From 5551d21284702a5f36791aecc7735870d0423996 Mon Sep 17 00:00:00 2001 From: "Yury Norov [NVIDIA]" Date: Wed, 10 Sep 2025 03:36:41 +0200 Subject: [PATCH 1/4] wireguard: queueing: simplify wg_cpumask_next_online() wg_cpumask_choose_online() opencodes cpumask_nth(). Use it and make the function significantly simpler. While there, fix opencoded cpu_online() too. Signed-off-by: Yury Norov Reviewed-by: Simon Horman Signed-off-by: Jason A. Donenfeld Link: https://patch.msgid.link/20250910013644.4153708-2-Jason@zx2c4.com Signed-off-by: Jakub Kicinski --- drivers/net/wireguard/queueing.h | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h index 7eb76724b3ed..56314f98b6ba 100644 --- a/drivers/net/wireguard/queueing.h +++ b/drivers/net/wireguard/queueing.h @@ -104,16 +104,11 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) { - unsigned int cpu = *stored_cpu, cpu_index, i; + unsigned int cpu = *stored_cpu; + + if (unlikely(cpu >= nr_cpu_ids || !cpu_online(cpu))) + cpu = *stored_cpu = cpumask_nth(id % num_online_cpus(), cpu_online_mask); - if (unlikely(cpu >= nr_cpu_ids || - !cpumask_test_cpu(cpu, cpu_online_mask))) { - cpu_index = id % cpumask_weight(cpu_online_mask); - cpu = cpumask_first(cpu_online_mask); - for (i = 0; i < cpu_index; ++i) - cpu = cpumask_next(cpu, cpu_online_mask); - *stored_cpu = cpu; - } return cpu; } From 5bd8de20770ca001621bb1aa5eb9a0977d0bd2d9 Mon Sep 17 00:00:00 2001 From: "Yury Norov (NVIDIA)" Date: Wed, 10 Sep 2025 03:36:42 +0200 Subject: [PATCH 2/4] wireguard: queueing: always return valid online CPU in wg_cpumask_choose_online() The function gets number of online CPUS, and uses it to search for Nth cpu in cpu_online_mask. If id == num_online_cpus() - 1, and one CPU gets offlined between calling num_online_cpus() -> cpumask_nth(), there's a chance for cpumask_nth() to find nothing and return >= nr_cpu_ids. The caller code in __queue_work() tries to avoid that by checking the returned CPU against WORK_CPU_UNBOUND, which is NR_CPUS. It's not the same as '>= nr_cpu_ids'. On a typical Ubuntu desktop, NR_CPUS is 8192, while nr_cpu_ids is the actual number of possible CPUs, say 8. The non-existing cpu may later be passed to rcu_dereference() and corrupt the logic. Fix it by switching from 'if' to 'while'. Suggested-by: Jason A. Donenfeld Signed-off-by: Yury Norov (NVIDIA) Signed-off-by: Jason A. Donenfeld Link: https://patch.msgid.link/20250910013644.4153708-3-Jason@zx2c4.com Signed-off-by: Jakub Kicinski --- drivers/net/wireguard/queueing.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h index 56314f98b6ba..79b6d70de236 100644 --- a/drivers/net/wireguard/queueing.h +++ b/drivers/net/wireguard/queueing.h @@ -106,7 +106,7 @@ static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) { unsigned int cpu = *stored_cpu; - if (unlikely(cpu >= nr_cpu_ids || !cpu_online(cpu))) + while (unlikely(cpu >= nr_cpu_ids || !cpu_online(cpu))) cpu = *stored_cpu = cpumask_nth(id % num_online_cpus(), cpu_online_mask); return cpu; From 30e1a1dfa2283cf21d3361fb846f42c0ce1ee51c Mon Sep 17 00:00:00 2001 From: David Hildenbrand Date: Wed, 10 Sep 2025 03:36:43 +0200 Subject: [PATCH 3/4] wireguard: selftests: remove CONFIG_SPARSEMEM_VMEMMAP=y from qemu kernel config It's no longer user-selectable (and the default was already "y"), so let's just drop it. It was never really relevant to the wireguard selftests either way. Cc: Shuah Khan Acked-by: Mike Rapoport (Microsoft) Reviewed-by: Lorenzo Stoakes Reviewed-by: Liam R. Howlett Signed-off-by: David Hildenbrand Signed-off-by: Jason A. Donenfeld Link: https://patch.msgid.link/20250910013644.4153708-4-Jason@zx2c4.com Signed-off-by: Jakub Kicinski --- tools/testing/selftests/wireguard/qemu/kernel.config | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/testing/selftests/wireguard/qemu/kernel.config b/tools/testing/selftests/wireguard/qemu/kernel.config index 0a5381717e9f..1149289f4b30 100644 --- a/tools/testing/selftests/wireguard/qemu/kernel.config +++ b/tools/testing/selftests/wireguard/qemu/kernel.config @@ -48,7 +48,6 @@ CONFIG_JUMP_LABEL=y CONFIG_FUTEX=y CONFIG_SHMEM=y CONFIG_SLUB=y -CONFIG_SPARSEMEM_VMEMMAP=y CONFIG_SMP=y CONFIG_SCHED_SMT=y CONFIG_SCHED_MC=y From ff78bfe48be8c1de5a0c88aae109c6659fc89740 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 10 Sep 2025 03:36:44 +0200 Subject: [PATCH 4/4] wireguard: selftests: select CONFIG_IP_NF_IPTABLES_LEGACY This is required on recent kernels, where it is now off by default. While we're here, fix some stray =m's that were supposed to be =y. Signed-off-by: Jason A. Donenfeld Link: https://patch.msgid.link/20250910013644.4153708-5-Jason@zx2c4.com Signed-off-by: Jakub Kicinski --- tools/testing/selftests/wireguard/qemu/kernel.config | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/wireguard/qemu/kernel.config b/tools/testing/selftests/wireguard/qemu/kernel.config index 1149289f4b30..936b18be07cf 100644 --- a/tools/testing/selftests/wireguard/qemu/kernel.config +++ b/tools/testing/selftests/wireguard/qemu/kernel.config @@ -20,9 +20,10 @@ CONFIG_NETFILTER_XTABLES_LEGACY=y CONFIG_NETFILTER_XT_NAT=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MARK=y -CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m -CONFIG_IP_NF_TARGET_REJECT=m -CONFIG_IP6_NF_TARGET_REJECT=m +CONFIG_NETFILTER_XT_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_REJECT=y +CONFIG_IP6_NF_TARGET_REJECT=y +CONFIG_IP_NF_IPTABLES_LEGACY=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_MANGLE=y