From patchwork Mon Jan 19 13:13:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4719 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:9186:b0:80a:3855:ce6a with SMTP id j6csp3198327maf; Mon, 19 Jan 2026 05:46:10 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVr0k6EDO5Ayf8U8VdLxIBWYzkBICubtRujyfeOaQ0OFBb/Bixa16mzk9tmFgFtxfNqk8wMD1wkC7U=@openvpn.net X-Received: by 2002:a05:6870:e0d4:b0:3f5:ae31:f06e with SMTP id 586e51a60fabf-4044cfd22f5mr5805423fac.36.1768830370615; Mon, 19 Jan 2026 05:46:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1768830370; cv=none; d=google.com; s=arc-20240605; b=hpusowR+PAbYQXxEiRlk/D2MXAZRLP/klaBE2cHOg1eVHqRHJzK4Rk5JSSxyuVTAqW +LtyXwfpU6Kn6WujQd1glrK1jBy6D0lCcdILH4Y7s0CnDUDBOTnBfA1U0hBtml/lkXHA aW9ESKXB1Uol+bnX3PpmYgJo9vf2uYOZFmMO05eGkIkmqKhXsruNTNhlpOubhsxTcqcw 02/fGc7uG5BT3eXeUkyP9YLWTDG74JBxvKvpnirXFTQ5s0G2iCh6PvIf73OejTavERV3 2O5HKCxhnvAyiNRgkJiyLwo6OGqVfuJy+WEb5ZkjeAFPbyZQaHVkC0aGz2MNhnEnDfOf kf1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=H3RKvRDMC1ecpdZkiBZpNF7FS/mbIx/SJMnseNmJuYk=; fh=bDmbXayvKcQuWZaaz4JM7kgnS3MJBk3QUq2ehqNuBVc=; b=L261whrSI8FVyeCXJRbfMjQgUgP15kLMh6LVYqw54pOctrEPNKGUefcMZWs+0458Me 4Y5OqP7a+eiv75AW8oHfG8d30V7U8aURvF8Njl67oSbq3nFQki2VSN7CGYo047vnj1R0 t8DBDRsQoGe+ZvIx/CqN7f83Eo85pOuA4P84SCKbHsq6qcVn3h2rguSqxlInVYivnU+j EIql7bV3a8bW4qOeXqqTo7XmXOGBY8miuzxABxZzKEEv2Y5MCytqkhTf2oSWqL5/ZuQ5 3ABJxhDFN9ft/0IR44DFv9yVdvNFgXNKzDFayWDJ/TAhpf+RB+aFsQtUiHKHNm7j/PFm t4Gg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=fegmP0Jl; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bLMnILt0; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=i8VaDXa9; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=Ou7ok4hQ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-4044bdc9bc8si7803538fac.245.2026.01.19.05.46.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Jan 2026 05:46:10 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=fegmP0Jl; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bLMnILt0; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=i8VaDXa9; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=Ou7ok4hQ; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=H3RKvRDMC1ecpdZkiBZpNF7FS/mbIx/SJMnseNmJuYk=; b=fegmP0JlK6JtM9/DFQk4q53xTP xpMRKxL3Yu7fBri87hdOp6647C/PN2V3b5hPtA2OeCTW94kuN+bLiIgP+PzAU9zR9bpop96/6p9Vl wDo/FHiD2Jvq24p8x52oHvt+j1MsrJrCHR/RiMnyJ++mBbITHQTvQ83G5nNPRaYejFbc=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vhpa4-0001kg-5M; Mon, 19 Jan 2026 13:46:08 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vhpa3-0001kY-2T for openvpn-devel@lists.sourceforge.net; Mon, 19 Jan 2026 13:46:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=DWIqhylxC/Z3cXo6HbtjVBrxubRKlW2D2gQ2o/dXZ5Y=; b=bLMnILt0tUNkBYqkDjE4If8Wnt uQWiT/jbfebbbTWuyQyhqoUXgKngO6fzlVnCZVNVTpl/oqDT32QH1rPo0A54tWhY08QO6agEk+o8I GtJME8iZ6e6PwagYtbe4n3SOvRYMJzE85t90246ijtcp6xGFFtZHbAjdnBGrOicKeamI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=DWIqhylxC/Z3cXo6HbtjVBrxubRKlW2D2gQ2o/dXZ5Y=; b=i 8VaDXa9L748sJGN+DhR0/UktrxeKFJJViJw7vAbf8j3zwSKfuQ8s/HDPOKFTLpdTOIN+P5e7qnY/n 8NqeIqXVqsSnr1Qe9KgON9KN6R2lJBnWrYAEQeDLZ2lUFrn2hhnAXwqwZHPDXQA3W82jXDwfWFlao N+GONg5UdC49Eesk=; Received: from mail-ed1-f42.google.com ([209.85.208.42]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1vhpa2-0005Wt-IW for openvpn-devel@lists.sourceforge.net; Mon, 19 Jan 2026 13:46:07 +0000 Received: by mail-ed1-f42.google.com with SMTP id 4fb4d7f45d1cf-6505cac9879so7210631a12.1 for ; Mon, 19 Jan 2026 