From patchwork Tue May 26 23:18:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 4982 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:4ec9:b0:861:c897:cb9d with SMTP id i9csp36369mas; Tue, 26 May 2026 16:19:38 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ+IBby5xGVp2dMcrnRKsV93yuF/0CsxY3LVI/FHLc/BGGZe1R1ZeQKHTSBhYvLH8TGyp/cOZ9+LMt0=@openvpn.net X-Received: by 2002:a05:6820:150c:b0:69d:e275:a11 with SMTP id 006d021491bc7-69de2750c3fmr603491eaf.55.1779837578661; Tue, 26 May 2026 16:19:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779837578; cv=none; d=google.com; s=arc-20240605; b=YzmPhuGnVoWos3K6qr9aCnNu48KC/PZ4oMvhWtGBAymKsw0L2JhnqGcEIxHLbuxkci mQVhpraqrmNq1YdoRTteuh2bMVh4V4mR1+ScrxNvlKshFf3/YGpUh+of4LMSqQmLheuA IgV3quINBC3uFiIIOyHYzO8DqG9fIOZp26AUiz1z6JJsMoJbl1y6r75IQ7CDiZjhfgx8 k0mi3ft/WDxBjq3cbG0h0i9Vxw7+/3Oss6VUavgYj4QOqgZuNUNtwR0mcUOs5uNmlxq7 AFFdKtpBh2oGnqlLyPCWHqIxhRwUu8svsF3/ehUOaCv/ttk/o9+S8aSttGLp2cJCmbaY C8nw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=guU1ZAwMNqS6m0tYrMyJgYIExjRVa0Vc8UjnOX0tCAw=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=QDvTjklBk47V4k0tC4mx6KgU0oWk7D6fPChjl42XlP2cV8yYPFA5AAHgNgc5aC90fQ vlafsldqwyoMJAPy66UCyBNOc9Jffuv/hGnpUEnGKy990QnC8ZtTDpcJrhLutZ5oPZqx zTC7pC7iYIhduXjAVixRYrb+6BI9BerUgnBeb3/dWKEKUjSNW8mF0X8vGlt9xryTYJhg qCv0MDrZO0Dmr8Jj/IpIHSQHZiDG9yr5+wNH9EzNDSo0PSg6EF6L1LJ4QmpWgiabmUEP VGXTgCZfEILmWsNkS27vP0iVD4oT3KdMS8lHKrx+t9x0MIDjrDnYTGDjd1RB2wDCfeFu xw3w==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=cP4SOjE3; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="ce/58vtz"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=iCg5MsPc; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=Aq339GGE; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-43b63b39ef0si11809997fac.184.2026.05.26.16.19.38 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 16:19:38 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=cP4SOjE3; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="ce/58vtz"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=iCg5MsPc; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=Aq339GGE; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=guU1ZAwMNqS6m0tYrMyJgYIExjRVa0Vc8UjnOX0tCAw=; b=cP4SOjE3anTzHixkBqC4PYF9K+ Fe0/xxI/xYRwqlNVNv2Wx0mrvdZPJp6W25jJ1w8Bdm8BooS5VwG1VsMv5YduV5Oc0KL5JzFXjY1Vc RTsq8fMA+8oElzpD5THd27PP5w6J4V+YZTXLA3Y7oGyxWvjfOhwctJGxxNz9bJZsEn3s=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wS13X-0007KB-Ev; Tue, 26 May 2026 23:19:27 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wS13E-0007Jk-RO for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=uzV/iSWxOWFbwHNn28LZgHA+TgsJ5nTKq8WYlRFnFyA=; b=ce/58vtzFFgUBvPeCRFf7Qkkmi I8h/O4ImBZTcfz6rNzTnTaDWTgRmlT+bV+kKHFsZMuU/cmhtCPdzPqlB1P0WQ9X87Uptf14fnEK86 mkhnRGWkQsE6fAFELttxhAj3B/wK0Pvuq1EbCrm5SC0QNn7+lJwWR5hQxWWMHzkd+7cI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=uzV/iSWxOWFbwHNn28LZgHA+TgsJ5nTKq8WYlRFnFyA=; b=i Cg5MsPcQULFizKh+letS8PTRqACpDAI7y1KANPftpTyvgzgvFC7tbsKTe9FE+skxVjyA+eAbVCTTN AfkofmRm/6Y6CKscmAoY3+0QYpmqGd+YhGEZm3TjcJPJ6j13bN0p+nimRaULtw0zBB+He6ckn0BIp dYbYM3nQ8BxvAmBY=; Received: from mout-p-103.mailbox.org ([80.241.56.161]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wS13A-0000Q2-6h for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:07 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4gQ7ww4Wdxz9tL7; Wed, 27 May 2026 01:18:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1779837536; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=uzV/iSWxOWFbwHNn28LZgHA+TgsJ5nTKq8WYlRFnFyA=; b=Aq339GGERrnOGes8ZZX5pa1ELStZJKC+qA4vv4MROjEtLeh9eZB7BE/bot8tGPhCIZ5anW gciEDVvpr1XsM4chvKKAd/NYPVpa0Q8MWwIF0wOlbEQCaq+0NK0gSt0AOVDyRMRuePIjqA QqUodKKiHoPes3xbKLEBAjDcS8TAvB8ti2MtELnX9euULlBRw/xk2J0GTvFikOPcsxUgze Mtc+YAgBImqJamODeQAewWZOUVp1W7fPTB5fro8oXW+OwjPbF/dLNndaYQ7gVHVzfg07yc VYjopLPO87YSFWhM2DRGQP+FTB8C4SYNwXhxXyr2bAwFYYjQPrc+aYRSu35Dlg== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of a@unstable.cc designates 2001:67c:2050:b231:465::102 as permitted sender) smtp.mailfrom=a@unstable.cc From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 27 May 2026 01:18:42 +0200 Message-ID: <20260526231850.2511369-1-a@unstable.cc> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4gQ7ww4Wdxz9tL7 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli ovpn_nl_peer_set_doit() resolves the target peer via ovpn_peer_get_by_id() before taking ovpn->lock. In the window between the lookup (which only takes a refcount) and the subsequent spin_lock_bh(&ovp [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URI: unstable.cc] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wS13A-0000Q2-6h Subject: [Openvpn-devel] [PATCH ovpn net 1/9] ovpn: skip rehash for peers already removed from by_id X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866294968715486206 X-GMAIL-MSGID: 1866294968715486206 From: Antonio Quartulli ovpn_nl_peer_set_doit() resolves the target peer via ovpn_peer_get_by_id() before taking ovpn->lock. In the window between the lookup (which only takes a refcount) and the subsequent spin_lock_bh(&ovpn->lock), a concurrent OVPN_CMD_PEER_DEL, keepalive expiry, or socket teardown can take ovpn->lock first, run ovpn_peer_remove() to unhash the peer from all four tables (by_id, by_vpn_addr4/6, by_transp_addr) and release the lock. set_doit then acquires ovpn->lock and calls ovpn_peer_hash_vpn_ip(), which re-inserts the now-removed peer back into the rehashing tables. The same race affects the float path: ovpn_peer_endpoints_update() holds only a refcount and acquires ovpn->lock very late (after async AEAD decrypt and a netlink notification), then rehashes the peer in the by_transp_addr table. The resurrected peer becomes reachable again from the RX lookup (ovpn_peer_get_by_transp_addr) and the TX VPN-IP lookup, even though userspace believes it is gone. Once the data-path refcount drops the peer is freed via call_rcu while the hash entries embedded in it remain linked, opening a UAF window. Bail out of the rehash when hash_entry_id is unhashed, mirroring the sentinel already used by ovpn_peer_remove() to detect the already-removed state. The check is safe under ovpn->lock, which serializes every mutation of hash_entry_id, and is a no-op for the add path because ovpn_peer_add_mp() inserts hash_entry_id before calling ovpn_peer_hash_vpn_ip(). Fixes: 1d36a36f6d53 ("ovpn: implement peer add/get/dump/delete via netlink") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/peer.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index a09d61296425..a472ffe3016b 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -307,6 +307,16 @@ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) return; } + /* peer may have been concurrently removed between the caller's + * initial lookup and our acquisition of ovpn->lock; skip the + * rehash so we don't re-insert a removed peer + */ + if (unlikely(hlist_unhashed(&peer->hash_entry_id))) { + spin_unlock_bh(&peer->lock); + spin_unlock_bh(&peer->ovpn->lock); + return; + } + /* This function may be invoked concurrently, therefore another * float may have happened in parallel: perform rehashing * using the peer->bind->remote directly as key @@ -905,6 +915,13 @@ void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer) if (peer->ovpn->mode != OVPN_MODE_MP) return; + /* peer may have been concurrently removed between the caller's + * initial lookup and our acquisition of ovpn->lock; skip the + * rehash so we don't re-insert a removed peer + */ + if (hlist_unhashed(&peer->hash_entry_id)) + return; + if (peer->vpn_addrs.ipv4.s_addr != htonl(INADDR_ANY)) { /* remove potential old hashing */ hlist_nulls_del_init_rcu(&peer->hash_entry_addr4); From patchwork Tue May 26 23:18:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 4983 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:4ec9:b0:861:c897:cb9d with SMTP id i9csp36348mas; Tue, 26 May 2026 16:19:37 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ9XOklWTciieIHIs4yhV2ldXm3VLmQB8+XH3Ul2BhPE1MKiwTxR4KTHFlok2CJDCRHInzW1GVcp/yE=@openvpn.net X-Received: by 2002:a05:6870:1793:b0:439:d397:a2f4 with SMTP id 586e51a60fabf-43b5aeb4889mr12447015fac.27.1779837577013; Tue, 26 May 2026 16:19:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779837577; cv=none; d=google.com; s=arc-20240605; b=WqKL0zlp3j6C6tHuC+qBO7Kt7z5Nl7Tp73+nKDc7Hb24XolP/D8BL0UPxbD6CK4DB9 drRmgJMbPh37s35Y4bxbCiTMF8seen18rUwB7m8Ry130GX9A7Cy1BhoFfsuPHiFLeVz2 1mFGLRHqeeYv0mmbvAbdjhn2L6s/Cw8xf9bois608YHvuTHhSqKhf/bUHSpht6YX6Wzl mRHKR8SOfJnCktW+X0m8G589zl91SYVFVtXXL3Cgq0LY/H0wR4DzDURFAG9PvO22Dg9y hJ0hhd83dMypgDIvGKZWq5t6BzSv0GsgxGlNsGc8CccvLAf93ONBJ4puGrNXMKHGqHE6 rp9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=IjR3EQ4MOgcdBCc/jvQ3IfkQ5/9CmcCNgtH3/P8ejFk=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=Mq41a910HOy8d09mo1mO8XOrTBc0Vmw+Mk/4aYW9p7KGxLeLG1Mqg41uk2Ob+1sZ8I 8tdTki6hGPDN9th4z1sZTe5bhI6GHfqVrvcWdWJus7hIQAlXvPLh2+KCQt23m0OvUHLP RGNxP+bBNfn+Q8NNRoeqGio1QdRkJUmYMPhfToXqoeu5yabChG2/lll5nefvZxNlFgpG S9pgJfra4Su2vcxfuRCuieZRzbuhNuzt/go5go4pPeMDvshKFaz3wbkytW9I+iCj8unv RgqJfmQPgBoP3SEH9P6cWvPqzrRhGk/m9iIv6ALhV8Siv6G3RMKd2JyOWP9ZsHTHtLOD ADow==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="W7EZ3/fs"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=VYejRFwZ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=NTnmYnl5; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=ezxMoY51; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-43ba26ecbeasi8102863fac.325.2026.05.26.16.19.36 