From patchwork Wed Jan 28 12:44:08 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4742 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:8468:b0:80a:3855:ce6a with SMTP id u8csp2719343max; Wed, 28 Jan 2026 05:07:14 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXrWBU443rqJxf0TeFq+6xZZQF2mx5fsrf395KAWUpHq3Vf4yhEydbcejp9BjuhEtnkYmGs4iFI7FQ=@openvpn.net X-Received: by 2002:a05:6830:4995:b0:7c7:55e3:9117 with SMTP id 46e09a7af769-7d1850fed40mr3046395a34.22.1769605634669; Wed, 28 Jan 2026 05:07:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1769605634; cv=none; d=google.com; s=arc-20240605; b=HbuELQvtEaFHv+4Lo3gPnWpQhs7iZPoItI9hdJa3QJyO8WRWyOHp4nHkloU9EP7DRy IIPXrhXQ9/sSzquKDavqMMGxqQ/tXp9Ro9jKbowxGrSNKmsmJm8sJTzRAPGLRDhbuHs4 tMyRhMLJBrRoNBXqNMvFVuHF5/73lmLd07EOJz3awx/BkAZFQUxASsvrRKmu80ACJpNw 5dcPbSZJc2/nbZDYOhDXzYQUEI4dyxVTPvreMEVABbfai4huK1Eo6lQADiLjqWjzYuw3 ke88Wf0rsHp9+XC7zJMJKTDccf4TDf7Z2WMST+Oh+sZNrFK1IgEZn7tXRheF59r39nH/ x93g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=YzVK+uCeVfiqayny94NhVOzWki1ZmZcZ3qESIiv5Et0=; fh=bDmbXayvKcQuWZaaz4JM7kgnS3MJBk3QUq2ehqNuBVc=; b=d2PCsEFtQKTdELC9grJ57eKK8UpYKYwTcacWdmDgoHEvGI3XxH1QU56DSAEuDC5JVi 4a0Kiq7hjmoD8k3msBPmrBVNZ+KfB8OfZyLjuc3puKfunP/xpBKN1zf58Du5Xy1lXvqL 8lDtRq57uhUFb6m5uxefPj8Orp+OPUSGDsHKHPv0wmV+fLnJcRZOmP6AGKG3lgQJSrYB g3m6ihFVjzB5bR6ecm9qBzBSCTMiw+egnJZPrBDLW5jxefn6Nb0fCBUSAWVUPZyyMqYN k200M5ZI/oiYVhGv8y7miDQx6dRDy2GP6lIkIcHgupz13OTlmtDsPnnJyzv5Mmstz/NB w8Vw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=bHIv4Nzw; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=m0vaAKM1; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=NHFXLqKb; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=TstIaI+4; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7d18c4e7fcdsi1454427a34.0.2026.01.28.05.07.14 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 28 Jan 2026 05:07:14 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=bHIv4Nzw; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=m0vaAKM1; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=NHFXLqKb; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=TstIaI+4; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=YzVK+uCeVfiqayny94NhVOzWki1ZmZcZ3qESIiv5Et0=; b=bHIv4NzwYLlSJGylEqxwqowJCp MXpuEyOgaQteUuBuN4rjakOXpYJPLsAgfXnmkWfQIAzEIssvlr61If5pea/N5/c7Yw9fft5wnH29I JxUyTZBBQF/dBgu46EyYK5pBl8zVQtK70Kj6lcVuZrQaAFSFoGz3fRuXdKRt4A9v+UdE=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vl5GF-0001pT-Be; Wed, 28 Jan 2026 13:07:08 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vl5G2-0001oH-GN for openvpn-devel@lists.sourceforge.net; Wed, 28 Jan 2026 13:06:55 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=PEXvWO05RJ+Ry2EvIf+WQoAYB3QOSfR8WrzIemR6Z3c=; b=m0vaAKM1DN5eSvZgxpWsrTuvyX 0lAVdyCwvHapjHgGkerkZE3Dkbua3Ocr9tWAH9ysdVsMONs/N6SuGjetxpxtcpBcx9Y6TBn3Hrmp5 pjn1kVCmvxfBia1AwWWuEcQk0AxmA3Mx4Ns3mg3tYalQ8a2Plhe1rkB4i8Rf3zyf0L2s=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=PEXvWO05RJ+Ry2EvIf+WQoAYB3QOSfR8WrzIemR6Z3c=; b=N HFXLqKbHAORiir58rQ2aaCxokhXVOJszFTEZEe2jZlxcrouom9jPXLQs4BNl1DTCEYigZoxLA6Sxd pSd8ho2Yi4wdi7qQ6mIGpI0/cmfjvpdfamvz5U42oOYqUWUZOnh16NWmxhJnmlm9T/i8sJzuRiWWx 7Xboo0Fg+hb2rr6g=; Received: from mail-lj1-f180.google.com ([209.85.208.180]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1vl5G2-0006Qk-MK for openvpn-devel@lists.sourceforge.net; Wed, 28 Jan 2026 13:06:55 +0000 Received: by mail-lj1-f180.google.com with