05:46:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=google; t=1768830360; x=1769435160; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=DWIqhylxC/Z3cXo6HbtjVBrxubRKlW2D2gQ2o/dXZ5Y=; b=Ou7ok4hQDsGujLeY/MyZ7fh2Qfrwa+1Ta2nG24YXcbY4k7JaDYKfO1mvseXT16PVn7 aV/rYU0jck7LuzIGct8+pXSiffWK6TZSFWufMbRV5qEk/GuZoGf/TYuVoSocZhhWpwbA P92hfieKu9YYn0crLOI1CcmYS1eLkBjFZZSakDuFlUlHM6ci0wE1dK9dkXjhVoOpbH8x T1DsppmnLt+yV0/kSeZoshSK5eVA9aKZlFzLEej1ZO12Co0c3m/VWQ53ItB1XNwUsNCl wp2pSZhlxG4NjGeSGiISf19D0jv2EiibS5piZ28U0j4e/auHmCamAAJ/YpCelfVH1GhD ZXOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768830360; x=1769435160; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=DWIqhylxC/Z3cXo6HbtjVBrxubRKlW2D2gQ2o/dXZ5Y=; b=LwK3hwP5gSUjcOf9Da7CB3Fgs7RPKKSWVrGQrfaZivcyACZcJPLChXMW6A1sDtZFyr sIsF41cFTxKD7hVH0h0tfblhRsovynBw5Y3EPdXuhNrA+fqb47TN+KpR8r6rW5Mrz92K t8m5UCTdTi2EKHydTuMoitdiWkP8/ofJ7THO2kbxRnnLIvr8VRpKV0wCVHW506vwQKTQ bpmlxzfikxRmiZ0d2ZB4tgxukaY9fmE6mRAA9KJGZUxO2PCBVVXClbyy19MJ0RJnKdQa KDPIVDlVVL9nMUyQ1OAHIX0e0+dydVSEsgdeRQj4TEMqGiXoc8omsPsH+vDhQ9XMWk+y g5sA== X-Gm-Message-State: AOJu0YyCbybWMTQDA6TYzDF4IQ9tQaLajGfKgOPsFHw6+XNOiEnORZGI 65MV4Ct8oJ5CaIXzUEvn2+imgsUhae3+IiITSofbuAwB6+VOV4kL6XMlBU8r5XKbX3A837Di8pB 685kq X-Gm-Gg: AY/fxX4KcxVedKqyzzw9IQQf8TP9deJnGSk4rNDUwSKWli9FoUwz0JlTS0OiB90n1Fg s5kLVGTxarai46gXgCNiUIj88pJ4cWWpHMOi4jYjCaBW+axSE9uGyp5wvXKhzK5vaPvdBru8CZA /IQ2NWzvHAesmuWGhVuXC2+VqQOqmSUwUpeJi+RRcz5uEB9mAIQNdFw95n4MjvWSPVy5FqABAqx OBehBTLGT5IT7YYub8Bwf1nnR3cA64xlvLF99gxAtcmbxToBGFNAI2rYoSNfGQHd147murFm8RN 6zkZCdEwws9aXpAz7zf+vg51ztFQqYpKfitPanhO6pfoVcd9i9wtwLrIjntI8x2N9jWvGA5JYnH pFOfmmHj2/9fyDl2uGUGnIJXt/CyEIRf7ykq1YLV+KhOA3VfpKy2EmSShyaUo7VS6SWAIAH4Wuw Dh0f4o+A== X-Received: by 2002:a17:907:a05:b0:b86:fed0:2b with SMTP id a640c23a62f3a-b8792f79c4dmr940883566b.32.1768828474828; Mon, 19 Jan 2026 05:14:34 -0800 (PST) Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b87959fbd23sm1099805066b.51.2026.01.19.05.14.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Jan 2026 05:14:34 -0800 (PST) From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Mon, 19 Jan 2026 14:13:58 +0100 Message-ID: <20260119131400.424161-1-ralf@mandelbit.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: During initialization, we override some socket callbacks and set sk_user_data to ovpn_sock. Currently these two operations are decoupled: the callbacks are overridden before sk_user_data is set, leavi [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.42 listed in wl.mailspike.net] X-Headers-End: 1vhpa2-0005Wt-IW Subject: [Openvpn-devel] [PATCH ovpn net 1/3] ovpn: set sk_user_data before overriding callbacks X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sabrina Dubroca Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1854753074739769043?= X-GMAIL-MSGID: =?utf-8?q?1854753074739769043?= During initialization, we override some socket callbacks and set sk_user_data to ovpn_sock. Currently these two operations are decoupled: the callbacks are overridden before sk_user_data is set, leaving a potentially ill-formed state while socket ownership is not yet complete. For example, if a packet arrives after ovpn_udp_socket_attach has been called but before ovpn_socket_new finishes, ovpn_udp_encap_recv may be invoked without a configured sk_user_data pointer. Set sk_user_data before overriding the callbacks so that it can be accessed safely from them. Since we already check that the socket has no sk_user_data before setting it, this remains safe even if an interrupt accesses the socket after sk_user_data is set but before the callbacks are overridden. Signed-off-by: Ralf Lici --- drivers/net/ovpn/socket.c | 38 +++++++++++++++++++++----------------- drivers/net/ovpn/tcp.c | 1 + drivers/net/ovpn/udp.c | 1 + 3 files changed, 23 insertions(+), 17 deletions(-) diff --git a/drivers/net/ovpn/socket.c b/drivers/net/ovpn/socket.c index 9750871ab65c..053b8abe5619 100644 --- a/drivers/net/ovpn/socket.c +++ b/drivers/net/ovpn/socket.c @@ -200,6 +200,22 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) ovpn_sock->sk = sk; kref_init(&ovpn_sock->refcount); + /* TCP sockets are per-peer, therefore they are linked to their unique + * peer + */ + if (sk->sk_protocol == IPPROTO_TCP) { + INIT_WORK(&ovpn_sock->tcp_tx_work, ovpn_tcp_tx_work); + ovpn_sock->peer = peer; + ovpn_peer_hold(peer); + } else if (sk->sk_protocol == IPPROTO_UDP) { + /* in UDP we only link the ovpn instance since the socket is + * shared among multiple peers + */ + ovpn_sock->ovpn = peer->ovpn; + netdev_hold(peer->ovpn->dev, &ovpn_sock->dev_tracker, + GFP_KERNEL); + } + /* the newly created ovpn_socket is holding reference to sk, * therefore we increase its refcounter. * @@ -212,29 +228,17 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) ret = ovpn_socket_attach(ovpn_sock, sock, peer); if (ret < 0) { + if (sk->sk_protocol == IPPROTO_TCP) + ovpn_peer_put(peer); + else if (sk->sk_protocol == IPPROTO_UDP) + netdev_put(peer->ovpn->dev, &ovpn_sock->dev_tracker); + sock_put(sk); kfree(ovpn_sock); ovpn_sock = ERR_PTR(ret); goto sock_release; } - /* TCP sockets are per-peer, therefore they are linked to their unique - * peer - */ - if (sk->sk_protocol == IPPROTO_TCP) { - INIT_WORK(&ovpn_sock->tcp_tx_work, ovpn_tcp_tx_work); - ovpn_sock->peer = peer; - ovpn_peer_hold(peer); - } else if (sk->sk_protocol == IPPROTO_UDP) { - /* in UDP we only link the ovpn instance since the socket is - * shared among multiple peers - */ - ovpn_sock->ovpn = peer->ovpn; - netdev_hold(peer->ovpn->dev, &ovpn_sock->dev_tracker, - GFP_KERNEL); - } - - rcu_assign_sk_user_data(sk, ovpn_sock); sock_release: release_sock(sk); return ovpn_sock; diff --git a/drivers/net/ovpn/tcp.c b/drivers/net/ovpn/tcp.c index 0d7f30360d87..e078f9b39122 100644 --- a/drivers/net/ovpn/tcp.c +++ b/drivers/net/ovpn/tcp.c @@ -487,6 +487,7 @@ int ovpn_tcp_socket_attach(struct ovpn_socket *ovpn_sock, /* make sure no pre-existing encapsulation handler exists */ if (ovpn_sock->sk->sk_user_data) return -EBUSY; + rcu_assign_sk_user_data(ovpn_sock->sk, ovpn_sock); /* only a fully connected socket is expected. Connection should be * handled in userspace diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c index d6a0f7a0b75d..272b535ecaad 100644 --- a/drivers/net/ovpn/udp.c +++ b/drivers/net/ovpn/udp.c @@ -386,6 +386,7 @@ int ovpn_udp_socket_attach(struct ovpn_socket *ovpn_sock, struct socket *sock, struct ovpn_priv *ovpn) { struct udp_tunnel_sock_cfg cfg = { + .sk_user_data = ovpn_sock, .encap_type = UDP_ENCAP_OVPNINUDP, .encap_rcv = ovpn_udp_encap_recv, .encap_destroy = ovpn_udp_encap_destroy, From patchwork Mon Jan 19 13:13:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4718 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:9186:b0:80a:3855:ce6a with SMTP id j6csp3196848maf; Mon, 19 Jan 2026 05:42:53 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWpUYD+UQGkQi7w+yajoWE8KNRkkEwTZTdSDSjmKMx4za0+PYgOL+N/3+yROVbB3IyTsjcNxeENPWM=@openvpn.net X-Received: by 2002:a05:6870:89a6:b0:3e8:95d2:389d with SMTP id 586e51a60fabf-4044d036aafmr4944091fac.43.1768830172798; Mon, 19 Jan 2026 05:42:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1768830172; cv=none; d=google.com; s=arc-20240605; b=RAqrGfouBHsIJbE45qYeBUPKZ80NBq5XShbBrS8TqqIMlmJSi9vy/5n20WIfJFbx3s 60wvqBrrQLzkY/8l0iXrm0FruWZwl+Uzz1wALdIREcThFVQhttcFylpM1R0b6Gxp5c2x