[WireGuard] Error building against grsec-enabled kernel

Jason A. Donenfeld Jason at zx2c4.com
Fri Oct 21 04:32:04 CEST 2016

On Fri, Oct 21, 2016 at 9:24 AM, PaX Team <pageexec at gmail.com> wrote:
> in any case, whoever can reproduce this should print out the value of
> head->mac_header before the increment. my guess based on past experience
> on similar network problems is that the field is probably invalid (ffff
> or similar) and adding to it will trigger the size overflow check. this
> in turn means that there's usually some higher level logic bug and you'll
> have to talk to netdev guys as i'm way out of my depths at that point ;).


>> >> OK, so turns out just getting rid of the __read_mostly fixes things.
> FWIW, i've been carrying such a local patch on my gentoo box too ;).

Got a good #ifdef for PAX that I should use to conditionally not use
__read_mostly in case PAX is in use?

More information about the WireGuard mailing list