SMTP id 38308e7fff4ca-382f9211cbfso60867121fa.0 for ; Wed, 28 Jan 2026 05:06:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=google; t=1769605603; x=1770210403; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=PEXvWO05RJ+Ry2EvIf+WQoAYB3QOSfR8WrzIemR6Z3c=; b=TstIaI+4HelpqEf7XUut4vEo+fuHDw2ciUmk9vsTRb+jH+2KrR0UbwAF392NGPE4Gu D8kzqD0fci3+CE9dBCcXXH74WnYehkVjpdrR0mVSqfX+ZyC4uivYWhCoBsfKYOeJSM/9 z6k/4JIBLPuBlRIyQxWo9niaGW1cZq8hiIfMby5gdSWeSZLuOJaVILv2JEhpwUoqUm1n AptbWIrdj49dgV8JwelAldbcsxjjEhlVsQJx9mqtwLB4hecaPjtAXZYppwrO+4MNO3sf T1nFaj1dZ/pL1uyS6x6sF19kOuW4huXXMgJHBDbLNB/D3RzyA6AdSgD196zrIpC3UfM9 R6vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769605603; x=1770210403; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=PEXvWO05RJ+Ry2EvIf+WQoAYB3QOSfR8WrzIemR6Z3c=; b=irE9QabVrma4yIDLm8n4/svdkH8cqSpIhxxfUPCbzpyDcVBujzZVhVxj/fz//UulNl e49u5LTnClezoZAsDhtUd7duYbeoT/eMngCyqXpnR876femnaf6auW+i20VwF9eaLAGU FWk1XwSZ8tWKxefdIXmk7gc/KcPA8NmuQF/Ndgay9nIjOpTUxrfqca59TuuooaqP8lU7 bmVrcQJmfnM8OUwEiDqsrgqlWVxXy86GzIE7pCRzRRYEteNCpp4G94qjG3n5tjtSUbpl ZI8Up1LM57SaqzYcyoN04OFHg3sedS4OFqYgOKE+b/J7NBQnZYomxdhdbcNtmcg5dGNp 0vBQ== X-Gm-Message-State: AOJu0Yxt+Bdbka29T3mbcL+4iMhkWhqmva7h0O9P3Dv4aRkSu2LgLBSI ARhveVDrq8M67QygdvmxRIxBkYyT51yChlYcupBlmT9KYIF92yWyW/iwfXuvBZaC3dB2im541vw 2w3Y+ X-Gm-Gg: AZuq6aJUu1Zp2VOB3aJ6SQGcbwjMUuN7LG/TBxhWJY9c/jr3uSZ1yCG0V6k91yMcNpP 5tgMGrNwdsBceHINQUUDhwXQsmArl4fvQfNZ1bulWk5iZWZ8qeWB+ZkTST51CYI8i2hlI1qNEp9 JkyrNSWkVkvYjxn0d/W+ABHzJM6zEw1v6jXCpc0eE0bA5geY/NksOkvi8QpOqW/YFzAIX5O+OeQ 0Q2N8suzxdYbE5KzMbIyA1TB9c7Ue4x4qlTQKe7/McxuGMNOErx0A2hSp+k88FTmxGUCw1noEGI tYsEtOb0U0qg5GyfaYJKzYNj/mNCBmCLtYSgp4OAoDKOdOHIkC1ahfkcybTVDZlmjbL1ZJMtzs2 QeNldqo+PHlOjHZHpYemTsfUveMVbqOTo//IiOveFltR1EfmqMYXZJE4ge4Bq990Dje1i8m00d6 0BuSQnlw== X-Received: by 2002:a05:6000:2310:b0:435:9770:9ecb with SMTP id ffacd0b85a97d-435dd1cd9d7mr7574231f8f.56.1769604268721; Wed, 28 Jan 2026 04:44:28 -0800 (PST) Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e1323034sm6656742f8f.35.2026.01.28.04.44.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Jan 2026 04:44:28 -0800 (PST) From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Wed, 28 Jan 2026 13:44:08 +0100 Message-ID: <20260128124410.429529-1-ralf@mandelbit.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: During initialization, we override socket callbacks and set sk_user_data to an ovpn_socket instance. Currently, these two operations are decoupled: callbacks are overridden before sk_user_data is set. [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.180 listed in wl.mailspike.net] X-Headers-End: 1vl5G2-0006Qk-MK Subject: [Openvpn-devel] [PATCH ovpn net v2 1/3] ovpn: set sk_user_data before overriding callbacks X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sabrina Dubroca Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1855565998254579644?= X-GMAIL-MSGID: =?utf-8?q?1855565998254579644?= During initialization, we override socket callbacks and set sk_user_data to an ovpn_socket instance. Currently, these two operations are decoupled: callbacks are overridden before sk_user_data is set. While existing callbacks perform safety checks for NULL or non-ovpn sk_user_data, this condition causes a "half-formed" state where valid packets arriving during attachment trigger error logs (e.g., "invoked on non ovpn socket"). Set sk_user_data before overriding the callbacks so that it can be accessed safely from them. Since we