yCQgOy8pRzAGPz+Nd8Z2jhKHlCk5YvPzswcocYjKGw1Nbc+qlhIwII+Csk3RfWdQij5N V5RqXVSl4nuCxEzPSCZ9oTvaMBy01lBJMqgL5H+zHyfHj1arfQo7eZcYXdiVQrVQchy3 BOzHJfSNjy8kBFk7WtqznwVYbYOAiSeXcBewfxDjzx72NIBUJi2PBEDG8NNjEqYjjWN+ 7uCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=ceaEerpQ6nSjVn9mNmFzgsZy2eOKhPy8uA79IEflMo4=; fh=bDmbXayvKcQuWZaaz4JM7kgnS3MJBk3QUq2ehqNuBVc=; b=gS6SKtBha3uq/D5ZOAJbIz5vNDoWmIO4b3qF9bN+vLLHCdASD2Qf1oHV+H5NTI5FPN neidZRRqu5Uls8QIJ1Y4Fj5Pn+fbE7R4i8jbN2bgOy2obYYlnUQ4WjO6nIr6TSMTmRYu ZD4mfIbVc0bGEqaUkRyaH8YdZjpxlStZo/NOMd9DwCQ0G6ZudZTE92ceM3bXPtuMdUZm 6W5FP5SQZYFOgd4ZhHXEFQWGoyB+si4spwAn+xMiyez8caItKWwnP1TubAsFUlczhsFp Epbqf43W0q7GJq2dqmDA4q3rs9Lh++pP1hn/a37UbLV1/gnOwr3U+c5idPV4f7G+Gj2+ cPSg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=VHxHu41a; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PbXoEsVo; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=OQMgRm1B; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=JxmxjgYu; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-4044bb1b17dsi7380551fac.57.2026.01.19.05.42.52 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Jan 2026 05:42:52 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=VHxHu41a; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PbXoEsVo; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=OQMgRm1B; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=JxmxjgYu; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ceaEerpQ6nSjVn9mNmFzgsZy2eOKhPy8uA79IEflMo4=; b=VHxHu41aafL8Zc9flWmSTp39T+ sjU2wYlLm685ZxDcRSVrcQ535qeDVxzdX32DAzaeAOJsjNrtIMhHlHhvHO7CleXb8dZV49S0fNjGv 33y1QqHdfe6rdgfz5imQfTyf2TBZtIDQjB2J/KPe9v8ZTVnm+u1bYoL5BVSWlYGm7yAI=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vhpWp-0002aP-Ji; Mon, 19 Jan 2026 13:42:47 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vhpWo-0002aJ-BB for openvpn-devel@lists.sourceforge.net; Mon, 19 Jan 2026 13:42:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=5yKLZUBK3O4+8wlYU1k4yHQx7vlAd9lr+AQG521EBlw=; b=PbXoEsVoW+fUttzBDwF3f5Oza8 mhxpmXSglfF55WJ97hZ9OgswH1Kr4GvIaPNh/GwpTD5fDriaYI3hBzETB7l2N2PWlkzOtGlMmNqi3 SMsS3vjFETDPgaNlpJpYcSh6WhDOzZ1eofJiGykMzcuErVtq+mXtasQeXRxWbe9nOd7c=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=5yKLZUBK3O4+8wlYU1k4yHQx7vlAd9lr+AQG521EBlw=; b=OQMgRm1B+jyBWV462M5i+heXkc xNB7fcip7Vat2WkDyrzA4ZhSOGYxnIkiKGVQ4E//HQTTZCFhcU7rNf6dYJlfgc+2v5d76JFVge76q 6Bz0SgMuVCjUSzqEIJWIhqluwSNqw1pWtIyuaRhPgDIlI6pzfCT5mivi3yEDtCQ3Q5Rw=; Received: from mail-ej1-f48.google.com ([209.85.218.48]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1vhpWn-0005PL-Sq for openvpn-devel@lists.sourceforge.net; Mon, 19 Jan 2026 13:42:46 +0000 Received: by mail-ej1-f48.google.com with SMTP id a640c23a62f3a-b870cbd1e52so630187466b.3 for ; Mon, 19 Jan 2026 05:42:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=google; t=1768830154; x=1769434954; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5yKLZUBK3O4+8wlYU1k4yHQx7vlAd9lr+AQG521EBlw=; b=JxmxjgYueXXCvAftJ/owvZz9OhNczuXo+r+AlVn6HtcnrEgfIYeza1k9wo0rwX4SIQ fzKy2i66RfBv9c9oipmKN0wFK/z3An+UzcGUBVB3anvHpxG0rz+JblGa90VToWLv6MK2 sgiBnAc8gxQf59IjMHcB7K7fItAa+rHdesV8eNMW0ls05tUBBL52PQnsS8nzuZv8BpW3 npBjDctP7V8uQTyKLL7tpsFqXYAYIV3KjXITou951Xs2ceIJn6DsLcN5LmzyvJjXYW8D vhFs9f+MKb+qxgK8FKvfrq3z0zBdA5lUasHO5LxkIr9nQn5IUsH+q4HXg3+jHi/UtXEh 670A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768830154; x=1769434954; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=5yKLZUBK3O4+8wlYU1k4yHQx7vlAd9lr+AQG521EBlw=; b=CvkNW/QEqXqKwFRuO12R4ieVb6f2Lh7KTe0nS1CI4CJtyjFk6CoGLMQKt6GaDfc4wu gupOdouJAtyXMZMtvJE/BalZyGLlNSq99RLEt/728qVe1PtRB/xnp4SfmcGFAWYMYvM7 