* [PATCH net 0/4] wireguard fixes for 6.10-rc7
@ 2024-07-04 15:45 Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 1/4] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Jason A. Donenfeld
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2024-07-04 15:45 UTC (permalink / raw)
To: netdev, davem, kuba; +Cc: Jason A. Donenfeld
Hi Jakub,
These are four small fixes for WireGuard, which are all marked for
stable:
1) A QEMU command line fix to remove deprecated flags.
2) Use of proper unaligned helpers to avoid unaligned memory access on
some systems, from Helge.
3) Two patches to annotate intentional data races, so KCSAN and syzbot
don't get upset.
Thanks,
Jason
Helge Deller (1):
wireguard: allowedips: avoid unaligned 64-bit memory accesses
Jason A. Donenfeld (3):
wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU
wireguard: queueing: annotate intentional data race in cpu round robin
wireguard: send: annotate intentional data race in checking empty
queue
drivers/net/wireguard/allowedips.c | 4 ++--
drivers/net/wireguard/queueing.h | 4 ++--
drivers/net/wireguard/send.c | 2 +-
tools/testing/selftests/wireguard/qemu/Makefile | 8 ++++----
4 files changed, 9 insertions(+), 9 deletions(-)
--
2.45.2
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH net 1/4] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU
2024-07-04 15:45 [PATCH net 0/4] wireguard fixes for 6.10-rc7 Jason A. Donenfeld
@ 2024-07-04 15:45 ` Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 2/4] wireguard: allowedips: avoid unaligned 64-bit memory accesses Jason A. Donenfeld
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2024-07-04 15:45 UTC (permalink / raw)
To: netdev, davem, kuba; +Cc: Jason A. Donenfeld, stable
QEMU 9.0 removed -no-acpi, in favor of machine properties, so update the
Makefile to use the correct QEMU invocation.
Cc: stable@vger.kernel.org
Fixes: b83fdcd9fb8a ("wireguard: selftests: use microvm on x86")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
tools/testing/selftests/wireguard/qemu/Makefile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/wireguard/qemu/Makefile b/tools/testing/selftests/wireguard/qemu/Makefile
index e95bd56b332f..35856b11c143 100644
--- a/tools/testing/selftests/wireguard/qemu/Makefile
+++ b/tools/testing/selftests/wireguard/qemu/Makefile
@@ -109,9 +109,9 @@ KERNEL_ARCH := x86_64
KERNEL_BZIMAGE := $(KERNEL_BUILD_PATH)/arch/x86/boot/bzImage
QEMU_VPORT_RESULT := virtio-serial-device
ifeq ($(HOST_ARCH),$(ARCH))
-QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off -no-acpi
+QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off,acpi=off
else
-QEMU_MACHINE := -cpu max -machine microvm -no-acpi
+QEMU_MACHINE := -cpu max -machine microvm,acpi=off
endif
else ifeq ($(ARCH),i686)
CHOST := i686-linux-musl
@@ -120,9 +120,9 @@ KERNEL_ARCH := x86
KERNEL_BZIMAGE := $(KERNEL_BUILD_PATH)/arch/x86/boot/bzImage
QEMU_VPORT_RESULT := virtio-serial-device
ifeq ($(subst x86_64,i686,$(HOST_ARCH)),$(ARCH))
-QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off -no-acpi
+QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off,acpi=off
else
-QEMU_MACHINE := -cpu coreduo -machine microvm -no-acpi
+QEMU_MACHINE := -cpu coreduo -machine microvm,acpi=off
endif
else ifeq ($(ARCH),mips64)
CHOST := mips64-linux-musl
--
2.45.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH net 2/4] wireguard: allowedips: avoid unaligned 64-bit memory accesses
2024-07-04 15:45 [PATCH net 0/4] wireguard fixes for 6.10-rc7 Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 1/4] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Jason A. Donenfeld
@ 2024-07-04 15:45 ` Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 3/4] wireguard: queueing: annotate intentional data race in cpu round robin Jason A. Donenfeld
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2024-07-04 15:45 UTC (permalink / raw)
To: netdev, davem, kuba
Cc: Helge Deller, Helge Deller, stable, Jason A . Donenfeld
From: Helge Deller <deller@kernel.org>
On the parisc platform, the kernel issues kernel warnings because
swap_endian() tries to load a 128-bit IPv6 address from an unaligned
memory location:
Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df)
Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc)
Avoid such unaligned memory accesses by instead using the
get_unaligned_be64() helper macro.