already check that the socket has no sk_user_data before setting it, this remains safe even if an interrupt accesses the socket after sk_user_data is set but before the callbacks are overridden. This also requires initializing all protocol-specific fields (such as tcp_tx_work and peer links) before calling ovpn_socket_attach, ensuring the ovpn_socket is fully formed before it becomes visible to any callback. Fixes: f6226ae7a0cd ("ovpn: introduce the ovpn_socket object") Signed-off-by: Ralf Lici --- Changes since v1: - reset sk_user_data to NULL in case of error - removed a redundant goto sock_release in ovpn_socket_new - expanded commit message with additional information on the purpose of this change - added explanation in the commit message of why the per-protocol ovpn_sock initialization code in ovpn_socket_new was moved - added Fixes tag drivers/net/ovpn/socket.c | 39 +++++++++++++++++++++------------------ drivers/net/ovpn/tcp.c | 9 +++++++-- drivers/net/ovpn/udp.c | 1 + 3 files changed, 29 insertions(+), 20 deletions(-) diff --git a/drivers/net/ovpn/socket.c b/drivers/net/ovpn/socket.c index 9750871ab65c..448cee3b3f9f 100644 --- a/drivers/net/ovpn/socket.c +++ b/drivers/net/ovpn/socket.c @@ -200,6 +200,22 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) ovpn_sock->sk = sk; kref_init(&ovpn_sock->refcount); + /* TCP sockets are per-peer, therefore they are linked to their unique + * peer + */ + if (sk->sk_protocol == IPPROTO_TCP) { + INIT_WORK(&ovpn_sock->tcp_tx_work, ovpn_tcp_tx_work); + ovpn_sock->peer = peer; + ovpn_peer_hold(peer); + } else if (sk->sk_protocol == IPPROTO_UDP) { + /* in UDP we only link the ovpn instance since the socket is + * shared among multiple peers + */ + ovpn_sock->ovpn = peer->ovpn; + netdev_hold(peer->ovpn->dev, &ovpn_sock->dev_tracker, + GFP_KERNEL); + } + /* the newly created ovpn_socket is holding reference to sk, * therefore we increase its refcounter. * @@ -212,29 +228,16 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) ret = ovpn_socket_attach(ovpn_sock, sock, peer); if (ret < 0) { + if (sk->sk_protocol == IPPROTO_TCP) + ovpn_peer_put(peer); + else if (sk->sk_protocol == IPPROTO_UDP) + netdev_put(peer->ovpn->dev, &ovpn_sock->dev_tracker); + sock_put(sk); kfree(ovpn_sock); ovpn_sock = ERR_PTR(ret); - goto sock_release; - } - - /* TCP sockets are per-peer, therefore they are linked to their unique - * peer - */ - if (sk->sk_protocol == IPPROTO_TCP) { - INIT_WORK(&ovpn_sock->tcp_tx_work, ovpn_tcp_tx_work); - ovpn_sock->peer = peer; - ovpn_peer_hold(peer); - } else if (sk->sk_protocol == IPPROTO_UDP) { - /* in UDP we only link the ovpn instance since the socket is - * shared among multiple peers - */ - ovpn_sock->ovpn = peer->ovpn; - netdev_hold(peer->ovpn->dev, &ovpn_sock->dev_tracker, - GFP_KERNEL); } - rcu_assign_sk_user_data(sk, ovpn_sock); sock_release: release_sock(sk); return ovpn_sock; diff --git a/drivers/net/ovpn/tcp.c b/drivers/net/ovpn/tcp.c index 0d7f30360d87..f0b4e07ba924 100644 --- a/drivers/net/ovpn/tcp.c +++ b/drivers/net/ovpn/tcp.c @@ -487,6 +487,7 @@ int ovpn_tcp_socket_attach(struct ovpn_socket *ovpn_sock, /* make sure no pre-existing encapsulation handler exists */ if (ovpn_sock->sk->sk_user_data) return -EBUSY; + rcu_assign_sk_user_data(ovpn_sock->sk, ovpn_sock); /* only a fully connected socket is expected. Connection should be * handled in userspace @@ -495,13 +496,14 @@ int ovpn_tcp_socket_attach(struct ovpn_socket *ovpn_sock, net_err_ratelimited("%s: provided TCP socket is not in ESTABLISHED state: %d\n", netdev_name(peer->ovpn->dev), ovpn_sock->sk->sk_state); - return -EINVAL; + ret = -EINVAL; + goto err; } ret = strp_init(&peer->tcp.strp, ovpn_sock->sk, &cb); if (ret < 0) { DEBUG_NET_WARN_ON_ONCE(1); - return ret; + goto err; } INIT_WORK(&peer->tcp.defer_del_work, ovpn_tcp_peer_del_work); @@ -536,6 +538,9 @@ int ovpn_tcp_socket_attach(struct ovpn_socket *ovpn_sock, strp_check_rcv(&peer->tcp.strp); return 0; +err: + rcu_assign_sk_user_data(ovpn_sock->sk, NULL); + return ret; } static void ovpn_tcp_close(struct sock *sk, long timeout) diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c index d6a0f7a0b75d..272b535ecaad 100644 --- a/drivers/net/ovpn/udp.c +++ b/drivers/net/ovpn/udp.c @@ -386,6 +386,7 @@ int ovpn_udp_socket_attach(struct ovpn_socket *ovpn_sock, struct socket *sock, struct ovpn_priv *ovpn) { struct udp_tunnel_sock_cfg cfg = { + .sk_user_data = ovpn_sock, .encap_type = UDP_ENCAP_OVPNINUDP, .encap_rcv = ovpn_udp_encap_recv, .encap_destroy = ovpn_udp_encap_destroy, From patchwork Wed Jan 28 12:44:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4741 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:8468:b0:80a:3855:ce6a with SMTP id u8csp2708294max; Wed, 28 Jan 2026 04:52:48 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWEvDiJC4iNukY6Ww04ZtkDB7WQS9f4I5yE/66iHYTIQGsMccIKZTDJ/IifMwm9heQzPEngixu+6Ps=@openvpn.net X-Received: by 2002:a05:6871:51d1:b0:409:6877:ca4a with SMTP id 586e51a60fabf-4096877e106mr700124fac.15.1769604767820; Wed, 28 Jan 2026 04:52:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1769604767; cv=none; d=google.com; s=arc-20240605; b=HrShKipvQAAFEVoUhjgoVOBuqsReM3dDNIfSYG67YZLtU+oH/yicjQ3X8joE8nCuqB dWtQHGEN/7ByvNBMn3DPc51oNte6KmtKD4y37siMTvyQpqBKBSVcyd7V8pGxqTxt9qfl xfjUc34OQBC1AH3ITYfZvvzhu7NnEwf+x/GgpC+bh9VLSjZRjw7EfsVFY1jaY4HMfuCm VK/bcl9+cLfLn8/M6mgn3r23DufUj1gKq8gKvFsk2tf1u47eBcagmQCQ+h1qD12izJdb lQ9DXGOmS7V5wWod72NC4HeNIW89rBHSoZ0H6Xxpu3C2y+P+WF/NzVp1pSnDM+J5mOgp uIWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=rGfK/EQ1lwyDhnDjPcVjcNL6SkO5dYDsS59z4oLsu34=; fh=bDmbXayvKcQuWZaaz4JM7kgnS3MJBk3QUq2ehqNuBVc=; b=Npx186aL8FYmzR2xUPZ4QSh1orAt9wDI5h4Pf9DM717UWgScKZ1xvOW6br2UXkijAJ LZ7o7KQbRmGxWzM2E6B/m5qTIlc6iMix5/g2LeD2jP9CROlIYlh4a8XAV1dHKbYdI1sB 8FZmqYgNmMZT3fEg89uRk1VwTX7jdFaj6mRnuBZPPG5M7OeJTIlVuyoHhDYtdg8CxU/+ SpQ7MG/qid2ePqPBxhNyJe1dPiUhxAC+rjDpQKstQMr3aHvEuNy8QLMRTtigc4mrwHTP jPNazZtQj8jhGxlrzJ4+4wvV4CMlGhp1Tidox9B1/S/QnVOAB14wipS2rKjkPr9kInxm bWKQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="N/XBDTD9"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=igk4Aolu; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cEL6V0pH; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=C+YIjjAB; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-409577f2fadsi1914181fac.372.2026.01.28.04.52.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 28 Jan 2026 04:52:47 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="N/XBDTD9"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=igk4Aolu; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cEL6V0pH; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=C+YIjjAB; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=rGfK/EQ1lwyDhnDjPcVjcNL6SkO5dYDsS59z4oLsu34=; b=N/XBDTD91v6SH6YiI5bKOUJcjW 1EPpiWcNItco0x0KAM1JwUkONTkkK2zRjZJD9tGywZdHZOvXa51EVf0q3duA9r6UBPc0Uern9zw1V