From patchwork Wed Mar 30 01:31:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 12795382 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5D2FC43217 for ; Wed, 30 Mar 2022 01:31:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241647AbiC3Bda (ORCPT ); Tue, 29 Mar 2022 21:33:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51308 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235567AbiC3Bd3 (ORCPT ); Tue, 29 Mar 2022 21:33:29 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D93E16F6CE; Tue, 29 Mar 2022 18:31:43 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A9A4061221; Wed, 30 Mar 2022 01:31:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 724DCC34111; Wed, 30 Mar 2022 01:31:41 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="RH0saXTs" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1648603900; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KUinn6m3Z5J5lKblf52dVgCEjQFWpfmxs9yF3JGTgdI=; b=RH0saXTspWNr9uMwZM1ALcsyfRGaRXJ8OgylonY12+w3TLymgSgqQ3TUYrKzsF4NVDWtfV WB0+g0fsInzMa/0700+ysn5C0tTgjziuaeEEApc0e7fjtI5yLb/Gqu7dSHgDUfGU3O9yg1 2f91BwemclhrlD5sBXUVuKYRWj6O1ts= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 6981dbf4 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Wed, 30 Mar 2022 01:31:40 +0000 (UTC) From: "Jason A. Donenfeld" To: netdev@vger.kernel.org, davem@davemloft.net, kuba@kernel.org Cc: "Jason A. Donenfeld" , PaX Team , stable@vger.kernel.org Subject: [PATCH net 1/4] wireguard: queueing: use CFI-safe ptr_ring cleanup function Date: Tue, 29 Mar 2022 21:31:24 -0400 Message-Id: <20220330013127.426620-2-Jason@zx2c4.com> In-Reply-To: <20220330013127.426620-1-Jason@zx2c4.com> References: <20220330013127.426620-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org We make too nuanced use of ptr_ring to entirely move to the skb_array wrappers, but we at least should avoid the naughty function pointer cast when cleaning up skbs. Otherwise RAP/CFI will honk at us. This patch uses the __skb_array_destroy_skb wrapper for the cleanup, rather than directly providing kfree_skb, which is what other drivers in the same situation do too. Reported-by: PaX Team Fixes: 886fcee939ad ("wireguard: receive: use ring buffer for incoming handshakes") Cc: stable@vger.kernel.org Signed-off-by: Jason A. Donenfeld --- drivers/net/wireguard/queueing.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireguard/queueing.c b/drivers/net/wireguard/queueing.c index 1de413b19e34..8084e7408c0a 100644 --- a/drivers/net/wireguard/queueing.c +++ b/drivers/net/wireguard/queueing.c @@ -4,6 +4,7 @@ */ #include "queueing.h" +#include struct multicore_worker __percpu * wg_packet_percpu_multicore_worker_alloc(work_func_t function, void *ptr) @@ -42,7 +43,7 @@ void wg_packet_queue_free(struct crypt_queue *queue, bool purge) { free_percpu(queue->worker); WARN_ON(!purge && !__ptr_ring_empty(&queue->ring)); - ptr_ring_cleanup(&queue->ring, purge ? (void(*)(void*))kfree_skb : NULL); + ptr_ring_cleanup(&queue->ring, purge ? __skb_array_destroy_skb : NULL); } #define NEXT(skb) ((skb)->prev) From patchwork Wed Mar 30 01:31:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 12795385 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C1CDC433EF for ; Wed, 30 Mar 2022 01:31:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241658AbiC3Bdg (ORCPT ); Tue, 29 Mar 2022 21:33:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51400 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241645AbiC3Bda (ORCPT ); Tue, 29 Mar 2022 21:33:30 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 74A36171570 for ; Tue, 29 Mar 2022 18:31:46 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id F0B20B81AB1 for ; Wed, 30 Mar 2022 01:31:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5FB59C2BBE4; Wed, 30 Mar 2022 01:31:43 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="BF+n7P1L" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1648603902; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rd1fOOTwIgXZFBVGAJtLb/E6QegeaOKBJvOuCRt1kYE=; b=BF+n7P1LS8im9hyFU/lYZhfZI7/crdrwiClu/Zvx8alrJkc8mP1DqTAyzK0KtxXdB/EuaY Mite+Wt0HSqKEtQaxm3Bu0pz5gHVJhL410hkr4KhmyZu4CfCgXk+P52lqsYLVhdDZc9Sfp y+3ONyDIZ/eykY/FKKceMeG8J3Gn9ig= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id e399f012 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Wed, 30 Mar 2022 01:31:42 +0000 (UTC) From: "Jason A. Donenfeld" To: netdev@vger.kernel.org, davem@davemloft.net, kuba@kernel.org Cc: "Jason A. Donenfeld" Subject: [PATCH net 2/4] wireguard: selftests: simplify RNG seeding Date: Tue, 29 Mar 2022 21:31:25 -0400 Message-Id: <20220330013127.426620-3-Jason@zx2c4.com> In-Reply-To: <20220330013127.426620-1-Jason@zx2c4.com> References: <20220330013127.426620-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org The seed_rng() function was written to work across lots of old kernels, back when WireGuard used a big compatibility layer. Now that things have evolved, we can vastly simplify this, by just marking the RNG as seeded. Signed-off-by: Jason A. Donenfeld --- tools/testing/selftests/wireguard/qemu/init.c | 26 +++++-------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/tools/testing/selftests/wireguard/qemu/init.c b/tools/testing/selftests/wireguard/qemu/init.c index c9698120ac9d..0b45055d9de0 100644 --- a/tools/testing/selftests/wireguard/qemu/init.c +++ b/tools/testing/selftests/wireguard/qemu/init.c @@ -56,26 +56,14 @@ static void print_banner(void) static void seed_rng(void) { - int fd; - struct { - int entropy_count; - int buffer_size; - unsigned char buffer[256]; - } entropy = { - .entropy_count = sizeof(entropy.buffer) * 8, - .buffer_size = sizeof(entropy.buffer), - .buffer = "Adding real entropy is not actually important for these tests. Don't try this at home, kids!" - }; + int bits = 256, fd; - if (mknod("/dev/urandom", S_IFCHR | 0644, makedev(1, 9))) - panic("mknod(/dev/urandom)"); - fd = open("/dev/urandom", O_WRONLY); + pretty_message("[+] Fake seeding RNG..."); + fd = open("/dev/random", O_WRONLY); if (fd < 0) - panic("open(urandom)"); - for (int i = 0; i < 256; ++i) { - if (ioctl(fd, RNDADDENTROPY, &entropy) < 0) - panic("ioctl(urandom)"); - } + panic("open(random)"); + if (ioctl(fd, RNDADDTOENTCNT, &bits) < 0) + panic("ioctl(RNDADDTOENTCNT)"); close(fd); } @@ -270,10 +258,10 @@ static void check_leaks(void) int main(int argc, char *argv[]) { - seed_rng(); ensure_console(); print_banner(); mount_filesystems(); + seed_rng(); kmod_selftests(); enable_logging(); clear_leaks(); From patchwork Wed Mar 30 01:31:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 12795383 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6775C433FE for ; Wed, 30 Mar 2022 01:31:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241650AbiC3Bdc (ORCPT ); Tue, 29 Mar 2022 21:33:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51334 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241642AbiC3Bd3 (ORCPT ); Tue, 29 Mar 2022 21:33:29 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ABB21170D98; Tue, 29 Mar 2022 18:31:45 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3A77D612FA; Wed, 30 Mar 2022 01:31:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0D2E8C34110; Wed, 30 Mar 2022 01:31:43 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="gtemOM1v" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1648603903; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PASLOmf9lZuBPPe9/WpVZbnvkcB0REuY6odAbEg0yUw=; b=gtemOM1vSfv+fUrW4sZjmPnFuRR46k97uX2FNHKnQsGM/Uf7YHF4iAYIThmvOVB6O06xAa cp44uXh1JC9o6aMK+BKjcelHeIClv1lfE/+eHzmvbiMywsvhLmZV3jid+QC3LbkgvbUE7Y PNujHTAXCAlg09zf570oDVIUW7itkvE= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 514df384 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Wed, 30 Mar 2022 01:31:43 +0000 (UTC) From: "Jason A. Donenfeld" To: netdev@vger.kernel.org, davem@davemloft.net, kuba@kernel.org Cc: Wang Hai , stable@vger.kernel.org, "Jason A . Donenfeld" Subject: [PATCH net 3/4] wireguard: socket: free skb in send6 when ipv6 is disabled Date: Tue, 29 Mar 2022 21:31:26 -0400 Message-Id: <20220330013127.426620-4-Jason@zx2c4.com> In-Reply-To: <20220330013127.426620-1-Jason@zx2c4.com> References: <20220330013127.426620-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org From: Wang Hai I got a memory leak report: unreferenced object 0xffff8881191fc040 (size 232): comm "kworker/u17:0", pid 23193, jiffies 4295238848 (age 3464.870s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] slab_post_alloc_hook+0x84/0x3b0 [] kmem_cache_alloc_node+0x167/0x340 [] __alloc_skb+0x1db/0x200 [] wg_socket_send_buffer_to_peer+0x3d/0xc0 [] wg_packet_send_handshake_initiation+0xfa/0x110 [] wg_packet_handshake_send_worker+0x21/0x30 [] process_one_work+0x2e8/0x770 [] worker_thread+0x4a/0x4b0 [] kthread+0x120/0x160 [] ret_from_fork+0x1f/0x30 In function wg_socket_send_buffer_as_reply_to_skb() or wg_socket_send_ buffer_to_peer(), the semantics of send6() is required to free skb. But when CONFIG_IPV6 is disable, kfree_skb() is missing. This patch adds it to fix this bug. Signed-off-by: Wang Hai Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") Cc: stable@vger.kernel.org Signed-off-by: Jason A. Donenfeld --- drivers/net/wireguard/socket.