| Message ID | 20260128124410.429529-2-ralf@mandelbit.com |
|---|---|
| State | New |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:8468:b0:80a:3855:ce6a with SMTP id u8csp2708294max;
Wed, 28 Jan 2026 04:52:48 -0800 (PST)
X-Forwarded-Encrypted: i=2;
AJvYcCWEvDiJC4iNukY6Ww04ZtkDB7WQS9f4I5yE/66iHYTIQGsMccIKZTDJ/IifMwm9heQzPEngixu+6Ps=@openvpn.net
X-Received: by 2002:a05:6871:51d1:b0:409:6877:ca4a with SMTP id
586e51a60fabf-4096877e106mr700124fac.15.1769604767820;
Wed, 28 Jan 2026 04:52:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1769604767; cv=none;
d=google.com; s=arc-20240605;
b=HrShKipvQAAFEVoUhjgoVOBuqsReM3dDNIfSYG67YZLtU+oH/yicjQ3X8joE8nCuqB
dWtQHGEN/7ByvNBMn3DPc51oNte6KmtKD4y37siMTvyQpqBKBSVcyd7V8pGxqTxt9qfl
xfjUc34OQBC1AH3ITYfZvvzhu7NnEwf+x/GgpC+bh9VLSjZRjw7EfsVFY1jaY4HMfuCm
VK/bcl9+cLfLn8/M6mgn3r23DufUj1gKq8gKvFsk2tf1u47eBcagmQCQ+h1qD12izJdb
lQ9DXGOmS7V5wWod72NC4HeNIW89rBHSoZ0H6Xxpu3C2y+P+WF/NzVp1pSnDM+J5mOgp
uIWg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:references:in-reply-to:message-id:date:to:from
:dkim-signature:dkim-signature:dkim-signature:dkim-signature;
bh=rGfK/EQ1lwyDhnDjPcVjcNL6SkO5dYDsS59z4oLsu34=;
fh=bDmbXayvKcQuWZaaz4JM7kgnS3MJBk3QUq2ehqNuBVc=;
b=Npx186aL8FYmzR2xUPZ4QSh1orAt9wDI5h4Pf9DM717UWgScKZ1xvOW6br2UXkijAJ
LZ7o7KQbRmGxWzM2E6B/m5qTIlc6iMix5/g2LeD2jP9CROlIYlh4a8XAV1dHKbYdI1sB
8FZmqYgNmMZT3fEg89uRk1VwTX7jdFaj6mRnuBZPPG5M7OeJTIlVuyoHhDYtdg8CxU/+
SpQ7MG/qid2ePqPBxhNyJe1dPiUhxAC+rjDpQKstQMr3aHvEuNy8QLMRTtigc4mrwHTP
jPNazZtQj8jhGxlrzJ4+4wvV4CMlGhp1Tidox9B1/S/QnVOAB14wipS2rKjkPr9kInxm
bWKQ==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b="N/XBDTD9";
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=igk4Aolu;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=cEL6V0pH;
dkim=neutral (body hash did not verify) header.i=@mandelbit.com
header.s=google header.b=C+YIjjAB;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dara=neutral header.i=@openvpn.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
586e51a60fabf-409577f2fadsi1914181fac.372.2026.01.28.04.52.47
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Wed, 28 Jan 2026 04:52:47 -0800 (PST)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b="N/XBDTD9";
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=igk4Aolu;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=cEL6V0pH;
dkim=neutral (body hash did not verify) header.i=@mandelbit.com
header.s=google header.b=C+YIjjAB;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dara=neutral header.i=@openvpn.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc:
List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender
:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
bh=rGfK/EQ1lwyDhnDjPcVjcNL6SkO5dYDsS59z4oLsu34=; b=N/XBDTD91v6SH6YiI5bKOUJcjW
1EPpiWcNItco0x0KAM1JwUkONTkkK2zRjZJD9tGywZdHZOvXa51EVf0q3duA9r6UBPc0Uern9zw1V
JltiRlI9TSWpe0h5f6RU+Dn6CXICF/Tf2SnZSPoc8dTyPs2Wsv19ipca1d51eSjFxttU=;
Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com)
by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1vl52J-0001w1-RZ;