JltiRlI9TSWpe0h5f6RU+Dn6CXICF/Tf2SnZSPoc8dTyPs2Wsv19ipca1d51eSjFxttU=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vl52J-0001w1-RZ; Wed, 28 Jan 2026 12:52:43 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vl52I-0001vs-4a for openvpn-devel@lists.sourceforge.net; Wed, 28 Jan 2026 12:52:42 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=zW0+vaK6/TLdEvBDLsVAjLDYW6HiK8W+5p1Fv4hsw8w=; b=igk4AoluJ9tHX+J9P4Fvc1PIaO Ud+2Tuhhy5NQZEXQ4WHVI977CcMzfHQyNST2QLAwb8BD4x2aNv3dqrWzn1Psj9JEDElkj2ac3A7jm kCyipIso5yIsaKUYtF07RaUlsaeRGDFYA0tgfuWoPGOkxQi6fh1x9Loq7IR9B5Eo0DHQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zW0+vaK6/TLdEvBDLsVAjLDYW6HiK8W+5p1Fv4hsw8w=; b=cEL6V0pH7yKTg0/xZFHcNSEpAC P8cdRbI+R6c4fJFIbDi0WxSbWH+A1CotyLGCb6JLKVLZD/5DIFYdmw3eJBixuIg7vz1zVS+c7QZMR of3W8sYraCn+W3YdC8zkaZcBuXYR1e3aNpJHWJh7J+3QLrc5ITLVk8Bgrklnn0EvzZB8=; Received: from mail-lj1-f182.google.com ([209.85.208.182]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1vl52H-0005hW-Md for openvpn-devel@lists.sourceforge.net; Wed, 28 Jan 2026 12:52:42 +0000 Received: by mail-lj1-f182.google.com with SMTP id 38308e7fff4ca-385b6e77ef9so62186631fa.3 for ; Wed, 28 Jan 2026 04:52:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=google; t=1769604750; x=1770209550; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zW0+vaK6/TLdEvBDLsVAjLDYW6HiK8W+5p1Fv4hsw8w=; b=C+YIjjAB2s1X1V9hwybJwY2my0an744FXy7/hUGjK+F7ZGgo+401nW7gIcwrvjJH0A /YgZBY+/TJ0tN3c3SRmlXMBj3ylg9NIDIjPy6vj+UXFB8MZX6KOWytv91Z9R5o6YoqPr J5U5nJfPL2i4mwxk/k7HaZZvTQFT9RIlrHhoTnXUROckcbq9KqE5pLlBO8YLIavHvwK0 WLszj54xX3fYABVZEpTVyNJEcjwm4qyvL6rYUF1GWe1B/fRAasx/843nMOougzoxthp3 rg9TwQaM34JQt96X53x9YWwwTb0RswArEHZzHn4PwQcfUgyeJB3fJ62dMlGMUAlgwgf3 QMIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769604750; x=1770209550; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=zW0+vaK6/TLdEvBDLsVAjLDYW6HiK8W+5p1Fv4hsw8w=; b=ZrdeRvqIwXObWoiaX3PhM2JeEkLpVDK7ttfMMo6QNUAsFKII/aFGf/a/A/GtNCVOD5 d8+ALMQXJX/Y1MSTYEr1QdBDoVfi5R/zVuakCC3qYOcYFkAxcxbACSBdXIEg6Yk8OJ8o hKbJZxZUzxjRn7kb2cFan/8CEmYhOd4kG3r2T8IdO03dkVkheBF5BXgxP2Jte1qzyZ1i +f10C2uap850tQKSBK+lHVNuEqYPyfS9bqiHWwxUnvmlOZwDCfR35cQeoWQUQt3NyElK VFiOvkDhf8kNySO5eVVlPj1QiT+MeNAnWFlcJpC4xOX2fHoGnUhWAHaCVIC4//tcx7+L jwuQ== X-Gm-Message-State: AOJu0YyufBfFzGiJeIz0iiQnbVMol8eZdjmJvc01Z1tGljzFf7xv+FUM CJPRMsNvSVggS6Zt7dgxT4hyXdadb8prYBT8D2hpYb3YOsub/IuYSLa/aSkjTQPGWWqs8t+H0ep hfuLL X-Gm-Gg: AZuq6aIXUriu0ZZUqlf0pyQLV2B4CdhqmZIVQ7BqcinaWJJhTKyb0YYUJladditctUS cR17k6aGrf2ypwZL2q5LDUcpqzkZ+5nuXvx3twMHJCpGYMTwHMllppo8xj0c8sszKWlk+NaK0dC dJNzz51kAUiy5k9D6N+PHH0rvFCHA7nn5OrWF/Uh3jp0hMQuw7Y0EhZhlk/FjejBC8NlUBSA3B9 nXQBMGY4ph5RPrfNG4WHpRAaF9wStixS/icfUoad0voDnMmzoYr8d4e5oXrQvOzho3s7SgIdOUd NFqPnui771ic6TItXo82VkUHwoT8+gS0CLlJkH55bD3o6FpfXlF/Sc6D9kRot4Oczs0mFohxjuQ tleeb+V9RWWyMyS7aidosfYl3ET8hRiv4SI8LNnxtFRg4xRE02Ae7wCvn1TO9n0aUW5T2Sr+ITk yfqjd3IQ== X-Received: by 2002:a05:6000:2503:b0:430:fd60:93fb with SMTP id ffacd0b85a97d-435dd0b6a20mr7494025f8f.32.1769604280010; Wed, 28 Jan 2026 04:44:40 -0800 (PST) Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e1323034sm6656742f8f.35.2026.01.28.04.44.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Jan 2026 04:44:39 -0800 (PST) From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Wed, 28 Jan 2026 13:44:09 +0100 Message-ID: <20260128124410.429529-2-ralf@mandelbit.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260128124410.429529-1-ralf@mandelbit.com> References: <20260128124410.429529-1-ralf@mandelbit.