From patchwork Fri Jan 30 17:32:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4746 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6911:b0:80a:3855:ce6a with SMTP id o17csp349948map; Fri, 30 Jan 2026 09:33:45 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXNkcv4r5GYv9iK6+9jCAGNA41xh0e/I+sQ1WpOtRfZZoAUv4mjHHQNFR8Be5ZQeWm0jF/nY9gUz3g=@openvpn.net X-Received: by 2002:a05:6820:4cc7:b0:662:6b87:f95f with SMTP id 006d021491bc7-6630f3ab507mr1381379eaf.74.1769794425802; Fri, 30 Jan 2026 09:33:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1769794425; cv=none; d=google.com; s=arc-20240605; b=N/kl4GW6LvYkufwcc3FXiLbdMHg/X4mR5Cu9DyE7QodidzsoUeQ4KDYbDNgEf0G8Rr KyO7/mJCDd5/Mdoe/bjK/b4DKITEMDSKhUww29Bmm9NEUF9p0D1GCZoBnykSJSI+7O4Q K33F4uC06y38S2j/lWfeUOPCrhij5KvWzJI1Zwlkqqb/xdRY4rsrboz0dsAhU8PS7pGG ZFEQ4epvw5GY8sYlIS5IgZ3tqH0OKJtdyPxUuJ7bm2+/ixkgTZ/maXnGqi+kp+7l9jW9 IQVcbD31Va5HDB05AD8JuM4i5ziI5TakXaS8kq0AfMwUPdJSABz6i2+E3XAm44FDJ3me 6ilg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=hPSBQBZSt5klGdz7cRl8OCtMmE4AApl+iYyOYsrzzwI=; fh=bDmbXayvKcQuWZaaz4JM7kgnS3MJBk3QUq2ehqNuBVc=; b=NtAknOwI8EYr8SQw7hL9AYmJnZZGdc93gUsnNXzF3muwA6s6Rzkn+e2+23UK/dhGiB 0Bc9VdUD7VOYRTDlqhx7HrY1krHIijg560/2nnmVN0/iPdOdMcMOeWaae3M5yCk3A2ji tovZx/fumDzWjwvfWxauhjOqkk+Z3Lvy23zlCk+787SycNWiOCtQIblVmQOHrdt4jPE9 1vYTEcq4eY7ytT+shGyb/aQAgaqffPiCFfBKWy+P+6GPhASSbTMZTKX/AvCewNTIbUql kA31T0QxRA+BcU454XoEnxK/b3R+5JDwlozY8RN2inquJUXWCm2k2WveV+6SR6d8fx5F pjig==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=M2OYyRX0; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=MV6eZ7SY; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=AWxqyruN; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=gOBrvGqM; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-662f9a3a72bsi4823144eaf.50.2026.01.30.09.33.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 30 Jan 2026 09:33:45 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=M2OYyRX0; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=MV6eZ7SY; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=AWxqyruN; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=gOBrvGqM; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=hPSBQBZSt5klGdz7cRl8OCtMmE4AApl+iYyOYsrzzwI=; b=M2OYyRX0OK4Zan7aYdW3Xbxbzr o5rjNiHx/Zn7fmpWStPHvWcTA4DUq5lg3ClPBlVuNaeJhMqmNge6pPVcgUuugY6nNH8Sbl5P/rCDr Y10dqCvE3XddkfJOyhMeL5I3ii3Ck5cpplJia+0yvXnFyDITSVq27KAuKU5gJUFLCvOk=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vlsNF-0007rQ-1h; Fri, 30 Jan 2026 17:33:37 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vlsND-0007rB-BM for openvpn-devel@lists.sourceforge.net; Fri, 30 Jan 2026 17:33:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=v3ZhN7qavq8wkpyYQxQPENjsapaMNszGu4MC113bZq4=; b=MV6eZ7SYbJkE0cUcARDykWoXIM hfhwEZrUHDnJm8kaO9h26Lcx49Ztzz/MGrlYoWux6J8oYyzVce8THYLscFxmyeD/2+/kHnTEJY4DG obObwnunXmb6zBQcSPAKGpL3dLiJDck4ZcpjU/uNJ6jEy/y7KzWcUDePmlgC5dFTTesM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=v3ZhN7qavq8wkpyYQxQPENjsapaMNszGu4MC113bZq4=; b=A WxqyruNe+89vssIx7z5xowmGs9jfyGSCtd4jzNUpmdbYK6x9OgoJClxty978tsF/ncoLZPVhHsSlL +fmgININEtAxYYZ6pkLNluOklyl6s8ll9BsfXTsXc7nKKQwtgupUoJkUXtzm23m+ZClo9tB8Shnfr 0sK+f0KkLanRwnCI=; Received: from mail-wm1-f46.google.com ([209.85.128.46]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1vlsND-0006Ha-C0 for openvpn-devel@lists.sourceforge.net; Fri, 30 Jan 2026 17:33:36 +0000 Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-4806bf03573so13047525e9.2 for ; Fri, 30 Jan 2026 09:33:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=google; t=1769794408; x=1770399208; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=v3ZhN7qavq8wkpyYQxQPENjsapaMNszGu4MC113bZq4=; b=gOBrvGqM8KP7cG6JWuExBc9bPYtTP8tTbIlY9gPuHu5Jv/4GDh5vWOFJYNxos0q9wb