From patchwork Mon Feb 2 13:23:09 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4748 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6911:b0:80a:3855:ce6a with SMTP id o17csp1762671map; Mon, 2 Feb 2026 05:23:52 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUickX03sHx9fBaWGV2Y+p8EKjqkXNqfnYFL83ifzt1qN6YvdYcpFgYJX1daI8zJ+U2BnhPrY8qcaY=@openvpn.net X-Received: by 2002:a05:6830:6d0f:b0:7c7:8113:6f6e with SMTP id 46e09a7af769-7d1a536db2amr6821516a34.27.1770038631919; Mon, 02 Feb 2026 05:23:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1770038631; cv=none; d=google.com; s=arc-20240605; b=WcdONNE/9LSSpF1QwpmW18v7nA543G9B1AdAVGIVxdPTUBCn/7CHQsW7eYyYQDFFMs yRuu3rl75vCxLWHmr4M/4dfr+PmdcaeWfFyYHnbr0gMLsBPrMCdaXb51sV4X9lv93vCT Ta9NBOFDzpr/7azIY19U8+8X7Ul8QXOqdf0AqnM+pois5gw38DFUTQ+/xxe50GtRr3ri jJ+Ua2ZToasijiY5h35l0f96o747F8hyRsaWNVJ2ap+xYcGdbz0nMvKT3EVY08llRgo/ jf5BirIweGewf47t+swq26bll9HyHBp3qNMbL+RrOrlASTeE7HOfq8TEF6jky7DPF0i7 ho8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=TQngdK2YY4ltpOJBvAzRd6b4BkQpAL3a3rY4ygKIT+M=; fh=bDmbXayvKcQuWZaaz4JM7kgnS3MJBk3QUq2ehqNuBVc=; b=GULt0yE3NZQXs90pczcXkNJxyOX9OAdTEf2HL2CSo+4OAXe17870vmhpMJeXrETLQe TmoVfTGLdc18CGMMRtCpj1bGzjDXQt8/9+8YMu4BSg9V2sPkhggthHHrGfQNJd+LYmzK a+tdSmYGknQFNMMZRNaaFXnTWgaPBsz4rLonFVHpzh/fHR3nhHl/FSTovgHk75fkvGm2 Vr8q8XLxL+AtowGcFYl4Cy7kck0jq/gWmNXRc9He1bCZOh656kS0aYlNt1MekY2CyI2M B6HlngqMxLniUp27Z0ZSiVVakQN5+TI4KXcgEKPCauqo1FWCpmiOko1otMEVlYPTw4OE 8XAw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="hK8t/Ais"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Ji1DkUHd; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=I0oAxzaH; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=CSzkwdOb; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7d18c7f8768si9136505a34.167.2026.02.02.05.23.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Feb 2026 05:23:51 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="hK8t/Ais"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Ji1DkUHd; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=I0oAxzaH; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=google header.b=CSzkwdOb; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dara=neutral header.i=@openvpn.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=TQngdK2YY4ltpOJBvAzRd6b4BkQpAL3a3rY4ygKIT+M=; b=hK8t/AisDzAIZYytNvVmYh6qg3 ssfoDBr5Jnwl32eBLBAZSwtHDv/dfdTTikpY5L7xneHzHzJqFVElX4m70HrMR4iD8mLF9mJZefo2W FQurmfvHgVttQ7U25X+jerp915sCPlLIjMVoqdh8mjHmeVdgKC2I58BtfAqWCjLt06DQ=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vmtu2-0008GI-0q; Mon, 02 Feb 2026 13:23:42 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vmtu0-0008GA-Kl for openvpn-devel@lists.sourceforge.net; Mon, 02 Feb 2026 13:23:40 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=9rhiqiHnsEP0TYwk4vvoiu09iAhA+1BkX6FPLuuez0g=; b=Ji1DkUHdVSuPFsN8xpefXkOmp7 DNo8e4ICDTuFdbdtlp5A3s9uDhf3pwwZBcY9lR50eDQ+OIKNlBR1+4dmngZ1wKCnOBQ7/sGmV9/v1 SKimuKX0/yvkuJLCF1lt1VlwcjnsfL5Xd5KKZScnuEblN5qPirHkKEW2G0PA1zYs9c6E=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=9rhiqiHnsEP0TYwk4vvoiu09iAhA+1BkX6FPLuuez0g=; b=I 0oAxzaHQ2HWZNwMH8G1qGlbaXHO3eqq+EyLABWINr4Th18mmSOc5xRwjBSqXmB/oMN4w3QkyWiLRU ysmgNgByIP1ngcMlPshCnP2srW75oQqUKJK/zM0vxuj0AIGNgcANaL4tpIq9ekrurGobAunsMvNJG XEhlK7IzYKQ64EbQ=; Received: from mail-wm1-f49.google.com ([209.85.128.49]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1vmtu0-0002Ab-6a for openvpn-devel@lists.sourceforge.net; Mon, 02 Feb 2026 13:23:40 +0000 Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4801d7c72a5so35228985e9.0 for ; Mon, 02 Feb 2026 05:23:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=google; t=1770038608; x=1770643408; darn=lists.sourceforge.net; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=9rhiqiHnsEP0TYwk4vvoiu09iAhA+1BkX6FPLuuez0g=; b=CSzkwdOba9JRBAFbTMo7ha17CGu3MWGZabHDkXskVIKsSDoo45IpZ23+6Xe5g/y9l5 