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: During GSO fragmentation, skb_share_check may clone the first segment and free the original skb. The current implementation continues to use the stale skb pointer for peer lookup. Fix this by updating the skb variable to point to the new head of the segment list after the processing loop. Additionally, return early if all segments were dropped during the loop to avoid double-co [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.182 listed in wl.mailspike.net] X-Headers-End: 1vl52H-0005hW-Md Subject: [Openvpn-devel] [PATCH ovpn net v2 2/3] ovpn: fix possible use-after-free in ovpn_net_xmit X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sabrina Dubroca Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1855565088951454489?= X-GMAIL-MSGID: =?utf-8?q?1855565088951454489?= During GSO fragmentation, skb_share_check may clone the first segment and free the original skb. The current implementation continues to use the stale skb pointer for peer lookup. Fix this by updating the skb variable to point to the new head of the segment list after the processing loop. Additionally, return early if all segments were dropped during the loop to avoid double-counting statistics and double-freeing memory in the drop path. Fixes: 08857b5ec5d9 ("ovpn: implement basic TX path (UDP)") Signed-off-by: Ralf Lici --- Changes since v1 - this is a new patch that replaces the previous "ovpn: use sk_buff_head properly in ovpn_net_xmit" drivers/net/ovpn/io.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c index 3e9e7f8444b3..95c3518e067c 100644 --- a/drivers/net/ovpn/io.c +++ b/drivers/net/ovpn/io.c @@ -396,6 +396,17 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) __skb_queue_tail(&skb_list, curr); } + + /* no segments survived: don't jump to 'drop' because we already + * incremented the counter for each failure in the loop + */ + if (unlikely(skb_queue_empty(&skb_list))) + return NETDEV_TX_OK; + + /* the original 'skb' might have been freed/cloned in the loop: use the + * first element of our list for the other operations + */ + skb = skb_list.next; skb_list.prev->next = NULL; /* retrieve peer serving the destination IP of this packet */ From patchwork Wed Jan 28 12:44:10 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4740 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:8468:b0:80a:3855:ce6a with SMTP id u8csp2707852max; Wed, 28 Jan 2026 04:51:55 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCWmcirqOYW0JZp2llVwLIViOZ9EnnvwYVMsQuUfJY7cI7G2bAPh2ReilumjaYcGDCXfvibK9GRHyC4=@openvpn.net X-Received: by 2002:a05:6830:234e:b0:7d1:8ad3:ce7 with SMTP id 46e09a7af769-7d18ad329b2mr1566061a34.1.1769604715115; Wed, 28 Jan 2026 04:51:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1769604715; cv=none; d=google.com; s=arc-20240605; b=cmdpgF5A6Ooh4N24x5eja9svTViGtCuSeeZHjsG5yPAObC8uljkU+PMv0sa3MIKdHW Ru2lIMpYxRzhOWohAbFxG2Ugno00mk7Xu6Aw+7DTy4WmlAwfk9y5ANtxZNl5DNHvFrLL le2cImZGT0scZaAyXZeGewVUIsZ+qOHoJdTYOJtP7nxW5iOUVfj+0FuedrLzws9KkWd8 +yyJ6AFIgZXgj4qNAalXif6ME6XBbyX+V4VO2maWRYZeu8Wl7qeuQK7lIr5iUDQRnAfm v0xKcMUfGb2vo9qjCislz+BTmlvkeJ5g7PtfysHMTJzyCWaq+ILMaAE7GqbHuecvm7wH ojRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=3N9FY+9xBeUVPPnwuleV6bybUkDiArFT05RDGJ2Owug=; fh=bDmbXayvKcQuWZaaz4JM7kgnS3MJBk3QUq2ehqNuBVc=; b=RCJnCw6HuKxeRKhrqjY5y8njY0PP0aFX0ggvS3l1kpib1EnEoWgcFRahVeWjJkUkax