EcszxBL8Cq8U29lY4EgV3AC9JiRFR1cW/SkhEdODxLLdKHWzb6fB2FYWol1elMy9rsvT mJFShSLBzwpyUqMUBcsJ7tU2mumk40c2a9VO3o5zEzhyg1ARVwr5t9G4aarw5zZj6Gcj ZBV9EFf18bSjHFblZr2U9MvAC3ekuCOkEoI7y72C88Byr74u52bWTYbPVnSnwfrRqpdR RJTQiCKOtbIkCBxonmSfnqmJLt9RadUf5AYyhimaapq87d+tRhH5nlnWUAmjS0hEeOEo dRlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769794408; x=1770399208; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=v3ZhN7qavq8wkpyYQxQPENjsapaMNszGu4MC113bZq4=; b=ljda5Z+bEUYP/BLLgeheQaxPiUefxf5plCCCyDIHpuYl6aIus3ShE1dVSn8sEWrbIs x5eZzPioELVcLwUQ64YB+g578Jn2o8T+j5b7ear3rvIhzFK93G5SL8uxDMSmM/jG5Nbo MZIJ6Nt494bwGMP3s0sgXMEZhX/ISgXQe/l26Cz48xbmFfgb5mctuY7478f5EHJRcCje Bb9hFgm+60Xzb7jHIoOi+DhKDt+CpA/ZKHyzC3Ohdt0/EI5dLsTXpQwdvRk5PjkdKbsf vfinUzCfhtT12GdnDH9sczrxOHlRR2fh/hENK5xJxXUxEjAcJDAMHYsje3Hscf/F84/7 MRiw== X-Gm-Message-State: AOJu0YwzfA+sMszBrkNyyYjFN13oDtpdNPccgRB8I/ew7QJsKj0Uuw1m xtXrnWLk4Vj6MjvbCdzz5eKhfagND1tYa5OVkQUF3sGXac5wLOxG7spxArYA9/w/QhxC/HbV6Cl ufFD7 X-Gm-Gg: AZuq6aJzPU2fhUsfIx6zpA+AII9S5w7D/ca2tA8/fJMHfJqtb8uDiQ0HSbEOmL0d6dY Da++5Is3IWBYFeRwe/xg+sku0qwpozyy0u+bAcrj0unRp8/AiFYlvQstA7e1Xbx8jdxluR111ku 7pWPqLAIO/nFfZwqssteEYMpQi5WnNohwocCtUxND59tFoh/mkcTYKa+RnaqV3sRoyMH5e+A7SO av0SF/gcJGniX1XfkIga/1pWKvGUbevnodFeWQVBvcHpriUUFdvj3VLJxWMTuYv4cpDmo1+NAJr 79uSGEXb/OMK9LPFZHd7podR9OSWHmtLgqjUJLWedO20zyZSMb9w+LOr86V936BH0OO1zaQ73Iy KK9WevIHqIFp/1xfuyi2lCWAVss0B93v4D9BlWHYFT9e/9kaPXUaKVLlmdm+WfR/s181ox+IbrK zf7kEJLGXVnNLo6Mnw X-Received: by 2002:a05:600c:8b27:b0:480:1c85:88bf with SMTP id 5b1f17b1804b1-482db4998ddmr38926025e9.27.1769794408093; Fri, 30 Jan 2026 09:33:28 -0800 (PST) Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-482e047d863sm22090605e9.1.2026.01.30.09.33.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Jan 2026 09:33:27 -0800 (PST) From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Fri, 30 Jan 2026 18:32:48 +0100 Message-ID: <20260130173250.664943-1-ralf@mandelbit.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: During initialization, we override socket callbacks and set sk_user_data to an ovpn_socket instance. Currently, these two operations are decoupled: callbacks are overridden before sk_user_data is set. [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.46 listed in wl.mailspike.net] X-Headers-End: 1vlsND-0006Ha-C0 Subject: [Openvpn-devel] [PATCH ovpn net v3 1/3] ovpn: set sk_user_data before overriding callbacks X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sabrina Dubroca Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1855763959851019689?= X-GMAIL-MSGID: =?utf-8?q?1855763959851019689?= During initialization, we override socket callbacks and set sk_user_data to an ovpn_socket instance. Currently, these two operations are decoupled: callbacks are overridden before sk_user_data is set. While existing callbacks perform safety checks for NULL or non-ovpn sk_user_data, this condition causes a "half-formed" state where valid packets arriving during attachment trigger error logs (e.g., "invoked on non ovpn socket"). Set sk_user_data before overriding the callbacks so that it can be accessed safely from them. Since we already check that the socket has no sk_user_data before setting it, this remains safe even if an interrupt accesses the socket after sk_user_data is set but before the callbacks are overridden. This also requires initializing all protocol-specific fields (such as tcp_tx_work and peer links) before calling ovpn_socket_attach, ensuring the ovpn_socket is fully formed before it becomes visible to any callback. Fixes: f6226ae7a0cd ("ovpn: introduce the ovpn_socket object") Signed-off-by: Ralf Lici Reviewed-by: Sabrina Dubroca --- Changes since v2: none Changes since v1: - reset sk_user_data to NULL in case of error - removed a redundant goto sock_release in ovpn_socket_new - expanded commit message with additional information on the purpose of this change - added explanation in the commit message of why the per-protocol ovpn_sock initialization code in ovpn_socket_new was moved - added Fixes tag drivers/net/ovpn/socket.c | 39 +++++++++++++++++++++------------------ drivers/net/ovpn/tcp.c | 9 +++++++-- drivers/net/ovpn/udp.c | 1 + 3 files changed, 29 insertions(+), 20 deletions(-) diff --git a/drivers/net/ovpn/socket.c b/drivers/net/ovpn/socket.c index 9750871ab65c..448cee3b3f9f 100644 --- a/drivers/net/ovpn/socket.c +++ b/drivers/net/ovpn/socket.c @@ -200,6 +200,22 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) ovpn_sock->sk = sk; kref_init(&ovpn_sock->refcount); + /* TCP sockets are per-peer, therefore they are linked to their unique + * peer + */ + if (sk->sk_protocol == IPPROTO_TCP) { + INIT_WORK(&ovpn_sock->tcp_tx_work, ovpn_tcp_tx_work); + ovpn_sock->peer = peer; + ovpn_peer_hold(peer); + } else if (sk->sk_protocol == IPPROTO_UDP) { + /* in UDP we only link the ovpn instance since the socket is + * shared among multiple peers + */ + ovpn_sock->ovpn = peer->ovpn; + netdev_hold(peer->ovpn->dev, &ovpn_sock->dev_tracker, + GFP_KERNEL); + } + /* the newly created ovpn_socket is holding reference to sk, * therefore we increase its refcounter. * @@ -212,29 +228,16 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) ret = ovpn_socket_attach(ovpn_sock, sock, peer); if (ret < 0) { + if (sk->sk_protocol == IPPROTO_TCP) + ovpn_peer_put(peer); + else if (sk->sk_protocol == IPPROTO_UDP) + netdev_put(peer->ovpn->dev, &ovpn_sock->dev_tracker); + sock_put(sk); kfree(ovpn_sock); ovpn_sock = ERR_PTR(ret); - goto sock_release; - } - - /* TCP sockets are per-peer, therefore they are linked to their unique - * peer - */ - if (sk->sk_protocol == IPPROTO_TCP) { - INIT_WORK(&ovpn_sock->tcp_tx_work, ovpn_tcp_tx_work); - ovpn_sock->peer = peer; - ovpn_peer_hold(peer); - } else if (sk->sk_protocol == IPPROTO_UDP) { - /* in UDP we only link the ovpn instance since the socket is - * shared among multiple peers - */ - ovpn_sock->ovpn = peer->ovpn; - netdev_hold(peer->ovpn->dev, &ovpn_sock->dev_tracker, - GFP_KERNEL); } - rcu_assign_sk_user_data(sk, ovpn_sock); sock_release: release_sock(sk); return ovpn_sock; diff --git a/drivers/net/ovpn/tcp.c b/drivers/net/ovpn/tcp.c index 0d7f30360d87..f0b4e07ba924 100644 --- a/drivers/net/ovpn/tcp.c +++ b/drivers/net/ovpn/tcp.c @@ -487,6 +487,7 @@ int ovpn_tcp_socket_attach(struct ovpn_socket *ovpn_sock, /* make sure no pre-existing encapsulation handler exists */ if (ovpn_sock->sk->sk_user_data) return -EBUSY; + rcu_assign_sk_user_data(ovpn_sock->sk, ovpn_sock); /* only a fully connected socket is expected. Connection should be * handled in userspace @@ -495,13 +496,14 @@ int ovpn_tcp_socket_attach(struct ovpn_socket *ovpn_sock, net_err_ratelimited("%s: provided TCP socket is not in ESTABLISHED state: %d\n", netdev_name(peer->ovpn->dev), ovpn_sock->sk->sk_state); - return -EINVAL; + ret = -EINVAL; + goto err; } ret = strp_init(&peer->tcp.strp, ovpn_sock->sk, &cb); if (ret < 0) { DEBUG_NET_WARN_ON_ONCE(1); - return ret; + goto err; } INIT_WORK(&peer->tcp.defer_del_work, ovpn_tcp_peer_del_work); @@ -536,6 +538,9 @@ int ovpn_tcp_socket_attach(struct ovpn_socket *ovpn_sock, strp_check_rcv(&peer->tcp.strp); return 0; +err: + rcu_assign_sk_user_data(ovpn_sock->sk, NULL); + return ret; } static void ovpn_tcp_close(struct sock *sk, long timeout) diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c index d6a0f7a0b75d..272b535ecaad 100644 --- a/drivers/net/ovpn/udp.c +++ b/drivers/net/ovpn/udp.c @@ -386,6 +386,7 @@ int ovpn_udp_socket_attach(struct ovpn_socket *ovpn_sock, struct socket *sock, struct ovpn_priv *ovpn) { struct udp_tunnel_sock_cfg cfg = { + .sk_user_data = ovpn_sock, .encap_type = UDP_ENCAP_OVPNINUDP, .encap_rcv = ovpn_udp_encap_recv, .encap_destroy = ovpn_udp_encap_destroy, From patchwork Fri Jan 30 17:32:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4747 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6911:b0:80a:3855:ce6a with SMTP id o17csp349952map; Fri, 30 Jan 2026 09:33:46 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXGDOKzrqh4d+oeBQWEIPuCB2Z4IRwtsw+u/rjhqsWcABqYEI6njh2h4HsNKvddXHkgae0RlOdbPLE=@openvpn.net X-Received: by 2002:a05:6820:4c0a:b0:659:9a49:8eff with SMTP id 006d021491bc7-6630f01b564mr1567907eaf.16.1769794425851; Fri, 30 Jan 2026 09:33:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1769794425; cv=none; d=google.com; s=arc-20240605; b=Wt3JiXzJUCtCgG84qjyWs7qD29nnvWvCFfo0JNzFcmiK9THwen31FNQuUy+2b2plYd 2QSHqMx68DrxoyoEOsIdOk/egoQ/1ury+/07jO2JWTGamXGdlQZnExf3pSztwLYh7ZwH kAn509NwXCJJu6xxO3pZ0Pe2ED0FiX3xwfjVYhj6t7ZhDaILUFw5T0W+RxcAGoEkG1jk J7n3+rNbnUdC52aTaIhWoGbL6OBctCeL8CzqfFy3d2pYLYBPTlbzSbMl0iX3LZzcEDXi 7V9HSaFRDiIZ6Qz0kJLvycVD+BSb7Q8HDARGSPYzp/px9TEm6LfQ3g+5Kqcp4LpjoTtp TCyA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=t42s8t1+M3NlF2eHyUZqGnsn+gC9kfCmVe2QZu2elok=; fh=bDmbXayvKcQuWZaaz4JM7kgnS3MJBk3QUq2ehqNuBVc=; b=Xw+eEx15t2+GeNtvBlZ7nRlFc4aZWI4Wzya76VTZgfWwTiacZ/wwJuPsLmkBNzBd4b 9ifpYb1qr+RUoet2grEEhpfXWaq4iCpnKIUFP/8JSI+iRcHh2c5uK3cXKMiTvy3g4KCr 4Ao4/WfWqtag31N6o2kkhENMCLv+ksZxQNh0LH+t+BnUXZlPO+69itW36QRrVLykVPWn 6TFVfwg2axYurcs5Q0lDdISq/nFBoAbDJ1tOUpreuGBchCwgMMvZQDkek4I7du8qoTMO VaXZB8qet4sDV8B8ezF1QnT01RMrwydaYKwk10jHoKg1vxx+9iNqQGUZo15YQPtGD1Db q14Q==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=jGlA4d9U; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=guuy031m; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=fBmXEWp2; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=fWG5X+ST; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-662f9a3abcfsi4908215eaf.57.2026.01.30.09.33.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 30 Jan 2026 09:33:45 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=jGlA4d9U; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=guuy031m; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=fBmXEWp2; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=fWG5X+ST; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=t42s8t1+M3NlF2eHyUZqGnsn+gC9kfCmVe2QZu2elok=; b=jGlA4d9UZb0v5OdGoNvcuH9RG+ VId/DcrhUwjmcwiCZWjw8GlI6U2jO4FbiVcjElGwgXEL27AcvbmMUa8DIEa2GFyvnRTnkt3HMUed8 000xvAmryX0AQgs7bR8GvjaFXSfYnmTJvvne8U6gjXc5STkun5zKZo0r3vUUGt6j1GB8=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vlsNK-0007EG-JF; Fri, 30 Jan 2026 17:33:42 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vlsNJ-0007EA-0O for openvpn-devel@lists.sourceforge.net; Fri, 30 Jan 2026 17:33:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=nFYWSGBGZDppA82BfqGscnheXYcKAxVEt4g4OPuZEDk=; b=guuy031mMsEa47CYZT5JYO0W/z BuI7JMidHIUteYPxNeeDqc4rRUzrEm2x5FfeLYkD+lpAbEjAeYcx1s9mnLDnMoVUN1Al/+kf3e5/c WN4v+vtnLuC9nuqnFUoav3JjPmGkHmIu4WrytalCesfAfpvspEowKLJ/TcqNCPqgJ6FE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=nFYWSGBGZDppA82BfqGscnheXYcKAxVEt4g4OPuZEDk=; b=fBmXEWp2Q/+xG9rstUOulO7Htk 2M5kmKUc3KoiFkSugggtNJtxEp6VCRdW20wvEpsTt5ddypLx0QxqB+K5APKeGsHhHxH2/7g/TZ8rd JtHDh0iCg/TUs/YFeIiImgqS0rY54RUFCn2xHZtekw172UHzppMxpny90xC11+/e9wqA=; Received: from mail-wm1-f45.google.com ([209.85.128.45]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1vlsNI-0006Hp-IB for openvpn-devel@lists.sourceforge.net; Fri, 