From patchwork Mon Jan 19 13:13:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4719 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:9186:b0:80a:3855:ce6a with SMTP id j6csp3198327maf; Mon, 19 Jan 2026 05:46:10 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVr0k6EDO5Ayf8U8VdLxIBWYzkBICubtRujyfeOaQ0OFBb/Bixa16mzk9tmFgFtxfNqk8wMD1wkC7U=@openvpn.net X-Received: by 2002:a05:6870:e0d4:b0:3f5:ae31:f06e with SMTP id 586e51a60fabf-4044cfd22f5mr5805423fac.36.1768830370615; Mon, 19 Jan 2026 05:46:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1768830370; cv=none; d=google.com; s=arc-20240605; b=hpusowR+PAbYQXxEiRlk/D2MXAZRLP/klaBE2cHOg1eVHqRHJzK4Rk5JSSxyuVTAqW +LtyXwfpU6Kn6WujQd1glrK1jBy6D0lCcdILH4Y7s0CnDUDBOTnBfA1U0hBtml/lkXHA aW9ESKXB1Uol+bnX3PpmYgJo9vf2uYOZFmMO05eGkIkmqKhXsruNTNhlpOubhsxTcqcw 02/fGc7uG5BT3eXeUkyP9YLWTDG74JBxvKvpnirXFTQ5s0G2iCh6PvIf73OejTavERV3 2O5HKCxhnvAyiNRgkJiyLwo6OGqVfuJy+WEb5ZkjeAFPbyZQaHVkC0aGz2MNhnEnDfOf kf1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=H3RKvRDMC1ecpdZkiBZpNF7FS/mbIx/SJMnseNmJuYk=; fh=bDmbXayvKcQuWZaaz4JM7kgnS3MJBk3QUq2ehqNuBVc=; b=L261whrSI8FVyeCXJRbfMjQgUgP15kLMh6LVYqw54pOctrEPNKGUefcMZWs+0458Me 4Y5OqP7a+eiv75AW8oHfG8d30V7U8aURvF8Njl67oSbq3nFQki2VSN7CGYo047vnj1R0 t8DBDRsQoGe+ZvIx/CqN7f83Eo85pOuA4P84SCKbHsq6qcVn3h2rguSqxlInVYivnU+j EIql7bV3a8bW4qOeXqqTo7XmXOGBY8miuzxABxZzKEEv2Y5MCytqkhTf2oSWqL5/ZuQ5 3ABJxhDFN9ft/0IR44DFv9yVdvNFgXNKzDFayWDJ/TAhpf+RB+aFsQtUiHKHNm7j/PFm t4Gg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=fegmP0Jl; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bLMnILt0; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=i8VaDXa9; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=Ou7ok4hQ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-4044bdc9bc8si7803538fac.245.2026.01.19.05.46.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Jan 2026 05:46:10 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=fegmP0Jl; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bLMnILt0; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=i8VaDXa9; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=Ou7ok4hQ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=H3RKvRDMC1ecpdZkiBZpNF7FS/mbIx/SJMnseNmJuYk=; b=fegmP0JlK6JtM9/DFQk4q53xTP xpMRKxL3Yu7fBri87hdOp6647C/PN2V3b5hPtA2OeCTW94kuN+bLiIgP+PzAU9zR9bpop96/6p9Vl wDo/FHiD2Jvq24p8x52oHvt+j1MsrJrCHR/RiMnyJ++mBbITHQTvQ83G5nNPRaYejFbc=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vhpa4-0001kg-5M; Mon, 19 Jan 2026 13:46:08 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vhpa3-0001kY-2T for openvpn-devel@lists.sourceforge.net; Mon, 19 Jan 2026 13:46:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=DWIqhylxC/Z3cXo6HbtjVBrxubRKlW2D2gQ2o/dXZ5Y=; b=bLMnILt0tUNkBYqkDjE4If8Wnt uQWiT/jbfebbbTWuyQyhqoUXgKngO6fzlVnCZVNVTpl/oqDT32QH1rPo0A54tWhY08QO6agEk+o8I GtJME8iZ6e6PwagYtbe4n3SOvRYMJzE85t90246ijtcp6xGFFtZHbAjdnBGrOicKeamI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=DWIqhylxC/Z3cXo6HbtjVBrxubRKlW2D2gQ2o/dXZ5Y=; b=i 8VaDXa9L748sJGN+DhR0/UktrxeKFJJViJw7vAbf8j3zwSKfuQ8s/HDPOKFTLpdTOIN+P5e7qnY/n 8NqeIqXVqsSnr1Qe9KgON9KN6R2lJBnWrYAEQeDLZ2lUFrn2hhnAXwqwZHPDXQA3W82jXDwfWFlao N+GONg5UdC49Eesk=; Received: from mail-ed1-f42.google.com ([209.85.208.42]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1vhpa2-0005Wt-IW for openvpn-devel@lists.sourceforge.net; Mon, 19 Jan 