ezsX0aAQX0OtO2tR7bWzUxECGtkwZLz+v/tS8YCBMksn2uW4iFXJN5pdUI1HGRaifn+l 0dWqci1IWVQAjM8gMBCB+qDht68DgWEf5mJa4hWbagg/iW9WOwCszM8E+WHir8C+wXz6 omEC8yCQY0FuP84qh5WJtVPyS53AJS617ydU91qg/5WqpkenvnBREnxQfPHfC6IqAVhz rukyhVtq1eMAC22IdftRRDJ5jr+xGAzk9sGwvj/9w6+3F2VPcVSWSb7A+HX4HODPeHN+ pwVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770038608; x=1770643408; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=9rhiqiHnsEP0TYwk4vvoiu09iAhA+1BkX6FPLuuez0g=; b=Sutt4QAwS4iXloVQy54/34rrkQ0Juhyg9fqF6XKE1YJOWrVxdQdpG8CT2Lr/kLXA9r +zfvBy/9G9LVD8yex0MVL950078rCuQI+oKHsxa/T9kjKzit+sxqMlzrUjO1dTBhb7fl 5alGbQsDdFCd3fp+t9kUrKv8nxBo4i3M9eM5inWY35GfQB8N9jQxHyN2dXUF2+Kmac7e 9fTd4/BGXhUgbWkHyExkutST9A5CN+VHCW4HK3eTRFa2KPOyydaLy1bK3/pQM4csbXpC IrQlo1OfvrrAJuwc7SXkHkxMgmXakz//tARGEVQ/rjOUatzPP7k2eI1A+DtfHjxRbzZu Kb3w== X-Gm-Message-State: AOJu0YzFDeRM3DbRtZx7IjBuAW35ncFyFZaz/Ip1HIawrc4uidcxnN6N yvdcNwdc/ld+3K0EmhuVQmSHo1cve+jHJJV1CABSFVyF80HzaSlwZwznD7fG999ZMt8/PuciQm5 5cuCX X-Gm-Gg: AZuq6aIPDZ2VbYPOJzWinDmg+SXk3mRYb0fxmg4nbBaEqoMpbDh+cfLkGkKG8iRMd7R yBFuJSkq7A4jnN/yi8zHpsMaT68h55XMP/opXQWiDVcLqN0cn/dJYeMblka+I8W3orO9Tq3fhqN oeINOOniKtx+oiCRcjl4HBlo5enXje9gB74NdZJ2gArTCTHq7jyBOWqsx7CsRROTu9l1iZTgPHP RECkOqQlLmwR5W1t7RqDpz9YPVI0TQ/u3Bd8SafUORYYf9V8DWIGY/lkXZH2KtsxqulffbF9Xfv JSaulICOsdZHgYvbFut7TE+pvMClzRXmPPLcYaORs0CwqYnlc23B6Qd4/+4JVIEhCqPFBNSCusg dSliZDqvfCX0cP1h83SrFAu0/4h93MMvV90rvhGDXa9KyeZ/PzSwmQ86O4e9vxzgl32Nkn7AAM9 /E6nyCQw== X-Received: by 2002:a05:600c:608e:b0:45c:4470:271c with SMTP id 5b1f17b1804b1-482db4d8210mr129311375e9.18.1770038608148; Mon, 02 Feb 2026 05:23:28 -0800 (PST) Received: from fedora ([2a01:e11:600c:d1a0:3dc8:57d2:efb7:51a8]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48066c37420sm494626275e9.9.2026.02.02.05.23.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 05:23:27 -0800 (PST) From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Mon, 2 Feb 2026 14:23:09 +0100 Message-ID: <20260202132309.567382-1-ralf@mandelbit.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Currently, when a connected peer expires (no packets received within the keepalive interval), we remove the peer and notify userspace of the deletion. We then insert the peer in the release list and p [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.49 listed in wl.mailspike.net] X-Headers-End: 1vmtu0-0002Ab-6a Subject: [Openvpn-devel] [PATCH ovpn net] ovpn: detach TCP socket before invoking close X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sabrina Dubroca Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1856020028422940463?= X-GMAIL-MSGID: =?utf-8?q?1856020028422940463?= Currently, when a connected peer expires (no packets received within the keepalive interval), we remove the peer and notify userspace of the deletion. We then insert the peer in the release list and proceed to detach and release the socket and the peer. This can be problematic with TCP because, as soon as we send the notification, openvpn will close the peer's socket and if ovpn_tcp_close is invoked before ovpn_tcp_socket_detach we incurr in a NULL pointer dereference when trying to access sk->sk_socket. Enforce correct ordering by calling ovpn_sock_release before invoking the original socket close callback. This avoids potential race conditions and guarantees that we completely detach from the socket once userspace issues the close command. Signed-off-by: Ralf Lici --- drivers/net/ovpn/tcp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/ovpn/tcp.c b/drivers/net/ovpn/tcp.c index 0d7f30360d87..13d2a8069695 100644 --- a/drivers/net/ovpn/tcp.c +++ b/drivers/net/ovpn/tcp.c @@ -553,6 +553,7 @@ static void ovpn_tcp_close(struct sock *sk, long timeout) rcu_read_unlock(); ovpn_peer_del(sock->peer, OVPN_DEL_PEER_REASON_TRANSPORT_DISCONNECT); + ovpn_socket_release(peer); peer->tcp.sk_cb.prot->close(sk, timeout); ovpn_peer_put(peer); }