UBSAN: object-size-mismatch in wg_xmit
Julian Wiedmann
jwi at linux.ibm.com
Thu Jan 7 17:01:19 UTC 2021
On 21.12.20 12:23, Jason A. Donenfeld wrote:
> Hi Dmitry,
>
...
> fall on the border of a mapping? Is UBSAN non-deterministic as an
> optimization? Or is there actually some mysterious UaF happening with
> my usage of skbs that I shouldn't overlook?
>
One oddity is that wg_xmit() returns negative errnos, rather than a
netdev_tx_t (ie. NETDEV_TX_OK or NETDEV_TX_BUSY).
Any chance that the stack mis-interprets one of those custom errnos
as NETDEV_TX_BUSY, and thus believes that it still owns the skb?
> Jason
>
More information about the WireGuard
mailing list