2026 13:46:07 +0000 Received: by mail-ed1-f42.google.com with SMTP id 4fb4d7f45d1cf-6505cac9879so7210631a12.1 for ; Mon, 19 Jan 2026 05:46:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=google; t=1768830360; x=1769435160; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=DWIqhylxC/Z3cXo6HbtjVBrxubRKlW2D2gQ2o/dXZ5Y=; b=Ou7ok4hQDsGujLeY/MyZ7fh2Qfrwa+1Ta2nG24YXcbY4k7JaDYKfO1mvseXT16PVn7 aV/rYU0jck7LuzIGct8+pXSiffWK6TZSFWufMbRV5qEk/GuZoGf/TYuVoSocZhhWpwbA P92hfieKu9YYn0crLOI1CcmYS1eLkBjFZZSakDuFlUlHM6ci0wE1dK9dkXjhVoOpbH8x T1DsppmnLt+yV0/kSeZoshSK5eVA9aKZlFzLEej1ZO12Co0c3m/VWQ53ItB1XNwUsNCl wp2pSZhlxG4NjGeSGiISf19D0jv2EiibS5piZ28U0j4e/auHmCamAAJ/YpCelfVH1GhD ZXOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768830360; x=1769435160; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=DWIqhylxC/Z3cXo6HbtjVBrxubRKlW2D2gQ2o/dXZ5Y=; b=LwK3hwP5gSUjcOf9Da7CB3Fgs7RPKKSWVrGQrfaZivcyACZcJPLChXMW6A1sDtZFyr sIsF41cFTxKD7hVH0h0tfblhRsovynBw5Y3EPdXuhNrA+fqb47TN+KpR8r6rW5Mrz92K t8m5UCTdTi2EKHydTuMoitdiWkP8/ofJ7THO2kbxRnnLIvr8VRpKV0wCVHW506vwQKTQ bpmlxzfikxRmiZ0d2ZB4tgxukaY9fmE6mRAA9KJGZUxO2PCBVVXClbyy19MJ0RJnKdQa KDPIVDlVVL9nMUyQ1OAHIX0e0+dydVSEsgdeRQj4TEMqGiXoc8omsPsH+vDhQ9XMWk+y g5sA== X-Gm-Message-State: AOJu0YyCbybWMTQDA6TYzDF4IQ9tQaLajGfKgOPsFHw6+XNOiEnORZGI 65MV4Ct8oJ5CaIXzUEvn2+imgsUhae3+IiITSofbuAwB6+VOV4kL6XMlBU8r5XKbX3A837Di8pB 685kq X-Gm-Gg: AY/fxX4KcxVedKqyzzw9IQQf8TP9deJnGSk4rNDUwSKWli9FoUwz0JlTS0OiB90n1Fg s5kLVGTxarai46gXgCNiUIj88pJ4cWWpHMOi4jYjCaBW+axSE9uGyp5wvXKhzK5vaPvdBru8CZA /IQ2NWzvHAesmuWGhVuXC2+VqQOqmSUwUpeJi+RRcz5uEB9mAIQNdFw95n4MjvWSPVy5FqABAqx OBehBTLGT5IT7YYub8Bwf1nnR3cA64xlvLF99gxAtcmbxToBGFNAI2rYoSNfGQHd147murFm8RN 6zkZCdEwws9aXpAz7zf+vg51ztFQqYpKfitPanhO6pfoVcd9i9wtwLrIjntI8x2N9jWvGA5JYnH pFOfmmHj2/9fyDl2uGUGnIJXt/CyEIRf7ykq1YLV+KhOA3VfpKy2EmSShyaUo7VS6SWAIAH4Wuw Dh0f4o+A== X-Received: by 2002:a17:907:a05:b0:b86:fed0:2b with SMTP id a640c23a62f3a-b8792f79c4dmr940883566b.32.1768828474828; Mon, 19 Jan 2026 05:14:34 -0800 (PST) Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b87959fbd23sm1099805066b.51.2026.01.19.05.14.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Jan 2026 05:14:34 -0800 (PST) From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Mon, 19 Jan 2026 14:13:58 +0100 Message-ID: <20260119131400.424161-1-ralf@mandelbit.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: During initialization, we override some socket callbacks and set sk_user_data to ovpn_sock. Currently these two operations are decoupled: the callbacks are overridden before sk_user_data is set, leavi [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.42 listed in wl.mailspike.net] X-Headers-End: 1vhpa2-0005Wt-IW Subject: [Openvpn-devel] [PATCH ovpn net 1/3] ovpn: set sk_user_data before overriding callbacks X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sabrina Dubroca Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1854753074739769043?= X-GMAIL-MSGID: =?utf-8?q?1854753074739769043?