* [PATCH net 1/4] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU
2024-07-04 15:45 [PATCH net 0/4] wireguard fixes for 6.10-rc7 Jason A. Donenfeld
@ 2024-07-04 15:45 ` Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 2/4] wireguard: allowedips: avoid unaligned 64-bit memory accesses Jason A. Donenfeld
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2024-07-04 15:45 UTC (permalink / raw)
To: netdev, davem, kuba; +Cc: Jason A. Donenfeld, stable
QEMU 9.0 removed -no-acpi, in favor of machine properties, so update the
Makefile to use the correct QEMU invocation.
Cc: stable@vger.kernel.org
Fixes: b83fdcd9fb8a ("wireguard: selftests: use microvm on x86")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
tools/testing/selftests/wireguard/qemu/Makefile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/wireguard/qemu/Makefile b/tools/testing/selftests/wireguard/qemu/Makefile
index e95bd56b332f..35856b11c143 100644
--- a/tools/testing/selftests/wireguard/qemu/Makefile
+++ b/tools/testing/selftests/wireguard/qemu/Makefile
@@ -109,9 +109,9 @@ KERNEL_ARCH := x86_64
KERNEL_BZIMAGE := $(KERNEL_BUILD_PATH)/arch/x86/boot/bzImage
QEMU_VPORT_RESULT := virtio-serial-device
ifeq ($(HOST_ARCH),$(ARCH))
-QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off -no-acpi
+QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off,acpi=off
else
-QEMU_MACHINE := -cpu max -machine microvm -no-acpi
+QEMU_MACHINE := -cpu max -machine microvm,acpi=off
endif
else ifeq ($(ARCH),i686)
CHOST := i686-linux-musl
@@ -120,9 +120,9 @@ KERNEL_ARCH := x86
KERNEL_BZIMAGE := $(KERNEL_BUILD_PATH)/arch/x86/boot/bzImage
QEMU_VPORT_RESULT := virtio-serial-device
ifeq ($(subst x86_64,i686,$(HOST_ARCH)),$(ARCH))
-QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off -no-acpi
+QEMU_MACHINE := -cpu host -machine microvm,accel=kvm,pit=off,pic=off,rtc=off,acpi=off
else
-QEMU_MACHINE := -cpu coreduo -machine microvm -no-acpi
+QEMU_MACHINE := -cpu coreduo -machine microvm,acpi=off
endif
else ifeq ($(ARCH),mips64)
CHOST := mips64-linux-musl
--
2.45.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH net 2/4] wireguard: allowedips: avoid unaligned 64-bit memory accesses
2024-07-04 15:45 [PATCH net 0/4] wireguard fixes for 6.10-rc7 Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 1/4] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Jason A. Donenfeld
@ 2024-07-04 15:45 ` Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 3/4] wireguard: queueing: annotate intentional data race in cpu round robin Jason A. Donenfeld
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2024-07-04 15:45 UTC (permalink / raw)
To: netdev, davem, kuba
Cc: Helge Deller, Helge Deller, stable, Jason A . Donenfeld
From: Helge Deller <deller@kernel.org>
On the parisc platform, the kernel issues kernel warnings because
swap_endian() tries to load a 128-bit IPv6 address from an unaligned
memory location:
Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df)
Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc)
Avoid such unaligned memory accesses by instead using the
get_unaligned_be64() helper macro.