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 16:19:36 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="W7EZ3/fs"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=VYejRFwZ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=NTnmYnl5; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=ezxMoY51; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=IjR3EQ4MOgcdBCc/jvQ3IfkQ5/9CmcCNgtH3/P8ejFk=; b=W7EZ3/fsyr9j5w9/ykvbUg+b2F Jsu2CD+JfxkppxZXbPQL4AAmGajQ/jdhKLqd8OSmooFwLXLNoP9cIZq84eoIuEV40YXfYdaKsH/jV ZKxCU5QZdbFNoAwFOFsibkxVGqs5w4C6PBpnPx2etXQCHvgRFBga5PXbK+Pgxh8anMlY=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wS13g-0003ZZ-3j; Tue, 26 May 2026 23:19:33 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wS13a-0003Yu-3D for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=5Bi8Y3AoE6yWOm2646Prxg31B8siXiLLLFGLfLD3gK4=; b=VYejRFwZcHk3+rEuVkbQHt6bV6 OqbZHwA/ZN6rdtY2UJXPmdMe2mwOy5wxTpwk+aZV1MGkbO/zMTL+xjxrWhBRhvFR+4z4+f32Awx6F yvoo6L79TjWv2e+4rcA7Pud0KYTNYLn+Mosm8JRIqG00/KYWz4OpGIzb9imVHut1h87o=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=5Bi8Y3AoE6yWOm2646Prxg31B8siXiLLLFGLfLD3gK4=; b=NTnmYnl5cCDqVg2YyLYYA77UE7 g9uiX7kxCgXGtF+tXLSfnU6KH4y8ya0zBExsiyhqTc/7QY5iFrozBdYeo6iB4fWAX9rQUtnJS04mJ vi1uCRNrKwDk4oDL3zSip628XpTQduvcOsIrSCFsS5ubDdkjrdyH2pL+d0LBQv6mVgFQ=; Received: from mout-p-101.mailbox.org ([80.241.56.151]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wS13F-0000Ss-Ob for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:11 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4gQ7wx1WCqz9tg3; Wed, 27 May 2026 01:18:57 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1779837537; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5Bi8Y3AoE6yWOm2646Prxg31B8siXiLLLFGLfLD3gK4=; b=ezxMoY51Jj/IQ92LZ/t8WAIOaRPDfHs2ulex8sH/hl81EgnUb64tOxhpO6etFWpus+Hmdh EBN3g3YtZgXWkyHcces0VRVKbMk4vAXC1tqsoN9NIZp1jOVAw5S+c1YNmnhea9rwBf63zb 6XuvSwiCKA5LAOtS0zioUevhoN9Cs0gTMJHNjU75EU2Z51lAhKmHqre3U3VPqsVI+bp0Gm wuGOxcqg9jE/R/zTTEN6EZad7NT2ronaP1MOU4Nrlv+888VGzmC4KUXPim+YVLHZhUK0D8 ELBLVJREjNwv/lt+R5qGk89Frh3AZqStU6jzmm53KcMaFnwvtMR+UWSdhB663A== From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 27 May 2026 01:18:43 +0200 Message-ID: <20260526231850.2511369-2-a@unstable.cc> In-Reply-To: <20260526231850.2511369-1-a@unstable.cc> References: <20260526231850.2511369-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli When userspace updates a peer's remote endpoint via OVPN_CMD_PEER_SET, ovpn_nl_peer_modify() installs a new ovpn_bind through ovpn_peer_reset_sockaddr(), but ovpn_nl_peer_set_doit() only calls ovpn_pe [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wS13F-0000Ss-Ob Subject: [Openvpn-devel] [PATCH ovpn net 2/9] ovpn: rehash peer in by_transp_addr table on CMD_PEER_SET X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866294966852604102 X-GMAIL-MSGID: 1866294966852604102 From: Antonio Quartulli When userspace updates a peer's remote endpoint via OVPN_CMD_PEER_SET, ovpn_nl_peer_modify() installs a new ovpn_bind through ovpn_peer_reset_sockaddr(), but ovpn_nl_peer_set_doit() only calls ovpn_peer_hash_vpn_ip() to refresh the VPN-IP hashtables. The peer is left in the bucket of peers->by_transp_addr corresponding to its old remote address. As a consequence, datagrams arriving at the UDP RX path from the newly configured remote hash to a different slot and the lockless lookup in ovpn_peer_get_by_transp_addr() (called from ovpn_udp_encap_recv()) does not find the peer, until either a float event or a peer re-add fixes the bucket. Introduce ovpn_peer_hash_transp_addr() (modeled after ovpn_peer_hash_vpn_ip()) and invoke it from ovpn_nl_peer_set_doit() whenever the request carried a new remote address. The helper bails out in P2P mode and on peers without a bind (TCP), and relies on hlist_nulls_del_init_rcu()'s pprev==NULL short-circuit to handle the case of an entry not currently linked in the table. Fixes: 1d36a36f6d53 ("ovpn: implement peer add/get/dump/delete via netlink") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/netlink.c | 6 +++ drivers/net/ovpn/peer.c | 106 ++++++++++++++++++++++++------------- drivers/net/ovpn/peer.h | 1 + 3 files changed, 75 insertions(+), 38 deletions(-) diff --git a/drivers/net/ovpn/netlink.c b/drivers/net/ovpn/netlink.c index 4c66c1ec497e..4dad85294198 100644 --- a/drivers/net/ovpn/netlink.c +++ b/drivers/net/ovpn/netlink.c @@ -534,6 +534,12 @@ int ovpn_nl_peer_set_doit(struct sk_buff *skb, struct genl_info *info) */ if (ret > 0) ovpn_peer_hash_vpn_ip(peer); + /* if the remote endpoint was updated, the by_transp_addr hash bucket + * also needs to be refreshed, otherwise incoming packets from the new + * remote address would fail the lockless lookup + */ + if (attrs[OVPN_A_PEER_REMOTE_IPV4] || attrs[OVPN_A_PEER_REMOTE_IPV6]) + ovpn_peer_hash_transp_addr(peer); spin_unlock_bh(&ovpn->lock); ovpn_peer_put(peer); diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index a472ffe3016b..8aa07560bb30 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -188,6 +188,9 @@ int ovpn_peer_reset_sockaddr(struct ovpn_peer *peer, &(*__tbl1)[ovpn_get_hash_slot(*__tbl1, _key, _key_len)];\ }) +static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, + const struct ovpn_bind *bind); + /** * ovpn_peer_endpoints_update - update remote or local endpoint for peer * @peer: peer to update the remote endpoint for @@ -195,7 +198,6 @@ int ovpn_peer_reset_sockaddr(struct ovpn_peer *peer, */ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) { - struct hlist_nulls_head *nhead; struct sockaddr_storage ss; struct sockaddr_in6 *sa6; bool reset_cache = false; @@ -294,49 +296,17 @@ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) ovpn_nl_peer_float_notify(peer, &ss); /* rehashing is required only in MP mode as P2P has one peer - * only and thus there is no hashtable + * only and thus there is no hashtable. + * + * This function may be invoked concurrently, so re-read peer->bind + * under the proper locks and rehash against its current value. */ if (peer->ovpn->mode == OVPN_MODE_MP) { spin_lock_bh(&peer->ovpn->lock); spin_lock_bh(&peer->lock); bind = rcu_dereference_protected(peer->bind, lockdep_is_held(&peer->lock)); - if (unlikely(!bind)) { - spin_unlock_bh(&peer->lock); - spin_unlock_bh(&peer->ovpn->lock); - return; - } - - /* peer may have been concurrently removed between the caller's - * initial lookup and our acquisition of ovpn->lock; skip the - * rehash so we don't re-insert a removed peer - */ - if (unlikely(hlist_unhashed(&peer->hash_entry_id))) { - spin_unlock_bh(&peer->lock); - spin_unlock_bh(&peer->ovpn->lock); - return; - } - - /* This function may be invoked concurrently, therefore another - * float may have happened in parallel: perform rehashing - * using the peer->bind->remote directly as key - */ - - switch (bind->remote.in4.sin_family) { - case AF_INET: - salen = sizeof(*sa); - break; - case AF_INET6: - salen = sizeof(*sa6); - break; - } - - /* remove old hashing */ - hlist_nulls_del_init_rcu(&peer->hash_entry_transp_addr); - /* re-add with new transport address */ - nhead = ovpn_get_hash_head(peer->ovpn->peers->by_transp_addr, - &bind->remote, salen); - hlist_nulls_add_head_rcu(&peer->hash_entry_transp_addr, nhead); + __ovpn_peer_hash_transp_addr(peer, bind); spin_unlock_bh(&peer->lock); spin_unlock_bh(&peer->ovpn->lock); } @@ -905,6 +875,66 @@ bool ovpn_peer_check_by_src(struct ovpn_priv *ovpn, struct sk_buff *skb, return match; } +/* Move @peer to the by_transp_addr bucket matching its current bind. + * + * Caller must hold both peer->ovpn->lock and peer->lock, and must have + * already dereferenced a valid (non-NULL) peer->bind, passed in as @bind. + */ +static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, + const struct ovpn_bind *bind) +{ + struct hlist_nulls_head *nhead; + size_t salen; + + lockdep_assert_held(&peer->ovpn->lock); + lockdep_assert_held(&peer->lock); + + if (WARN_ON_ONCE(!bind)) + return; + + /* peer may have been concurrently removed between the caller's + * initial lookup and our acquisition of ovpn->lock; skip the + * rehash so we don't re-insert a removed peer + */ + if (unlikely(hlist_unhashed(&peer->hash_entry_id))) + return; + + switch (bind->remote.in4.sin_family) { + case AF_INET: + salen = sizeof(struct sockaddr_in); + break; + case AF_INET6: + salen = sizeof(struct sockaddr_in6); + break; + default: + return; + } + + /* remove old hashing (no-op if entry is not currently linked) */ + hlist_nulls_del_init_rcu(&peer->hash_entry_transp_addr); + /* re-add with current transport address */ + nhead = ovpn_get_hash_head(peer->ovpn->peers->by_transp_addr, + &bind->remote, salen); + hlist_nulls_add_head_rcu(&peer->hash_entry_transp_addr, nhead); +} + +void ovpn_peer_hash_transp_addr(struct ovpn_peer *peer) +{ + struct ovpn_bind *bind; + + lockdep_assert_held(&peer->ovpn->lock); + + /* rehashing makes sense only in multipeer mode */ + if (peer->ovpn->mode != OVPN_MODE_MP) + return; + + spin_lock_bh(&peer->lock); + bind = rcu_dereference_protected(peer->bind, + lockdep_is_held(&peer->lock)); + __ovpn_peer_hash_transp_addr(peer, bind); + spin_unlock_bh(&peer->lock); +} + void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer) { struct hlist_nulls_head *nhead; diff --git a/drivers/net/ovpn/peer.h b/drivers/net/ovpn/peer.h index 86c8cffada6d..dfa5c0037e02 100644 --- a/drivers/net/ovpn/peer.h +++ b/drivers/net/ovpn/peer.h @@ -150,6 +150,7 @@ struct ovpn_peer *ovpn_peer_get_by_id(struct ovpn_priv *ovpn, u32 peer_id); struct ovpn_peer *ovpn_peer_get_by_dst(struct ovpn_priv *ovpn, struct sk_buff *skb); void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer); +void ovpn_peer_hash_transp_addr(struct ovpn_peer *peer); bool ovpn_peer_check_by_src(struct ovpn_priv *ovpn, struct sk_buff *skb, struct ovpn_peer *peer); From patchwork Tue May 26 23:18:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 4977 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:4ec9:b0:861:c897:cb9d with SMTP id i9csp36334mas; Tue, 26 May 2026 16:19:36 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ+W/IqYAfY8GUP2v4Zr5C873RSkYwpoklaWEQRj1XPeny/0BjwzSS642d4iIcNI88i1PLsmkNunfCo=@openvpn.net X-Received: by 2002:a05:6830:6417:b0:7dc:3db6:eef with SMTP id 46e09a7af769-7e5fee6713cmr11879673a34.2.1779837576093; Tue, 26 May 2026 16:19:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779837576; cv=none; d=google.com; s=arc-20240605; b=kC0vST6LCb3hf70qc7zHGFvATse+1HrI8itL9pxgwyQ3a+q0U4ZA/xH2ljHq2X/VC7 WAQVE6lYoBuuLNVJHVN7kszzELILR7DDloGxbOLbYhletc0svvvm6zLTx057y2MimVtS fuviB94PmvhcYRnPvAw/4hi8s1mjtJikUhoAqmkrRFeBs5fGJM6eknUw0DQaUM4oqCrM crPJQ+t68jIlHCtdz+0HVbBdsWMTjSlxAQPx6KveA0GYjkkC3nLm73rk3VAoSjOK/N2J lt9VaahQHpX0e5jzSelvVKJXgmq+Pa+VoPnJbo5AC2Oi71oYC7nbMobHeFzzHOrkS0Xp jvxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=yujdzMrHsAamWun/U8ibD9FTkgP2Y3vOb7oDVwnM5as=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=Ge2kB6ylQyu/u0RA3YbNitEX0F7WTrJQUDvrJASA7GCLrurqRG26LISUej+YZyIU+6 Xb1stO0XH38R2j6weljFZEfaJ2j74b5NXUjJPd/bC0rw3s7qCAHfzx4wSMF7tmBDmlfD CrpFLsxk0exE9tzXd+uYP/POoYf/H3goN+9UvfrgL/kRmqs0pwuct9J+eGo/jmXBdFSX hfxYPU+6tAE8b0IAdJqlrGW4JMMr0hrMJ27Wjx6GrtB6RpjnluYtVvS+1PFtd3/vVAl4 ZvUQePfbaU41nIdjCw2EKLZCFHuAv9YyU4hUTwo4lFOqHpxmMHmn3qwbytuFvwHjAKmI Aoeg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=FBzYbsI8; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Tr2JUAps; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=A0SS5uWl; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=uuI8CbGL; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7e6066b1edesi9716827a34.91.2026.05.26.16.19.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 16:19:36 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=FBzYbsI8; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Tr2JUAps; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=A0SS5uWl; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=uuI8CbGL; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=yujdzMrHsAamWun/U8ibD9FTkgP2Y3vOb7oDVwnM5as=; b=FBzYbsI8CCFh1dYBKsgn3rRBBp mrdmPmkAdo1+QeBXSNJ/KC7tTCM62mq0Fy+kmttxicL+dzv3SM5GXccrhdfYckidzljyOS7loWbKd Rk4B00Ed1QSRwoaCCfpUzJdTTNaRU9SONZGh2d+ZW37yWGKzeNXJ8vFJhdJYhrt11HRI=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wS13X-0004YL-BQ; Tue, 26 May 2026 23:19:28 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wS13E-0004Xv-3o for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=nJ3FVAex1jEUuDanGPnZt3vq0dfGyANc7vyZ4edRT+M=; b=Tr2JUApsTHh3fjCFc5F6iI0CjY UmVXRwFJZzg5bav1bdfwrQQWtAZJhP5p+lwPRNGAC6YciUWKymWLQfgBcl5V2Ia34Xkpsq/I+0SZ8 zxf2jNbMN/zOSt6cRnmhpSPOGH8QJNFWxsEfUOiYFtJQoUC0+xp2Y2w5yqFIzfy0sLDY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=nJ3FVAex1jEUuDanGPnZt3vq0dfGyANc7vyZ4edRT+M=; b=A0SS5uWlag2W0/pP55Rcf5vrtb k2KSE+WHUmhNr4lUqBpXXQYyrtEvOewKfWGLMwC9H3SCDPBLt4MQqlWZJuuR888r1Fgo2LpLXlZR8 NSJNmJUEFb6pDrCwaY+Mjth1kKvYUmdA8KSrFHNVNwbrByVyFUHMlXL5IlBaQ8R/Nr0U=; Received: from mout-p-103.mailbox.org ([80.241.56.161]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wS13A-0000QW-SK for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:07 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4gQ7wx4v9yz9tqk; Wed, 27 May 2026 01:18:57 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1779837537; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nJ3FVAex1jEUuDanGPnZt3vq0dfGyANc7vyZ4edRT+M=; b=uuI8CbGLXpuM1N3VFAO/dAXhxah+OK12Es7/6p1gMya7HY0GiPiOvw7sYFTLIogGcZAGVv n7ES7OV5fL2YGKdGAd5YlSvq73g1maB5WQht4NuQQvNf3kD4XkMuGVsDj3tmCSKN/9s0XI UZxZKEEV7mpzaud9o8AKAkacB0knznc8oQwpQZDL+LDW0dGZd22MjOA3bnYtoWhsqYAeJS 2KGBGU3rbjwSIcUPXmKfFqq9DvmKaomoo2Fd6D6bywikrBianKVCuZbrehr8yf2O1kmi7A r+mcynQeUeO4a2kpZhnluv/GCmPiBdsGxwtuSYuFMPFw9qqyHxtMqQQYh5pcAQ== From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 27 May 2026 01:18:44 +0200 Message-ID: <20260526231850.2511369-3-a@unstable.cc> In-Reply-To: <20260526231850.2511369-1-a@unstable.cc> References: <20260526231850.2511369-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli The cached local source address bind->local is updated in place on a live, RCU-published ovpn_bind while holding peer->lock: the UDP output error paths reset it (ovpn_udp4_output()/ovpn_udp6_output()) [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wS13A-0000QW-SK Subject: [Openvpn-devel] [PATCH ovpn net 3/9] ovpn: fix data race reading cached local endpoint on TX path X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866294966059000123 X-GMAIL-MSGID: 1866294966059000123 From: Antonio Quartulli The cached local source address bind->local is updated in place on a live, RCU-published ovpn_bind while holding peer->lock: the UDP output error paths reset it (ovpn_udp4_output()/ovpn_udp6_output()) and the RX float path learns it (ovpn_peer_endpoints_update()). The UDP TX fast path and the netlink dump, however, read bind->local holding only rcu_read_lock(), never peer->lock. For bind->local.ipv6 this is a torn read: struct in6_addr is 128 bit and is copied as multiple words, so a concurrent in-place update can make a reader observe a mix of the old and new address. The mangled source address then feeds ip6_dst_lookup_flow() and udp_tunnel6_xmit_skb(). For bind->local.ipv4 (a single aligned word) it is a data race without tearing. A spinlock on the per-packet TX path is not acceptable, and READ_ONCE()/WRITE_ONCE() cannot atomically access the 128-bit IPv6 address (the >8-byte access is rejected at build time and per-word accesses still can't yield a consistent snapshot). Serialize the IPv6 field with a per-peer seqcount_spinlock_t tied to the existing peer->lock: the in-place writers (already under peer->lock) bump it, and readers take a lock-free read_seqcount_begin()/retry() snapshot via the new ovpn_peer_local_ipv6() helper. The single-word IPv4 field is handled with plain READ_ONCE()/WRITE_ONCE(). bind->remote is untouched: it is immutable for a given bind object (only swapped via whole-bind RCU replacement), so reading it locklessly remains safe. Fixes: 08857b5ec5d9 ("ovpn: implement basic TX path (UDP)") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/netlink.c | 13 +++++++++++-- drivers/net/ovpn/peer.c | 26 +++++++++++++++++++++++++- drivers/net/ovpn/peer.h | 6 ++++++ drivers/net/ovpn/udp.c | 17 +++++++++++++---- 4 files changed, 55 insertions(+), 7 deletions(-) diff --git a/drivers/net/ovpn/netlink.c b/drivers/net/ovpn/netlink.c index 4dad85294198..8e21fa3e7822 100644 --- a/drivers/net/ovpn/netlink.c +++ b/drivers/net/ovpn/netlink.c @@ -610,14 +610,23 @@ static int ovpn_nl_send_peer(struct sk_buff *skb, const struct genl_info *info, bind = rcu_dereference(peer->bind); if (bind) { if (bind->remote.in4.sin_family == AF_INET) { + /* bind->local is updated in place under peer->lock; + * READ_ONCE() pairs with the WRITE_ONCE() updaters + */ if (nla_put_in_addr(skb, OVPN_A_PEER_REMOTE_IPV4, bind->remote.in4.sin_addr.s_addr) || nla_put_net16(skb, OVPN_A_PEER_REMOTE_PORT, bind->remote.in4.sin_port) || nla_put_in_addr(skb, OVPN_A_PEER_LOCAL_IPV4, - bind->local.ipv4.s_addr)) + READ_ONCE(bind->local.ipv4.s_addr))) goto err_unlock; } else if (bind->remote.in4.sin_family == AF_INET6) { + struct in6_addr local_ipv6; + + /* read the 128-bit local address under the peer + * seqcount to avoid a torn read + */ + ovpn_peer_local_ipv6(peer, bind, &local_ipv6); if (nla_put_in6_addr(skb, OVPN_A_PEER_REMOTE_IPV6, &bind->remote.in6.sin6_addr) || nla_put_u32(skb, OVPN_A_PEER_REMOTE_IPV6_SCOPE_ID, @@ -625,7 +634,7 @@ static int ovpn_nl_send_peer(struct sk_buff *skb, const struct genl_info *info, nla_put_net16(skb, OVPN_A_PEER_REMOTE_PORT, bind->remote.in6.sin6_port) || nla_put_in6_addr(skb, OVPN_A_PEER_LOCAL_IPV6, - &bind->local.ipv6)) + &local_ipv6)) goto err_unlock; } } diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index 8aa07560bb30..bbb1946fa5b4 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -112,6 +112,7 @@ struct ovpn_peer *ovpn_peer_new(struct ovpn_priv *ovpn, u32 id) RCU_INIT_POINTER(peer->bind, NULL); ovpn_crypto_state_init(&peer->crypto); spin_lock_init(&peer->lock); + seqcount_spinlock_init(&peer->bind_local_seq, &peer->lock); kref_init(&peer->refcount); ovpn_peer_stats_init(&peer->vpn_stats); ovpn_peer_stats_init(&peer->link_stats); @@ -175,6 +176,27 @@ int ovpn_peer_reset_sockaddr(struct ovpn_peer *peer, return 0; } +/** + * ovpn_peer_local_ipv6 - read the cached local IPv6 endpoint of a peer + * @peer: the peer owning the binding + * @bind: the binding to read the local address from + * @dst: where the local IPv6 address is copied to + * + * bind->local is updated in place under peer->lock (TX error path and RX + * float path). Read the 128-bit address under the peer seqcount so that + * lockless readers never observe a torn value. + */ +void ovpn_peer_local_ipv6(const struct ovpn_peer *peer, + const struct ovpn_bind *bind, struct in6_addr *dst) +{ + unsigned