wireguard: allowedips: don't corrupt stack when detecting overflow
authorJason A. Donenfeld <Jason@zx2c4.com>
Tue, 2 Aug 2022 12:56:12 +0000 (14:56 +0200)
committerJakub Kicinski <kuba@kernel.org>
Tue, 2 Aug 2022 20:47:50 +0000 (13:47 -0700)
commitc31b14d86dfe7174361e8c6e5df6c2c3a4d5918c
treeb0534543570abe674a6e28be6ce9dee2a103f212
parent2a8f91d2898edf84166976112837f4996c68f706
wireguard: allowedips: don't corrupt stack when detecting overflow

In case push_rcu() and related functions are buggy, there's a
WARN_ON(len >= 128), which the selftest tries to hit by being tricky. In
case it is hit, we shouldn't corrupt the kernel's stack, though;
otherwise it may be hard to even receive the report that it's buggy. So
conditionalize the stack write based on that WARN_ON()'s return value.

Note that this never *actually* happens anyway. The WARN_ON() in the
first place is bounded by IS_ENABLED(DEBUG), and isn't expected to ever
actually hit. This is just a debugging sanity check.

Additionally, hoist the constant 128 into a named enum,
MAX_ALLOWEDIPS_BITS, so that it's clear why this value is chosen.

Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/all/CAHk-=wjJZGA6w_DxA+k7Ejbqsq+uGK==koPai3sqdsfJqemvag@mail.gmail.com/
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
drivers/net/wireguard/allowedips.c
drivers/net/wireguard/selftest/allowedips.c