On 4/14/22 12:44 PM, Nikolay Aleksandrov wrote:
When we try to transmit an skb with md_dst attached through wireguard we hit a null pointer dereference[1] in wg_xmit() due to the use of dst_mtu() which calls into dst_blackhole_mtu() which in turn tries to dereference dst->dev. Since wireguard doesn't use md_dsts we should use skb_valid_dst() which checks for DST_METADATA flag and if it's set then fallback to wireguard's device mtu. That gives us the best chance of transmitting the packet, otherwise if the blackhole netdev is used we'd get ETH_MIN_MTU.
[...]
CC: [email protected] CC: [email protected] CC: Jason A. Donenfeld <[email protected]> CC: Daniel Borkmann <[email protected]> CC: Martynas Pumputis <[email protected]> Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") Reported-by: Martynas Pumputis <[email protected]> Signed-off-by: Nikolay Aleksandrov <[email protected]>
Looks good to me, thanks Nik! Acked-by: Daniel Borkmann <[email protected]>
