard/allowedips.c
+++ b/drivers/net/wireguard/allowedips.c
@@ -6,7 +6,7 @@ 
 #include "allowedips.h"
 #include "peer.h"
 
-enum { MAX_ALLOWEDIPS_BITS = 128 };
+enum { MAX_ALLOWEDIPS_DEPTH = 129 };
 
 static struct kmem_cache *node_cache;
 
@@ -42,7 +42,7 @@  static void push_rcu(struct allowedips_node **stack,
 		     struct allowedips_node __rcu *p, unsigned int *len)
 {
 	if (rcu_access_pointer(p)) {
-		if (WARN_ON(IS_ENABLED(DEBUG) && *len >= MAX_ALLOWEDIPS_BITS))
+		if (WARN_ON(IS_ENABLED(DEBUG) && *len >= MAX_ALLOWEDIPS_DEPTH))
 			return;
 		stack[(*len)++] = rcu_dereference_raw(p);
 	}
@@ -55,7 +55,7 @@  static void node_free_rcu(struct rcu_head *rcu)
 
 static void root_free_rcu(struct rcu_head *rcu)
 {
-	struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_BITS] = {
+	struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_DEPTH] = {
 		container_of(rcu, struct allowedips_node, rcu) };
 	unsigned int len = 1;
 
@@ -68,7 +68,7 @@  static void root_free_rcu(struct rcu_head *rcu)
 
 static void root_remove_peer_lists(struct allowedips_node *root)
 {
-	struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_BITS] = { root };
+	struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_DEPTH] = { root };
 	unsigned int len = 1;
 
 	while (len > 0 && (node = stack[--len])) {
diff --git a/drivers/net/wireguard/selftest/allowedips.c b/drivers/net/wireguard/selftest/allowedips.c
index 78ebe2892a78..3d1f64ff2e12 100644
--- a/drivers/net/wireguard/selftest/allowedips.c
+++ b/drivers/net/wireguard/selftest/allowedips.c
@@ -593,16 +593,20 @@  bool __init wg_allowedips_selftest(void)
 	wg_allowedips_remove_by_peer(&t, a, &mutex);
 	test_negative(4, a, 192, 168, 0, 1);
 
-	/* These will hit the WARN_ON(len >= MAX_ALLOWEDIPS_BITS) in free_node
+	/* These will hit the WARN_ON(len >= MAX_ALLOWEDIPS_DEPTH) in free_node
 	 * if something goes wrong.
 	 */
-	for (i = 0; i < MAX_ALLOWEDIPS_BITS; ++i) {
-		part = cpu_to_be64(~(1LLU << (i % 64)));
-		memset(&ip, 0xff, 16);
-		memcpy((u8 *)&ip + (i < 64) * 8, &part, 8);
+	for (i = 0; i < 64; ++i) {
+		part = cpu_to_be64(~0LLU << i);
+		memset(&ip, 0xff, 8);
+		memcpy((u8 *)&ip + 8, &part, 8);
+		wg_allowedips_insert_v6(&t, &ip, 128, a, &mutex);
+		memcpy(&ip, &part, 8);
+		memset((u8 *)&ip + 8, 0, 8);
 		wg_allowedips_insert_v6(&t, &ip, 128, a, &mutex);
 	}
-
+	memset(&ip, 0, 16);
+	wg_allowedips_insert_v6(&t, &ip, 128, a, &mutex);
 	wg_allowedips_free(&t, &mutex);
 
 	wg_allowedips_init(&t);

[net,1/1] wireguard: allowedips: expand maximum node depth

Checks

Commit Message

Patch