R48xtanHeMt712/5iu9AHydvGa9xFe6QdT/eM2wS2qLTK+JdjrqYFj7C376pR1tpNsBH cQEa20gQbIDc0xYVRITJO6bGyxkF4yZ0kdOc/zMdMCVYzx61nChZKyPahoYU4dfPlEEJ 7ECKQfjiZb9xrt1T3Qf17OVhN1+K9j4FXyPvO1uwtjmH3mxc4tH7We8u5oObc9e9kCMn epjC9mV8BIW0+mbCgnT+cPV1JOxaRSSL4O5T5FMw4qXqcaPddTEWyNJR/WbFIzb7huq+ pm4Q==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=bUdAPwwJ; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=gbAXxyY5; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ZXA3nt3I; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=JKpaVpLu; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7d18c79bce4si1414247a34.110.2026.01.28.04.51.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 28 Jan 2026 04:51:55 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=bUdAPwwJ; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=gbAXxyY5; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ZXA3nt3I; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=JKpaVpLu; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=3N9FY+9xBeUVPPnwuleV6bybUkDiArFT05RDGJ2Owug=; b=bUdAPwwJrxkU+Y7FCyl56mutSG j53N/Z8B1B8F8dLJRejJjY2xFERbcgcSryDA8u1nfg32x87kYPkeEZdOIclZs/yykcmp13J4tyzZX yL8OScOU17a142W/NQn8XgX99APhngK5VB6aKxhHSQcEcX0NBpJE3IqpatRV8qd6RN1A=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vl51Q-0000cF-19; Wed, 28 Jan 2026 12:51:48 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vl51P-0000c5-C5 for openvpn-devel@lists.sourceforge.net; Wed, 28 Jan 2026 12:51:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=SgGvC+Cf9FfQL6DyxmxSFItCT9MQvi4X2Lea+utde6c=; b=gbAXxyY547cnW5m27p7F+58g2d h3NLYBG1krHIt7i5/6r8vcfP2o73ueGLxYyOgptFh4UZQleg/Hz1AvUK9MmAAda7kSpyTFiIFUvHv FWAEKTnkJsRWx9rzXGbnvIP2yHrcZ+l6nsIR8t9qeDyP6Gz//nvDhoO1YzFYrpePLB0E=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=SgGvC+Cf9FfQL6DyxmxSFItCT9MQvi4X2Lea+utde6c=; b=ZXA3nt3IIGJTdG8FOhNZ49eTMk KKs7PqJdG3W+CbrmL60aOmphZoUorl8iBU2XBgk4JZlfZgXquZsauFzZH9rBhtQPvxiJNHEjMOneT wWX+yNW6pRMmtxnKXpEXQUNh4ObX+Fle4Ab9QVNxPgKYrVS/m2DFdtKuf4tJT53xklqI=; Received: from mail-lj1-f175.google.com ([209.85.208.175]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1vl51P-0005fo-Nz for openvpn-devel@lists.sourceforge.net; Wed, 28 Jan 2026 12:51:48 +0000 Received: by mail-lj1-f175.google.com with SMTP id 38308e7fff4ca-385b5174f54so61482631fa.3 for ; Wed, 28 Jan 2026 04:51:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=google; t=1769604701; x=1770209501; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SgGvC+Cf9FfQL6DyxmxSFItCT9MQvi4X2Lea+utde6c=; b=JKpaVpLuQpOqJvNf1PMNzJZTDwhNYypSFuxqh3HMGuSu0USMOz5iMZ3xg6IH5MFhr8 PpyyARe0LnbUSgQZZp47Znkoaw5Q/f5eEqJEH54XLSvjlhN2u0mHZMDRomW8+Hu8P75S Vxak/Pp/0flUFhi0we+F53cpb216xKGETRTqsiX+hOZMg2gJ1oOl6tCZtkp7QIavNORD oBFRuPSHf9M7wJTuzOHBkoz3DnSdnWtXUwa6guk7pj+3xp5x3rJ+dZV7Tj4kPNrLmcp0 NqTG7K51Z+sYPDiOTgRA1aczFVFDbt3X1ehiGx/dsP3NBRgvk66B+ISn8bcWXNntUZtm dgVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769604701; x=1770209501; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=SgGvC+Cf9FfQL6DyxmxSFItCT9MQvi4X2Lea+utde6c=; b=PM87abE19C5Eq1Xcjltmqb8mZ3CmNGzbVrs8yzeeIXu3DPvmv/abKsj8rlbdesU8j0 ONi+mvdD80QK2NdpQmFrpw4ch20IEKS8NUMcc/a/kEaZZ3UiB945Oh5+PPGa72VIufgR 5qoFu8fMVZwdzIvXeFw8n6PckWTFaovxMjD8/wrBEDdrZk6imESkQB/pBcO/r15xoL3p Iokh7QT6WnLP4tau1sC6wTwpUmqwOLs52X5NfZNAUQR10rTj5h96r1d+yUoMgRx2UUg4 365UJC+reA1mMq3w21fQZnpCmK/3tlQehq3tAz3CA94qUpkcrtm9ED14gHQXwRvHMlIf 6TSQ== X-Gm-Message-State: AOJu0YyVEevOJ10bqG9ilcPuP9G1qUk6tGW6x1No788TdWhfBiALz8Jw