Wed, 28 Jan 2026 12:52:43 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <ralf@mandelbit.com>) id 1vl52I-0001vs-4a
for openvpn-devel@lists.sourceforge.net;
Wed, 28 Jan 2026 12:52:42 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=zW0+vaK6/TLdEvBDLsVAjLDYW6HiK8W+5p1Fv4hsw8w=; b=igk4AoluJ9tHX+J9P4Fvc1PIaO
Ud+2Tuhhy5NQZEXQ4WHVI977CcMzfHQyNST2QLAwb8BD4x2aNv3dqrWzn1Psj9JEDElkj2ac3A7jm
kCyipIso5yIsaKUYtF07RaUlsaeRGDFYA0tgfuWoPGOkxQi6fh1x9Loq7IR9B5Eo0DHQ=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=zW0+vaK6/TLdEvBDLsVAjLDYW6HiK8W+5p1Fv4hsw8w=; b=cEL6V0pH7yKTg0/xZFHcNSEpAC
P8cdRbI+R6c4fJFIbDi0WxSbWH+A1CotyLGCb6JLKVLZD/5DIFYdmw3eJBixuIg7vz1zVS+c7QZMR
of3W8sYraCn+W3YdC8zkaZcBuXYR1e3aNpJHWJh7J+3QLrc5ITLVk8Bgrklnn0EvzZB8=;
Received: from mail-lj1-f182.google.com ([209.85.208.182])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
id 1vl52H-0005hW-Md for openvpn-devel@lists.sourceforge.net;
Wed, 28 Jan 2026 12:52:42 +0000
Received: by mail-lj1-f182.google.com with SMTP id
38308e7fff4ca-385b6e77ef9so62186631fa.3
for <openvpn-devel@lists.sourceforge.net>;
Wed, 28 Jan 2026 04:52:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mandelbit.com; s=google; t=1769604750; x=1770209550;
darn=lists.sourceforge.net;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=zW0+vaK6/TLdEvBDLsVAjLDYW6HiK8W+5p1Fv4hsw8w=;
b=C+YIjjAB2s1X1V9hwybJwY2my0an744FXy7/hUGjK+F7ZGgo+401nW7gIcwrvjJH0A
/YgZBY+/TJ0tN3c3SRmlXMBj3ylg9NIDIjPy6vj+UXFB8MZX6KOWytv91Z9R5o6YoqPr
J5U5nJfPL2i4mwxk/k7HaZZvTQFT9RIlrHhoTnXUROckcbq9KqE5pLlBO8YLIavHvwK0
WLszj54xX3fYABVZEpTVyNJEcjwm4qyvL6rYUF1GWe1B/fRAasx/843nMOougzoxthp3
rg9TwQaM34JQt96X53x9YWwwTb0RswArEHZzHn4PwQcfUgyeJB3fJ62dMlGMUAlgwgf3
QMIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1769604750; x=1770209550;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
:to:cc:subject:date:message-id:reply-to;
bh=zW0+vaK6/TLdEvBDLsVAjLDYW6HiK8W+5p1Fv4hsw8w=;
b=ZrdeRvqIwXObWoiaX3PhM2JeEkLpVDK7ttfMMo6QNUAsFKII/aFGf/a/A/GtNCVOD5
d8+ALMQXJX/Y1MSTYEr1QdBDoVfi5R/zVuakCC3qYOcYFkAxcxbACSBdXIEg6Yk8OJ8o
hKbJZxZUzxjRn7kb2cFan/8CEmYhOd4kG3r2T8IdO03dkVkheBF5BXgxP2Jte1qzyZ1i
+f10C2uap850tQKSBK+lHVNuEqYPyfS9bqiHWwxUnvmlOZwDCfR35cQeoWQUQt3NyElK
VFiOvkDhf8kNySO5eVVlPj1QiT+MeNAnWFlcJpC4xOX2fHoGnUhWAHaCVIC4//tcx7+L
jwuQ==
X-Gm-Message-State: AOJu0YyufBfFzGiJeIz0iiQnbVMol8eZdjmJvc01Z1tGljzFf7xv+FUM
CJPRMsNvSVggS6Zt7dgxT4hyXdadb8prYBT8D2hpYb3YOsub/IuYSLa/aSkjTQPGWWqs8t+H0ep
hfuLL
X-Gm-Gg: AZuq6aIXUriu0ZZUqlf0pyQLV2B4CdhqmZIVQ7BqcinaWJJhTKyb0YYUJladditctUS
cR17k6aGrf2ypwZL2q5LDUcpqzkZ+5nuXvx3twMHJCpGYMTwHMllppo8xj0c8sszKWlk+NaK0dC
dJNzz51kAUiy5k9D6N+PHH0rvFCHA7nn5OrWF/Uh3jp0hMQuw7Y0EhZhlk/FjejBC8NlUBSA3B9
nXQBMGY4ph5RPrfNG4WHpRAaF9wStixS/icfUoad0voDnMmzoYr8d4e5oXrQvOzho3s7SgIdOUd
NFqPnui771ic6TItXo82VkUHwoT8+gS0CLlJkH55bD3o6FpfXlF/Sc6D9kRot4Oczs0mFohxjuQ
tleeb+V9RWWyMyS7aidosfYl3ET8hRiv4SI8LNnxtFRg4xRE02Ae7wCvn1TO9n0aUW5T2Sr+ITk
yfqjd3IQ==
X-Received: by 2002:a05:6000:2503:b0:430:fd60:93fb with SMTP id
ffacd0b85a97d-435dd0b6a20mr7494025f8f.32.1769604280010;
Wed, 28 Jan 2026 04:44:40 -0800 (PST)
Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8])