Signed-off-by: Helge Deller <deller@gmx.de>
[Jason: replace src[8] in original patch with src+8]
Cc: stable@vger.kernel.org
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
drivers/net/wireguard/allowedips.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireguard/allowedips.c b/drivers/net/wireguard/allowedips.c
index 0ba714ca5185..4b8528206cc8 100644
--- a/drivers/net/wireguard/allowedips.c
+++ b/drivers/net/wireguard/allowedips.c
@@ -15,8 +15,8 @@ static void swap_endian(u8 *dst, const u8 *src, u8 bits)
if (bits == 32) {
*(u32 *)dst = be32_to_cpu(*(const __be32 *)src);
} else if (bits == 128) {
- ((u64 *)dst)[0] = be64_to_cpu(((const __be64 *)src)[0]);
- ((u64 *)dst)[1] = be64_to_cpu(((const __be64 *)src)[1]);
+ ((u64 *)dst)[0] = get_unaligned_be64(src);
+ ((u64 *)dst)[1] = get_unaligned_be64(src + 8);
}
}
--
2.45.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH net 3/4] wireguard: queueing: annotate intentional data race in cpu round robin
2024-07-04 15:45 [PATCH net 0/4] wireguard fixes for 6.10-rc7 Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 1/4] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 2/4] wireguard: allowedips: avoid unaligned 64-bit memory accesses Jason A. Donenfeld
@ 2024-07-04 15:45 ` Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 4/4] wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld
2024-07-06 0:50 ` [PATCH net 0/4] wireguard fixes for 6.10-rc7 patchwork-bot+netdevbpf
4 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2024-07-04 15:45 UTC (permalink / raw)
To: netdev, davem, kuba; +Cc: Jason A. Donenfeld, stable
KCSAN reports a race in the CPU round robin function, which, as the
comment points out, is intentional:
BUG: KCSAN: data-race in wg_packet_send_staged_packets / wg_packet_send_staged_packets
read to 0xffff88811254eb28 of 4 bytes by task 3160 on cpu 1:
wg_cpumask_next_online drivers/net/wireguard/queueing.h:127 [inline]
wg_queue_enqueue_per_device_and_peer drivers/net/wireguard/queueing.h:173 [inline]
wg_packet_create_data drivers/net/wireguard/send.c:320 [inline]
wg_packet_send_staged_packets+0x60e/0xac0 drivers/net/wireguard/send.c:388
wg_packet_send_keepalive+0xe2/0x100 drivers/net/wireguard/send.c:239
wg_receive_handshake_packet drivers/net/wireguard/receive.c:186 [inline]
wg_packet_handshake_receive_worker+0x449/0x5f0 drivers/net/wireguard/receive.c:213
process_one_work kernel/workqueue.c:3248 [inline]
process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3329
worker_thread+0x526/0x720 kernel/workqueue.c:3409
kthread+0x1d1/0x210 kernel/kthread.c:389
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
write to 0xffff88811254eb28 of 4 bytes by task 3158 on cpu 0:
wg_cpumask_next_online drivers/net/wireguard/queueing.h:130 [inline]
wg_queue_enqueue_per_device_and_peer drivers/net/wireguard/queueing.h:173 [inline]
wg_packet_create_data drivers/net/wireguard/send.c:320 [inline]
wg_packet_send_staged_packets+0x6e5/0xac0 drivers/net/wireguard/send.c:388
wg_packet_send_keepalive+0xe2/0x100 drivers/net/wireguard/send.c:239
wg_receive_handshake_packet drivers/net/wireguard/receive.c:186 [inline]
wg_packet_handshake_receive_worker+0x449/0x5f0 drivers/net/wireguard/receive.c:213
process_one_work kernel/workqueue.c:3248 [inline]
process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3329
worker_thread+0x526/0x720 kernel/workqueue.c:3409
kthread+0x1d1/0x210 kernel/kthread.c:389
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0xffffffff -> 0x00000000
Mark this race as intentional by using READ/WRITE_ONCE().
Cc: stable@vger.kernel.org
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
drivers/net/wireguard/queueing.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h
index 1ea4f874e367..7eb76724b3ed 100644
--- a/drivers/net/wireguard/queueing.h
+++ b/drivers/net/wireguard/queueing.h
@@ -124,10 +124,10 @@ static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id)
*/
static inline int wg_cpumask_next_online(int *last_cpu)
{
- int cpu = cpumask_next(*last_cpu, cpu_online_mask);
+ int cpu = cpumask_next(READ_ONCE(*last_cpu), cpu_online_mask);
if (cpu >= nr_cpu_ids)
cpu = cpumask_first(cpu_online_mask);
- *last_cpu = cpu;
+ WRITE_ONCE(*last_cpu, cpu);
return cpu;
}
--
2.45.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH net 4/4] wireguard: send: annotate intentional data race in checking empty queue
2024-07-04 15:45 [PATCH net 0/4] wireguard fixes for 6.10-rc7 Jason A. Donenfeld
` (2 preceding siblings ...)
