[WireGuard] Error building against grsec-enabled kernel

Jason A. Donenfeld Jason at zx2c4.com
Fri Oct 21 10:47:52 CEST 2016


On Fri, Oct 21, 2016 at 5:02 PM, PaX Team <pageexec at gmail.com> wrote:
> are you sure it was for satisfying PaX only and not a bug itself? :)

Blurg. I was overly hasty. Note to self: do not prepare conf
presentations and push code at the same time. Indeed this /should/ be
~0, which means "unset". I can't see any bugs by making it 0, but it
would make things "semantically incorrect", I think.

So the bug is actually in the ipv6 fragmentation code. I just sent a
patch upstream and CC'd you and Emese.

>
> if you ask me, you should just get rid of __read_mostly unconditionally (which
> is what i do in PaX as it interferes with constification) as rtnl_link_ops extends
> over several cache lines so any concerns with false sharing with writable data
> would at most affect only a few fields that are rarely used (or the fields could
> be reordered and/or aligned for such affect). otherwise you'll need to have your
> own #ifdef based on CONSTIFY_PLUGIN as suggested originally by Toke.

I'll use CONFIG_PAX_CONSTIFY_PLUGIN. Upstream uses __read_mostly for
that structure always, everywhere else. They'll probably enforce their
uniformity, so I'll stick a conditional redefinition of __read_mostly
in compat.h.


More information about the WireGuard mailing list