= During initialization, we override some socket callbacks and set sk_user_data to ovpn_sock. Currently these two operations are decoupled: the callbacks are overridden before sk_user_data is set, leaving a potentially ill-formed state while socket ownership is not yet complete. For example, if a packet arrives after ovpn_udp_socket_attach has been called but before ovpn_socket_new finishes, ovpn_udp_encap_recv may be invoked without a configured sk_user_data pointer. Set sk_user_data before overriding the callbacks so that it can be accessed safely from them. Since we already check that the socket has no sk_user_data before setting it, this remains safe even if an interrupt accesses the socket after sk_user_data is set but before the callbacks are overridden. Signed-off-by: Ralf Lici --- drivers/net/ovpn/socket.c | 38 +++++++++++++++++++++----------------- drivers/net/ovpn/tcp.c | 1 + drivers/net/ovpn/udp.c | 1 + 3 files changed, 23 insertions(+), 17 deletions(-) diff --git a/drivers/net/ovpn/socket.c b/drivers/net/ovpn/socket.c index 9750871ab65c..053b8abe5619 100644 --- a/drivers/net/ovpn/socket.c +++ b/drivers/net/ovpn/socket.c @@ -200,6 +200,22 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) ovpn_sock->sk = sk; kref_init(&ovpn_sock->refcount); + /* TCP sockets are per-peer, therefore they are linked to their unique + * peer + */ + if (sk->sk_protocol == IPPROTO_TCP) { + INIT_WORK(&ovpn_sock->tcp_tx_work, ovpn_tcp_tx_work); + ovpn_sock->peer = peer; + ovpn_peer_hold(peer); + } else if (sk->sk_protocol == IPPROTO_UDP) { + /* in UDP we only link the ovpn instance since the socket is + * shared among multiple peers + */ + ovpn_sock->ovpn = peer->ovpn; + netdev_hold(peer->ovpn->dev, &ovpn_sock->dev_tracker, + GFP_KERNEL); + } + /* the newly created ovpn_socket is holding reference to sk, * therefore we increase its refcounter. * @@ -212,29 +228,17 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) ret = ovpn_socket_attach(ovpn_sock, sock, peer); if (ret < 0) { + if (sk->sk_protocol == IPPROTO_TCP) + ovpn_peer_put(peer); + else if (sk->sk_protocol == IPPROTO_UDP) + netdev_put(peer->ovpn->dev, &ovpn_sock->dev_tracker); + sock_put(sk); kfree(ovpn_sock); ovpn_sock = ERR_PTR(ret); goto sock_release; } - /* TCP sockets are per-peer, therefore they are linked to their unique - * peer - */ - if (sk->sk_protocol == IPPROTO_TCP) { - INIT_WORK(&ovpn_sock->tcp_tx_work, ovpn_tcp_tx_work); - ovpn_sock->peer = peer; - ovpn_peer_hold(peer); - } else if (sk->sk_protocol == IPPROTO_UDP) { - /* in UDP we only link the ovpn instance since the socket is - * shared among multiple peers - */ - ovpn_sock->ovpn = peer->ovpn; - netdev_hold(peer->ovpn->dev, &ovpn_sock->dev_tracker, - GFP_KERNEL); - } - - rcu_assign_sk_user_data(sk, ovpn_sock); sock_release: release_sock(sk); return ovpn_sock; diff --git a/drivers/net/ovpn/tcp.c b/drivers/net/ovpn/tcp.c index 0d7f30360d87..e078f9b39122 100644 --- a/drivers/net/ovpn/tcp.c +++ b/drivers/net/ovpn/tcp.c @@ -487,6 +487,7 @@ int ovpn_tcp_socket_attach(struct ovpn_socket *ovpn_sock, /* make sure no pre-existing encapsulation handler exists */ if (ovpn_sock->sk->sk_user_data) return -EBUSY; + rcu_assign_sk_user_data(ovpn_sock->sk, ovpn_sock); /* only a fully connected socket is expected. Connection should be * handled in userspace diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c index d6a0f7a0b75d..272b535ecaad 100644 --- a/drivers/net/ovpn/udp.c +++ b/drivers/net/ovpn/udp.c @@ -386,6 +386,7 @@ int ovpn_udp_socket_attach(struct ovpn_socket *ovpn_sock, struct socket *sock, struct ovpn_priv *ovpn) { struct udp_tunnel_sock_cfg cfg = { + .sk_user_data = ovpn_sock, .encap_type = UDP_ENCAP_OVPNINUDP, .encap_rcv = ovpn_udp_encap_recv, .encap_destroy = ovpn_udp_encap_destroy,