30 Jan 2026 17:33:40 +0000 Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4806dffc64cso18287155e9.1 for ; Fri, 30 Jan 2026 09:33:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=google; t=1769794409; x=1770399209; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nFYWSGBGZDppA82BfqGscnheXYcKAxVEt4g4OPuZEDk=; b=fWG5X+STN/cp7QeT1Klf3ZBDJ9N0OiTym0vixNtFs2NjhcTXPmV3Awosd6q+k/3UFb RtOwXXYFowR7jF0oGFikRqxrN1oapLrjg/SlopTtQrGghyK65MKLfZTwu43ZCN+Y0rMe vzQWVEZ5fqwgB8TW+jxV0ZXDEpcvktrOnwHlrbxc9a2zWqa+63QHU83rNV0Zl4M0Wk+W tdMO11HQIP/xQ/e2Iqw+TnrwKiglEtiNunuBnzIIr9/C7pmNk3B507T6TpPnb/AnSBsm sgkTkkvR959crzr+V8jcICsJWDoxEU3Ue4ouSlYsuKZ1xDB9Q41msDWjCh0dTMOjXP2e XyPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769794409; x=1770399209; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=nFYWSGBGZDppA82BfqGscnheXYcKAxVEt4g4OPuZEDk=; b=dWDFycJM6GaZKV4ZJSiqTK9/a2EJOBzoeURNJYG5qGl7mH5lGv7rdjvDhbNVII3P+o U1w7/D+YanmUQfI9dIHGp/Ym7vAvKx94z352qWwR7j/SrMMpzrVpd/Nz17g9/WJjoFeI xlrsD3MflLMr724Nz1P/a7r28VDKOVQno8lXyCBRcmVIlAIleFHm9MX5tBZskp2VSYjz sbADUt7HacaDP9NYCA65nybSix/8yLDTJev8zhDvEx1p+/0xqFFhicn7/0/0CdZILj81 gxKR+i+dfkd1ASRf2PLr1lhRejZiZ5J/UljsT8ziVGUuzixs0B150nOAghyRPXvkbZNS 0wxQ== X-Gm-Message-State: AOJu0Ywn6XvpwUNZZQyMtjVPhD/8DmUGejmSgulqGGyDHO5MYMR9MupH X2mFYZNK4SJW9V5sudsDp+sScKZ3zeCm1cIZaMvrNbEA5kAErokh8rMphe9ZqwCR2s4bqdEu1Li X+KMl X-Gm-Gg: AZuq6aIauAXZqaWYGy/y0GB9DenbL9bWYLPOFVqpk1c315Fsh4n1gVA6FQAOnnLArKu EW9TcWBVvjYynxjDPI0axI1UWxVCVcfHkmA51VGplnVu3gsWEXsDOr856OpBFxrgplLSHVtsGPZ o90x+hMiS/9hlu/3923UVm8dDTWhFjDt3m0KmIx9koqFUrwI8TAZjH9UbRgWImmcMo0Hth6cYV+ 3Qs8bwvxh9hAywRFzu0UKzluQBJgcQmSiAz7BS9q31Tku8w3aRDhi8BLMUxcM4a7kQigwR0MVFt qSVY/Civwe/q24DbK5wRKywfHgMu2cOAMjma1dod4alSV76Up730SSK2WSPWjKMJvOa3reJsngs DpNISuVVg3+LxSEo8f1ZZXMr7vOQU/ulK9UZ+aXgPRgokQdOLGVaU3cfnEZNxXbGg6CrfUmylZy H0wNUTUQ== X-Received: by 2002:a05:600c:1e89:b0:47e:e72b:1fce with SMTP id 5b1f17b1804b1-482db4b5e04mr40349925e9.37.1769794408688; Fri, 30 Jan 2026 09:33:28 -0800 (PST) Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-482e047d863sm22090605e9.1.2026.01.30.09.33.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Jan 2026 09:33:28 -0800 (PST) From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Fri, 30 Jan 2026 18:32:49 +0100 Message-ID: <20260130173250.664943-2-ralf@mandelbit.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260130173250.664943-1-ralf@mandelbit.com> References: <20260130173250.664943-1-ralf@mandelbit.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: When building the skb_list in ovpn_net_xmit, skb_share_check will free the original skb if it is shared. The current implementation continues to use the stale skb pointer for subsequent operations: - [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URI: mandelbit.com] 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.45 listed in wl.mailspike.net] X-Headers-End: 1vlsNI-0006Hp-IB Subject: [Openvpn-devel] [PATCH ovpn net v3 2/3] ovpn: fix possible use-after-free in ovpn_net_xmit X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sabrina Dubroca Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1855763959745775515?= X-GMAIL-MSGID: =?utf-8?q?1855763959745775515?