int seq; + + do { + seq = read_seqcount_begin(&peer->bind_local_seq); + *dst = bind->local.ipv6; + } while (read_seqcount_retry(&peer->bind_local_seq, seq)); +} + /* variable name __tbl2 needs to be different from __tbl1 * in the macro below to avoid confusing clang */ @@ -237,7 +259,7 @@ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) netdev_name(peer->ovpn->dev), peer->id, &bind->local.ipv4.s_addr, &ip_hdr(skb)->daddr); - bind->local.ipv4.s_addr = ip_hdr(skb)->daddr; + WRITE_ONCE(bind->local.ipv4.s_addr, ip_hdr(skb)->daddr); reset_cache = true; } break; @@ -268,7 +290,9 @@ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) netdev_name(peer->ovpn->dev), peer->id, &bind->local.ipv6, &ipv6_hdr(skb)->daddr); + write_seqcount_begin(&peer->bind_local_seq); bind->local.ipv6 = ipv6_hdr(skb)->daddr; + write_seqcount_end(&peer->bind_local_seq); reset_cache = true; } break; diff --git a/drivers/net/ovpn/peer.h b/drivers/net/ovpn/peer.h index dfa5c0037e02..c0994c606554 100644 --- a/drivers/net/ovpn/peer.h +++ b/drivers/net/ovpn/peer.h @@ -10,6 +10,7 @@ #ifndef _NET_OVPN_OVPNPEER_H_ #define _NET_OVPN_OVPNPEER_H_ +#include #include #include @@ -56,6 +57,8 @@ * @link_stats: per-peer link/transport TX/RX stats * @delete_reason: why peer was deleted (i.e. timeout, transport error, ..) * @lock: protects binding to peer (bind) and keepalive* fields + * @bind_local_seq: seqcount serializing in-place updates of bind->local + * (done under @lock) against lockless readers on the TX path * @refcount: reference counter * @rcu: used to free peer in an RCU safe way * @release_entry: entry for the socket release list @@ -110,6 +113,7 @@ struct ovpn_peer { struct ovpn_peer_stats link_stats; enum ovpn_del_peer_reason delete_reason; spinlock_t lock; /* protects bind and keepalive* */ + seqcount_spinlock_t bind_local_seq; /* protects bind->local */ struct kref refcount; struct rcu_head rcu; struct llist_node release_entry; @@ -151,6 +155,8 @@ struct ovpn_peer *ovpn_peer_get_by_dst(struct ovpn_priv *ovpn, struct sk_buff *skb); void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer); void ovpn_peer_hash_transp_addr(struct ovpn_peer *peer); +void ovpn_peer_local_ipv6(const struct ovpn_peer *peer, + const struct ovpn_bind *bind, struct in6_addr *dst); bool ovpn_peer_check_by_src(struct ovpn_priv *ovpn, struct sk_buff *skb, struct ovpn_peer *peer); diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c index 8811aa9eedeb..60d32dc5af4a 100644 --- a/drivers/net/ovpn/udp.c +++ b/drivers/net/ovpn/udp.c @@ -147,7 +147,10 @@ static int ovpn_udp4_output(struct ovpn_peer *peer, struct ovpn_bind *bind, { struct rtable *rt; struct flowi4 fl = { - .saddr = bind->local.ipv4.s_addr, + /* bind->local is updated in place under peer->lock; a single + * aligned word is read/written atomically via {READ,WRITE}_ONCE + */ + .saddr = READ_ONCE(bind->local.ipv4.s_addr), .daddr = bind->remote.in4.sin_addr.s_addr, .fl4_sport = inet_sk(sk)->inet_sport, .fl4_dport = bind->remote.in4.sin_port, @@ -169,7 +172,7 @@ static int ovpn_udp4_output(struct ovpn_peer *peer, struct ovpn_bind *bind, */ fl.saddr = 0; spin_lock_bh(&peer->lock); - bind->local.ipv4.s_addr = 0; + WRITE_ONCE(bind->local.ipv4.s_addr, 0); spin_unlock_bh(&peer->lock); dst_cache_reset(cache); } @@ -178,7 +181,7 @@ static int ovpn_udp4_output(struct ovpn_peer *peer, struct ovpn_bind *bind, if (IS_ERR(rt) && PTR_ERR(rt) == -EINVAL) { fl.saddr = 0; spin_lock_bh(&peer->lock); - bind->local.ipv4.s_addr = 0; + WRITE_ONCE(bind->local.ipv4.s_addr, 0); spin_unlock_bh(&peer->lock); dst_cache_reset(cache); @@ -224,7 +227,6 @@ static int ovpn_udp6_output(struct ovpn_peer *peer, struct ovpn_bind *bind, int ret; struct flowi6 fl = { - .saddr = bind->local.ipv6, .daddr = bind->remote.in6.sin6_addr, .fl6_sport = inet_sk(sk)->inet_sport, .fl6_dport = bind->remote.in6.sin6_port, @@ -233,6 +235,11 @@ static int ovpn_udp6_output(struct ovpn_peer *peer, struct ovpn_bind *bind, .flowi6_oif = bind->remote.in6.sin6_scope_id, }; + /* bind->local is updated in place under peer->lock; read the 128-bit + * address under the peer seqcount to avoid a torn read + */ + ovpn_peer_local_ipv6(peer, bind, &fl.saddr); + local_bh_disable(); dst = dst_cache_get_ip6(cache, &fl.saddr); if (dst) @@ -245,7 +252,9 @@ static int ovpn_udp6_output(struct ovpn_peer *peer, struct ovpn_bind *bind, */ fl.saddr = in6addr_any; spin_lock_bh(&peer->lock); + write_seqcount_begin(&peer->bind_local_seq); bind->local.ipv6 = in6addr_any; + write_seqcount_end(&peer->bind_local_seq); spin_unlock_bh(&peer->lock); dst_cache_reset(cache); } From patchwork Tue May 26 23:18:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 4979 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:4ec9:b0:861:c897:cb9d with SMTP id i9csp36349mas; Tue, 26 May 2026 16:19:37 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ8N7F6NV4AAnsYlv4oC4MRkmWRtIkWpmzzD4vIOjP82vIpYmOawxvX7040+7yzIa3KZw4oP9hcrIY0=@openvpn.net X-Received: by 2002:a05:6871:530b:b0:42f:beec:92dc with SMTP id 586e51a60fabf-43b5af685cfmr13944916fac.35.1779837576984; Tue, 26 May 2026 16:19:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779837576; cv=none; d=google.com; s=arc-20240605; b=RODvgVYk+SDHuPIKfPXhWe3vF+XBXTd7EubLLYKtfUMOTkhbBz/I3KItPrqEJmHNup x7QHFd3wWCnA3AsLe0qT0CkgjoJgvmI5q1E2FhM41UsZQOV9FZY1VVSFqqlxDcPqs+8i Cy2IFZHinWCIDvXbSmKxvaI+MQIiPCXyH+Ix594tr12moB96oeFgFdvB+d+Fd+3ogj0g 3KnyAWPjGMGeb/gH/L0jTe2lIxDnNrPAjuyNx6FbZn2hWKlVK/M5P3lNItt/uvvnsavj 3xUhd5VJtl2sSE3SEuv/ccg9C5BJUKoHe9FRH8lRTLaCVf7KxOUmsnaTUm9I8yGNYsEu +/OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=uTLBxFYXRMCbF0c7rGK9YaBd1dVo4Ina2/gLRre0jSg=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=FAo1HQphFESn1Rv0wRzYRRGuf2B27lwkjSv4IagcTWz0MfBBUJURdBAs5y6oSSQlXE 8DHJlt5tOXlb/NYM0/4TIoSdghmj9xWNOwFPnGy8Znm/aNM+rwaAAuI8TimPXzqduTiX YWCRXXWFEsDccNtWfsnU3bJVZ/2ikmFpW0OsAVJrav2KWRmieGDMm0sCNV8hWo9xJfmz 7FgP702/GX7aMzW9AMI8NhPdGQv9KiF6uZpxX6kVc85oR25inx5rn1OuH1dbThAtHi3w Y2E+5xYsA3D3+1UrxQvi4kJvBtJw2SmwAYQ1j4LwJHEvPcOj4PSCtm8fw3jDU8EMF3Ns s2pw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=mqnz6aC7; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JavLz1nt; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cVN7XBXg; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=hZpVZAxB; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-43b63d0903csi11747599fac.360.2026.05.26.16.19.36 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 16:19:36 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=mqnz6aC7; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JavLz1nt; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cVN7XBXg; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=hZpVZAxB; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=uTLBxFYXRMCbF0c7rGK9YaBd1dVo4Ina2/gLRre0jSg=; b=mqnz6aC7q1zh42V7RzfeZueYsV NNW++VZAF9WXRK665kBTP5SkcgucfpgrgLU+hxuj40vvtljkzVNqhw+0EG6n3tGn1vLBcWo9Ho3tK FYZD8+vYJ6Ir05+3dlVMllUMqgu6kF5sfZEBTx0+Z6A8yCIUTkt9pCLdf+UkfmTQS438=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wS13a-0002rs-Ej; Tue, 26 May 2026 23:19:31 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wS13W-0002pd-RX for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=JuwX2RQyhLSm7JVnRRkQX1KUFPvFgIajoELZ+RUujMg=; b=JavLz1ntAPHIrf+FzGE/zJxGKV q0gvfQOzmmPx3W84uhoAQgtJo9UqnLZlfuFd1x3hf3BY6Rx+2MX56QkcvFv2lStOqoRu9mKIfp8RB 1SmPhruAcgFkdszwP6orNrnkezvRwT3Hyowpwq3Zb7e3kV0yn+d8ivpjaR/AnM07AnpU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=JuwX2RQyhLSm7JVnRRkQX1KUFPvFgIajoELZ+RUujMg=; b=cVN7XBXgmczOcS/9lGE5CyDLye BiRjZJBAlMWC2OCamNx148fxa82L5l1o+WxJa3jFvaokeqSQYMB14HPcSZnwoasFN7+ycae9yTi30 qF2mdKxQBGAtJfPvAzpubwWPDa3HYZQr16ZfHtkqeIC2sTgD483p3gpLbCHpZLCapXU0=; Received: from mout-p-101.mailbox.org ([80.241.56.151]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wS13G-0000TI-FG for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:11 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4gQ7wy27pQz9thq; Wed, 27 May 2026 01:18:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1779837538; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JuwX2RQyhLSm7JVnRRkQX1KUFPvFgIajoELZ+RUujMg=; b=hZpVZAxBkARsTAuZhNoforuDYhH2Si0rfNICFvCNIqbM/GS7dj93uA0xCPrLI1uSloH8e8 yo+H00YS/uUwFXnh6T0/750MJir2kj53zLM6ldDmPY868Vl2xdg4cBPUeaddz8iR+qUL+L ziV+t0whQpZCF9Iu8iZfoSAn8KHvh8gdiYPKpnYfDRpjYgAhykXvYZobJNJ6BdAbFQ8F98 momFHo43Xyb9Ul403Sri7vF528f9ny+eSXExvCIyd6qt1quMbRYdJDWAABo8in2K8aKMOt v2PUUpB/CWohdnlWukbIb+XKJWyLeGq+knuzwpBVK35et0AbdH7C46nEUrAiLA== From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 27 May 2026 01:18:45 +0200 Message-ID: <20260526231850.2511369-4-a@unstable.cc> In-Reply-To: <20260526231850.2511369-1-a@unstable.cc> References: <20260526231850.2511369-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli Some subsystems, like BPF SOCKMAP, set sk_user_data without actually setting the encap_type. For this reason, we must make sure that the type is the one ovpn expects before dereferencing sk_user_data. Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wS13G-0000TI-FG Subject: [Openvpn-devel] [PATCH ovpn net 4/9] ovpn: ensure socket is owned by ovpn before deref sk_user_data X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866294966909868541 X-GMAIL-MSGID: 1866294966909868541 From: Antonio Quartulli Some subsystems, like BPF SOCKMAP, set sk_user_data without actually setting the encap_type. For this reason, we must make sure that the type is the one ovpn expects before dereferencing sk_user_data. Failing to do so may lead to out-of-bounds reads. Fixes: f6226ae7a0cd ("ovpn: introduce the ovpn_socket object") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/socket.