HaakEwcDEQJ/WyWp5c9fqJN5ug1GImaajHdKW4ugbgjJcJpw3YVSY818dn6SZNQFVKsu JDmnR/Ukqg3h0xbBzmCWHdPg/1JVdcXxsBltZBJoIy7DwHjHTQwkjPoRIHG2JEK0hTyu zB2wFZq71KnyyiwU8tjQXcvqdA878GxxjKRpu/QTEjvnE6oE08ocvnmS7VbLszNwQE7H EI8g== X-Gm-Message-State: AOJu0YwAW+pmfOEWF6jA4rU7v1urxEPwVKA6Hs9i3OjFO7pl31EFIAKW WWdJt24g1dNCqUf3SgbZDXcMiTQ/uxpWMeRPq8LJC9+Y3qJBSgJoq6bVBzYPUoj3DBvlAZnLGcF GhqgP X-Gm-Gg: AY/fxX5+RFeofrPauUih3902io498GTKHcznz7mvQHkuosEJy4F07jA54JVHj6+m9s8 TnAmuxCUbLfZ2WMgSktIB0PnNuU4cOgEN15TJPZY3zX7ee2N3VV+aT7bJSg1yZpNBEtsUuv7ytl YRjqkXk5edLSgbAaEyDU5vom5gCIzOTsrNlNtiYl7SeXCIY6o5gkVRQprpajHEGGosODLAz8SeP 9Os7W74RKrJUwGOz7B3s2qGwxHPOg/fmOX9BRD7vILG+N88iFcpQbikVU+r//wiSB0wKd3fNnQd 2Ia9iuUlZSDWCK3MwMHgbF/ccp68nKzCZrZ58EwmM1MMsKMydi86RCBTudLgIlSEGZcgNgsO93S 5b4mbVPRFa7EKHsI7mhO/uczHPzAiHQsLxVmkQYNommhFUj0BJUbMAbLD213i8b/zIIX/oioJvg Jbssvj/Q== X-Received: by 2002:a17:907:783:b0:b7f:fedc:2711 with SMTP id a640c23a62f3a-b879324b903mr1096305666b.53.1768828482957; Mon, 19 Jan 2026 05:14:42 -0800 (PST) Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b87959fbd23sm1099805066b.51.2026.01.19.05.14.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Jan 2026 05:14:42 -0800 (PST) From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Mon, 19 Jan 2026 14:13:59 +0100 Message-ID: <20260119131400.424161-2-ralf@mandelbit.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260119131400.424161-1-ralf@mandelbit.com> References: <20260119131400.424161-1-ralf@mandelbit.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: In ovpn_net_xmit, after GSO segmentation, skb points to the head of a list of segments. The current code uses skb->len to increment VPN TX statistics, but this only accounts for the first segment's le [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.218.48 listed in wl.mailspike.net] X-Headers-End: 1vhpWn-0005PL-Sq Subject: [Openvpn-devel] [PATCH ovpn net 2/3] ovpn: fix VPN TX bytes counting X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sabrina Dubroca Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1854752867316570390?= X-GMAIL-MSGID: =?utf-8?q?1854752867316570390?= In ovpn_net_xmit, after GSO segmentation, skb points to the head of a list of segments. The current code uses skb->len to increment VPN TX statistics, but this only accounts for the first segment's length, ignoring all subsequent segments. More critically, if the first segment fails skb_share_check, the skb is freed but the pointer remains. The subsequent skb->len access results in a use-after-free. Fix both issues by accumulating the length of each segment that successfully passes skb_share_check and is queued for transmission. Signed-off-by: Ralf Lici --- drivers/net/ovpn/io.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c index 3e9e7f8444b3..c59501344d97 100644 --- a/drivers/net/ovpn/io.c +++ b/drivers/net/ovpn/io.c @@ -355,6 +355,7 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) struct ovpn_priv *ovpn = netdev_priv(dev); struct sk_buff *segments, *curr, *next; struct sk_buff_head skb_list; + unsigned int tx_bytes = 0; struct ovpn_peer *peer; __be16 proto; int ret; @@ -394,6 +395,8 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) continue; } + /* only count what we actually send */ + tx_bytes += curr->len; __skb_queue_tail(&skb_list, curr); } skb_list.prev->next = NULL; @@ -418,7 +421,7 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) /* dst was needed for peer selection - it can now be dropped */ skb_dst_drop(skb); - ovpn_peer_stats_increment_tx(&peer->vpn_stats, skb->len); + ovpn_peer_stats_increment_tx(&peer->vpn_stats, tx_bytes); ovpn_send(ovpn, skb_list.next, peer); return