= When building the skb_list in ovpn_net_xmit, skb_share_check will free the original skb if it is shared. The current implementation continues to use the stale skb pointer for subsequent operations: - peer lookup, - skb_dst_drop (even though all segments produced by skb_gso_segment will have a dst attached), - ovpn_peer_stats_increment_tx. Fix this by moving the peer lookup and skb_dst_drop before segmentation so that the original skb is still valid when used. Return early if all segments fail skb_share_check and the list ends up empty. Also switch ovpn_peer_stats_increment_tx to use skb_list.next; the next patch fixes the stats logic. Fixes: 08857b5ec5d9 ("ovpn: implement basic TX path (UDP)") Signed-off-by: Ralf Lici Reviewed-by: Sabrina Dubroca --- Changes since v2: - moved peer selection and skb_dst_drop before skb_gso_segment - added goto to drop the peer reference on error - stopped using 'skb' after building 'skb_list' and switched to skb_list.next for the stats update Changes since v1: - this is a new patch that replaces the previous "ovpn: use sk_buff_head properly in ovpn_net_xmit" drivers/net/ovpn/io.c | 52 ++++++++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 21 deletions(-) diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c index 3e9e7f8444b3..f70c58b10599 100644 --- a/drivers/net/ovpn/io.c +++ b/drivers/net/ovpn/io.c @@ -365,7 +365,27 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) /* verify IP header size in network packet */ proto = ovpn_ip_check_protocol(skb); if (unlikely(!proto || skb->protocol != proto)) - goto drop; + goto drop_no_peer; + + /* retrieve peer serving the destination IP of this packet */ + peer = ovpn_peer_get_by_dst(ovpn, skb); + if (unlikely(!peer)) { + switch (skb->protocol) { + case htons(ETH_P_IP): + net_dbg_ratelimited("%s: no peer to send data to dst=%pI4\n", + netdev_name(ovpn->dev), + &ip_hdr(skb)->daddr); + break; + case htons(ETH_P_IPV6): + net_dbg_ratelimited("%s: no peer to send data to dst=%pI6c\n", + netdev_name(ovpn->dev), + &ipv6_hdr(skb)->daddr); + break; + } + goto drop_no_peer; + } + /* dst was needed for peer selection - it can now be dropped */ + skb_dst_drop(skb); if (skb_is_gso(skb)) { segments = skb_gso_segment(skb, 0); @@ -396,34 +416,24 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) __skb_queue_tail(&skb_list, curr); } - skb_list.prev->next = NULL; - /* retrieve peer serving the destination IP of this packet */ - peer = ovpn_peer_get_by_dst(ovpn, skb); - if (unlikely(!peer)) { - switch (skb->protocol) { - case htons(ETH_P_IP): - net_dbg_ratelimited("%s: no peer to send data to dst=%pI4\n", - netdev_name(ovpn->dev), - &ip_hdr(skb)->daddr); - break; - case htons(ETH_P_IPV6): - net_dbg_ratelimited("%s: no peer to send data to dst=%pI6c\n", - netdev_name(ovpn->dev), - &ipv6_hdr(skb)->daddr); - break; - } - goto drop; + /* no segments survived: don't jump to 'drop' because we already + * incremented the counter for each failure in the loop + */ + if (unlikely(skb_queue_empty(&skb_list))) { + ovpn_peer_put(peer); + return NETDEV_TX_OK; } - /* dst was needed for peer selection - it can now be dropped */ - skb_dst_drop(skb); + skb_list.prev->next = NULL; - ovpn_peer_stats_increment_tx(&peer->vpn_stats, skb->len); + ovpn_peer_stats_increment_tx(&peer->vpn_stats, skb_list.next->len); ovpn_send(ovpn, skb_list.next, peer); return NETDEV_TX_OK; drop: + ovpn_peer_put(peer); +drop_no_peer: dev_dstats_tx_dropped(ovpn->dev); skb_tx_error(skb); kfree_skb_list(skb); From patchwork Fri Jan 30 17:32:50 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4745 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6911:b0:80a:3855:ce6a with SMTP id o17csp349949map; Fri, 30 Jan 2026 09:33:46 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXaNwm+fWDOOQsENocZziCow9SyPNy4sTm6p9XD44MyT1wOuYfFrTJLmZFAG4RMEHD3LmZ5ARGuo7Y=@openvpn.net X-Received: by 2002:a05:6871:e2de:b0:409:9571:350f with SMTP id 586e51a60fabf-409a6b02c36mr1733791fac.2.1769794425790; Fri, 30 Jan 2026 09:33:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1769794425; cv=none; d=google.com; s=arc-20240605; b=CNoqmBvsR5VNT+QTgijE2sLUuwJHsooBJqYRKTQ//xuQU99L7ALtamfBo2Rwgp9N+e JJmoGp1HvvY2GehfpwxQDDRLcMyMJDgxCTn8PonpMOL25nTlQAI9NcthGn9xtAXZ8u+S XA6U45hi8mGHXowo8OGezj45nKKsnJr8W1Ra+fXMVhKW9aN276lBmfJB6v/zc8nwCIGj G9ShkdU3I4ZgHY2gpXrvou6rwKtsK0liyx23TUWFvZNIisk1IW+bHfdX3HxoFm2+f3th ScEpE0Y4dd34DWMxSc3aFQTMkXVzpSvFT4yFlLh3MwlRVMCv68qOGr1PcFK3Tspp6/z0 66/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=nAcDsZChz2uzR1I87LQR64xwWfA9Giy4yadRm46T1jc=; fh=bDmbXayvKcQuWZaaz4JM7kgnS3MJBk3QUq2ehqNuBVc=; b=dc6VbrIDQgMJx9iIEbKO7xhi5+POI4fdP0Vnz4umTBYXlSkTtmCDRWsPh6fjmk/PCE VxAg4VZix3e5CaIOMU7qAp3KKrz9HElEnxK3ZzuawiHPr5t9swyNCKwSQkILuWO41tdt ExF8PIaqCS52e350caxUT5J1AjsqMnCZe+g2ZaLhOcOi6oP1PAkVbm+ZIOm4Z/ScUXwF SprBgd5I1ZOE1XzQEmm52+UMakoGMBhdC9O0nXBYIcsORkNHIZfYsylD0Pqui8ShRlnm 10VTf4FQ7f/e87GOBx26GL4xwYKUiHSkuKXHlfkzDHpvXQ1oWdw5492qo+ghIQP/PSfA 74fA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=lNu2DXza; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=jsz24ISO; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="ZStmQX/e"; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=Zy20L+rq; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-40957794f6asi6964575fac.332.2026.01.30.09.33.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 30 Jan 2026 09:33:45 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=lNu2DXza; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=jsz24ISO; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="ZStmQX/e"; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=Zy20L+rq; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=nAcDsZChz2uzR1I87LQR64xwWfA9Giy4yadRm46T1jc=; b=lNu2DXzaAOyy7uKD9vBXc68YCr MIehNe5UbANg9/X7kuxXA1IuvenfJ5cWRRVk0VuZsCCcjlu85XzRNlTNPpNxjYHzVc7os63E7qfJA EoFRRObgVeccH60OgVvyxGm0c95eju/YgniP4yK3dCdJy984IANVaMd4vv+Azte25338=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vlsNG-0003JO-RG; Fri, 30 Jan 2026 17:33:38 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vlsNE-0003JF-PY for openvpn-devel@lists.sourceforge.net; Fri, 30 Jan 2026 17:33:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Klc9TXYxdHGvtCBmOS0R4wvPqGfVxuPxMRR/ruwFyuM=; b=jsz24ISOfqugspkMxvGZL6EEsd sXiTbHzTSx8xrQo07gOwqUkTlli+dnwndkgLSbKo64Dq6p4ld52e6JJ1JN90TdnOoVylF2wCizQf/ BULo3Ba8LSy9/WwN3Srm0sfu4sqiqTEwaFtLJLFobVuIUkPmpgwp3vkzvk3TX9ORGn9M=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Klc9TXYxdHGvtCBmOS0R4wvPqGfVxuPxMRR/ruwFyuM=; b=ZStmQX/e2o2NuzIuYnUd1IOeVR 19+hmgIodJlO18L7oTUULeqicFjZs0/m2sxwZtY5vA5dU62R8odkLx6W9I8/0QHfbZdpT0xQuAEnk lqz0csC5HnB//KwvNoYUjy+Nj3nXh8b8JoojL847oZ0ekz5utc/UpzwwTRcS2q/YkkWI=; Received: from mail-wm1-f46.google.com ([209.85.128.46]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1vlsNE-0006Hf-Co for openvpn-devel@lists.sourceforge.net; Fri, 30 Jan 2026 17:33:36 +0000 Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-47edd9024b1so19683095e9.3 for ; Fri, 30 Jan 2026 09:33:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=google; t=1769794409; x=1770399209; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Klc9TXYxdHGvtCBmOS0R4wvPqGfVxuPxMRR/ruwFyuM=; b=Zy20L+rqLxR25t9pRo+63HXy2aYDWLP4QgS/sjX+sQ8b0jkmruBbwSl9kbbnpG/Cny bdoy+/YHKMfhUxkIxMdr7IXEFftELjhETWGwW4hoWFobBG6Qbkcn3aVLYlIdXTVrPoEU vwtMbBEW8m9lC/7/vbvrQPd4r86e68qOTyv2I/C4zBeM1sSVe+mRCrg75Xr6ULyvnKgx 1+KoWk4JqMpYrSkM7ZRuXRjtWv6Ps671YFjhV6+1rO9OfAko/BJpQf/yABpFDHWzTiZD p6l2C6tJ3Eo5hLSsX9Vi0K5Smdnj0DDsj6oE4tc1rT19Ec4WDq5ayUPwEhc2ObR1De0P m1kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769794409; x=1770399209; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Klc9TXYxdHGvtCBmOS0R4wvPqGfVxuPxMRR/ruwFyuM=; b=REtG/CSpZMfaZJSmp0QALUzuw0kO6RH2tV5kftjCEduKSMenaR+fGO+yJrSV8W72Bw o0vnYPh4liPz6b5r6PQ/0cdMYYsHrMvX9DY2mbZMLWAkIULyIuYc8gRIzkuBNyJu7Bhc dbnNBVS7JFJ5tAv7RzhNFbi9C2D1weuaQwZddaA4S/k/vMFZSMg4H7DHj6SUeO98QaSC