wireguard: queueing: use CFI-safe ptr_ring cleanup function
commit ec59f128a9bd4255798abb1e06ac3b442f46ef68 upstream. We make too nuanced use of ptr_ring to entirely move to the skb_array wrappers, but we at least should avoid the naughty function pointer cast when cleaning up skbs. Otherwise RAP/CFI will honk at us. This patch uses the __skb_array_destroy_skb wrapper for the cleanup, rather than directly providing kfree_skb, which is what other drivers in the same situation do too. Reported-by: PaX Team <pageexec@freemail.hu> Fixes: 886fcee939ad ("wireguard: receive: use ring buffer for incoming handshakes") Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Jason A. Donenfeld
committed by
Greg Kroah-Hartman
Greg Kroah-Hartman
parent
8a0c70c238
commit
cd032f218c
@@ -4,6 +4,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "queueing.h"
|
#include "queueing.h"
|
||||||
|
#include <linux/skb_array.h>
|
||||||
|
|
||||||
struct multicore_worker __percpu *
|
struct multicore_worker __percpu *
|
||||||
wg_packet_percpu_multicore_worker_alloc(work_func_t function, void *ptr)
|
wg_packet_percpu_multicore_worker_alloc(work_func_t function, void *ptr)
|
||||||
@@ -42,7 +43,7 @@ void wg_packet_queue_free(struct crypt_queue *queue, bool purge)
|
|||||||
{
|
{
|
||||||
free_percpu(queue->worker);
|
free_percpu(queue->worker);
|
||||||
WARN_ON(!purge && !__ptr_ring_empty(&queue->ring));
|
WARN_ON(!purge && !__ptr_ring_empty(&queue->ring));
|
||||||
ptr_ring_cleanup(&queue->ring, purge ? (void(*)(void*))kfree_skb : NULL);
|
ptr_ring_cleanup(&queue->ring, purge ? __skb_array_destroy_skb : NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
#define NEXT(skb) ((skb)->prev)
|
#define NEXT(skb) ((skb)->prev)
|
||||||
|
|||||||
Reference in New Issue
Block a user