qtSzcinPNUcQlakmOkFI8saB8nC2gfZ/w4hcQm3KR1oyLW+wSjcXgem/Es0tounvaGL7jUnF5Mb F37KQ X-Gm-Gg: AZuq6aLUvdOO2ls7gxzqam3nQWp8mYRbafxvX3/2/UqX9+59z4uf7YZNT8sdri4MioL cD2RUbieMwlNSLysCsu2lpN0vBP9c1FDIvzABgmO1Rn5x3hpvYIoePy+VpXMrlAaAaSLYtRvyC1 m0H63mqmoEf2NldMGbXoa+/asWyWEJWjwCe/uk4OHyeRNXcdnZdX9Hh9nnvxo/FG5JyaJZA4NWH ynzPMLx5IfbvnAU9mXcgPHEjZpdA5WonyIQOq+Ymk4AwTx+FivJSgRJao+o6WfhF0aBBmQ2fFlO oKJERyVMjsRv50M4lTV6m9OFO70P2GgI/xLEB/PGPX7DPfz/IJQh+/wB66CcqaCGP9Ul0ugXAQt v+1CWWmalNxV1OQI11XjWLQCGE8wesPng6JI7mP1eYGdnE5q5W0puxizvDNsy0ITGyAz3WrCjzh N2Zmu4Xw== X-Received: by 2002:a05:6000:1ac7:b0:435:9bf5:b336 with SMTP id ffacd0b85a97d-435dd0719ecmr7671061f8f.19.1769604288700; Wed, 28 Jan 2026 04:44:48 -0800 (PST) Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e1323034sm6656742f8f.35.2026.01.28.04.44.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Jan 2026 04:44:48 -0800 (PST) From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Wed, 28 Jan 2026 13:44:10 +0100 Message-ID: <20260128124410.429529-3-ralf@mandelbit.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260128124410.429529-1-ralf@mandelbit.com> References: <20260128124410.429529-1-ralf@mandelbit.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: In ovpn_net_xmit, after GSO segmentation and segment processing, the skb variable points only to the first segment of the resulting list. The current code uses skb->len to increment VPN TX statistics, [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.175 listed in wl.mailspike.net] X-Headers-End: 1vl51P-0005fo-Nz Subject: [Openvpn-devel] [PATCH ovpn net v2 3/3] ovpn: fix VPN TX bytes counting X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sabrina Dubroca Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1855565033653621101?= X-GMAIL-MSGID: =?utf-8?q?1855565033653621101?= In ovpn_net_xmit, after GSO segmentation and segment processing, the skb variable points only to the first segment of the resulting list. The current code uses skb->len to increment VPN TX statistics, which fails to account for any subsequent segments in the chain. Fix this by accumulating the length of every segment that successfully passes skb_share_check into a tx_bytes variable. This ensures the peer statistics accurately reflect the total data volume sent, regardless of whether the original packet was segmented. Fixes: 04ca14955f9a ("ovpn: store tunnel and transport statistics") Signed-off-by: Ralf Lici --- Changes since v1: - added Fixes tag drivers/net/ovpn/io.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c index 95c3518e067c..4f3c9c5d00aa 100644 --- a/drivers/net/ovpn/io.c +++ b/drivers/net/ovpn/io.c @@ -355,6 +355,7 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) struct ovpn_priv *ovpn = netdev_priv(dev); struct sk_buff *segments, *curr, *next; struct sk_buff_head skb_list; + unsigned int tx_bytes = 0; struct ovpn_peer *peer; __be16 proto; int ret; @@ -394,6 +395,8 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) continue; } + /* only count what we actually send */ + tx_bytes += curr->len; __skb_queue_tail(&skb_list, curr); } @@ -429,7 +432,7 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) /* dst was needed for peer selection - it can now be dropped */ skb_dst_drop(skb); - ovpn_peer_stats_increment_tx(&peer->vpn_stats, skb->len); + ovpn_peer_stats_increment_tx(&peer->vpn_stats, tx_bytes); ovpn_send(ovpn, skb_list.next, peer); return NETDEV_TX_OK;