From: "PaX Team" <pageexec@gmail.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: "Emese Revfy" <re.emese@gmail.com>,
"Toke Høiland-Jørgensen" <toke@toke.dk>,
"Brad Spengler" <spender@grsecurity.net>,
"WireGuard mailing list" <wireguard@lists.zx2c4.com>
Subject: Re: [WireGuard] Error building against grsec-enabled kernel
Date: Fri, 21 Oct 2016 10:02:32 +0200 [thread overview]
Message-ID: <5809CB98.15179.767FB18@pageexec.gmail.com> (raw)
In-Reply-To: <CAHmME9opbKv9c67uCk69K_J3=A0-8p0gkwmJos83wBiMJ9WmCw@mail.gmail.com>
On 21 Oct 2016 at 11:32, Jason A. Donenfeld wrote:
> On Fri, Oct 21, 2016 at 9:24 AM, PaX Team <pageexec@gmail.com> wrote:
> > in any case, whoever can reproduce this should print out the value of
> > head->mac_header before the increment. my guess based on past experience
> > on similar network problems is that the field is probably invalid (ffff
> > or similar) and adding to it will trigger the size overflow check. this
> > in turn means that there's usually some higher level logic bug and you'll
> > have to talk to netdev guys as i'm way out of my depths at that point ;).
>
> Fixed:
> https://git.zx2c4.com/WireGuard/commit/?id=867c815c31c754bf97b5fb29afd295b7cf195159
are you sure it was for satisfying PaX only and not a bug itself? :) with the
ffff initial value you were basically off by one (unsigned arithmetic wraps so
it's as if you had initialized the fields to -1 instead of 0), didn't that matter
somewhere beyond the size overflow checks?
> >> >> OK, so turns out just getting rid of the __read_mostly fixes things.
> >
> > FWIW, i've been carrying such a local patch on my gentoo box too ;).
>
> Got a good #ifdef for PAX that I should use to conditionally not use
> __read_mostly in case PAX is in use?
if you ask me, you should just get rid of __read_mostly unconditionally (which
is what i do in PaX as it interferes with constification) as rtnl_link_ops extends
over several cache lines so any concerns with false sharing with writable data
would at most affect only a few fields that are rarely used (or the fields could
be reordered and/or aligned for such affect). otherwise you'll need to have your
own #ifdef based on CONSTIFY_PLUGIN as suggested originally by Toke.
cheers,
PaX Team
next prev parent reply other threads:[~2016-10-21 8:01 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-19 13:03 [WireGuard] Error building against grsec-enabled kernel Toke Høiland-Jørgensen
2016-10-19 14:18 ` Toke Høiland-Jørgensen
2016-10-19 16:07 ` Toke Høiland-Jørgensen
2016-10-19 22:35 ` Jason A. Donenfeld
2016-10-20 2:19 ` Jason A. Donenfeld
2016-10-21 0:24 ` PaX Team
2016-10-21 2:32 ` Jason A. Donenfeld
2016-10-21 8:02 ` PaX Team [this message]
2016-10-21 8:47 ` Jason A. Donenfeld
2016-10-21 9:46 ` PaX Team
2016-10-22 7:56 ` Jason A. Donenfeld
2016-10-21 9:53 ` Toke Høiland-Jørgensen
2016-10-22 8:03 ` Jason A. Donenfeld
2016-10-22 13:10 ` Toke Høiland-Jørgensen
2016-10-23 10:23 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5809CB98.15179.767FB18@pageexec.gmail.com \
--to=pageexec@gmail.com \
--cc=Jason@zx2c4.com \
--cc=re.emese@gmail.com \
--cc=spender@grsecurity.net \
--cc=toke@toke.dk \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox