wireguard-linux-compat/src, branch masterWireGuard kernel module backport for Linux 3.10 - 5.5https://git.zx2c4.com/wireguard-linux-compat/atom/src?h=master2022-06-29T13:36:49Zcompat: drop CentOS 8 Stream support2022-06-29T13:36:49ZJason A. DonenfeldJason@zx2c4.com2022-06-29T13:36:49Zurn:sha1:3d3c92b4711b42169137b2ddf42ed4382e2babdf
Nobody uses this and it's impossible to maintain given the current CI
situation.
RHEL 7 and 8 release remain for now, though that might not always be the
case. See the link for details.
Link: https://lists.zx2c4.com/pipermail/wireguard/2022-June/007664.html
Suggested-by: Philip J. Perry <phil@elrepo.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
compat: do not backport ktime_get_coarse_boottime_ns to c8s2022-06-28T10:44:18ZJason A. DonenfeldJason@zx2c4.com2022-06-28T10:43:06Zurn:sha1:99935b07b48a2ff696d64996277d89efe8242d37
Also bump the c8s version stamp.
Reported-by: Vladimír Beneš <vbenes@redhat.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
version: bump2022-06-27T10:54:37ZJason A. DonenfeldJason@zx2c4.com2022-06-27T10:54:37Zurn:sha1:18fbcd68a35a892527345dc5679d0b2d860ee004
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
compat: handle backported rng and blake2s2022-06-22T15:14:00ZJason A. DonenfeldJason@zx2c4.com2022-06-22T13:41:15Zurn:sha1:3ec3e822b615e8f07ed0dfc464e026bb508bbcdc
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
qemu: give up on RHEL8 in CI2022-05-05T14:24:24ZJason A. DonenfeldJason@zx2c4.com2022-05-05T14:20:21Zurn:sha1:ba45dd6fbfe9f94baf3634a965bcfe6c2c41f4c8
They keep breaking their kernel and being difficult when I send patches
to fix it, so just give up on trying to support this in the CI. It'll
bitrot and people will complain and we'll see what happens at that
point.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
qemu: set panic_on_warn=1 from cmdline2022-05-05T14:24:24ZJason A. DonenfeldJason@zx2c4.com2022-05-05T14:16:40Zurn:sha1:c7560fd0e0b5aba307a9cd5e9eb7c998a059c8a4
Rather than setting this once init is running, set panic_on_warn from
the kernel command line, so that it catches splats from WireGuard
initialization code and the various crypto selftests.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
qemu: use vports on arm2022-05-05T14:24:24ZJason A. DonenfeldJason@zx2c4.com2022-05-05T14:14:46Zurn:sha1:33c87a11109996e13a13259e0c488e590c15f760
Rather than having to hack up QEMU, just use the virtio serial device.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
netns: limit parallelism to $(nproc) tests at once2022-05-05T14:08:26ZJason A. DonenfeldJason@zx2c4.com2022-04-30T20:20:28Zurn:sha1:894152a5b89655863b012b707643f66a06e1c60a
The parallel tests were added to catch queueing issues from multiple
cores. But what happens in reality when testing tons of processes is
that these separate threads wind up fighting with the scheduler, and we
wind up with contention in places we don't care about that decrease the
chances of hitting a bug. So just do a test with the number of CPU
cores, rather than trying to scale up arbitrarily.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
netns: make routing loop test non-fatal2022-05-05T14:07:27ZJason A. DonenfeldJason@zx2c4.com2022-04-27T01:21:51Zurn:sha1:f8886735e303b0483e67dd4d4671cd271d427588
I hate to do this, but I still do not have a good solution to actually
fix this bug across architectures. So just disable it for now, so that
the CI can still deliver actionable results. This commit adds a large
red warning, so that at least the failure isn't lost forever, and
hopefully this can be revisited down the line.
Link: https://lore.kernel.org/netdev/CAHmME9pv1x6C4TNdL6648HydD8r+txpV4hTUXOBVkrapBXH4QQ@mail.gmail.com/
Link: https://lore.kernel.org/netdev/YmszSXueTxYOC41G@zx2c4.com/
Link: https://lore.kernel.org/wireguard/CAHmME9rNnBiNvBstb7MPwK-7AmAN0sOfnhdR=eeLrowWcKxaaQ@mail.gmail.com/
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
device: check for metadata_dst with skb_valid_dst()2022-04-14T12:49:25ZNikolay Aleksandrovrazor@blackwall.org2022-04-14T10:44:57Zurn:sha1:f9d9b4db6fcdb06bd54d876255e66fee767bc87f
When we try to transmit an skb with md_dst attached through wireguard
we hit a null pointer dereference in wg_xmit() due to the use of
dst_mtu() which calls into dst_blackhole_mtu() which in turn tries to
dereference dst->dev.