NETDEV_TX_OK; From patchwork Mon Jan 19 13:14:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4720 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:9186:b0:80a:3855:ce6a with SMTP id j6csp3199284maf; Mon, 19 Jan 2026 05:48:08 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUEaFmzTIEBJSx65CxGYvFozLPSXjqgI6/1a6z5N935Z3k8qaJRy0HWYtoHGZxXMcztzO59vPY1xdo=@openvpn.net X-Received: by 2002:a05:6808:5381:b0:44d:bf83:d7f8 with SMTP id 5614622812f47-45c9d70a42cmr4528914b6e.4.1768830488515; Mon, 19 Jan 2026 05:48:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1768830488; cv=none; d=google.com; s=arc-20240605; b=FaaCLcOGsdCaAULcQg7yBkDbGwkEIjX7IuI9TdFj3L+vmu5AoN7rXGzrdGWRYO1oF+ c79B36ACF/Gtz/pkJ2Do0sbThoyV4SNF5Qee1Haz0G56XaGerRk8YQ9Wzok7qgk2zEFQ bKoGS7VJtwvKWygSq+hj8R6wuPwYACDtm0+K489nau7vYyShe19+oSfR7sfmCNMFaD50 xXnHq0n3D2MEYzQNve9v64G98tNJGGWWoN1J3Pq0RCbaFq3t4J/oqkWprtTt21EBetKw XzOM01irLsYtsarjVtHKQut52Cf83bpHgtwzPMNU8ro/HviYTvrSt4bTYG8katOifsuE /VNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=zdfgRp44nf7U+KZ7+1x0TTfSZ71QhEtR6Ud2z4EX4W8=; fh=bDmbXayvKcQuWZaaz4JM7kgnS3MJBk3QUq2ehqNuBVc=; b=XiZqd3r2A+O7pwj7oOXsJpjeW0yDJGlPWA6g2lf/jEBkTnOauFcSyidP1tt89nP1qE 2djQ1UILdy404y15AGbVSFJ5GTH/flj12ZXDa0TVwgts91HtKGH7z/jpg6Mbv2W7AEsJ jy226JWm+X8Y04zMTq3UJBb+PX9aAGGzNHbFuMWJ2eLdYfhw8ko4zZQ+9OqR96gWi68p iCYHU9BLN7/ilnrqBHoev94JeRcP1C7j4KzQdnHHFmPqKMxmDqwujkLq6v0wGOKoW/QB G/8dPz3ue0+rObIt2v8ik68ZGZavUy8wVs8D+TPW+9CJezOMrhB98BvLw6BUbK7FYzOi jGfw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=AV5ukTa5; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=lNpVZtxv; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=NLOcgL+m; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=mk8ojGxf; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-45c9dfd8f30si5825290b6e.60.2026.01.19.05.48.08 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Jan 2026 05:48:08 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=AV5ukTa5; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=lNpVZtxv; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=NLOcgL+m; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=mk8ojGxf; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=zdfgRp44nf7U+KZ7+1x0TTfSZ71QhEtR6Ud2z4EX4W8=; b=AV5ukTa55Cu2rBdZkyvSBi8n7x mZFvb5khShyVVtMtkb5dIbvjim9/lfMUlG5sLgeNWQoDaraZRlhQk5JDS8mWrXoLESpXJUF+O8y30 6HwD4zrWujEJkygNXTJqRhS7/GQ3ShupiqpPrM588jJ4USo5mOWYKT33tj/HRwf/lui0=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vhpbt-0000vp-C5; Mon, 19 Jan 2026 13:48:02 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vhpbr-0000vU-9b for openvpn-devel@lists.sourceforge.net; Mon, 19 Jan 2026 13:48:00 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=z1lqwdBZJ0sTD4rZ46ZjbWOscPtZ2EPKZGsp06jLE0w=; b=lNpVZtxvdeF/IKQz788TRSgky6 TtXzyIVsiTpAFzPTDxuju3VbLBdLhaMBM5LHYzNsKeVgvEdvQ/pr0uHBprWEwiEqNKokmQbR2oBk9 mNgHHt+WKHXrTnhwJZzBU4K3jOHMYJPnq3hgvsJIcpv3DgZs4qO3atVXGPWFEYMTNsL8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=z1lqwdBZJ0sTD4rZ46ZjbWOscPtZ2EPKZGsp06jLE0w=; b=NLOcgL+mus7Skaa9PIWT7gktgs MhAZGbCVf9Pm0Vw/7z8+ZpN0fAKJHBwEZsaFjTvkqYy7mNK737jaUTjrHteq20gUuIelA/oa3j7k2 eafhKko9YsFofe6AE5XalUAw6oNFB/r1wYLkiNiIjjjh+QUtq5TvuBwZf+0caB3yNCTs=; Received: from mail-ed1-f48.google.com ([209.85.208.48]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1vhpbr-0005d1-Gp for openvpn-devel@lists.sourceforge.net; Mon, 19 Jan 2026 13:48:00 +0000 Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-64baaa754c6so6573837a12.3 for ; Mon, 19 Jan 2026 