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/net/ovpn/socket.c b/drivers/net/ovpn/socket.c index 517caa64a4fe..6cbeb2caaeec 100644 --- a/drivers/net/ovpn/socket.c +++ b/drivers/net/ovpn/socket.c @@ -162,6 +162,15 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) rcu_read_lock(); ovpn_sock = rcu_dereference_sk_user_data(sk); if (ovpn_sock) { + /* something else filled the sk_user_data without + * setting the encap_type. Reject the socket. + */ + if (!type) { + ovpn_sock = ERR_PTR(-EBUSY); + rcu_read_unlock(); + goto sock_release; + } + /* socket owned by another ovpn instance, we can't use it */ if (ovpn_sock->ovpn != peer->ovpn) { ovpn_sock = ERR_PTR(-EBUSY); From patchwork Tue May 26 23:18:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 4980 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:4ec9:b0:861:c897:cb9d with SMTP id i9csp36360mas; Tue, 26 May 2026 16:19:37 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ8rfZSrsrpoliE6atFm5VatCE0HxjEWX1o8qtpNuQJuvuJ21Cg3TgbVYU61JF979p6SXK4PZ3MAMIg=@openvpn.net X-Received: by 2002:a05:6820:611:b0:69d:a4a5:4467 with SMTP id 006d021491bc7-69da4a54e9fmr8019032eaf.43.1779837577745; Tue, 26 May 2026 16:19:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779837577; cv=none; d=google.com; s=arc-20240605; b=auvWry/4qPQ95fBfdWcfqz5QrN/SZasO6gMmA8wR5NyDK8e3U4APDEx9FRgPIolp4z fH+zK35SlhEs5GfTSQKc9dey1jmj5s6TQOtlvT1Wt9LaWLzL20NZ9+yPGwQRbhldVjlx QVFJXn1uv16jGXTi5WPk/Rqzck5WhY0eprzDampYpgxikVf/0tzXM6rR8y57rtD2Zn7l 16f73P28hMrPtiTHgIOYLL6B2OZlJ0mDvtwlo+UCllXVk73MeWxw8e2r8D9Q3Hiz9Bj1 BnFsYLLYk8InAJTLJgm6sDr/vojvLFMQ7iyBUI8RWDgnwkNZ3XR4m8N3oYnReR5FyBWk N4YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=mL4bJ+LSxd0VnrN4IeDEMjQG0xGPmibO1kB+/h5XxZQ=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=hLqGth6WNWTThFvIG3t+83AokDhlU+5Zt0Q/jJD6TPKsygykqspdQBXJxjlbxZ5Pyx wN9nCIg2sEAdoXwRkxkWoua88jPRZyxbhITFcTIgLo9BlxI0MzBVdV1yU4x3vdiRU7Wi nH3/KN5/JEr1g2h/y0IAKapa3IK+XuTXCrmL+60NRSeSGkOuVmfe7Bl5xOxaQYOj1wD7 CqeWvatWDAsdQUhaHaeM5J7Yp61RZfI4utc8kS6oG+ys5PCX5qm5008IESkkmgIudllB v8nkCOgGVZzSwvu1PR2RpLTBDjSYssVRP8Guupm9/e6zmfGKc39SXWmhi6Kby9TuxtQ7 R7mw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=DYk3n9rB; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=hsSH4ftg; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=b6YhAkiP; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=bsVIT0Pg; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-69d83d01739si8340704eaf.77.2026.05.26.16.19.37 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 16:19:37 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=DYk3n9rB; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=hsSH4ftg; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=b6YhAkiP; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=bsVIT0Pg; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=mL4bJ+LSxd0VnrN4IeDEMjQG0xGPmibO1kB+/h5XxZQ=; b=DYk3n9rBbp049ZMs15DliaK4k2 +tnRc9iiY9AHFjxiUWeSZCbKlecZ/E6fpvSqVLCsS12+Dait708Go+XoIHR0Work5bIboAyISoNS5 Hc051cTGdBieWsiEQyZWNCa8++jrAfMKKH1Axk9M0oDF8+vquYFOOVFpN7dKVR2AKeNY=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wS13Z-0007KZ-Sf; Tue, 26 May 2026 23:19:29 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wS13X-0007Jv-Do for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=3SO51xGxkJt8zJ1G/O5z8R+QSQzRGqAq8QHjtl6WKcA=; b=hsSH4ftghTETr7bw1nzK0kSjOF dUhn/SckAFupubDzbsVY+3HEt0MGfHrrthe+QceiSnkbvl/UV/6jN4LIySAlG3OH7AuO2ZOF+1W+G eCxXQ6yacOCX/BEsZ4tVtel0E3EVq/1tbPxWy5PgnOzDdwpqFGKT8t7SFD05KDSqocfI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=3SO51xGxkJt8zJ1G/O5z8R+QSQzRGqAq8QHjtl6WKcA=; b=b6YhAkiPXi1YjvmZw+1+YnuXY7 SMtUowefuqHm2+2Y3jNe7PMwhRenap8U0rOYuUPrFR9EqF1nUeT2v2X417itQ0MwFi1mtxuM7354z qyx139SDjdAbN3h4bYmLstZnI7yv1EX78DMbToqWv6Vg+Mul6Y/azMN029dW/ML+6Vec=; Received: from mout-p-101.mailbox.org ([80.241.56.151]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wS13H-0000TX-0X for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:12 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4gQ7wy5k5vz9tht; Wed, 27 May 2026 01:18:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1779837538; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3SO51xGxkJt8zJ1G/O5z8R+QSQzRGqAq8QHjtl6WKcA=; b=bsVIT0PgSIPUvJH6JjKkahUJWaJxVevIVr2l3LK9TzBpa9cB2BBzpQVF8j4wiaNSpN+Zsq H0dDnQlkg5b3BSv9bCdjMZDzBCawHv4krn9S2CeG+U0qWm/nbccyRTYoPiew3EV6FKnRTF Fyixb25ZMMzjWwHNdjM/Xf1zJCEgAFig96Dg6T7wBvt87bMgqtFTQAy5je8DOIGEjV/R1C NaLa/N0uUKK4s8NxRBO0SqInT3SqQxgHYSc3KZ9UXMHk9z6klQ8Pw7NKL75FzqCjYTaat8 ZYR3DL8n7kaGh1bsEauCZCYezmtXlp0JJWPOE/JiVpVlTFlzk2tfNf+psGRi9Q== From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 27 May 2026 01:18:46 +0200 Message-ID: <20260526231850.2511369-5-a@unstable.cc> In-Reply-To: <20260526231850.2511369-1-a@unstable.cc> References: <20260526231850.2511369-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli The TCP error paths in ovpn_tcp_rcv() and ovpn_tcp_send_sock() take a peer reference and then schedule the deferred-delete work: ovpn_peer_hold(peer); schedule_work(&peer->tcp.defer_del_work); Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wS13H-0000TX-0X Subject: [Openvpn-devel] [PATCH ovpn net 5/9] ovpn: tcp - fix peer reference leak on deferred deletion X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866294968311535815 X-GMAIL-MSGID: 1866294968311535815 From: Antonio Quartulli The TCP error paths in ovpn_tcp_rcv() and ovpn_tcp_send_sock() take a peer reference and then schedule the deferred-delete work: ovpn_peer_hold(peer); schedule_work(&peer->tcp.defer_del_work); ovpn_tcp_peer_del_work() drops exactly one reference per run, but schedule_work() returns false and does not re-queue when the work is already pending. The reference, however, was taken unconditionally, so every hold+schedule that lands on an already-pending work leaks one peer reference. ovpn_tcp_rcv() is the strparser receive callback and has no guard against this: a TCP segment packed with packets whose length header is valid for the stream parser but whose payload is smaller than the opcode size passes ovpn_tcp_parse() and hits the error path. strparser delivers all complete messages in a loop, so many error invocations run before the scheduled work executes, leaking one reference each. A remote peer can exploit this to pin the peer (and the netdev reference it holds) forever, preventing interface teardown - a denial of service. Take the reference only when schedule_work() actually queues the work. schedule_work() flips the work pending bit atomically, so exactly one caller - even across the concurrent RX and TX paths - observes the idle->pending transition and acquires the single reference that the lone ovpn_peer_put() in the worker balances. ovpn_peer_del() is idempotent (ovpn_peer_remove() bails on an already-unhashed peer), so a work item re-queued while running stays refcount-balanced. Fixes: 11851cbd60ea ("ovpn: implement TCP transport") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/tcp.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/drivers/net/ovpn/tcp.c b/drivers/net/ovpn/tcp.c index 433bd07a4f1b..6cf684699ada 100644 --- a/drivers/net/ovpn/tcp.c +++ b/drivers/net/ovpn/tcp.c @@ -148,10 +148,14 @@ static void ovpn_tcp_rcv(struct strparser *strp, struct sk_buff *skb) ovpn_recv(peer, skb); return; err: - /* take reference for deferred peer deletion. should never fail */ - if (WARN_ON(!ovpn_peer_hold(peer))) - goto err_nopeer; - schedule_work(&peer->tcp.defer_del_work); + /* schedule deferred peer deletion and take a reference only if the + * work was actually queued: the matching ovpn_peer_put() in + * ovpn_tcp_peer_del_work() runs once per queued work, so re-arming an + * already-pending work must not take another reference (it would be + * leaked, e.g. on a flood of invalid packets) + */ + if (schedule_work(&peer->tcp.defer_del_work)) + ovpn_peer_hold(peer); ovpn_dev_dstats_rx_dropped(peer->ovpn->dev); err_nopeer: kfree_skb(skb); @@ -280,15 +284,20 @@ static void ovpn_tcp_send_sock(struct ovpn_peer *peer, struct sock *sk) peer->id, ret); /* in case of TCP error we can't recover the VPN - * stream therefore we abort the connection + * stream therefore we abort the connection. + * + * Take a reference only if the work was actually + * queued: ovpn_tcp_peer_del_work() drops exactly one + * reference per run, so re-arming an already-pending + * work (e.g. already scheduled from the RX path) must + * not take another reference (it would be leaked). */ - ovpn_peer_hold(peer); - schedule_work(&peer->tcp.defer_del_work); + if (schedule_work(&peer->tcp.defer_del_work)) + ovpn_peer_hold(peer); /* we bail out immediately and keep tx_in_progress set - * to true. This way we prevent more TX attempts - * which would lead to more invocations of - * schedule_work() + * to true, so that no further TX is attempted on the + * aborted stream */ return; } From patchwork Tue May 26 23:18:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 4975 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:4ec9:b0:861:c897:cb9d with SMTP id i9csp36333mas; Tue, 26 May 2026 16:19:36 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ8EwEzrOpuAaUjBNFNGfj1LkA0tPPL7q/lTQBMne1RnH7n79P8mh9v6+3Nv6NFP0ZgYekkcb90jehE=@openvpn.net X-Received: by 2002:a05:6820:e0e7:b0:69d:8c8d:d675 with SMTP id 006d021491bc7-69d8c8ddb88mr6144685eaf.22.1779837576001; Tue, 26 May 2026 16:19:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779837575; cv=none; d=google.com; s=arc-20240605; b=hu630lgnMPeOLrRIcYiiNOE+GSD8AWZ2FmM6+JPwHBy5M2HJv+xwu476AoE/P5VA7z ZsF/jKKRNeNY0VGXkq6UQY0xawSYbJeivoseGFy6IpHptvyHfU6uFhUqUZM/Jw92FIMW OW7feZttI1e3jX+4M8I/OcE4f9Dg5GGtm6Uk/TIhte74bcVU7cFCPYvU5Lt5SI04c6bN mzHo5j0cMJXy0GkOFvx7YZfd9pRJkAbSs2QY1vPn3+Ib2PhukCppmh0DxDyePU6tnGDD VZED97ruGdGnD4OZKWKYC6oE/iyUqFwhzscwdhZxAyqoNkn16qDP8pt9Eq3vqREPhbKN PkoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=+xPlPBmiEsXVUj9f+cMXoS6tjKKtSJTjscaY+BsBkNg=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=bNxchI1phNEk1vsXjof0iJlk9K18vm9nVxB9L45ldgY+g4O0Q74GYCx+nnMmGoQzkJ 1ofvRa4gzHxMnwlI0ko/OZO5w69ajl8MvY9lwIcwWg7goprVxROHKi30mTMakbuTuqgH XwlB9qdceGeeb9OLV7egOgFXpgVo7WRI4IMsjYmLqul7kOuFCwsnnGyhu2EsxtbHBaZR Uh8mX9qiqT1jFkpLvdIXUwtyugfXyg3YFJ/WVc0x+h/GAw88IhRSGVsbuvc2M2pc2plA g06RG06Pe8fb44WsjOxS6CXm58FATLJ+qkCpsw0NRiUn01w3fNSl0zO6x91b7Coi6b6t J3Ew==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=CbYUblD3; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kKYzuHgU; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Mxa0pIpL; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=mXi2eBOT; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-69d8c7f70d6si7642221eaf.4.2026.05.26.16.19.