Since wireguard doesn't use md_dsts we should use skb_valid_dst(), which
checks for DST_METADATA flag, and if it's set, then falls back to
wireguard's device mtu. That gives us the best chance of transmitting
the packet; otherwise if the blackhole netdev is used we'd get
ETH_MIN_MTU.
[ 263.693506] BUG: kernel NULL pointer dereference, address: 00000000000000e0
[ 263.693908] #PF: supervisor read access in kernel mode
[ 263.694174] #PF: error_code(0x0000) - not-present page
[ 263.694424] PGD 0 P4D 0
[ 263.694653] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ 263.694876] CPU: 5 PID: 951 Comm: mausezahn Kdump: loaded Not tainted 5.18.0-rc1+ #522
[ 263.695190] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1.fc35 04/01/2014
[ 263.695529] RIP: 0010:dst_blackhole_mtu+0x17/0x20
[ 263.695770] Code: 00 00 00 0f 1f 44 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 47 10 48 83 e0 fc 8b 40 04 85 c0 75 09 48 8b 07 <8b> 80 e0 00 00 00 c3 66 90 0f 1f 44 00 00 48 89 d7 be 01 00 00 00
[ 263.696339] RSP: 0018:ffffa4a4422fbb28 EFLAGS: 00010246
[ 263.696600] RAX: 0000000000000000 RBX: ffff8ac9c3553000 RCX: 0000000000000000
[ 263.696891] RDX: 0000000000000401 RSI: 00000000fffffe01 RDI: ffffc4a43fb48900
[ 263.697178] RBP: ffffa4a4422fbb90 R08: ffffffff9622635e R09: 0000000000000002
[ 263.697469] R10: ffffffff9b69a6c0 R11: ffffa4a4422fbd0c R12: ffff8ac9d18b1a00
[ 263.697766] R13: ffff8ac9d0ce1840 R14: ffff8ac9d18b1a00 R15: ffff8ac9c3553000
[ 263.698054] FS: 00007f3704c337c0(0000) GS:ffff8acaebf40000(0000) knlGS:0000000000000000
[ 263.698470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 263.698826] CR2: 00000000000000e0 CR3: 0000000117a5c000 CR4: 00000000000006e0
[ 263.699214] Call Trace:
[ 263.699505] <TASK>
[ 263.699759] wg_xmit+0x411/0x450
[ 263.700059] ? bpf_skb_set_tunnel_key+0x46/0x2d0
[ 263.700382] ? dev_queue_xmit_nit+0x31/0x2b0
[ 263.700719] dev_hard_start_xmit+0xd9/0x220
[ 263.701047] __dev_queue_xmit+0x8b9/0xd30
[ 263.701344] __bpf_redirect+0x1a4/0x380
[ 263.701664] __dev_queue_xmit+0x83b/0xd30
[ 263.701961] ? packet_parse_headers+0xb4/0xf0
[ 263.702275] packet_sendmsg+0x9a8/0x16a0
[ 263.702596] ? _raw_spin_unlock_irqrestore+0x23/0x40
[ 263.702933] sock_sendmsg+0x5e/0x60
[ 263.703239] __sys_sendto+0xf0/0x160
[ 263.703549] __x64_sys_sendto+0x20/0x30
[ 263.703853] do_syscall_64+0x3b/0x90
[ 263.704162] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 263.704494] RIP: 0033:0x7f3704d50506
[ 263.704789] Code: 48 c7 c0 ff ff ff ff eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89
[ 263.705652] RSP: 002b:00007ffe954b0b88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 263.706141] RAX: ffffffffffffffda RBX: 0000558bb259b490 RCX: 00007f3704d50506
[ 263.706544] RDX: 000000000000004a RSI: 0000558bb259b7b2 RDI: 0000000000000003
[ 263.706952] RBP: 0000000000000000 R08: 00007ffe954b0b90 R09: 0000000000000014
[ 263.707339] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe954b0b90
[ 263.707735] R13: 000000000000004a R14: 0000558bb259b7b2 R15: 0000000000000001
[ 263.708132] </TASK>
[ 263.708398] Modules linked in: bridge netconsole bonding [last unloaded: bridge]
[ 263.708942] CR2: 00000000000000e0
Link: https://github.com/cilium/cilium/issues/19428
Reported-by: Martynas Pumputis <m@lambda.lt>
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
[Jason: polyfilled for < 4.3]
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>