On 4/14/22 12:44 PM, Nikolay Aleksandrov wrote:
When we try to transmit an skb with md_dst attached through wireguard
we hit a null pointer dereference[1] in wg_xmit() due to the use of
dst_mtu() which calls into dst_blackhole_mtu() which in turn tries to
dereference dst->dev. Since wireguard doesn't use md_dsts we should use
skb_valid_dst() which checks for DST_METADATA flag and if it's set then
fallback to wireguard's device mtu. That gives us the best chance of
transmitting the packet, otherwise if the blackhole netdev is used we'd
get ETH_MIN_MTU.
[...]
CC: stable@xxxxxxxxxxxxxxx
CC: wireguard@xxxxxxxxxxxxxxx
CC: Jason A. Donenfeld <Jason@xxxxxxxxx>
CC: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
CC: Martynas Pumputis <m@xxxxxxxxx>
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Reported-by: Martynas Pumputis <m@xxxxxxxxx>
Signed-off-by: Nikolay Aleksandrov <razor@xxxxxxxxxxxxx>
Looks good to me, thanks Nik!
Acked-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
