tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

wireguard: allowedips: expand maximum node depth

In the allowedips self-test, nodes are inserted into the tree, but it
generated an even amount of nodes, but for checking maximum node depth,
there is of course the root node, which makes the total number
necessarily odd. With two few nodes added, it never triggered the
maximum depth check like it should have. So, add 129 nodes instead of
128 nodes, and do so with a more straightforward scheme, starting with
all the bits set, and shifting over one each time. Then increase the
maximum depth to 129, and choose a better name for that variable to
make it clear that it represents depth as opposed to bits.

Cc: stable@vger.kernel.org
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://lore.kernel.org/r/20230807132146.2191597-2-Jason@zx2c4.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Jason A. Donenfeld and committed by
Jakub Kicinski 46622219 01f4fd27

+14 -10
+4 -4
drivers/net/wireguard/allowedips.c
··· 6 6 #include "allowedips.h" 7 7 #include "peer.h" 8 8 9 - enum { MAX_ALLOWEDIPS_BITS = 128 }; 9 + enum { MAX_ALLOWEDIPS_DEPTH = 129 }; 10 10 11 11 static struct kmem_cache *node_cache; 12 12 ··· 42 42 struct allowedips_node __rcu *p, unsigned int *len) 43 43 { 44 44 if (rcu_access_pointer(p)) { 45 - if (WARN_ON(IS_ENABLED(DEBUG) && *len >= MAX_ALLOWEDIPS_BITS)) 45 + if (WARN_ON(IS_ENABLED(DEBUG) && *len >= MAX_ALLOWEDIPS_DEPTH)) 46 46 return; 47 47 stack[(*len)++] = rcu_dereference_raw(p); 48 48 } ··· 55 55 56 56 static void root_free_rcu(struct rcu_head *rcu) 57 57 { 58 - struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_BITS] = { 58 + struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_DEPTH] = { 59 59 container_of(rcu, struct allowedips_node, rcu) }; 60 60 unsigned int len = 1; 61 61 ··· 68 68 69 69 static void root_remove_peer_lists(struct allowedips_node *root) 70 70 { 71 - struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_BITS] = { root }; 71 + struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_DEPTH] = { root }; 72 72 unsigned int len = 1; 73 73 74 74 while (len > 0 && (node = stack[--len])) {
+10 -6
drivers/net/wireguard/selftest/allowedips.c
··· 593 593 wg_allowedips_remove_by_peer(&t, a, &mutex); 594 594 test_negative(4, a, 192, 168, 0, 1); 595 595 596 - /* These will hit the WARN_ON(len >= MAX_ALLOWEDIPS_BITS) in free_node 596 + /* These will hit the WARN_ON(len >= MAX_ALLOWEDIPS_DEPTH) in free_node 597 597 * if something goes wrong. 598 598 */ 599 - for (i = 0; i < MAX_ALLOWEDIPS_BITS; ++i) { 600 - part = cpu_to_be64(~(1LLU << (i % 64))); 601 - memset(&ip, 0xff, 16); 602 - memcpy((u8 *)&ip + (i < 64) * 8, &part, 8); 599 + for (i = 0; i < 64; ++i) { 600 + part = cpu_to_be64(~0LLU << i); 601 + memset(&ip, 0xff, 8); 602 + memcpy((u8 *)&ip + 8, &part, 8); 603 + wg_allowedips_insert_v6(&t, &ip, 128, a, &mutex); 604 + memcpy(&ip, &part, 8); 605 + memset((u8 *)&ip + 8, 0, 8); 603 606 wg_allowedips_insert_v6(&t, &ip, 128, a, &mutex); 604 607 } 605 - 608 + memset(&ip, 0, 16); 609 + wg_allowedips_insert_v6(&t, &ip, 128, a, &mutex); 606 610 wg_allowedips_free(&t, &mutex); 607 611 608 612 wg_allowedips_init(&t);