Signed-off-by: Helge Deller <deller@gmx.de>
[Jason: replace src[8] in original patch with src+8]
Cc: stable@vger.kernel.org
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
drivers/net/wireguard/allowedips.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireguard/allowedips.c b/drivers/net/wireguard/allowedips.c
index 0ba714ca5185..4b8528206cc8 100644
--- a/drivers/net/wireguard/allowedips.c
+++ b/drivers/net/wireguard/allowedips.c
@@ -15,8 +15,8 @@ static void swap_endian(u8 *dst, const u8 *src, u8 bits)
if (bits == 32) {
*(u32 *)dst = be32_to_cpu(*(const __be32 *)src);
} else if (bits == 128) {
- ((u64 *)dst)[0] = be64_to_cpu(((const __be64 *)src)[0]);
- ((u64 *)dst)[1] = be64_to_cpu(((const __be64 *)src)[1]);
+ ((u64 *)dst)[0] = get_unaligned_be64(src);
+ ((u64 *)dst)[1] = get_unaligned_be64(src + 8);
}
}
--
2.45.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH net 3/4] wireguard: queueing: annotate intentional data race in cpu round robin
2024-07-04 15:45 [PATCH net 0/4] wireguard fixes for 6.10-rc7 Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 1/4] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 2/4] wireguard: allowedips: avoid unaligned 64-bit memory accesses Jason A. Donenfeld
@ 2024-07-04 15:45 ` Jason A. Donenfeld
2024-07-04 15:45 ` [PATCH net 4/4] wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld
2024-07-06 0:50 ` [PATCH net 0/4] wireguard fixes for 6.10-rc7 patchwork-bot+netdevbpf
4 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2024-07-04 15:45 UTC (permalink / raw)
To: netdev, davem, kuba; +Cc: Jason A. Donenfeld, stable
KCSAN reports a race in the CPU round robin function, which, as the
comment points out, is intentional:
BUG: KCSAN: data-race in wg_packet_send_staged_packets / wg_packet_send_staged_packets
read to 0xffff88811254eb28 of 4 bytes by task 3160 on cpu 1:
wg_cpumask_next_online drivers/net/wireguard/queueing.h:127 [inline]
wg_queue_enqueue_per_device_and_peer drivers/net/wireguard/queueing.h:173 [inline]
wg_packet_create_data drivers/net/wireguard/send.c:320 [inline]
wg_packet_send_staged_packets+0x60e/0xac0 drivers/net/wireguard/send.c:388
wg_packet_send_keepalive+0xe2/0x100 drivers/net/wireguard/send.c:239
wg_receive_handshake_packet drivers/net/wireguard/receive.c:186 [inline]
wg_packet_handshake_receive_worker+0x449/0x5f0 drivers/net/wireguard/receive.c:213
process_one_work kernel/workqueue.c:3248 [inline]
process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3329
worker_thread+0x526/0x720 kernel/workqueue.c:3409
kthread+0x1d1/0x210 kernel/kthread.c:389
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
write to 0xffff88811254eb28 of 4 bytes by task 3158 on cpu 0:
wg_cpumask_next_online drivers/net/wireguard/queueing.h:130 [inline]
wg_queue_enqueue_per_device_and_peer drivers/net/wireguard/queueing.h:173 [inline]
wg_packet_create_data drivers/net/wireguard/send.c:320 [inline]
wg_packet_send_staged_packets+0x6e5/0xac0 drivers/net/wireguard/send.c:388
wg_packet_send_keepalive+0xe2/0x100 drivers/net/wireguard/send.c:239
wg_receive_handshake_packet drivers/net/wireguard/receive.c:186 [inline]
wg_packet_handshake_receive_worker+0x449/0x5f0 drivers/net/wireguard/receive.c:213
process_one_work kernel/workqueue.c:3248 [inline]
process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3329
worker_thread+0x526/0x720 kernel/workqueue.c:3409
kthread+0x1d1/0x210 kernel/kthread.c:389
ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
value changed: 0xffffffff -> 0x00000000
Mark this race as intentional by using READ/WRITE_ONCE().
Cc: stable@vger.kernel.org
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
drivers/net/wireguard/queueing.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h
index 1ea4f874e367..7eb76724b3ed 100644
--- a/drivers/net/wireguard/queueing.h
+++ b/drivers/net/wireguard/queueing.h
@@ -124,10 +124,10 @@ static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id)
*/
static inline int wg_cpumask_next_online(int *last_cpu)
{
- int cpu = cpumask_next(*last_cpu, cpu_online_mask);
+ int cpu = cpumask_next(READ_ONCE(*last_cpu), cpu_online_mask);
if (cpu >= nr_cpu_ids)
cpu = cpumask_first(cpu_online_mask);
- *last_cpu = cpu;
+ WRITE_ONCE(*last_cpu, cpu);
return cpu;
}
--
2.45.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH net 4/4] wireguard: send: annotate intentional data race in checking empty queue
2024-07-04 15:45 [PATCH net 0/4] wireguard fixes for 6.10-rc7 Jason A. Donenfeld
` (2 preceding siblings ...)
