lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 27 May 2023 15:07:21 +0200
From: Simon Horman <simon.horman@...igine.com>
To: Christian Marangi <ansuelsmth@...il.com>
Cc: "Jason A. Donenfeld" <Jason@...c4.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	wireguard@...ts.zx2c4.com, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [net PATCH] wireguard: allowedips: fix compilation warning for
 stack limit exceeded

On Fri, May 26, 2023 at 10:41:34PM +0200, Christian Marangi wrote:
> On some arch (for example IPQ8074) and other with
> KERNEL_STACKPROTECTOR_STRONG enabled, the following compilation error is
> triggered:
> drivers/net/wireguard/allowedips.c: In function 'root_remove_peer_lists':
> drivers/net/wireguard/allowedips.c:80:1: error: the frame size of 1040 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
>    80 | }
>       | ^
> drivers/net/wireguard/allowedips.c: In function 'root_free_rcu':
> drivers/net/wireguard/allowedips.c:67:1: error: the frame size of 1040 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
>    67 | }
>       | ^
> cc1: all warnings being treated as errors
> 
> Since these are free function and returns void, using function that can
> fail is not ideal since an error would result in data not freed.
> Since the free are under RCU lock, we can allocate the required stack
> array as static outside the function and memset when needed.
> This effectively fix the stack frame warning without changing how the
> function work.
> 
> Fixes: Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")

nit: Not sure if this can be fixed-up manually.
     But one instance of 'Fixes: ' is enough.

> Signed-off-by: Christian Marangi <ansuelsmth@...il.com>
> Cc: stable@...r.kernel.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