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c index 6f07b949cb81..467eef0e563b 100644 --- a/drivers/net/wireguard/socket.c +++ b/drivers/net/wireguard/socket.c @@ -160,6 +160,7 @@ static int send6(struct wg_device *wg, struct sk_buff *skb, rcu_read_unlock_bh(); return ret; #else + kfree_skb(skb); return -EAFNOSUPPORT; #endif } From patchwork Wed Mar 30 01:31:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Jason A. Donenfeld" X-Patchwork-Id: 12795384 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9EA85C433F5 for ; Wed, 30 Mar 2022 01:31:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241655AbiC3Bdf (ORCPT ); Tue, 29 Mar 2022 21:33:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51374 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241644AbiC3Bda (ORCPT ); Tue, 29 Mar 2022 21:33:30 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 52D0017156E; Tue, 29 Mar 2022 18:31:46 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D849061307; Wed, 30 Mar 2022 01:31:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D6B1EC3410F; Wed, 30 Mar 2022 01:31:44 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=pass (1024-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="efRzOqUA" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zx2c4.com; s=20210105; t=1648603904; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BHmlRXCg3bn61peNZ2mYON7rFLflhQaM57TPzk0GIP0=; b=efRzOqUAoG+yLoMZMocBVa9go3twFmpT6yptfbB1Ji4OP34qIfxcZnckJVIp4OSoCwLXDF /YJuQHZ9LjLHoewhdxf+5U9bP1F1Y4155FeZ1K5t3wODalhIZPjTofMiwhuReAxev9Ss4v uzlqAtgQsAARwZWx1Z25FoKJET2GIoU= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 01209830 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Wed, 30 Mar 2022 01:31:44 +0000 (UTC) From: "Jason A. Donenfeld" To: netdev@vger.kernel.org, davem@davemloft.net, kuba@kernel.org Cc: "Jason A. Donenfeld" , stable@vger.kernel.org Subject: [PATCH net 4/4] wireguard: socket: ignore v6 endpoints when ipv6 is disabled Date: Tue, 29 Mar 2022 21:31:27 -0400 Message-Id: <20220330013127.426620-5-Jason@zx2c4.com> In-Reply-To: <20220330013127.426620-1-Jason@zx2c4.com> References: <20220330013127.426620-1-Jason@zx2c4.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org The previous commit fixed a memory leak on the send path in the event that IPv6 is disabled at compile time, but how did a packet even arrive there to begin with? It turns out we have previously allowed IPv6 endpoints even when IPv6 support is disabled at compile time. This is awkward and inconsistent. Instead, let's just ignore all things IPv6, the same way we do other malformed endpoints, in the case where IPv6 is disabled. Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") Cc: stable@vger.kernel.org Signed-off-by: Jason A. Donenfeld --- drivers/net/wireguard/socket.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c index 467eef0e563b..0414d7a6ce74 100644 --- a/drivers/net/wireguard/socket.c +++ b/drivers/net/wireguard/socket.c @@ -242,7 +242,7 @@ int wg_socket_endpoint_from_skb(struct endpoint *endpoint, endpoint->addr4.sin_addr.s_addr = ip_hdr(skb)->saddr; endpoint->src4.s_addr = ip_hdr(skb)->daddr; endpoint->src_if4 = skb->skb_iif; - } else if (skb->protocol == htons(ETH_P_IPV6)) { + } else if (IS_ENABLED(CONFIG_IPV6) && skb->protocol == htons(ETH_P_IPV6)) { endpoint->addr6.sin6_family = AF_INET6; endpoint->addr6.sin6_port = udp_hdr(skb)->source; endpoint->addr6.sin6_addr = ipv6_hdr(skb)->saddr; @@ -285,7 +285,7 @@ void wg_socket_set_peer_endpoint(struct wg_peer *peer, peer->endpoint.addr4 = endpoint->addr4; peer->endpoint.src4 = endpoint->src4; peer->endpoint.src_if4 = endpoint->src_if4; - } else if (endpoint->addr.sa_family == AF_INET6) { + } else if (IS_ENABLED(CONFIG_IPV6) && endpoint->addr.sa_family == AF_INET6) { peer->endpoint.addr6 = endpoint->addr6; peer->endpoint.src6 = endpoint->src6; } else {