05:47:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=google; t=1768830468; x=1769435268; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=z1lqwdBZJ0sTD4rZ46ZjbWOscPtZ2EPKZGsp06jLE0w=; b=mk8ojGxfO1I3k0r6KGD1uAF2Q2rMezn+Sknmf11JS3j1TCoDMw1nw/J89hOmTLTUWc 0uWlTpQHIW1I4m1n2aehFa8V4lyGeTHLW1I1hcsm4KpeFX0QvIgZbBIkwToqOxZI7XC+ AW8pLsOOevtKXxCoUrIqO80o6OQScjNmYgSktVuy+61eb8prdvjLToCDTFmj5/db9QiG 8qBTlwLZeHV1pcQj5omS6WOF6ZBxcaw+uECE1WN+NTHI4A8FCe2TZ2nCVnxOX+KZZoWm NgNwDZVE5ZSmHukUyemfZzflvLIX9THId5/FtfoIbG7OnF7sRM7Lp0ouV/c8YQjsAaqY Uusw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768830468; x=1769435268; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=z1lqwdBZJ0sTD4rZ46ZjbWOscPtZ2EPKZGsp06jLE0w=; b=NGcjmh+5LZ1tWlj73VZAOB0PEfoL1JsONQhIjLZBOM7AnHqWDmTD0Fkedx5Fd+LSxc iHdYH0AwFHTjktkyLR+RSYBpDdWnH9LbMuxaolJtz2PDNnF2WNX25/XHUbpoZwCEEyxJ J2NIxzTWjJPTSzJmMQoIKbGnzvdYtSbliGKNkj8Ms3JCOVVIVA+/dEvvpu03J6LEtrM2 OaFs29AcOPGWGLLbstvYawEbv/93WsCckULSm2oBBpiuSMYOpk+uMzpXnDIRn0zs9WSa 07G6xqQWPdYMrPL0/jVK/zWNzb3SYRr1cJ5HsHBpZdZGGrG9gTMhL9hRkVHS/TKLmfbI hBlg== X-Gm-Message-State: AOJu0Yzgmndo7GtqljNdQwPaSv2jK7/6w9xg6JHd0VSomZBjfiw1qNLo d4iajd1Umb+roYj8MomoqeQLr1odcpgilKWC7aPk2hO7Ae/yVx6IBWC06EbUc5to3q9BmUmkGCZ 3aBmV X-Gm-Gg: AY/fxX6wKvva5v7ENgJ+MNw8AL14PSECVb3SToSuz760roNyfZwT4f6loiVhiCKsmt8 11CrE4orN+x/bHSU8u5mvNPKvdu1AEqkNAWAtc6MqBXzY7gpQmf7FyWDua9QWl3P8oDfS5t1zSN MHBV12+l1cQhJ3tnO/NcWwJPgA4f+HiGEoB/Jmz6geEn8aAk/+Xa9aCEgsQ7luiC7hqRklcDs3f 1SY7c9NzqmLY+staJkeJkQFMkf/gCv0Fp0oIl2eqDdIxSmKqPhgVkWo4n0LtmD/REf5+xzOCRL0 y+Nj5SaOY1KdF/h2D8ypxxrrksc/ID9YDq1k9cIUTCUfN19J83wmvWLx9u/hwkRVSMFL7U21fqi acY/94mjtBGErirA7AxX0aXyBkSw5xfuxLCdNthVho7sUxeOkQG4i4sY0isqmzc8Y+u8Ag8SETu qkiY8IQQ== X-Received: by 2002:a17:907:3c84:b0:b73:6b24:14ba with SMTP id a640c23a62f3a-b8792d489e8mr913133266b.8.1768828483547; Mon, 19 Jan 2026 05:14:43 -0800 (PST) Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b87959fbd23sm1099805066b.51.2026.01.19.05.14.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Jan 2026 05:14:43 -0800 (PST) From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Mon, 19 Jan 2026 14:14:00 +0100 Message-ID: <20260119131400.424161-3-ralf@mandelbit.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260119131400.424161-1-ralf@mandelbit.com> References: <20260119131400.424161-1-ralf@mandelbit.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The current code builds an sk_buff_head after GSO segmentation but then treats it as a raw skb list: accessing elements via skb_list.next and breaking the list circularity by setting skb_list.prev->ne [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.48 listed in wl.mailspike.net] X-Headers-End: 1vhpbr-0005d1-Gp Subject: [Openvpn-devel] [PATCH ovpn net 3/3] ovpn: use sk_buff_head properly in ovpn_net_xmit X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sabrina Dubroca Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1854753197889923042?= X-GMAIL-MSGID: =?utf-8?q?1854753197889923042?= The current code builds an sk_buff_head after GSO segmentation but then treats it as a raw skb list: accessing elements via skb_list.next and breaking the list circularity by setting skb_list.prev->next to NULL. Clean this up by changing ovpn_send to take an sk_buff_head parameter and use standard sk_buff_head APIs. Introduce ovpn_send_one helper to wrap single skbs in an sk_buff_head for ovpn_xmit_special. Signed-off-by: Ralf Lici --- drivers/net/ovpn/io.c | 74 +++++++++++++++++++++++++++---------------- 1 file changed, 46 insertions(+), 28 deletions(-) diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c index c59501344d97..249751cd630b 100644 --- a/drivers/net/ovpn/io.c +++ b/drivers/net/ovpn/io.c @@ -329,8 +329,8 @@ static bool ovpn_encrypt_one(struct ovpn_peer *peer, struct sk_buff *skb) return true; } -/* send skb to connected peer, if any */ -static void ovpn_send(struct ovpn_priv *ovpn, struct sk_buff *skb, +/* send skb_list to connected peer, if any */ +static void ovpn_send(struct ovpn_priv *ovpn, struct sk_buff_head *skb_list, struct ovpn_peer *peer) { struct sk_buff *curr, *next; @@ -338,7 +338,8 @@ static void ovpn_send(struct ovpn_priv *ovpn, struct sk_buff *skb, /* this might be a GSO-segmented skb list: process each skb * independently */ - skb_list_walk_safe(skb, curr, next) { + skb_queue_walk_safe(skb_list, curr, next) { + __skb_unlink(curr, skb_list); if (unlikely(!ovpn_encrypt_one(peer, curr))) { dev_dstats_tx_dropped(ovpn->dev); kfree_skb(curr); @@ -368,6 +369,26 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) if (unlikely(!proto || skb->protocol != proto)) goto drop; + /* retrieve peer serving the destination IP of this packet */ + peer = ovpn_peer_get_by_dst(ovpn, skb); + if (unlikely(!peer)) { + switch (skb->protocol) { + case htons(ETH_P_IP): + net_dbg_ratelimited("%s: no peer to send data to dst=%pI4\n", + netdev_name(ovpn->dev), + &ip_hdr(skb)->daddr); + break; + case htons(ETH_P_IPV6): + net_dbg_ratelimited("%s: no peer to send data to dst=%pI6c\n", + netdev_name(ovpn->dev), + &ipv6_hdr(skb)->daddr); + break; + } + goto drop; + } + /* dst was needed for peer selection - it can now be dropped */ + skb_dst_drop(skb); + if (skb_is_gso(skb)) { segments = skb_gso_segment(skb, 0); if (IS_ERR(segments)) { @@ -381,8 +402,9 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) skb = segments; } - /* from this moment on, "skb" might be a list */ - + /* "skb" might be a raw list of skbs, transform it into a proper + * sk_buff_head list + */ __skb_queue_head_init(&skb_list); skb_list_walk_safe(skb, curr, next) { skb_mark_not_on_list(curr); @@ -399,40 +421,36 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) tx_bytes += curr->len; __skb_queue_tail(&skb_list, curr); } - skb_list.prev->next = NULL; + skb = NULL; - /* retrieve peer serving the destination IP of this packet */ - peer = ovpn_peer_get_by_dst(ovpn, skb); - if (unlikely(!peer)) { - switch (skb->protocol) { - case htons(ETH_P_IP): - net_dbg_ratelimited("%s: no peer to send data to dst=%pI4\n", - netdev_name(ovpn->dev), - &ip_hdr(skb)->daddr); - break; - case htons(ETH_P_IPV6): - net_dbg_ratelimited("%s: no peer to send data to dst=%pI6c\n", - netdev_name(ovpn->dev), - &ipv6_hdr(skb)->daddr); - break; - } + if (unlikely(skb_queue_empty(&skb_list))) goto drop; - } - /* dst was needed for peer selection - it can now be dropped */ - skb_dst_drop(skb); ovpn_peer_stats_increment_tx(&peer->vpn_stats, tx_bytes); - ovpn_send(ovpn, skb_list.next, peer); + ovpn_send(ovpn, &skb_list, peer); return NETDEV_TX_OK; drop: dev_dstats_tx_dropped(ovpn->dev); - skb_tx_error(skb); - kfree_skb_list(skb); + if (skb) { + skb_tx_error(skb); + kfree_skb_list(skb); + } return NETDEV_TX_OK; } +/* wrap a single skb in a list in order to pass it to ovpn_send */ +static void ovpn_send_one(struct ovpn_priv *ovpn, struct sk_buff *skb, + struct ovpn_peer *peer) +{ + struct sk_buff_head list; + + __skb_queue_head_init(&list); + __skb_queue_tail(&list, skb); + ovpn_send(ovpn, &list, peer); +} + /** * ovpn_xmit_special - encrypt and transmit an out-of-band message to peer * @peer: peer to send the message to @@ -464,5 +482,5 @@ void ovpn_xmit_special(struct ovpn_peer *peer, const void *data, skb->priority = TC_PRIO_BESTEFFORT; __skb_put_data(skb, data, len); - ovpn_send(ovpn, skb, peer); + ovpn_send_one(ovpn, skb, peer); }