CyyNOpO5RUweSfsd3moykPIY5J2iVQt/XBRLtTFyjDSCeE2031jlCKJfHUYPJ8BTYYPI sXYWwPywtHPry5e2dTcbe0HY98LGurWUyb1fmRqBEM5uGdVjueLUCUoCrqZdNLHbxsV5 c0PA== X-Gm-Message-State: AOJu0Ywjxhy7QIQ4Dd6FEY0gVogk9DRf5QNJwLpwC5owRWmELKhxt4xa VbSydiyxz7SpJrgc6J4H78xoMnSUyF5o82yTXaN8GhI6v1lKudff/R8K9KnRquGWgHDjX0t8p7W xL1N+ X-Gm-Gg: AZuq6aL52n/lVBv9jifrk5MQN+BF96eJDeXm3dvhwu1ZNcfD5X8/qurx3GaGpSzjCFW 5+y7REmGITQK/FSCtK7QsD+dWOOB2fOL7ncBXD2SXKrOpivH/xtodMgFL8Dg6ckIGKr0ZjXBzbQ l6xOQUof1rRcu88rHbYx+FNB0C5rIHNZO/nKZzWRXFDf15UqDZN/tmXBzcCZvGoq+59P77qS8Ju RE1eihQAkrF2jBNrN6eCI4RMA3MoEWM+CvMrqPyd6jqnu6Tp3uKHJU4/DtM1URHBkyL/lwI4v7W +5dqlOYnoLopGfp2Q5nuV64MUejLNgsQr564rc5bnI6RQyT9sr8TXFjFW72r4PCFhBkJ9FamwHz 9WViJURfXobAdEDiI87bpsbyo6X6ndDbcpSV/WJoFPCcmV1fYckh6XkGVZ6lvdgeqp5JUuBdS8X 2dGYGxNw== X-Received: by 2002:a05:600c:4f09:b0:477:97c7:9be7 with SMTP id 5b1f17b1804b1-482db45257amr46767285e9.1.1769794409621; Fri, 30 Jan 2026 09:33:29 -0800 (PST) Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-482e047d863sm22090605e9.1.2026.01.30.09.33.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Jan 2026 09:33:29 -0800 (PST) From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Fri, 30 Jan 2026 18:32:50 +0100 Message-ID: <20260130173250.664943-3-ralf@mandelbit.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260130173250.664943-1-ralf@mandelbit.com> References: <20260130173250.664943-1-ralf@mandelbit.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: In ovpn_net_xmit, after GSO segmentation and segment processing, the first segment on the list is used to increment VPN TX statistics, which fails to account for any subsequent segments in the chain. Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.46 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1vlsNE-0006Hf-Co Subject: [Openvpn-devel] [PATCH ovpn net v3 3/3] ovpn: fix VPN TX bytes counting X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sabrina Dubroca Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1855763959532058403?= X-GMAIL-MSGID: =?utf-8?q?1855763959532058403?= In ovpn_net_xmit, after GSO segmentation and segment processing, the first segment on the list is used to increment VPN TX statistics, which fails to account for any subsequent segments in the chain. Fix this by accumulating the length of every segment that successfully passes skb_share_check into a tx_bytes variable. This ensures the peer statistics accurately reflect the total data volume sent, regardless of whether the original packet was segmented. Fixes: 04ca14955f9a ("ovpn: store tunnel and transport statistics") Signed-off-by: Ralf Lici Reviewed-by: Sabrina Dubroca --- Changes since v2: none (except for trivial rebase) Changes since v1: - added Fixes tag drivers/net/ovpn/io.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/net/ovpn/io.c b/drivers/net/ovpn/io.c index f70c58b10599..955c9a37e1f8 100644 --- a/drivers/net/ovpn/io.c +++ b/drivers/net/ovpn/io.c @@ -355,6 +355,7 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) struct ovpn_priv *ovpn = netdev_priv(dev); struct sk_buff *segments, *curr, *next; struct sk_buff_head skb_list; + unsigned int tx_bytes = 0; struct ovpn_peer *peer; __be16 proto; int ret; @@ -414,6 +415,8 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) continue; } + /* only count what we actually send */ + tx_bytes += curr->len; __skb_queue_tail(&skb_list, curr); } @@ -426,7 +429,7 @@ netdev_tx_t ovpn_net_xmit(struct sk_buff *skb, struct net_device *dev) } skb_list.prev->next = NULL; - ovpn_peer_stats_increment_tx(&peer->vpn_stats, skb_list.next->len); + ovpn_peer_stats_increment_tx(&peer->vpn_stats, tx_bytes); ovpn_send(ovpn, skb_list.next, peer); return NETDEV_TX_OK;