by smtp.gmail.com with ESMTPSA id
ffacd0b85a97d-435e1323034sm6656742f8f.35.2026.01.28.04.44.39
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 28 Jan 2026 04:44:39 -0800 (PST)
From: Ralf Lici <ralf@mandelbit.com>
To: openvpn-devel@lists.sourceforge.net
Date: Wed, 28 Jan 2026 13:44:09 +0100
Message-ID: <20260128124410.429529-2-ralf@mandelbit.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260128124410.429529-1-ralf@mandelbit.com>
References: <20260128124410.429529-1-ralf@mandelbit.com>
MIME-Version: 1.0
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
running on the system "sfi-spamd-2.hosts.colo.sdot.me",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: During GSO fragmentation,
skb_share_check may clone the first
segment and free the original skb. The current implementation continues to
use the stale skb pointer for peer lookup. Fix this by updating the skb
variable
to point to the new head of the segment list after the processing loop.
Additionally,
return early if all segments were dropped during the loop to avoid double-co
[...] Content analysis details: (-0.2 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.208.182 listed in wl.mailspike.net]
X-Headers-End: 1vl52H-0005hW-Md
Subject: [Openvpn-devel] [PATCH ovpn net v2 2/3] ovpn: fix possible
use-after-free in ovpn_net_xmit
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Sabrina Dubroca <sd@queasysnail.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1855565088951454489?=
X-GMAIL-MSGID: =?utf-8?q?1855565088951454489?=
|
| Series |
[Openvpn-devel,ovpn,net,v2,1/3] ovpn: set sk_user_data before overriding callbacks
|
expand
|
diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c index 3e9e7f8444b3..95c3518e067c 100644 --- a/drivers/net/ovpn/io.c +++ b/drivers/net/ovpn/io.c @@ -396,6 +396,17 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) __skb_queue_tail(&skb_list, curr); } + + /* no segments survived: don't jump to 'drop' because we already + * incremented the counter for each failure in the loop + */ + if (unlikely(skb_queue_empty(&skb_list))) + return NETDEV_TX_OK; + + /* the original 'skb' might have been freed/cloned in the loop: use the + * first element of our list for the other operations + */ + skb = skb_list.next; skb_list.prev->next = NULL; /* retrieve peer serving the destination IP of this packet */
During GSO fragmentation, skb_share_check may clone the first segment and free the original skb. The current implementation continues to use the stale skb pointer for peer lookup. Fix this by updating the skb variable to point to the new head of the segment list after the processing loop. Additionally, return early if all segments were dropped during the loop to avoid double-counting statistics and double-freeing memory in the drop path. Fixes: 08857b5ec5d9 ("ovpn: implement basic TX path (UDP)") Signed-off-by: Ralf Lici <ralf@mandelbit.com> --- Changes since v1 - this is a new patch that replaces the previous "ovpn: use sk_buff_head properly in ovpn_net_xmit" drivers/net/ovpn/io.c | 11 +++++++++++ 1 file changed, 11 insertions(+)