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 16:19:35 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=CbYUblD3; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kKYzuHgU; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Mxa0pIpL; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=mXi2eBOT; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=+xPlPBmiEsXVUj9f+cMXoS6tjKKtSJTjscaY+BsBkNg=; b=CbYUblD3uiQ0jUGKren5ckszZk NhkQNFZxqRXeLPKfwueeXaViCrm/xwOgm1QrZySadbFUyy1utbikCKcM0L+otJ3mUxO/CPmFh+UHo MxURn6rekWnFMK+If17OvMIAaSKwk9i/je+HCXx8aGkuk/IXlGI5WQ9hb3vss3SOMZQs=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wS13b-0004Yg-QV; Tue, 26 May 2026 23:19:32 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wS13W-0004Y8-To for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Jfvmtc2kSSlcJjFihG7ze0JY2JBgrOhNx9LP9OMiTO4=; b=kKYzuHgUhDQ+hEe49WtCAm6O4U IVBEq1dC480Ug77fRmflz7Tp2g11kSR3NyiuDERJ3LWlDImM5TFYfEq6naltkOhuuitVgBspDekMu qZRVZ352aexk3YfwQs6o6PA3Paq4CH/+RPQNzDehby+zjead3vKETwsqzvhTtxOmCclI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Jfvmtc2kSSlcJjFihG7ze0JY2JBgrOhNx9LP9OMiTO4=; b=Mxa0pIpL1FlnNDiyzgqB/ml+dT F+nTWRq6P5KJsocLhWokqAfg0YL6rrYEwffm2dmLH0vuStintYr8QTW+emilGHZx0KBrusKw+HM6A kOVGuxMu6t7im11tAJJdTs8RW7i8X7sEDJEG2E6kc5MRJhhmxkfH6qE5zNUwgItz+VvU=; Received: from mout-p-103.mailbox.org ([80.241.56.161]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wS13H-0000To-Jr for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:12 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-103.mailbox.org (Postfix) with ESMTPS id 4gQ7wz2qmRz9tqn; Wed, 27 May 2026 01:18:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1779837539; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Jfvmtc2kSSlcJjFihG7ze0JY2JBgrOhNx9LP9OMiTO4=; b=mXi2eBOTQGIOzimNYDJkzcRwq7MO+ZQ5PfAVBZtuzH1qNif7iZk7IGdEh9x5Cht4/VZ3SL OZUHuFub8eFUWh8ZNEMPkBewbZXkUrHC2n7YkP9WdudJ8YQ8+ZlyVUd0/cYX+nGwb+ZKNx RAb59MNAwJFj8CYM/hxfhe2HWQchwV1buTfBXF5GqjxKqGix1WpZ+aBlFoxzbH7lZ6hxpb vXFl1d75WtQ9asRQKNsI6vWC+kQZe6yb84mIPuLC4cehbjLpfHHeE1rnelEwieAu9fhp5f l4RbXkwmAF5Qy7IFHNEkkK5tc00Dd4+sLwQES40hVQ3Nm3Hejh0JkPdJJO6JLQ== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of a@unstable.cc designates 2001:67c:2050:b231:465::102 as permitted sender) smtp.mailfrom=a@unstable.cc From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 27 May 2026 01:18:47 +0200 Message-ID: <20260526231850.2511369-6-a@unstable.cc> In-Reply-To: <20260526231850.2511369-1-a@unstable.cc> References: <20260526231850.2511369-1-a@unstable.cc> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4gQ7wz2qmRz9tqn X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli ovpn_peer_endpoints_update() builds the new remote endpoint in an on-stack struct sockaddr_storage that is left uninitialized. For IPv4 only sin_family/sin_addr/sin_port are written, leaving the 8-byt [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wS13H-0000To-Jr Subject: [Openvpn-devel] [PATCH ovpn net 6/9] ovpn: zero-initialize sockaddr before learning a floated endpoint X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866294966021226209 X-GMAIL-MSGID: 1866294966021226209 From: Antonio Quartulli ovpn_peer_endpoints_update() builds the new remote endpoint in an on-stack struct sockaddr_storage that is left uninitialized. For IPv4 only sin_family/sin_addr/sin_port are written, leaving the 8-byte sin_zero padding as stack garbage (for IPv6, sin6_flowinfo is left uninitialized likewise). ovpn_peer_reset_sockaddr() -> ovpn_bind_from_sockaddr() then memcpy()s sizeof(struct sockaddr_in)/sizeof(struct sockaddr_in6) bytes - padding included - into bind->remote. That buffer is later hashed with jhash() over the same length to place the peer in the by_transp_addr table, so the garbage padding lands the floated peer in an essentially random bucket. Lockless lookups in ovpn_peer_get_by_transp_addr() build their key from a zero-initialized sockaddr_storage, compute a different bucket and fail to find the peer. This is also a plain use of uninitialized stack memory in jhash(). Zero-initialize the sockaddr_storage, matching what the lookup and netlink paths already do. Fixes: f0281c1d3732 ("ovpn: add support for updating local or remote UDP endpoint") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/peer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index bbb1946fa5b4..1d878c3e1514 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -220,7 +220,7 @@ static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, */ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) { - struct sockaddr_storage ss; + struct sockaddr_storage ss = {}; struct sockaddr_in6 *sa6; bool reset_cache = false; struct sockaddr_in *sa; From patchwork Tue May 26 23:18:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 4981 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:4ec9:b0:861:c897:cb9d with SMTP id i9csp36368mas; Tue, 26 May 2026 16:19:38 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ8OgBq9unn0+L+zzcOMmQw6Ug9ahObAdYcYzMar0cQgjf/cNt91g4SvuzVTrFZ6/muGjL5+eNijneA=@openvpn.net X-Received: by 2002:a05:6808:2519:b0:46a:c98c:bfe9 with SMTP id 5614622812f47-4854a48fbcemr11484652b6e.40.1779837578395; Tue, 26 May 2026 16:19:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779837578; cv=none; d=google.com; s=arc-20240605; b=CDLO5PhxqI/sVwPYUjJ2AtsDF1hO0eDwt/jJK3xpmyQnjOV8AHRdHVX2KXrhTsf2zT 8tpH4n+O11tJrDjEsjB56wm8HFG742boT09pTpHgrIgjJQ+cFc6LMKrCm+Co4sa0v6eF Hyd4PwUF+lbg6MJ/R3+0J5XCCAh0bAqC5YddsgUaCeoIz4h1JEJtorx2zcY0LZtSmgac XNFUdWnyooZhaC1i6IBQY7FZ+7EkNqMeXiKW5psTxd2Nn9FueA9awbaR6cky4qN8dern X4az4pM+mQHAkZ5RxMOA3CGujFB0AKR5N9ttpvTnA1JPshNAjCCZban8fD9RkrnXLkyp fG1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=UTkIbI1E04lskLsBXunMbL3Xv0LPBTy6lJP7j1DZymg=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=c23vJxSFjGduOGyL436tgisfdH1Kfl8IJyP59hpgV6v1y5yqwnG5pzt0tB2cjodiMq dVVZA8KmvaeRmX6s8YaxPKlUS0LMRIzkIm35FGhFwImusp/0NPPKfsCGep4FexAAT3Ol iwBUQcZe9jb5oY9zmwqtxrgry+wqvn45G1ejjAWHH1XamYfMXbVYyLlV+tKxllu+ilmY yMtPI1RSnA4KVK7Gr6ExE4w6pN7ELMJAlfbL77P+yThCUH5y4kPGyCm+VwKnTRrw3Qqa Gx19d7BkoAZJgDmvh5glXr24G9X5EQZX/WYMZmLw7gxX3DUPQv6XCpjf1vXF8WMeYkx8 YSTA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=YLL+n1xu; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=g6tC+7am; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DsTcropp; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=XtaRS8vK; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-43b63b39d5dsi11818313fac.131.2026.05.26.16.19.38 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 16:19:38 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=YLL+n1xu; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=g6tC+7am; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DsTcropp; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=XtaRS8vK; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=UTkIbI1E04lskLsBXunMbL3Xv0LPBTy6lJP7j1DZymg=; b=YLL+n1xuN7ZyJJ+qepA7+Ph00Z JArGJ8IWcXnhjZhotq6yWM41ap8297lUKyg6rIU17xlsQRMSwiCa5dIFvO6k0fRILJr0PEnu9Hu16 OL5+e9kXIZz+JmaD12qEydS2FThgC4PkzBF6KoZ6dk+Nkno0ii5cjqDmFQfmZEI6yw3g=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wS13g-0003Zk-L9; Tue, 26 May 2026 23:19:34 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wS13a-0003Yx-3V for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=RZO0MsyPEb4YuJFfZGfEawSIvMhZNfVfpHKfPA+WUMg=; b=g6tC+7amSw3H/Tx56GBtnEagJZ eEeDhSzX/dMLJU79NUbl9y824677TutdjYwaG1wdfcyzZP2YbXRa5wOCZ//MMLzNdwkjXmTrV4e/t wEQd4T2WhL760x9lWzs6FMW8f0YzegPhv1WU3/07rzglCf9Ycu1E4R5CTFQX/qkUQjgI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=RZO0MsyPEb4YuJFfZGfEawSIvMhZNfVfpHKfPA+WUMg=; b=DsTcroppUj2A6d3JdizYfiaSMi 4+twEUrLoHBgICMn+nVhKfaocSM9kAcfXYkmRqbpbfZBx0iXvn5SPmlUQEuy+gM90yeXVfQ7oaIdP z4s52Y5R2CHO88uyILJ/1+r1arId2wu3LxqWJsXk9t43R4wYYGxSbGBJayyV6P3KEUhU=; Received: from mout-p-202.mailbox.org ([80.241.56.172]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wS13I-0000Tz-8i for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:13 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4gQ7wz6Ld3z9tW1; Wed, 