2024-07-04 15:45 ` [PATCH net 3/4] wireguard: queueing: annotate intentional data race in cpu round robin Jason A. Donenfeld
@ 2024-07-04 15:45 ` Jason A. Donenfeld
2024-07-06 0:50 ` [PATCH net 0/4] wireguard fixes for 6.10-rc7 patchwork-bot+netdevbpf
4 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2024-07-04 15:45 UTC (permalink / raw)
To: netdev, davem, kuba; +Cc: Jason A. Donenfeld, stable
KCSAN reports a race in wg_packet_send_keepalive, which is intentional:
BUG: KCSAN: data-race in wg_packet_send_keepalive / wg_packet_send_staged_packets
write to 0xffff88814cd91280 of 8 bytes by task 3194 on cpu 0:
__skb_queue_head_init include/linux/skbuff.h:2162 [inline]
skb_queue_splice_init include/linux/skbuff.h:2248 [inline]
wg_packet_send_staged_packets+0xe5/0xad0 drivers/net/wireguard/send.c:351
wg_xmit+0x5b8/0x660 drivers/net/wireguard/device.c:218
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3564
__dev_queue_xmit+0xeff/0x1d80 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
neigh_connected_output+0x231/0x2a0 net/core/neighbour.c:1592
neigh_output include/net/neighbour.h:542 [inline]
ip6_finish_output2+0xa66/0xce0 net/ipv6/ip6_output.c:137
ip6_finish_output+0x1a5/0x490 net/ipv6/ip6_output.c:222
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip6_output+0xeb/0x220 net/ipv6/ip6_output.c:243
dst_output include/net/dst.h:451 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ndisc_send_skb+0x4a2/0x670 net/ipv6/ndisc.c:509
ndisc_send_rs+0x3ab/0x3e0 net/ipv6/ndisc.c:719
addrconf_dad_completed+0x640/0x8e0 net/ipv6/addrconf.c:4295
addrconf_dad_work+0x891/0xbc0
process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
worker_thread+0x525/0x730 kernel/workqueue.c:2787
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
read to 0xffff88814cd91280 of 8 bytes by task 3202 on cpu 1:
skb_queue_empty include/linux/skbuff.h:1798 [inline]
wg_packet_send_keepalive+0x20/0x100 drivers/net/wireguard/send.c:225
wg_receive_handshake_packet drivers/net/wireguard/receive.c:186 [inline]
wg_packet_handshake_receive_worker+0x445/0x5e0 drivers/net/wireguard/receive.c:213
process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
worker_thread+0x525/0x730 kernel/workqueue.c:2787
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
value changed: 0xffff888148fef200 -> 0xffff88814cd91280
Mark this race as intentional by using the skb_queue_empty_lockless()
function rather than skb_queue_empty(), which uses READ_ONCE()
internally to annotate the race.
Cc: stable@vger.kernel.org
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
drivers/net/wireguard/send.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireguard/send.c b/drivers/net/wireguard/send.c
index 0d48e0f4a1ba..26e09c30d596 100644
--- a/drivers/net/wireguard/send.c
+++ b/drivers/net/wireguard/send.c
@@ -222,7 +222,7 @@ void wg_packet_send_keepalive(struct wg_peer *peer)
{
struct sk_buff *skb;
- if (skb_queue_empty(&peer->staged_packet_queue)) {
+ if (skb_queue_empty_lockless(&peer->staged_packet_queue)) {
skb = alloc_skb(DATA_PACKET_HEAD_ROOM + MESSAGE_MINIMUM_LENGTH,
GFP_ATOMIC);
if (unlikely(!skb))
--
2.45.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH net 0/4] wireguard fixes for 6.10-rc7
2024-07-04 15:45 [PATCH net 0/4] wireguard fixes for 6.10-rc7 Jason A. Donenfeld
` (3 preceding siblings ...)
2024-07-04 15:45 ` [PATCH net 4/4] wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld
@ 2024-07-06 0:50 ` patchwork-bot+netdevbpf
4 siblings, 0 replies; 6+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-07-06 0:50 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: netdev, davem, kuba
Hello:
This series was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Thu, 4 Jul 2024 17:45:13 +0200 you wrote:
> Hi Jakub,
>
> These are four small fixes for WireGuard, which are all marked for
> stable:
>
> 1) A QEMU command line fix to remove deprecated flags.
>
> [...]
Here is the summary with links:
- [net,1/4] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU
https://git.kernel.org/netdev/net/c/2cb489eb8dfc
- [net,2/4] wireguard: allowedips: avoid unaligned 64-bit memory accesses
https://git.kernel.org/netdev/net/c/948f991c62a4
- [net,3/4] wireguard: queueing: annotate intentional data race in cpu round robin
https://git.kernel.org/netdev/net/c/2fe3d6d2053c
- [net,4/4] wireguard: send: annotate intentional data race in checking empty queue
https://git.kernel.org/netdev/net/c/381a7d453fa2
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-07-06 0:50 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-04 15:45 [PATCH net 0/4] wireguard fixes for 6.10-rc7 Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 1/4] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 2/4] wireguard: allowedips: avoid unaligned 64-bit memory accesses Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 3/4] wireguard: queueing: annotate intentional data race in cpu round robin Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 4/4] wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld
2024-07-06 0:50 ` [PATCH net 0/4] wireguard fixes for 6.10-rc7 patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).