2024-07-04 15:45 ` [PATCH net 3/4] wireguard: queueing: annotate intentional data race in cpu round robin Jason A. Donenfeld
@ 2024-07-04 15:45 ` Jason A. Donenfeld
2024-07-06 0:50 ` [PATCH net 0/4] wireguard fixes for 6.10-rc7 patchwork-bot+netdevbpf
4 siblings, 0 replies; 6+ messages in thread
From: Jason A. Donenfeld @ 2024-07-04 15:45 UTC (permalink / raw)
To: netdev, davem, kuba; +Cc: Jason A. Donenfeld, stable
KCSAN reports a race in wg_packet_send_keepalive, which is intentional:
BUG: KCSAN: data-race in wg_packet_send_keepalive / wg_packet_send_staged_packets
write to 0xffff88814cd91280 of 8 bytes by task 3194 on cpu 0:
__skb_queue_head_init include/linux/skbuff.h:2162 [inline]
skb_queue_splice_init include/linux/skbuff.h:2248 [inline]
wg_packet_send_staged_packets+0xe5/0xad0 drivers/net/wireguard/send.c:351
wg_xmit+0x5b8/0x660 drivers/net/wireguard/device.c:218
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x11b/0x3f0 net/core/dev.c:3564
__dev_queue_xmit+0xeff/0x1d80 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
neigh_connected_output+0x231/0x2a0 net/core/neighbour.c:1592
neigh_output include/net/neighbour.h:542 [inline]
ip6_finish_output2+0xa66/0xce0 net/ipv6/ip6_output.c:137
ip6_finish_output+0x1a5/0x490 net/ipv6/ip6_output.c:222
NF_HOOK_COND include/linux/netfilter.h:303 [inline]
ip6_output+0xeb/0x220 net/ipv6/ip6_output.c:243
dst_output include/net/dst.h:451 [inline]
NF_HOOK include/linux/netfilter.h:314 [inline]
ndisc_send_skb+0x4a2/0x670 net/ipv6/ndisc.c:509
ndisc_send_rs+0x3ab/0x3e0 net/ipv6/ndisc.c:719
addrconf_dad_completed+0x640/0x8e0 net/ipv6/addrconf.c:4295
addrconf_dad_work+0x891/0xbc0
process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
worker_thread+0x525/0x730 kernel/workqueue.c:2787
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
read to 0xffff88814cd91280 of 8 bytes by task 3202 on cpu 1:
skb_queue_empty include/linux/skbuff.h:1798 [inline]
wg_packet_send_keepalive+0x20/0x100 drivers/net/wireguard/send.c:225
wg_receive_handshake_packet drivers/net/wireguard/receive.c:186 [inline]
wg_packet_handshake_receive_worker+0x445/0x5e0 drivers/net/wireguard/receive.c:213
process_one_work kernel/workqueue.c:2633 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706
worker_thread+0x525/0x730 kernel/workqueue.c:2787
kthread+0x1d7/0x210 kernel/kthread.c:388
ret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
value changed: 0xffff888148fef200 -> 0xffff88814cd91280
Mark this race as intentional by using the skb_queue_empty_lockless()
function rather than skb_queue_empty(), which uses READ_ONCE()
internally to annotate the race.
Cc: stable@vger.kernel.org
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
drivers/net/wireguard/send.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireguard/send.c b/drivers/net/wireguard/send.c
index 0d48e0f4a1ba..26e09c30d596 100644
--- a/drivers/net/wireguard/send.c
+++ b/drivers/net/wireguard/send.c
@@ -222,7 +222,7 @@ void wg_packet_send_keepalive(struct wg_peer *peer)
{
struct sk_buff *skb;
- if (skb_queue_empty(&peer->staged_packet_queue)) {
+ if (skb_queue_empty_lockless(&peer->staged_packet_queue)) {
skb = alloc_skb(DATA_PACKET_HEAD_ROOM + MESSAGE_MINIMUM_LENGTH,
GFP_ATOMIC);
if (unlikely(!skb))
--
2.45.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH net 0/4] wireguard fixes for 6.10-rc7
2024-07-04 15:45 [PATCH net 0/4] wireguard fixes for 6.10-rc7 Jason A. Donenfeld
` (3 preceding siblings ...)
2024-07-04 15:45 ` [PATCH net 4/4] wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld
@ 2024-07-06 0:50 ` patchwork-bot+netdevbpf
4 siblings, 0 replies; 6+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-07-06 0:50 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: netdev, davem, kuba
Hello:
This series was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Thu, 4 Jul 2024 17:45:13 +0200 you wrote:
> Hi Jakub,
>
> These are four small fixes for WireGuard, which are all marked for
> stable:
>
> 1) A QEMU command line fix to remove deprecated flags.
>
> [...]
Here is the summary with links:
- [net,1/4] wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU
https://git.kernel.org/netdev/net/c/2cb489eb8dfc
- [net,2/4] wireguard: allowedips: avoid unaligned 64-bit memory accesses
https://git.kernel.org/netdev/net/c/948f991c62a4
- [net,3/4] wireguard: queueing: annotate intentional data race in cpu round robin
https://git.kernel.org/netdev/net/c/2fe3d6d2053c
- [net,4/4] wireguard: send: annotate intentional data race in checking empty queue
https://git.kernel.org/netdev/net/c/381a7d453fa2
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 6+ messages in thread