27 May 2026 01:18:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1779837539; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RZO0MsyPEb4YuJFfZGfEawSIvMhZNfVfpHKfPA+WUMg=; b=XtaRS8vKN/4CRSQKi09/Goy6/Ps1XES5e1Ak1OC7D6EGWX47BEO1fBmhiKfUaYD5nH5o56 mrMjw1Ltr4uhHNa4Q34fkaANCXxZxMG9sAwKXVLAv0LjGfGYuFjMBZ2VD0wZ02HHubQD1e x4N9y6Hmew5LAcMK7LVUqyQvEYpfnSdnl7l4TJPWHC7xT6ThBu4UsbA3UUQnBcETxYg3VN rbW3vphPI3aOcjkvhJ0Pj5fdjhVPg/oe6i2PI2x4+xaRCwznYNbtqb9qkw1POPXAemc2xb sMgqGNz9WJ3vTEhO3Rvp2TAlL6f6GwfJzefstvr85oUDD0KooAzXbRKYQxpi5g== From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 27 May 2026 01:18:48 +0200 Message-ID: <20260526231850.2511369-7-a@unstable.cc> In-Reply-To: <20260526231850.2511369-1-a@unstable.cc> References: <20260526231850.2511369-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli The by_transp_addr table is keyed on the peer's remote transport address, but the float rehash hashed bind->remote directly, while the two other sites that touch the table build a clean key first: ovp [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wS13I-0000Tz-8i Subject: [Openvpn-devel] [PATCH ovpn net 7/9] ovpn: hash floated peer by transport identity only X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866294968769396197 X-GMAIL-MSGID: 1866294968769396197 From: Antonio Quartulli The by_transp_addr table is keyed on the peer's remote transport address, but the float rehash hashed bind->remote directly, while the two other sites that touch the table build a clean key first: ovpn_peer_add_mp() and the lookup in ovpn_peer_get_by_transp_addr() both hash a sockaddr holding only family/address/port. For a link-local IPv6 peer, bind->remote carries sin6_scope_id (set from ipv6_iface_scope_id() when the endpoint is learned), and that field is folded into the jhash() over sizeof(struct sockaddr_in6). The lookup never sets sin6_scope_id, so after such a peer floats it is rehashed into a scope_id-dependent bucket that lookups (scope_id 0) never visit, making the peer unreachable through the by_transp_addr fallback. ovpn_peer_transp_match() only compares address and port, so the hash was keying on a field the match ignores. sin6_scope_id must stay in bind->remote because the TX path uses it as flowi6_oif, so it cannot just be cleared there. Instead build the hash key from family/address/port only, exactly like ovpn_peer_add_mp() and the lookup, so all three sites agree on the bucket. Fixes: f0281c1d3732 ("ovpn: add support for updating local or remote UDP endpoint") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/peer.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index 1d878c3e1514..fdf6262704c1 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -907,7 +907,10 @@ bool ovpn_peer_check_by_src(struct ovpn_priv *ovpn, struct sk_buff *skb, static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, const struct ovpn_bind *bind) { + struct sockaddr_storage sa = {}; struct hlist_nulls_head *nhead; + struct sockaddr_in6 *sa6; + struct sockaddr_in *sa4; size_t salen; lockdep_assert_held(&peer->ovpn->lock); @@ -923,12 +926,26 @@ static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, if (unlikely(hlist_unhashed(&peer->hash_entry_id))) return; + /* Build the hash key from the transport identity only + * (family/address/port), matching ovpn_peer_add_mp() and the lookup + * in ovpn_peer_get_by_transp_addr(). Hashing bind->remote directly + * would fold in sin6_scope_id (set on the float path but never by the + * lookup), scattering the peer into a bucket lookups cannot reach. + */ switch (bind->remote.in4.sin_family) { case AF_INET: - salen = sizeof(struct sockaddr_in); + sa4 = (struct sockaddr_in *)&sa; + sa4->sin_family = AF_INET; + sa4->sin_addr.s_addr = bind->remote.in4.sin_addr.s_addr; + sa4->sin_port = bind->remote.in4.sin_port; + salen = sizeof(*sa4); break; case AF_INET6: - salen = sizeof(struct sockaddr_in6); + sa6 = (struct sockaddr_in6 *)&sa; + sa6->sin6_family = AF_INET6; + sa6->sin6_addr = bind->remote.in6.sin6_addr; + sa6->sin6_port = bind->remote.in6.sin6_port; + salen = sizeof(*sa6); break; default: return; @@ -937,8 +954,8 @@ static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, /* remove old hashing (no-op if entry is not currently linked) */ hlist_nulls_del_init_rcu(&peer->hash_entry_transp_addr); /* re-add with current transport address */ - nhead = ovpn_get_hash_head(peer->ovpn->peers->by_transp_addr, - &bind->remote, salen); + nhead = ovpn_get_hash_head(peer->ovpn->peers->by_transp_addr, &sa, + salen); hlist_nulls_add_head_rcu(&peer->hash_entry_transp_addr, nhead); } From patchwork Tue May 26 23:18:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 4976 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:4ec9:b0:861:c897:cb9d with SMTP id i9csp36336mas; Tue, 26 May 2026 16:19:36 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ/SSkxbvEbY1IDWHgifBDMhmWGdZwkgR3Zrw+Xf1TnIPeOtLuE6/Y0uBJTZyGp6SL0Alt1E3Nv6JvM=@openvpn.net X-Received: by 2002:a05:6820:806:b0:69d:9e7c:cb52 with SMTP id 006d021491bc7-69d9e7cd005mr8430225eaf.59.1779837576160; Tue, 26 May 2026 16:19:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779837576; cv=none; d=google.com; s=arc-20240605; b=iRo4fyE+QtSnD9nQw7Xk2OL/3MM8y1qq5hhudlv9o9gHR6cKYcCR0y0wO+Qx5XPpbZ uvL6fhDP+A2NywyPFxdR8EyjwRWJV7cugF9u9pZ4LCGgfaWMt0qnuPngsv8teqDm1HkL fYXH0uZ1ECl7jR+TFmTQ38U0F24ivmUi5ldgjwjBq9IsgjF06Lx+CDodtJndCY7TywFt haPR+tQ1jnV9Tf8ek+rUv5vI/M5ArrSEqew7/P9wK+4NXYspRwZL1fDovG8h6th/D+VM yY++tDvE4F/K3RHqOiB3Gzm8FslAR6N1Ro9DcRFFxg5Ue3uXh2JX5T3qsU+724zZH4i/ X8eQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=t1ZTKnxNlJ21b8DnJVy3g2SCl09PIytM7iPDmSMLlyA=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=Btf1fFRrgZoN9wQqqaWdFv0kEWD5bjsA9PCRs7+GwZKeRe0N6AKEZgiwn4BQo647Hd kzN3OtEf4qx39V2EtxEo/jCKgxhti3zhx+XEVQrEJGMB60LVHVx1VAESwTAIi/1j0QL/ ZCrsexxOzkNlKbdgjMLzYvZhtUNWNlyfIQ3Ko/LF6Ntdee4kge2T1xDMmACy3ZyTF5w/ dceZjngGbcxO85hE2DEtKxIGZR1oUEJJCiDO2sYgc0g5WGsaRC/6RzU6g5a7WVKK1iO8 fARAPoQ4ZBdqCyLpViE3/mZQyD4ouq1iiBhlCq+6r4YReaS19M3wM+vsgKOZ8cPyrqRb 8DWg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="UV/uhjAY"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=FTA5zVUE; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=UweqFdhS; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=G4XGiEjT; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-43b63bd9f2fsi11861950fac.227.2026.05.26.16.19.35 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 16:19:36 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="UV/uhjAY"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=FTA5zVUE; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=UweqFdhS; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=G4XGiEjT; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=t1ZTKnxNlJ21b8DnJVy3g2SCl09PIytM7iPDmSMLlyA=; b=UV/uhjAYF2WaI1QrGltFFkW5Sf gdKXR4XX+5r4BZW72uETNEN7EbuYDGzirs+RMyfntm8Vj31MvmKBsnUh0+/gf5Y5OE9456mzrdLof DwrsDXsGVCdK+NkNuJeLnHDVQDVs7wZCV4DVYR27gN+zlOwbkDKpqQ7pAqVi3Z1p2kYY=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wS13Z-0002rj-VB; Tue, 26 May 2026 23:19:30 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wS13W-0002pt-RY for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=JHZVWxjay4RYYLB6BWpD0tHu23AweFOcnfRMIKrXRfY=; b=FTA5zVUEuqfHWJDc5dE/PjE6uK fdNCIWX05jAGjPqsg6F8r7t2OP8iNvplWSkWSz0bJapFgZqfMzIq5/WU06VdUVjKrX5S/8OXwsZS7 jOF3D55iaThc2iFwkE97lnHVQTdXDam+3mvYt3OmfsvMHWlMuBHoEJHWbweDkslXcxoU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=JHZVWxjay4RYYLB6BWpD0tHu23AweFOcnfRMIKrXRfY=; b=UweqFdhS1r/ZdoBuI3q1yPPuD6 g+emnjgDopW6Ga9b9eLLNqi+CxsVWk/ZpV8nTFloJqJfSjRLznno85KLA/ayoFoeHK9Sn78GA3Yr4 2RF9y6/llD6XK/SF/Qb81QVg6h0o42q4X2UzBfIjXtthpNlCSKLb0xhBCWWTnrUHIWmA=; Received: from mout-p-202.mailbox.org ([80.241.56.172]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wS13I-0000UG-MG for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:13 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4gQ7x03JKwz9tdV; Wed, 27 May 2026 01:19:00 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1779837540; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JHZVWxjay4RYYLB6BWpD0tHu23AweFOcnfRMIKrXRfY=; b=G4XGiEjTU+kpv5H4JFvnY9p7HVZ2m7aK92ue9PPZlgCB5SGT4LGOnIvFyaHQxQkUId5OJu E0LQWzFxla4Duk8K4pGf0nfvcGZE3WVUf/yry7gEza3BurhKGAbbOTw+bW40PMNRsDZWJg kFjVobOPRSAqUIOctldudWIBLfIzjHssz8X429xS08fJlVxc69NR1gbPfvvlPauQCyxIA+ pzSdVvucsRmEJlN2tN0gzFUp/+bUPuXEZsJkWnZEYL0VOaDjvUGoLQZEq15RX/iS8LWVI8 +IoHVXZGUyzAK5ERg9X1HSdHhsvIGm+yfztREF2c5HqNEW/OvMpXE9Fo0/E4TQ== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of a@unstable.cc designates 2001:67c:2050:b231:465::102 as permitted sender) smtp.mailfrom=a@unstable.cc From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 27 May 2026 01:18:49 +0200 Message-ID: <20260526231850.2511369-8-a@unstable.cc> In-Reply-To: <20260526231850.2511369-1-a@unstable.cc> References: <20260526231850.2511369-1-a@unstable.cc> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4gQ7x03JKwz9tdV X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli ovpn_mp_alloc() tried to disable SEND_REDIRECTS on a multipeer interface, but it runs from ovpn_net_init() (->ndo_init), which register_netdevice() invokes before the NETDEV_REGISTER notifier chain. T [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wS13I-0000UG-MG Subject: [Openvpn-devel] [PATCH ovpn net 8/9] ovpn: disable IPv4 redirects on MP interface after registration