| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 May 2023 12:11:57 +0200
From: Christian Marangi <ansuelsmth@...il.com>
To: "Jason A. Donenfeld" <Jason@...c4.com>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
wireguard@...ts.zx2c4.com,
netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: Christian Marangi <ansuelsmth@...il.com>,
stable@...r.kernel.org
Subject: [net-next PATCH v2] wireguard: allowedips: fix compilation warning for stack limit exceeded
On some arch (for example IPQ8074) and other with
KERNEL_STACKPROTECTOR_STRONG enabled, the following compilation error is
triggered:
drivers/net/wireguard/allowedips.c: In function 'root_remove_peer_lists':
drivers/net/wireguard/allowedips.c:80:1: error: the frame size of 1040 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
80 | }
| ^
drivers/net/wireguard/allowedips.c: In function 'root_free_rcu':
drivers/net/wireguard/allowedips.c:67:1: error: the frame size of 1040 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
67 | }
| ^
cc1: all warnings being treated as errors
Since these are free function and returns void, using function that can
fail is not ideal since an error would result in data not freed.
Since the free are under RCU lock, we can allocate the required stack
array as static outside the function and memset when needed.
This effectively fix the stack frame warning without changing how the
function work.
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Christian Marangi <ansuelsmth@...il.com>
Cc: stable@...r.kernel.org
---
Changes v2:
- Fix double Fixes in fixes tag
drivers/net/wireguard/allowedips.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireguard/allowedips.c b/drivers/net/wireguard/allowedips.c
index 5bf7822c53f1..c129082f04c6 100644
--- a/drivers/net/wireguard/allowedips.c
+++ b/drivers/net/wireguard/allowedips.c
@@ -53,12 +53,16 @@ static void node_free_rcu(struct rcu_head *rcu)
kmem_cache_free(node_cache, container_of(rcu, struct allowedips_node, rcu));
}
+static struct allowedips_node *tmpstack[MAX_ALLOWEDIPS_BITS];
+
static void root_free_rcu(struct rcu_head *rcu)
{
- struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_BITS] = {
- container_of(rcu, struct allowedips_node, rcu) };
+ struct allowedips_node *node, **stack = tmpstack;
unsigned int len = 1;
+ memset(stack, 0, sizeof(*stack) * MAX_ALLOWEDIPS_BITS);
+ stack[0] = container_of(rcu, struct allowedips_node, rcu);
+
while (len > 0 && (node = stack[--len])) {
push_rcu(stack, node->bit[0], &len);
push_rcu(stack, node->bit[1], &len);
@@ -68,9 +72,12 @@ static void root_free_rcu(struct rcu_head *rcu)
static void root_remove_peer_lists(struct allowedips_node *root)
{
- struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_BITS] = { root };
+ struct allowedips_node *node, **stack = tmpstack;
unsigned int len = 1;
+ memset(stack, 0, sizeof(*stack) * MAX_ALLOWEDIPS_BITS);
+ stack[0] = root;
+
while (len > 0 && (node = stack[--len])) {
push_rcu(stack, node->bit[0], &len);
push_rcu(stack, node->bit[1], &len);
--
2.39.2
Powered by blists - more mailing lists