X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866294966113976790 X-GMAIL-MSGID: 1866294966113976790 From: Antonio Quartulli ovpn_mp_alloc() tried to disable SEND_REDIRECTS on a multipeer interface, but it runs from ovpn_net_init() (->ndo_init), which register_netdevice() invokes before the NETDEV_REGISTER notifier chain. The IPv4 in_device is only created when that notifier reaches inetdev_event() -> inetdev_init(), so __in_dev_get_rtnl() always returned NULL at ndo_init time and the whole redirect-disabling block (both the per-device and the per-netns IPV4_DEVCONF_ALL write) was dead. MP interfaces therefore kept emitting ICMP redirects. Move the redirect-disabling to ovpn_newlink(), right after a successful register_netdevice(): at that point the NETDEV_REGISTER notifier has run and the in_device exists, and RTNL is held by the newlink path so __in_dev_get_rtnl() is safe. A successful register_netdevice() guarantees the in_device was created (otherwise the notifier would have failed and registration rolled back), so the in_device check is now a real guard rather than dead code. The peer-table allocation stays in ovpn_mp_alloc()/->ndo_init, where it belongs (it does not depend on the in_device and is freed in ->ndo_uninit). Fixes: 05003b408c20 ("ovpn: implement multi-peer support") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/main.c | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/drivers/net/ovpn/main.c b/drivers/net/ovpn/main.c index 9993c1dfe471..a881510aaac0 100644 --- a/drivers/net/ovpn/main.c +++ b/drivers/net/ovpn/main.c @@ -35,25 +35,11 @@ static void ovpn_priv_free(struct net_device *net) static int ovpn_mp_alloc(struct ovpn_priv *ovpn) { - struct in_device *dev_v4; int i; if (ovpn->mode != OVPN_MODE_MP) return 0; - dev_v4 = __in_dev_get_rtnl(ovpn->dev); - if (dev_v4) { - /* disable redirects as Linux gets confused by ovpn - * handling same-LAN routing. - * This happens because a multipeer interface is used as - * relay point between hosts in the same subnet, while - * in a classic LAN this would not be needed because the - * two hosts would be able to talk directly. - */ - IN_DEV_CONF_SET(dev_v4, SEND_REDIRECTS, false); - IPV4_DEVCONF_ALL(dev_net(ovpn->dev), SEND_REDIRECTS) = false; - } - /* the peer container is fairly large, therefore we allocate it only in * MP mode */ @@ -183,6 +169,8 @@ static int ovpn_newlink(struct net_device *dev, struct ovpn_priv *ovpn = netdev_priv(dev); struct nlattr **data = params->data; enum ovpn_mode mode = OVPN_MODE_P2P; + struct in_device *dev_v4; + int ret; if (data && data[IFLA_OVPN_MODE]) { mode = nla_get_u8(data[IFLA_OVPN_MODE]); @@ -207,7 +195,30 @@ static int ovpn_newlink(struct net_device *dev, else netif_carrier_off(dev); - return register_netdevice(dev); + ret = register_netdevice(dev); + if (ret < 0) + return ret; + + /* The IPv4 in_device is created by the NETDEV_REGISTER notifier, which + * fires inside register_netdevice() above, so this cannot be done + * earlier (e.g. in ndo_init). RTNL is held by the newlink path. + */ + if (ovpn->mode == OVPN_MODE_MP) { + dev_v4 = __in_dev_get_rtnl(dev); + if (dev_v4) { + /* disable redirects as Linux gets confused by ovpn + * handling same-LAN routing. + * This happens because a multipeer interface is used as + * relay point between hosts in the same subnet, while + * in a classic LAN this would not be needed because the + * two hosts would be able to talk directly. + */ + IN_DEV_CONF_SET(dev_v4, SEND_REDIRECTS, false); + IPV4_DEVCONF_ALL(dev_net(dev), SEND_REDIRECTS) = false; + } + } + + return 0; } static int ovpn_fill_info(struct sk_buff *skb, const struct net_device *dev) From patchwork Tue May 26 23:18:50 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 4978 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:4ec9:b0:861:c897:cb9d with SMTP id i9csp36345mas; Tue, 26 May 2026 16:19:37 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ+qHLfQdLc+izs5/xxW1ba+PER733SCLn8n5QLhN8vmT0vENgq8ulnTyElxZXWUrX2R7C0H7OUUefg=@openvpn.net X-Received: by 2002:a05:6830:6a99:b0:7dc:e08d:d9ec with SMTP id 46e09a7af769-7e5fee9bb80mr14140493a34.15.1779837576895; Tue, 26 May 2026 16:19:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779837576; cv=none; d=google.com; s=arc-20240605; b=GEsrCpSXIxmKDtMvtc/zvynnwfh2yNCLWnYQbK2Md4/X/KH1GNe6BzkkUow8OR1vol dvLkS7/UflAs9PsgEEqevapaBKEjBy9zmuC+9YckjxuySow1+pWElqXpK7kxbj6EyaPU pKzvZm2JofCgy0loI68OEQNW9T6gDcmtPh+mR+EfTbW7Ct2euBjqLkiDhuAWhYpvmTxf mTK8RguRrFZPFXzr2pZn6UHW5HUP1ldq7jpJOX7WrKTxhW/KqUDr18JNl/tvAxdVzpG7 3MDFChzZfiv9+XzHmREuj0vxnZyBPfffNAVXy1XS9UjhmBss9F2C+hH8FICj507dSeGx dqJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=rUWQF8SNLD3wFAs7D7NWrVe1YnReAFzszAGiE/rgB48=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=T3yglP7om6rzfDSTE47udnfD66VU+k8gwJMpnEOnnwk4DVms8g75IG3HHHCCaVZBI3 2EK4TABkriA0f876huaQftVav7UpvXg53ljmNdkK4vDPyE2m/KR/pXF5ubNeq0lC0Q2b ROVbWuYjtBWGsrIjwuD2ToFQ1k83GTFYHNKTJotlYTP/XD00osHmP2kkcWlROAdS5uj/ qnUndiKbqepCnC3yvFK8dQzOo0PWn00K49FBkWQdcTIzOTCtKLbDo598v5RzZuNi7z/q r3hAqmYbaQiuUvxbqU67XH9erXclQFS8bZX1yxHiPUzRWcAyxoqls3uX/ObsJnl4WENo 8EBw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=VeTEe0BT; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=HvhZs60F; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=eymmkGIP; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=OtRg6AOp; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7e6066b0bc1si9481804a34.69.2026.05.26.16.19.36 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 16:19:36 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=VeTEe0BT; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=HvhZs60F; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=eymmkGIP; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=OtRg6AOp; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=rUWQF8SNLD3wFAs7D7NWrVe1YnReAFzszAGiE/rgB48=; b=VeTEe0BTksIrftzeh3DLTvdLvh yxjA+sxj+mPefYK3E+nhtFFCLo2eYh1BnveFJaWxkDtBBOyQ5P2wBnUUcwx9REs+O5YHqhkRk9CRO FeBJZ3/+o48XkJa48MHht093Phnu+P0IOzAdnQmCuftRBIYpSTlXY8ggoVeYsioYZlvg=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wS13a-0007Kg-81; Tue, 26 May 2026 23:19:30 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wS13X-0007K2-Do for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=oUrXqBhmSv6hUIjm7a15fhpW2j0ChPArt7p7zWguUEE=; b=HvhZs60FU17S2c42nQjwaT511x IyLH38ljvMTfP35NcMfNXp7jl/KFayb0zxkccw6ZrBHocz9SBj+uHitEq1GXaNn2T7O3xJwp/wu4H vLdxQDwsE2VoBM7uYB/EnkZchB1P38XswTuBeHxA6DlBshJyMTI3eywn8Un9AI6wrZAE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=oUrXqBhmSv6hUIjm7a15fhpW2j0ChPArt7p7zWguUEE=; b=eymmkGIPiPSA/qKOCkleg5FezI cSFb/k8s72wPnA2xL/u1sAIkOzQfbMtr0EagVptwzpLpxYM9RHSarGnrd+1A9YNVt4m6v+fmdryjz 31QL+DJTUwzfUv0JDxdY7ee0cYqm1gUcjjCvxXmsVDgnAuITcSvSgisEt2uB2Lj1YHi4=; Received: from mout-p-201.mailbox.org ([80.241.56.171]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wS13J-0000UV-A2 for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 23:19:15 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4gQ7x06trGz9smp; Wed, 27 May 2026 01:19:00 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1779837541; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oUrXqBhmSv6hUIjm7a15fhpW2j0ChPArt7p7zWguUEE=; b=OtRg6AOpKkFzWqoW1pQXdCq/aZ/m/Bei2aEOK6PRO1fqIB0KWmfyJ9tDJKOHP+sg3JkPo/ lDOliRBaXLLFKDM6PkDizoRXdYhei4yl8AF9Ga3/agkPIwKgy10n5c9ny5qdiSYWH58PAC OHZ20QtO25AQzMroAwOZ5qMWw9+WOOgdnV67oQir4EpZHVpVFcg/AcVADTxZpjhojD/TtP GFYoBz5/kUxoFnOkCBMaB+i80GR/JmVg8uwbIbdVG2hf/lEijKsqtdaGOKJ6jX1opoEWf5 3ZbLGKpYgdz5D0zYwLtZ9oZpx4TRBcz17flCBccRmlrcH+6rZKejCO0NdFwP6w== From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Wed, 27 May 2026 01:18:50 +0200 Message-ID: <20260526231850.2511369-9-a@unstable.cc> In-Reply-To: <20260526231850.2511369-1-a@unstable.cc> References: <20260526231850.2511369-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli Netlink calls may access TCP global vars (i.e. when attaching a TCP socket), therefore we need to make sure the latters are initialized beforehand. For this reason move the global TCP initialization at the top of the module init function. Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wS13J-0000UV-A2 Subject: [Openvpn-devel] [PATCH ovpn net 9/9] ovpn: ensure TCP vars are initialized first X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866294967176414258 X-GMAIL-MSGID: 1866294967176414258 From: Antonio Quartulli Netlink calls may access TCP global vars (i.e. when attaching a TCP socket), therefore we need to make sure the latters are initialized beforehand. For this reason move the global TCP initialization at the top of the module init function. Fixes: 11851cbd60ea ("ovpn: implement TCP transport") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/main.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/net/ovpn/main.c b/drivers/net/ovpn/main.c index a881510aaac0..0a88ca6bbf97 100644 --- a/drivers/net/ovpn/main.c +++ b/drivers/net/ovpn/main.c @@ -244,8 +244,14 @@ static struct rtnl_link_ops ovpn_link_ops = { static int __init ovpn_init(void) { - int err = rtnl_link_register(&ovpn_link_ops); + int err; + /* init TCP first so that any subsequent netlink operation + * is ensured to access initialized TCP global vars + */ + ovpn_tcp_init(); + + err = rtnl_link_register(&ovpn_link_ops); if (err) { pr_err("ovpn: can't register rtnl link ops: %d\n", err); return err; @@ -257,8 +263,6 @@ static int __init ovpn_init(void) goto unreg_rtnl; } - ovpn_tcp_init(); - return 0; unreg_rtnl: