From patchwork Mon Jun 8 13:32:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 5007 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:bc1d:b0:861:c897:cb9d with SMTP id jc29csp1885237mab; Mon, 8 Jun 2026 06:33:15 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ942smbGmMLzyvR8K44ZKL22sxrrRt7//p+zcmEQ4/RLioEulG44kgAp6ogfSa0FqtRaVMbpwNln0w=@openvpn.net X-Received: by 2002:a05:6820:4b11:b0:69d:9c7d:3346 with SMTP id 006d021491bc7-69e68b08159mr10242783eaf.12.1780925595033; Mon, 08 Jun 2026 06:33:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780925595; cv=none; d=google.com; s=arc-20240605; b=QUM0N+8YsmoNDuPPvpHbVJIhlIeR18M44f+v7gUhVM1gKhlnHbSz5ItwQgolU/4ZQh T44HaTVuPTXU+5mmORJhk+8Vg8rHFIiaA06Jo53jJg1tcjmKguzyxo9YE3/iLZIGc7wS YzEe0z7QlMnbVNKmkYt91NmDJT5FeiUiPr1daPXU1D90VRDuvg7o9M+L9DTDAmfovpDm yckxDUS/AqoU75er5+fSOR4dZC51l5yr92hgi0NOcloy+XtDmZ3Ol5tJvlXfT4twY6vm 6euzxgLqycdmfv4VKXXik1I4jJ/y2jfZY/dDN9viOJBk4+NCRpLU/Pj9bsqi5R5fU4qU G/lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=vn4viwc/0Tqzk0OoUT3NnJBO4GNt2S1sYq1MQW4R8Yk=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=jliaiYAnC8z4zF2IDkI1NWUMXdUwfCZV8f59COP9h9yOzmXZ3kWrcyDS7b406ju41r rXWzbt1SM9h3LoTlVl5apZ2xqjcG/K78/WxWnjyefTD0KXAa3TCYDad7+wdxeYJ86LID YrFIVt6x39qc7sp/ZnL+TZQddCXBb0un6Cbs6acSGWCzh/TAm01FD0efcGXRmKrB78xi Itrf9pH++3z5zxLceB2TK/qdcNBXpfqz43s4C+i3IZPocPAGRvsxZbMyouYXUZ4b4au/ ygojUeoxkzVFzuZPkLukjr7UJ/q8QZ6KrS29B9khnAVcvlOCtHJuYu/Yk8N1KCu4hzqh CdFw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=XSX7l0ON; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Utif1IO+; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=CTI45MhQ; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=lV+ogMWy; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-440d7d55965si13583607fac.96.2026.06.08.06.33.14 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jun 2026 06:33:15 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=XSX7l0ON; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Utif1IO+; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=CTI45MhQ; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=lV+ogMWy; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=vn4viwc/0Tqzk0OoUT3NnJBO4GNt2S1sYq1MQW4R8Yk=; b=XSX7l0ONBfmKK1zZ694gm5II2I qFY5nklaLMVyEQWtA/ZhC/ta6mxThEm0KjPImftFV4ZL0cm7SnRRv2oczkbr6V1kl+1N0imzZoaoA kb0NurVHdohuCQZiAc0iZrObu6X04MIvUuA5Y7uqlBqKxb+P27eVYeQ7U8elef5zBFf4=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wWa6J-0003Nl-Pt; Mon, 08 Jun 2026 13:33:11 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wWa6F-0003NY-Vc for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=O6uhFSCLn6gPVmdgAqz3n18pmxhhZhxRv1J3dHbdJrg=; b=Utif1IO+eUAfSEN7ijzsuPUchX qM5rzpH7PoQC1vYg3PwIU2dd8ocuAAinbDzwjk3yR1TdNwFN/q3JlteBjFLB86yUDIZV+R8jrl56f iaNKRahxhIpUq/1Pf9HPY6dJLHWc2s92ler2kTpqJFwlZiSQW74Bec59lNlurEe43PAA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=O6uhFSCLn6gPVmdgAqz3n18pmxhhZhxRv1J3dHbdJrg=; b=C TI45MhQUE3Zwuab2+wARg5moAXO8U+ibMb5x/R7PzpSlbP4jVcHlp2bgOG7vSGuyZ0zQlSCzetw2W uj5l/8CY77t5x0/urLuUqIWWTPoOa01R5r8WBTGftTvtQ/X/lz1oZZ+g1Y/9vPpDkCqzU4m35uFDR 4jY9/kV0+xI0PgzU=; Received: from mout-p-201.mailbox.org ([80.241.56.171]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wWa6D-0004wP-VJ for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:07 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4gYtJj3x2xz9txr; Mon, 8 Jun 2026 15:32:53 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1780925573; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=O6uhFSCLn6gPVmdgAqz3n18pmxhhZhxRv1J3dHbdJrg=; b=lV+ogMWynrhGm1WuX8dgnenik6NaHTZ4+eqyevD+7RNjkCrVwKLXRmtxgmdnRQrG6s3s7c y3yV5SENt0CKBcfgLnxGDFLQmVwNsnSU0cvKXd0iR9FwxQd4OzWFa1WURXnJ6rZqg8jDb+ aFNwiDqjB3+QUIMX0WVrPSSvITjqBAnMPty9i9WmuBJiiEL+xbq3gw63vk6FNSb7NR+WEd Ad5OUyME2WH0Xd7SqlOR9hYPby5xFl10lvwg3P6hBHvqXZZY6O54crzPHHICBmkVvBH2Sr jcuwpGYzCRcSQxGkcYsZcKtEXjVha+amEOJFVitPJLbzN/geOiU/p8JFK608qA== From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Jun 2026 15:32:43 +0200 Message-ID: <20260608133251.3128542-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli ovpn_nl_peer_set_doit() resolves the target peer via ovpn_peer_get_by_id() before taking ovpn->lock. In the window between the lookup (which only takes a refcount) and the subsequent spin_lock_bh(&ovp [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wWa6D-0004wP-VJ Subject: [Openvpn-devel] [PATCH ovpn net v2 1/9] ovpn: skip rehash for peers already removed from by_id X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1867435836524636748 X-GMAIL-MSGID: 1867435836524636748 From: Antonio Quartulli ovpn_nl_peer_set_doit() resolves the target peer via ovpn_peer_get_by_id() before taking ovpn->lock. In the window between the lookup (which only takes a refcount) and the subsequent spin_lock_bh(&ovpn->lock), a concurrent OVPN_CMD_PEER_DEL, keepalive expiry, or socket teardown can take ovpn->lock first, run ovpn_peer_remove() to unhash the peer from all four tables (by_id, by_vpn_addr4/6, by_transp_addr) and release the lock. set_doit then acquires ovpn->lock and calls ovpn_peer_hash_vpn_ip(), which re-inserts the now-removed peer back into the rehashing tables. The same race affects the float path: ovpn_peer_endpoints_update() holds only a refcount and acquires ovpn->lock very late (after async AEAD decrypt and a netlink notification), then rehashes the peer in the by_transp_addr table. The resurrected peer becomes reachable again from the RX lookup (ovpn_peer_get_by_transp_addr) and the TX VPN-IP lookup, even though userspace believes it is gone. Once the data-path refcount drops the peer is freed via call_rcu while the hash entries embedded in it remain linked, opening a UAF window. Bail out of the rehash when hash_entry_id is unhashed, mirroring the sentinel already used by ovpn_peer_remove() to detect the already-removed state. The check is safe under ovpn->lock, which serializes every mutation of hash_entry_id, and is a no-op for the add path because ovpn_peer_add_mp() inserts hash_entry_id before calling ovpn_peer_hash_vpn_ip(). Fixes: 1d36a36f6d53 ("ovpn: implement peer add/get/dump/delete via netlink") Signed-off-by: Antonio Quartulli --- Changes since v1: * simplified flow in ovpn_peer_endpoints_update() and introduced new unlock2 label --- drivers/net/ovpn/peer.c | 73 ++++++++++++++++++++++++----------------- 1 file changed, 43 insertions(+), 30 deletions(-) diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index a09d61296425..c855435edc46 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -296,40 +296,46 @@ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) /* rehashing is required only in MP mode as P2P has one peer * only and thus there is no hashtable */ - if (peer->ovpn->mode == OVPN_MODE_MP) { - spin_lock_bh(&peer->ovpn->lock); - spin_lock_bh(&peer->lock); - bind = rcu_dereference_protected(peer->bind, - lockdep_is_held(&peer->lock)); - if (unlikely(!bind)) { - spin_unlock_bh(&peer->lock); - spin_unlock_bh(&peer->ovpn->lock); - return; - } + if (peer->ovpn->mode != OVPN_MODE_MP) + return; - /* This function may be invoked concurrently, therefore another - * float may have happened in parallel: perform rehashing - * using the peer->bind->remote directly as key - */ + spin_lock_bh(&peer->ovpn->lock); + spin_lock_bh(&peer->lock); + bind = rcu_dereference_protected(peer->bind, + lockdep_is_held(&peer->lock)); + if (unlikely(!bind)) + goto unlock2; - switch (bind->remote.in4.sin_family) { - case AF_INET: - salen = sizeof(*sa); - break; - case AF_INET6: - salen = sizeof(*sa6); - break; - } + /* peer may have been concurrently removed between the caller's + * initial lookup and our acquisition of ovpn->lock; skip the + * rehash so we don't re-insert a removed peer + */ + if (unlikely(hlist_unhashed(&peer->hash_entry_id))) + goto unlock2; - /* remove old hashing */ - hlist_nulls_del_init_rcu(&peer->hash_entry_transp_addr); - /* re-add with new transport address */ - nhead = ovpn_get_hash_head(peer->ovpn->peers->by_transp_addr, - &bind->remote, salen); - hlist_nulls_add_head_rcu(&peer->hash_entry_transp_addr, nhead); - spin_unlock_bh(&peer->lock); - spin_unlock_bh(&peer->ovpn->lock); + /* This function may be invoked concurrently, therefore another + * float may have happened in parallel: perform rehashing + * using the peer->bind->remote directly as key + */ + + switch (bind->remote.in4.sin_family) { + case AF_INET: + salen = sizeof(*sa); + break; + case AF_INET6: + salen = sizeof(*sa6); + break; } + + /* remove old hashing */ + hlist_nulls_del_init_rcu(&peer->hash_entry_transp_addr); + /* re-add with new transport address */ + nhead = ovpn_get_hash_head(peer->ovpn->peers->by_transp_addr, + &bind->remote, salen); + hlist_nulls_add_head_rcu(&peer->hash_entry_transp_addr, nhead); +unlock2: + spin_unlock_bh(&peer->lock); + spin_unlock_bh(&peer->ovpn->lock); return; unlock: spin_unlock_bh(&peer->lock); @@ -905,6 +911,13 @@ void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer) if (peer->ovpn->mode != OVPN_MODE_MP) return; + /* peer may have been concurrently removed between the caller's + * initial lookup and our acquisition of ovpn->lock; skip the + * rehash so we don't re-insert a removed peer + */ + if (hlist_unhashed(&peer->hash_entry_id)) + return; + if (peer->vpn_addrs.ipv4.s_addr != htonl(INADDR_ANY)) { /* remove potential old hashing */ hlist_nulls_del_init_rcu(&peer->hash_entry_addr4); From patchwork Mon Jun 8 13:32:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 5008 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:bc1d:b0:861:c897:cb9d with SMTP id jc29csp1885250mab; Mon, 8 Jun 2026 06:33:16 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ+EHbzuWOn5ftWTsauRF4C4dGsAAnSCfygXp5Kl374URzYnoJC5p9ukbnWlI8Jup5aSFx77/axrVAs=@openvpn.net X-Received: by 2002:a05:6808:11cb:b0:467:de0e:feb6 with SMTP id 5614622812f47-4868dc583f1mr9326178b6e.11.1780925595796; Mon, 08 Jun 2026 06:33:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780925595; cv=none; d=google.com; s=arc-20240605; b=XMn0GEtcDDstCSWZOfqKQo73lGy6mr3mjGp5ryxELS3oAfQDcSInNnjbYBa00qUn0r XapbTX+2pc6NZfC5a4PhmVzQX/C1A+KIdCUItY6GPH6F1GpKJRMng4I9CKYrjP15bVTf APN8EyGBdKa4k7C6rAyESD/1m6oXBJdxOua7NcQZoDSo90pueUOSJ2chggyiFuJP78QI T+B4DJUvErPs0RoeH8RKmieIPLesZiWllF4oduQai3HgbWfXJupS5LeBtdqDiO1WqF7V 4AUSq+VI6LPmgbDi70TYtbvg05+G4rBdLyUTqqEg5BemeXYdlZ2pLOHapcN1l8/vP1ny vbkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=Fjaj2rj24HCZIOnmm5K2Riryp9SkPLoKHuaI6a5kIws=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=U5wCwoOgzigX9kGoOTdOiuKIr7O8WdVMop9vq2fmhf48ySdf5MiPKS6xAVUekwtexV mPl3cZST90vxVfbVG+JMzwjPkfY38KDxAps9JQ911OTEd9f6MnbRoRuDyeM/7sraIuS+ xiTC29INBAwZb7jos5xjfpWZN4co0ifx0XHk0xerw0CPaAVf0hadGzuVXxkyihsL/gzc hdGoMzdBNTHkvpFxuTGxqLakFgikWCW0GGtwObLLzahoznhHJ/z65WPGmUA1V8w/87wF VMim7/0YywpsucjJKnWH1kxU5BUXNf8xWznKwLCNCDAsVAWM+m/jDVovhe2JAusxqUlO 8ROQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=PKvU9YqZ; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=XJouYnB9; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=G3Cv+md+; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=Z9aa9WRj; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-4865b57d5fcsi10726870b6e.29.2026.06.08.06.33.15 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jun 2026 06:33:15 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=PKvU9YqZ; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=XJouYnB9; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=G3Cv+md+; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=Z9aa9WRj; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Fjaj2rj24HCZIOnmm5K2Riryp9SkPLoKHuaI6a5kIws=; b=PKvU9YqZyF1zK3OcVa5EFxrxod VCNQf833Ow5MaoXh1l5bmd4K6kg6tYvvuEjWo53c/CiMMhQyCJeb8hLzB+HQdBOTk6pg614YyROR/ wQIuLXwePFjcRp5nrypoh4ohTQqokwl2qYIrLeCX5x9e2vLJQB0lDBz83tqQt+8NLJdo=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wWa6K-0006fa-0O; Mon, 08 Jun 2026 13:33:12 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wWa6G-0006f5-Hx for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=LC1OcW4uzqmWyCMHh8c6rBOaJeE6JLSJnnByoj4L1r8=; b=XJouYnB9WShXP9tYHisyyv264n G98FYVnoVBos5cadRGavnGpLzKrWAj0ggv0VZyNriL3s0eAKU/nUq2xahI4zYL/XbQvgn8rR4gwrV XhyZ4zXRWF4ZVWscGZJEBjEuGxcVjV+xdnH49OOTlw6dgcuftv2GKVA91fLzHSgVfuUg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=LC1OcW4uzqmWyCMHh8c6rBOaJeE6JLSJnnByoj4L1r8=; b=G3Cv+md+sxLBDMaQRMoTN5E55B C+kG0u40w5zm2nVBqpliRd8OlLGO9ok4fs64N8rGORy77qKSmeGW2ni8T5nPa6CT3bct1+6Y0BpEz v4ngjP/k853L8bbZsJy/sjtR03D7HfaSO3eBNTSDCLTZDJxJZyl/xMlevnz1o4q2yVV8=; Received: from mout-p-101.mailbox.org ([80.241.56.151]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wWa6F-0004wT-4o for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:09 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4gYtJk6SFJz9sSR; Mon, 8 Jun 2026 15:32:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1780925574; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LC1OcW4uzqmWyCMHh8c6rBOaJeE6JLSJnnByoj4L1r8=; b=Z9aa9WRjsavDgz6cwJrQ+kek4LxpzCTtRgCEf/sBMWPchaKKJuMjs/lV38ijW9+CpVpKZv Qj5pahlzkybLPTZshG8l3JwNQ1ChfqV+H8PVuKVJ9xDUlDLX3CGMS/vu11DQJledkS/Tji j/aCwkfoeTQUIyQ6jF/L3aX164lZ3AhHnGG4NlyMt9tyylbUg0xE1uugTaRQ/G9FZl4QxU xPgOgWi4W6dR31DCVdM7eQt1SQ9chqaT2yY0e8LnQJMDYngBC0flMPmguQbD2Ckv/aQ0rD nKnqZfuZCrLGZOkSMdllMzV2sOIHUZR20e+BxiNT3dd9Gb53ANcsK9JjFVj3cg== From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Jun 2026 15:32:44 +0200 Message-ID: <20260608133251.3128542-2-a@unstable.cc> In-Reply-To: <20260608133251.3128542-1-a@unstable.cc> References: <20260608133251.3128542-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli When userspace updates a peer's remote endpoint via OVPN_CMD_PEER_SET, ovpn_nl_peer_modify() installs a new ovpn_bind through ovpn_peer_reset_sockaddr(), but ovpn_nl_peer_set_doit() only calls ovpn_pe [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wWa6F-0004wT-4o Subject: [Openvpn-devel] [PATCH ovpn net v2 2/9] ovpn: rehash peer in by_transp_addr table on CMD_PEER_SET X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1867435837792613169 X-GMAIL-MSGID: 1867435837792613169 From: Antonio Quartulli When userspace updates a peer's remote endpoint via OVPN_CMD_PEER_SET, ovpn_nl_peer_modify() installs a new ovpn_bind through ovpn_peer_reset_sockaddr(), but ovpn_nl_peer_set_doit() only calls ovpn_peer_hash_vpn_ip() to refresh the VPN-IP hashtables. The peer is left in the bucket of peers->by_transp_addr corresponding to its old remote address. As a consequence, datagrams arriving at the UDP RX path from the newly configured remote hash to a different slot and the lockless lookup in ovpn_peer_get_by_transp_addr() (called from ovpn_udp_encap_recv()) does not find the peer, until either a float event or a peer re-add fixes the bucket. Introduce ovpn_peer_hash_transp_addr() (modeled after ovpn_peer_hash_vpn_ip()) and invoke it from ovpn_nl_peer_set_doit() whenever the request carried a new remote address. The helper bails out in P2P mode and on peers without a bind (TCP), and relies on hlist_nulls_del_init_rcu()'s pprev==NULL short-circuit to handle the case of an entry not currently linked in the table. Fixes: 1d36a36f6d53 ("ovpn: implement peer add/get/dump/delete via netlink") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/netlink.c | 6 +++ drivers/net/ovpn/peer.c | 102 +++++++++++++++++++++++++------------ drivers/net/ovpn/peer.h | 1 + 3 files changed, 77 insertions(+), 32 deletions(-) diff --git a/drivers/net/ovpn/netlink.c b/drivers/net/ovpn/netlink.c index 4c66c1ec497e..4dad85294198 100644 --- a/drivers/net/ovpn/netlink.c +++ b/drivers/net/ovpn/netlink.c @@ -534,6 +534,12 @@ int ovpn_nl_peer_set_doit(struct sk_buff *skb, struct genl_info *info) */ if (ret > 0) ovpn_peer_hash_vpn_ip(peer); + /* if the remote endpoint was updated, the by_transp_addr hash bucket + * also needs to be refreshed, otherwise incoming packets from the new + * remote address would fail the lockless lookup + */ + if (attrs[OVPN_A_PEER_REMOTE_IPV4] || attrs[OVPN_A_PEER_REMOTE_IPV6]) + ovpn_peer_hash_transp_addr(peer); spin_unlock_bh(&ovpn->lock); ovpn_peer_put(peer); diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index c855435edc46..1a45e4983c55 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -188,6 +188,9 @@ int ovpn_peer_reset_sockaddr(struct ovpn_peer *peer, &(*__tbl1)[ovpn_get_hash_slot(*__tbl1, _key, _key_len)];\ }) +static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, + const struct ovpn_bind *bind); + /** * ovpn_peer_endpoints_update - update remote or local endpoint for peer * @peer: peer to update the remote endpoint for @@ -195,7 +198,6 @@ int ovpn_peer_reset_sockaddr(struct ovpn_peer *peer, */ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) { - struct hlist_nulls_head *nhead; struct sockaddr_storage ss; struct sockaddr_in6 *sa6; bool reset_cache = false; @@ -294,46 +296,22 @@ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) ovpn_nl_peer_float_notify(peer, &ss); /* rehashing is required only in MP mode as P2P has one peer - * only and thus there is no hashtable + * only and thus there is no hashtable. + * + * This function may be invoked concurrently, so re-read peer->bind + * under the proper locks and rehash against its current value. */ if (peer->ovpn->mode != OVPN_MODE_MP) return; - spin_lock_bh(&peer->ovpn->lock); - spin_lock_bh(&peer->lock); - bind = rcu_dereference_protected(peer->bind, - lockdep_is_held(&peer->lock)); - if (unlikely(!bind)) - goto unlock2; - - /* peer may have been concurrently removed between the caller's - * initial lookup and our acquisition of ovpn->lock; skip the - * rehash so we don't re-insert a removed peer - */ - if (unlikely(hlist_unhashed(&peer->hash_entry_id))) - goto unlock2; - /* This function may be invoked concurrently, therefore another * float may have happened in parallel: perform rehashing * using the peer->bind->remote directly as key */ - switch (bind->remote.in4.sin_family) { - case AF_INET: - salen = sizeof(*sa); - break; - case AF_INET6: - salen = sizeof(*sa6); - break; - } - - /* remove old hashing */ - hlist_nulls_del_init_rcu(&peer->hash_entry_transp_addr); - /* re-add with new transport address */ - nhead = ovpn_get_hash_head(peer->ovpn->peers->by_transp_addr, - &bind->remote, salen); - hlist_nulls_add_head_rcu(&peer->hash_entry_transp_addr, nhead); -unlock2: + bind = rcu_dereference_protected(peer->bind, + lockdep_is_held(&peer->lock)); + __ovpn_peer_hash_transp_addr(peer, bind); spin_unlock_bh(&peer->lock); spin_unlock_bh(&peer->ovpn->lock); return; @@ -901,6 +879,66 @@ bool ovpn_peer_check_by_src(struct ovpn_priv *ovpn, struct sk_buff *skb, return match; } +/* Move @peer to the by_transp_addr bucket matching its current bind. + * + * Caller must hold both peer->ovpn->lock and peer->lock, and must have + * already dereferenced a valid (non-NULL) peer->bind, passed in as @bind. + */ +static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, + const struct ovpn_bind *bind) +{ + struct hlist_nulls_head *nhead; + size_t salen; + + lockdep_assert_held(&peer->ovpn->lock); + lockdep_assert_held(&peer->lock); + + if (WARN_ON_ONCE(!bind)) + return; + + /* peer may have been concurrently removed between the caller's + * initial lookup and our acquisition of ovpn->lock; skip the + * rehash so we don't re-insert a removed peer + */ + if (unlikely(hlist_unhashed(&peer->hash_entry_id))) + return; + + switch (bind->remote.in4.sin_family) { + case AF_INET: + salen = sizeof(struct sockaddr_in); + break; + case AF_INET6: + salen = sizeof(struct sockaddr_in6); + break; + default: + return; + } + + /* remove old hashing (no-op if entry is not currently linked) */ + hlist_nulls_del_init_rcu(&peer->hash_entry_transp_addr); + /* re-add with current transport address */ + nhead = ovpn_get_hash_head(peer->ovpn->peers->by_transp_addr, + &bind->remote, salen); + hlist_nulls_add_head_rcu(&peer->hash_entry_transp_addr, nhead); +} + +void ovpn_peer_hash_transp_addr(struct ovpn_peer *peer) +{ + struct ovpn_bind *bind; + + lockdep_assert_held(&peer->ovpn->lock); + + /* rehashing makes sense only in multipeer mode */ + if (peer->ovpn->mode != OVPN_MODE_MP) + return; + + spin_lock_bh(&peer->lock); + bind = rcu_dereference_protected(peer->bind, + lockdep_is_held(&peer->lock)); + __ovpn_peer_hash_transp_addr(peer, bind); + spin_unlock_bh(&peer->lock); +} + void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer) { struct hlist_nulls_head *nhead; diff --git a/drivers/net/ovpn/peer.h b/drivers/net/ovpn/peer.h index 86c8cffada6d..dfa5c0037e02 100644 --- a/drivers/net/ovpn/peer.h +++ b/drivers/net/ovpn/peer.h @@ -150,6 +150,7 @@ struct ovpn_peer *ovpn_peer_get_by_id(struct ovpn_priv *ovpn, u32 peer_id); struct ovpn_peer *ovpn_peer_get_by_dst(struct ovpn_priv *ovpn, struct sk_buff *skb); void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer); +void ovpn_peer_hash_transp_addr(struct ovpn_peer *peer); bool ovpn_peer_check_by_src(struct ovpn_priv *ovpn, struct sk_buff *skb, struct ovpn_peer *peer); From patchwork Mon Jun 8 13:32:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 5006 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:bc1d:b0:861:c897:cb9d with SMTP id jc29csp1885214mab; Mon, 8 Jun 2026 06:33:14 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ/dyKOzNw6Xf/xMdk7BjeGKZnABxkeE2Xw12gfC8eX4xub3hqW/Lq25UUuGSCQvMy9BmBpEj0k+hZ4=@openvpn.net X-Received: by 2002:a05:6808:bce:b0:486:4074:7af0 with SMTP id 5614622812f47-4868deb1ec2mr10075887b6e.41.1780925593888; Mon, 08 Jun 2026 06:33:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780925593; cv=none; d=google.com; s=arc-20240605; b=L7k3ypGGaIFLkLLR0o3GK3WETGL2ZnLrR6LZlUGNRlYKK/dgziCWAJLQG2VI0cM/51 4uivK4lYxhXmuIXKZueP7MBkbKdax5Be/K1rCiuA3RLlwUodTYG+OHffJ0aFlLLnk/TQ YRgIQIlqN35SBKG6oWsFAJXWnJtUPYLQ58e11bSC4e26OMSW+/COCn2Cxn78p3vmZmBl Z5Ed+PlsmG4TmVnzLUpE7ipKEdc+6rPCvgVXmxYMHI2AzVXMfJWvucPcLtRo88BxZZB+ CbemPEN5B/XT8/GEOqdT9cgNl/zpKbHGVPhAK/PWyg0vZnKvPJlfPz1c+gvPYvFyikcE e/0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=SQifZbrjxzEtXs/dw1YTljRvcwU+R7L8Ctn8D4cG0Is=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=ZwUfeSEta+FDwalr0zHHCA+cR3CXx/tes90N6WZD2LUTagFgW1sWYyUMfvfj2fVGYV OyYU3AbTnhCklHOiRBO8FoNN/APL8BWLZ5MDYWxTSSIYd4mmurrmI8y1X91zHiHW2o7y x0duVzdUDBDH9P3e3/jCe+ejj/5eJ2UyMzt5OzCUVxIn9a38zunY41e5/ZGokHk8G4/Q AA/pIXa9PZ1k7v13x+YdM9y8RT5PaXETRezJKZTnZ9gmlOyUleG+15wrrBQ+o41gsZDM Yxin0chGPA6wUekY4VLp3DNFBNVEFOUi4TyVbOOuOG2/qS1mO4azd8Ni/aYO1eA1Vdp2 OgPw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=VK+fgHuk; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=jtbLLeL5; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=OKWMlPDQ; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=UbrKHaMO; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-4865b536b9bsi10799543b6e.23.2026.06.08.06.33.13 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jun 2026 06:33:13 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=VK+fgHuk; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=jtbLLeL5; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=OKWMlPDQ; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=UbrKHaMO; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=SQifZbrjxzEtXs/dw1YTljRvcwU+R7L8Ctn8D4cG0Is=; b=VK+fgHuk0Po2vjuwhMOQJK7UDY jMX/LKyxFHkNdFVjNDj3RVFylKxZE4KRL2QA25xc5f3/fGUidvTjopSD9D2M+GMm+rtEMphvsStBx 5fTZumIgvVA+/1esYFz3nzcGd+N0MIW/UK3+EZQHdgPAwpM+Y4TXas3p8CT128TJEh5g=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wWa6E-0006ep-Ll; Mon, 08 Jun 2026 13:33:07 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wWa6D-0006ec-3B for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=oIGKp2Z6dzbcvAJdZvV5UEDEjRV1SiIZ/H4tTP/fwlE=; b=jtbLLeL5R3+IkEstqrVpuRYJY8 MlkQWyRHqq5e74inGaVJ9XX3yraKyx/p+EPFOcpjAYNSG/SCpq8UniP9EOdlsDQkQzENt7qyu5HPS 7m0pwHwq00JjSALR2WAwF9IGMv/X94iWioukZJomeiqKlanIOyrkFZJrybsTiS52vrAE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=oIGKp2Z6dzbcvAJdZvV5UEDEjRV1SiIZ/H4tTP/fwlE=; b=OKWMlPDQPN/JP0XoLUHXYD1H7C Cdg0IkSWIiZ3Xlci5+BcSNUK9eb8kBDLUoUcZCm+Xty+l3NL/W7MRanxNDGTlvMdJXN8QoB3E6ROx iGm6gMNgPNxkzHZrRp3RC/vcll6svNMolWZsgmv/kniqlLrG/Og9g3ySXvulk4P7C0dc=; Received: from mout-p-101.mailbox.org ([80.241.56.151]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wWa6B-0004wL-T8 for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:05 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4gYtJm3PHfz9tYW; Mon, 8 Jun 2026 15:32:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1780925576; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oIGKp2Z6dzbcvAJdZvV5UEDEjRV1SiIZ/H4tTP/fwlE=; b=UbrKHaMOgRiD8GoedIvGas3y6j4Fza61ykuB/4Ts/4sXb0uQXRpneELNuoPje0hIR4kqYp l7DODerZbVKZyXLOuZ8NF91q7vIYH3wecA24jDs6tkOpQFGl1JXB2Cxpvc2mGgaiCrHG8b 4PIsvNw/w3tfLD9dEacGcVRY9/zWWME2HhlyDCMIDcUVxfm2/3JUH9vtjfxIbVMB6GVEz1 OGdy5vjnaiYJw1Wxq1sXvTkDLs98Ji2tvGLP91efFX5a5jQYhw/k0Mw1G5stre+m7HW62H 3h9I3XqdjlYq3YZpZ8enAce35k5gge+CehWZbynuC+UdSm7Mc6lqvWU78OdR4g== From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Jun 2026 15:32:45 +0200 Message-ID: <20260608133251.3128542-3-a@unstable.cc> In-Reply-To: <20260608133251.3128542-1-a@unstable.cc> References: <20260608133251.3128542-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli The cached local source address bind->local is updated in place on a live, RCU-published ovpn_bind while holding peer->lock: the UDP output error paths reset it (ovpn_udp4_output()/ovpn_udp6_output()) [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wWa6B-0004wL-T8 Subject: [Openvpn-devel] [PATCH ovpn net v2 3/9] ovpn: fix data race reading cached local endpoint on TX path X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1867435835325869781 X-GMAIL-MSGID: 1867435835325869781 From: Antonio Quartulli The cached local source address bind->local is updated in place on a live, RCU-published ovpn_bind while holding peer->lock: the UDP output error paths reset it (ovpn_udp4_output()/ovpn_udp6_output()) and the RX float path learns it (ovpn_peer_endpoints_update()). The UDP TX fast path and the netlink dump, however, read bind->local holding only rcu_read_lock(), never peer->lock. For bind->local.ipv6 this is a torn read: struct in6_addr is 128 bit and is copied as multiple words, so a concurrent in-place update can make a reader observe a mix of the old and new address. The mangled source address then feeds ip6_dst_lookup_flow() and udp_tunnel6_xmit_skb(). For bind->local.ipv4 (a single aligned word) it is a data race without tearing. A spinlock on the per-packet TX path is not acceptable, and READ_ONCE()/WRITE_ONCE() cannot atomically access the 128-bit IPv6 address (the >8-byte access is rejected at build time and per-word accesses still can't yield a consistent snapshot). Serialize the IPv6 field with a per-peer seqcount_spinlock_t tied to the existing peer->lock: the in-place writers (already under peer->lock) bump it, and readers take a lock-free read_seqcount_begin()/retry() snapshot via the new ovpn_peer_local_ipv6() helper. The single-word IPv4 field is handled with plain READ_ONCE()/WRITE_ONCE(). bind->remote is untouched: it is immutable for a given bind object (only swapped via whole-bind RCU replacement), so reading it locklessly remains safe. Fixes: 08857b5ec5d9 ("ovpn: implement basic TX path (UDP)") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/netlink.c | 13 +++++++++++-- drivers/net/ovpn/peer.c | 26 +++++++++++++++++++++++++- drivers/net/ovpn/peer.h | 6 ++++++ drivers/net/ovpn/udp.c | 17 +++++++++++++---- 4 files changed, 55 insertions(+), 7 deletions(-) diff --git a/drivers/net/ovpn/netlink.c b/drivers/net/ovpn/netlink.c index 4dad85294198..8e21fa3e7822 100644 --- a/drivers/net/ovpn/netlink.c +++ b/drivers/net/ovpn/netlink.c @@ -610,14 +610,23 @@ static int ovpn_nl_send_peer(struct sk_buff *skb, const struct genl_info *info, bind = rcu_dereference(peer->bind); if (bind) { if (bind->remote.in4.sin_family == AF_INET) { + /* bind->local is updated in place under peer->lock; + * READ_ONCE() pairs with the WRITE_ONCE() updaters + */ if (nla_put_in_addr(skb, OVPN_A_PEER_REMOTE_IPV4, bind->remote.in4.sin_addr.s_addr) || nla_put_net16(skb, OVPN_A_PEER_REMOTE_PORT, bind->remote.in4.sin_port) || nla_put_in_addr(skb, OVPN_A_PEER_LOCAL_IPV4, - bind->local.ipv4.s_addr)) + READ_ONCE(bind->local.ipv4.s_addr))) goto err_unlock; } else if (bind->remote.in4.sin_family == AF_INET6) { + struct in6_addr local_ipv6; + + /* read the 128-bit local address under the peer + * seqcount to avoid a torn read + */ + ovpn_peer_local_ipv6(peer, bind, &local_ipv6); if (nla_put_in6_addr(skb, OVPN_A_PEER_REMOTE_IPV6, &bind->remote.in6.sin6_addr) || nla_put_u32(skb, OVPN_A_PEER_REMOTE_IPV6_SCOPE_ID, @@ -625,7 +634,7 @@ static int ovpn_nl_send_peer(struct sk_buff *skb, const struct genl_info *info, nla_put_net16(skb, OVPN_A_PEER_REMOTE_PORT, bind->remote.in6.sin6_port) || nla_put_in6_addr(skb, OVPN_A_PEER_LOCAL_IPV6, - &bind->local.ipv6)) + &local_ipv6)) goto err_unlock; } } diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index 1a45e4983c55..ee88251f2196 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -112,6 +112,7 @@ struct ovpn_peer *ovpn_peer_new(struct ovpn_priv *ovpn, u32 id) RCU_INIT_POINTER(peer->bind, NULL); ovpn_crypto_state_init(&peer->crypto); spin_lock_init(&peer->lock); + seqcount_spinlock_init(&peer->bind_local_seq, &peer->lock); kref_init(&peer->refcount); ovpn_peer_stats_init(&peer->vpn_stats); ovpn_peer_stats_init(&peer->link_stats); @@ -175,6 +176,27 @@ int ovpn_peer_reset_sockaddr(struct ovpn_peer *peer, return 0; } +/** + * ovpn_peer_local_ipv6 - read the cached local IPv6 endpoint of a peer + * @peer: the peer owning the binding + * @bind: the binding to read the local address from + * @dst: where the local IPv6 address is copied to + * + * bind->local is updated in place under peer->lock (TX error path and RX + * float path). Read the 128-bit address under the peer seqcount so that + * lockless readers never observe a torn value. + */ +void ovpn_peer_local_ipv6(const struct ovpn_peer *peer, + const struct ovpn_bind *bind, struct in6_addr *dst) +{ + unsigned int seq; + + do { + seq = read_seqcount_begin(&peer->bind_local_seq); + *dst = bind->local.ipv6; + } while (read_seqcount_retry(&peer->bind_local_seq, seq)); +} + /* variable name __tbl2 needs to be different from __tbl1 * in the macro below to avoid confusing clang */ @@ -237,7 +259,7 @@ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) netdev_name(peer->ovpn->dev), peer->id, &bind->local.ipv4.s_addr, &ip_hdr(skb)->daddr); - bind->local.ipv4.s_addr = ip_hdr(skb)->daddr; + WRITE_ONCE(bind->local.ipv4.s_addr, ip_hdr(skb)->daddr); reset_cache = true; } break; @@ -268,7 +290,9 @@ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) netdev_name(peer->ovpn->dev), peer->id, &bind->local.ipv6, &ipv6_hdr(skb)->daddr); + write_seqcount_begin(&peer->bind_local_seq); bind->local.ipv6 = ipv6_hdr(skb)->daddr; + write_seqcount_end(&peer->bind_local_seq); reset_cache = true; } break; diff --git a/drivers/net/ovpn/peer.h b/drivers/net/ovpn/peer.h index dfa5c0037e02..c0994c606554 100644 --- a/drivers/net/ovpn/peer.h +++ b/drivers/net/ovpn/peer.h @@ -10,6 +10,7 @@ #ifndef _NET_OVPN_OVPNPEER_H_ #define _NET_OVPN_OVPNPEER_H_ +#include #include #include @@ -56,6 +57,8 @@ * @link_stats: per-peer link/transport TX/RX stats * @delete_reason: why peer was deleted (i.e. timeout, transport error, ..) * @lock: protects binding to peer (bind) and keepalive* fields + * @bind_local_seq: seqcount serializing in-place updates of bind->local + * (done under @lock) against lockless readers on the TX path * @refcount: reference counter * @rcu: used to free peer in an RCU safe way * @release_entry: entry for the socket release list @@ -110,6 +113,7 @@ struct ovpn_peer { struct ovpn_peer_stats link_stats; enum ovpn_del_peer_reason delete_reason; spinlock_t lock; /* protects bind and keepalive* */ + seqcount_spinlock_t bind_local_seq; /* protects bind->local */ struct kref refcount; struct rcu_head rcu; struct llist_node release_entry; @@ -151,6 +155,8 @@ struct ovpn_peer *ovpn_peer_get_by_dst(struct ovpn_priv *ovpn, struct sk_buff *skb); void ovpn_peer_hash_vpn_ip(struct ovpn_peer *peer); void ovpn_peer_hash_transp_addr(struct ovpn_peer *peer); +void ovpn_peer_local_ipv6(const struct ovpn_peer *peer, + const struct ovpn_bind *bind, struct in6_addr *dst); bool ovpn_peer_check_by_src(struct ovpn_priv *ovpn, struct sk_buff *skb, struct ovpn_peer *peer); diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c index 8811aa9eedeb..60d32dc5af4a 100644 --- a/drivers/net/ovpn/udp.c +++ b/drivers/net/ovpn/udp.c @@ -147,7 +147,10 @@ static int ovpn_udp4_output(struct ovpn_peer *peer, struct ovpn_bind *bind, { struct rtable *rt; struct flowi4 fl = { - .saddr = bind->local.ipv4.s_addr, + /* bind->local is updated in place under peer->lock; a single + * aligned word is read/written atomically via {READ,WRITE}_ONCE + */ + .saddr = READ_ONCE(bind->local.ipv4.s_addr), .daddr = bind->remote.in4.sin_addr.s_addr, .fl4_sport = inet_sk(sk)->inet_sport, .fl4_dport = bind->remote.in4.sin_port, @@ -169,7 +172,7 @@ static int ovpn_udp4_output(struct ovpn_peer *peer, struct ovpn_bind *bind, */ fl.saddr = 0; spin_lock_bh(&peer->lock); - bind->local.ipv4.s_addr = 0; + WRITE_ONCE(bind->local.ipv4.s_addr, 0); spin_unlock_bh(&peer->lock); dst_cache_reset(cache); } @@ -178,7 +181,7 @@ static int ovpn_udp4_output(struct ovpn_peer *peer, struct ovpn_bind *bind, if (IS_ERR(rt) && PTR_ERR(rt) == -EINVAL) { fl.saddr = 0; spin_lock_bh(&peer->lock); - bind->local.ipv4.s_addr = 0; + WRITE_ONCE(bind->local.ipv4.s_addr, 0); spin_unlock_bh(&peer->lock); dst_cache_reset(cache); @@ -224,7 +227,6 @@ static int ovpn_udp6_output(struct ovpn_peer *peer, struct ovpn_bind *bind, int ret; struct flowi6 fl = { - .saddr = bind->local.ipv6, .daddr = bind->remote.in6.sin6_addr, .fl6_sport = inet_sk(sk)->inet_sport, .fl6_dport = bind->remote.in6.sin6_port, @@ -233,6 +235,11 @@ static int ovpn_udp6_output(struct ovpn_peer *peer, struct ovpn_bind *bind, .flowi6_oif = bind->remote.in6.sin6_scope_id, }; + /* bind->local is updated in place under peer->lock; read the 128-bit + * address under the peer seqcount to avoid a torn read + */ + ovpn_peer_local_ipv6(peer, bind, &fl.saddr); + local_bh_disable(); dst = dst_cache_get_ip6(cache, &fl.saddr); if (dst) @@ -245,7 +252,9 @@ static int ovpn_udp6_output(struct ovpn_peer *peer, struct ovpn_bind *bind, */ fl.saddr = in6addr_any; spin_lock_bh(&peer->lock); + write_seqcount_begin(&peer->bind_local_seq); bind->local.ipv6 = in6addr_any; + write_seqcount_end(&peer->bind_local_seq); spin_unlock_bh(&peer->lock); dst_cache_reset(cache); } From patchwork Mon Jun 8 13:32:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 5003 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:bc1d:b0:861:c897:cb9d with SMTP id jc29csp1885166mab; Mon, 8 Jun 2026 06:33:11 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ97na/d6qkgjChxaK/A+jmeOZVq2Xgu4iEqlijQGs5858L6QnetdIhlRTqmgURpd+JiSuI+Zi3f7Xw=@openvpn.net X-Received: by 2002:a05:6871:329c:b0:43d:1c8a:5977 with SMTP id 586e51a60fabf-441463d4f49mr5868269fac.24.1780925590813; Mon, 08 Jun 2026 06:33:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780925590; cv=none; d=google.com; s=arc-20240605; b=YPcHZPorZoL0ByOZm8Ht38w9Yh3rSlrxb6X7Kz0BIwSuSQqUp1oHzKraJeMqGT1Gu6 hzzGbtFVcQMHvG1ntaifh/kVhD+GFpAR0E0CdA6xIycSSqxEe7DEUt6GKLK6LjRE9l8H KVRJrHHqZ5o0DAFYli3ugBWU5Fq3WaAD9zp67FzBnCEvXBmyMGS9x7DRUO4AqOJlIX98 NSW7Ndwyh+uq/r3jNqjcs/Vn4ca/PrDnSwvVLJs8pIcmLBnyk59wbW2sGw67Xg2kF6DG zpj5NHxZhEARIjfc3FsXRHfTJ/fIO48t4RdEdc/Lpvew7Oi3i/6IgMhXLbpDjOjVvZrf gwtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=uTLBxFYXRMCbF0c7rGK9YaBd1dVo4Ina2/gLRre0jSg=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=RUdbjgIW69Dp1IfcxDCk7VGnDvA9P7HRc6Q+JnEFuYh+Sm6QN1jWhE/OLFyntccUO5 kQgQ2xTqEN6Gyn4muU95fcOs5fX0/W9GK/9ymeWoIeoL4syjOH/ZFz2j4TQHOBG7BBIJ gesdL5vx2ec4OZWFsr/pY+1Q6d2lQZwK/MyttwMlrHYNsIXQuG1whwwK7KvW7pB8ISE3 mnGVL4N0MchKdRVLK5o4+EOkuatyBPvF7kzpGkg+pSoA5lHCkfHO8JQ3f8M+PPYQ7VNl WcBbifK0GMy07ETZmvSPPHEvzj9tlTMn8cTxAcWSzruhKbiGTjFIg5hfgNcto6Qo5mFI HtOg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Y8fH67F+; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=k3dCvDW6; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=M4HYmlqd; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=Z+vhfPoS; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-440d860a317si13645776fac.173.2026.06.08.06.33.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jun 2026 06:33:10 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Y8fH67F+; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=k3dCvDW6; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=M4HYmlqd; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=Z+vhfPoS; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=uTLBxFYXRMCbF0c7rGK9YaBd1dVo4Ina2/gLRre0jSg=; b=Y8fH67F+2CqDG8rn3fd9hf1fwy ktekRn09SbaK6YRbHN14flvWZDbc/5INSbuhUV9QXtQtBNbJ9mNxMchL44m54vWg+9GyzAVMnXitL ONj/VyHR3AbThYuWpCagZNJ9Wjgk3t5aUpuDwkZahUVJxPgEddW0dj7fg7+5k6B43Rvw=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wWa6I-0001vz-0d; Mon, 08 Jun 2026 13:33:07 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wWa6G-0001vr-4W for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=JuwX2RQyhLSm7JVnRRkQX1KUFPvFgIajoELZ+RUujMg=; b=k3dCvDW65I0eZ2QuO2pIhrq3ZZ /oKGbicI2FS4hGtxBKldMFgrhSdRxJakzQ/Szo6wYy2LvW+qI9V4g7Ue5A2Q4SZ9m1dtP+yPxIJZk hypvqBy8PNCHuSL8CAccUzuQH/93pTEp/7dmc6vSPxDpGzafDTcidVTvZICXzqJpn/T4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=JuwX2RQyhLSm7JVnRRkQX1KUFPvFgIajoELZ+RUujMg=; b=M4HYmlqdoHtwk6VwXKb29A7kxy PgWFjQvh1TCncCfU9axZtmaJkjkWAZJ5z5FWJ9wLQSIJCb5qDpUhBZHX5hVTt23zhI1WHwsZyOZ9t DiHHKB/xrV0tlkAtOQKsC1xAYCB8NpK/PR9Rj6TVbbVfetZdPbio7twD+ayFj1c2OIjI=; Received: from mout-p-202.mailbox.org ([80.241.56.172]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wWa6C-0004wM-BD for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:05 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4gYtJm730Xz9tQF; Mon, 8 Jun 2026 15:32:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1780925577; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JuwX2RQyhLSm7JVnRRkQX1KUFPvFgIajoELZ+RUujMg=; b=Z+vhfPoSg9oTHeZKx3rbi9oiPmcIzA4VRq6bE36c9d3dRoBMKA+KmwsU2xJS5SfMBSYGeB i7SsdmSGb9+KRVByoh0YysdGzVAiYMXx6q+8v/GbK/gXCATkJjtv6vSTxQk0z0PIxANZY/ FGC6BNrRrRzMnHZga1vBEOd32HUBOLzBBGrSqbiCkBw0IBAgdZ28sCBVNVf1DpxGVBEa4A 49dMl46Pf36PAdi68EVHW2epObdlWNG1tIciF3Y2qF3jWD2hJPjrv3C1t989N/W50qIzId 6c6Lhx09SNzsIyW6un8frBFWJbZb9dGTiwQMxuIszcUPbZnEdYnMAbVmZkYaMw== From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Jun 2026 15:32:46 +0200 Message-ID: <20260608133251.3128542-4-a@unstable.cc> In-Reply-To: <20260608133251.3128542-1-a@unstable.cc> References: <20260608133251.3128542-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli Some subsystems, like BPF SOCKMAP, set sk_user_data without actually setting the encap_type. For this reason, we must make sure that the type is the one ovpn expects before dereferencing sk_user_data. Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_IN_MSPIKE_H5 RBL: Excellent reputation (+5) [80.241.56.172 listed in wl.mailspike.net] 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Headers-End: 1wWa6C-0004wM-BD Subject: [Openvpn-devel] [PATCH ovpn net v2 4/9] ovpn: ensure socket is owned by ovpn before deref sk_user_data X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1867435832538602081 X-GMAIL-MSGID: 1867435832538602081 From: Antonio Quartulli Some subsystems, like BPF SOCKMAP, set sk_user_data without actually setting the encap_type. For this reason, we must make sure that the type is the one ovpn expects before dereferencing sk_user_data. Failing to do so may lead to out-of-bounds reads. Fixes: f6226ae7a0cd ("ovpn: introduce the ovpn_socket object") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/socket.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/net/ovpn/socket.c b/drivers/net/ovpn/socket.c index 517caa64a4fe..6cbeb2caaeec 100644 --- a/drivers/net/ovpn/socket.c +++ b/drivers/net/ovpn/socket.c @@ -162,6 +162,15 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) rcu_read_lock(); ovpn_sock = rcu_dereference_sk_user_data(sk); if (ovpn_sock) { + /* something else filled the sk_user_data without + * setting the encap_type. Reject the socket. + */ + if (!type) { + ovpn_sock = ERR_PTR(-EBUSY); + rcu_read_unlock(); + goto sock_release; + } + /* socket owned by another ovpn instance, we can't use it */ if (ovpn_sock->ovpn != peer->ovpn) { ovpn_sock = ERR_PTR(-EBUSY); From patchwork Mon Jun 8 13:32:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 5004 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:bc1d:b0:861:c897:cb9d with SMTP id jc29csp1885198mab; Mon, 8 Jun 2026 06:33:12 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ8H15yb6H4rt4IsmjVQTG5WLO3QlG3uPxUfzGgNAxBl+L4XOeJCh0x0OwWdejHYC0eDz3/x0eA2hzI=@openvpn.net X-Received: by 2002:a05:6830:83b7:b0:7e6:cc17:c7ac with SMTP id 46e09a7af769-7e70caaf882mr10306268a34.22.1780925592482; Mon, 08 Jun 2026 06:33:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780925592; cv=none; d=google.com; s=arc-20240605; b=Qjsgg7+X3dW5OcC90jxRUJDkfGMNBzG9F3KV+7d2stxZPgmEXcH0AHX8YqfaOruCcA smdXQPBiaM/xIQt9UfNKKV2Lm3HfDm1+GIS6ThyMoi4Pb30evlQDeImisTMfaEplq6Mc NsCKAlCIi11XdbjXAR9FLiNTkN7dUzMHMELHbH7syYgszs4QmopXMdIWzrG7IqrQHSDR 0Y6fciKPYA2oD64/MNDjeAPZMeTORsAgndZS2+A3jXYvbg2sKcqqXsegVYXQnKgCiU7H Zn2DP5ZviFMdyP59RH0pd3DFl1tpXUP+Io3oHFGkuynn9BgcMkDHmNZE3yngC4QP4nG1 18+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=mL4bJ+LSxd0VnrN4IeDEMjQG0xGPmibO1kB+/h5XxZQ=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=h210cH18yZkxW0WAOMal6pChx30Uhdlo6STiSj1W6SWtSmQlDOviiU3r9blgww1LoF wzTJ4L3qCB4SlFEn707gi1u25vjr5DamTRdPVPavNxCxzUbQMDMeIH/KIMJiKYvTo0cA +NCrsrxZx6Gc6DY1a2vB+1ZZEV4MpWclKfE12RDAdoIFBYaQ5q0aIdIoKy2SkW7yYcK5 rSLCOhqYqDKIUzZq+rsAkUZqMNjoHrWy/o5dHmoBYYLFxSascsfckH6uLwSydJ/hr2aG IkeudB5lHM30sDzr4HpA/WOce+1wl+4oD5R0JZU+y9ERn5Vwiq/PcYkR/8XoP2A+rgNo VM6Q==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Zu3LaDb9; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Tef9WFJJ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Aggwh8yS; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=rZkv6LnH; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-440d88cd231si13690747fac.372.2026.06.08.06.33.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jun 2026 06:33:12 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Zu3LaDb9; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Tef9WFJJ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Aggwh8yS; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=rZkv6LnH; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=mL4bJ+LSxd0VnrN4IeDEMjQG0xGPmibO1kB+/h5XxZQ=; b=Zu3LaDb9hcLA3/CcfqApI6QhIp Xmn4JDOBzuIAPQpu8cWNurb712s9uZFKu1JFCI9Why9+XyqmxfG1uzZRYTSfweUItyk4UajvbEj4u LJeOvycczSldiy8J+mqoQkvhRkYb32b+5BarWr/J1KXgeCVqAkIvYs7tbN3K1LQM99WQ=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wWa6G-0001Cf-Ty; Mon, 08 Jun 2026 13:33:09 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wWa6E-0001CW-Bv for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=3SO51xGxkJt8zJ1G/O5z8R+QSQzRGqAq8QHjtl6WKcA=; b=Tef9WFJJzXmDbbIvj26bqi9uCW M2Z7adQpNy4P/lBnbzM/7xvE2e39b+nfxpBPRGUCu6cV0f7w+FsYVxQdZt5YbyeMG266FDLIQvTol CESObqjRbHLvCRXTJywA/nFrBO21SmFsvwfsHPIGZFF4GSLEtJCFnxtAy+RHwRwnVZ2I=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=3SO51xGxkJt8zJ1G/O5z8R+QSQzRGqAq8QHjtl6WKcA=; b=Aggwh8ySeEnOSyoOcOi9kUAfH7 cRu/nlIWVCR6MEn3kTNDNpXSYkkMSwOuZcmkfC3ZwtRktEVj/oPwi9FOvzqtD6gM8+m2RBtIaibzs JHTUG0UjjEPvK+CmlW5j3a2lm4UwapwABkiDHq2a2p9fpmoRQgQiyJ5SVM/UhX5RMZNw=; Received: from mout-p-102.mailbox.org ([80.241.56.152]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wWa6D-0004wN-2V for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:07 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4gYtJn5K5yz9vJ5; Mon, 8 Jun 2026 15:32:57 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1780925577; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3SO51xGxkJt8zJ1G/O5z8R+QSQzRGqAq8QHjtl6WKcA=; b=rZkv6LnHmCoMihylRUSIequejeDam/iUb9WFnpdd9jFt5E2JoD5DLArBy9oD1f28jYa+Ev DV80DvFqBOvwFNgptBKThjZ46YYLT4cFu2GLLzpy4NeZKVTnp/J+blfPhDXSVW53Yu6e+J tLqvXMZJK8l8Ea9HRkuKSa0PcC6W5jyogofhHSR6KEedRi9PqaApzKBXZ6Nd07dXQgcOS5 eU5HBh/bB2J6B27mOHKaBjofAr537xIv2RXs/NzfoINXeECPpDokMWsGlqiezrbftybxtg JL7D7x3YFjbrToWIh/lxjU22okFpEic+exPSbhJmgv7KwVTFFIpbSQc1BHK55A== From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Jun 2026 15:32:47 +0200 Message-ID: <20260608133251.3128542-5-a@unstable.cc> In-Reply-To: <20260608133251.3128542-1-a@unstable.cc> References: <20260608133251.3128542-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli The TCP error paths in ovpn_tcp_rcv() and ovpn_tcp_send_sock() take a peer reference and then schedule the deferred-delete work: ovpn_peer_hold(peer); schedule_work(&peer->tcp.defer_del_work); Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1wWa6D-0004wN-2V Subject: [Openvpn-devel] [PATCH ovpn net v2 5/9] ovpn: tcp - fix peer reference leak on deferred deletion X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1867435833650505285 X-GMAIL-MSGID: 1867435833650505285 From: Antonio Quartulli The TCP error paths in ovpn_tcp_rcv() and ovpn_tcp_send_sock() take a peer reference and then schedule the deferred-delete work: ovpn_peer_hold(peer); schedule_work(&peer->tcp.defer_del_work); ovpn_tcp_peer_del_work() drops exactly one reference per run, but schedule_work() returns false and does not re-queue when the work is already pending. The reference, however, was taken unconditionally, so every hold+schedule that lands on an already-pending work leaks one peer reference. ovpn_tcp_rcv() is the strparser receive callback and has no guard against this: a TCP segment packed with packets whose length header is valid for the stream parser but whose payload is smaller than the opcode size passes ovpn_tcp_parse() and hits the error path. strparser delivers all complete messages in a loop, so many error invocations run before the scheduled work executes, leaking one reference each. A remote peer can exploit this to pin the peer (and the netdev reference it holds) forever, preventing interface teardown - a denial of service. Take the reference only when schedule_work() actually queues the work. schedule_work() flips the work pending bit atomically, so exactly one caller - even across the concurrent RX and TX paths - observes the idle->pending transition and acquires the single reference that the lone ovpn_peer_put() in the worker balances. ovpn_peer_del() is idempotent (ovpn_peer_remove() bails on an already-unhashed peer), so a work item re-queued while running stays refcount-balanced. Fixes: 11851cbd60ea ("ovpn: implement TCP transport") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/tcp.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/drivers/net/ovpn/tcp.c b/drivers/net/ovpn/tcp.c index 433bd07a4f1b..6cf684699ada 100644 --- a/drivers/net/ovpn/tcp.c +++ b/drivers/net/ovpn/tcp.c @@ -148,10 +148,14 @@ static void ovpn_tcp_rcv(struct strparser *strp, struct sk_buff *skb) ovpn_recv(peer, skb); return; err: - /* take reference for deferred peer deletion. should never fail */ - if (WARN_ON(!ovpn_peer_hold(peer))) - goto err_nopeer; - schedule_work(&peer->tcp.defer_del_work); + /* schedule deferred peer deletion and take a reference only if the + * work was actually queued: the matching ovpn_peer_put() in + * ovpn_tcp_peer_del_work() runs once per queued work, so re-arming an + * already-pending work must not take another reference (it would be + * leaked, e.g. on a flood of invalid packets) + */ + if (schedule_work(&peer->tcp.defer_del_work)) + ovpn_peer_hold(peer); ovpn_dev_dstats_rx_dropped(peer->ovpn->dev); err_nopeer: kfree_skb(skb); @@ -280,15 +284,20 @@ static void ovpn_tcp_send_sock(struct ovpn_peer *peer, struct sock *sk) peer->id, ret); /* in case of TCP error we can't recover the VPN - * stream therefore we abort the connection + * stream therefore we abort the connection. + * + * Take a reference only if the work was actually + * queued: ovpn_tcp_peer_del_work() drops exactly one + * reference per run, so re-arming an already-pending + * work (e.g. already scheduled from the RX path) must + * not take another reference (it would be leaked). */ - ovpn_peer_hold(peer); - schedule_work(&peer->tcp.defer_del_work); + if (schedule_work(&peer->tcp.defer_del_work)) + ovpn_peer_hold(peer); /* we bail out immediately and keep tx_in_progress set - * to true. This way we prevent more TX attempts - * which would lead to more invocations of - * schedule_work() + * to true, so that no further TX is attempted on the + * aborted stream */ return; } From patchwork Mon Jun 8 13:32:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 5010 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:bc1d:b0:861:c897:cb9d with SMTP id jc29csp1885287mab; Mon, 8 Jun 2026 06:33:18 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ/GwQ3KYg/4WugDTyU1RVGoCCX+MPlw1DLrOT+yIqRRWyxidjV76rhp3jE+qLnq72knJEAuP/vgx+0=@openvpn.net X-Received: by 2002:a05:6870:f61c:b0:43e:5d18:e7e7 with SMTP id 586e51a60fabf-4413d854f5emr8314706fac.25.1780925597895; Mon, 08 Jun 2026 06:33:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780925597; cv=none; d=google.com; s=arc-20240605; b=h2DYODh5fRMTTPjnBrbdo/WdYq6eeTvOawOmttJz71fotGbQgudoBwgMhPLsgN7Dj3 G7mzCOtzCNwoEmN4El9erH5RdS55XU3zW4ei4e2ccK9IAnhRYIgrjgiIzFOUy3MMmkX/ pIPOE7AzcyjyUgCcUFrs/guvApyLGR8E98FrcXkLYhqaTjHUM+7Z2UsK6iap3opRWCy6 fQskVuWEOF4wOAc3t6MqTO+LEBRLFCWuyYNCqUg5/29Iifgm5lz3oHdXOnUAbjXPBtOE pW51HNoMAXdmAP4BDH5gqs00uuthA2WIdB0b/C9p76PGIWrssehq1Jv2RxhbleUUtdf5 uyNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=sihv14qL/NYG8Vm1v41cAf20MnZRabmtEcW0zJqw81A=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=ScwjrvpXQa8bdhbCk/v0tWG9EWPcCOYEPMX/eCJDwNWcAhZpFyyEJrgATXDTQLXt2Z GrBXqbq/6uCGK2QiYdzjIXafCgSwT5pbGjMmh4d/7fnYEqUfYmjDf3D0Lv7bUtn8QbhA zC7hYFe//YIXmW5P3zueW08nK1Lhf2GlAMhfjr8byBmwqbbcxulbUR2ke+Vcp4gTLsz6 lTXQrfsvRQSyUtya4j0zMIz8IGBJdEdb9eDHMBoUgqm2rTA2zgbNe35grp5gmapC4JxO cTZAIzFMFTiYzonv90kmrpNHX5E18ysdfAsoYEGJFTsI/icTygsqjvF2UY0ppfFvsPNK uvCw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=DoUomnz+; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JtCdBbOt; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=PR7XeS54; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=SWOjuNmi; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-440d8848d39si13013687fac.315.2026.06.08.06.33.17 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jun 2026 06:33:17 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=DoUomnz+; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JtCdBbOt; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=PR7XeS54; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=SWOjuNmi; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=sihv14qL/NYG8Vm1v41cAf20MnZRabmtEcW0zJqw81A=; b=DoUomnz+PaVdPaOCJacuzPsCcg 53QaiV2AJGD9KSKdZWboW5aSc2K3WIdGh5QfBXi9RPrLzHyetFx1CKpmUDt5NAN490DIsUCpcbhd6 tyZRTv5aqFXtgPuprgpJE97jS42cJLQaTCQgm2fMk2Q0TMTNfrtxq0Ihs8sTdRR7M06U=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wWa6N-0003OH-6b; Mon, 08 Jun 2026 13:33:15 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wWa6K-0003Nw-DX for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=adDWVCSSk383woR3Mgckz7wFutvD2s6h4QcW7/qgDKk=; b=JtCdBbOt54WxYwb5ud7o5lEkiB +7x73+38QrEDtaB0xzwFfCR3192wUzAtVNJJrtnM20MNGLEETDfGGAuutK2nNfajktmHtnhqV/tbW T2yPI/SS38HvhShW97MPX5wBPHKwDkoOCiBxvcGT5iKVhQN574yrVCVM1cJd/FaMijaI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=adDWVCSSk383woR3Mgckz7wFutvD2s6h4QcW7/qgDKk=; b=PR7XeS54JyDnASu3L+TZkZ//u0 BG5VwM/vnCW7a4VIz/RlN9KWwm1mc/nFKVoVPGd798D0xr7hSkle7J2s0ddPsanp76pMLDrzG/PA3 TsF5ycgrYGsKx81Vb3ND2zNTsQ4Gahq0DEG3Tn0QrKnHHWxmVMrNy2DJo5+G9LD3f3bQ=; Received: from mout-p-202.mailbox.org ([80.241.56.172]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wWa6I-0004wb-Eb for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:12 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4gYtJp1pP9z9tPH; Mon, 8 Jun 2026 15:32:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1780925578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=adDWVCSSk383woR3Mgckz7wFutvD2s6h4QcW7/qgDKk=; b=SWOjuNmiYTpKMwMiZg3Gy19RAvXNXnsaKgZDe2GVkAx/erM0UlOWLGZZK2L90SJdhxixhs vYh1cF1kYOqisM+K79newmuXFUnbo6iHHwV4Uni44ZDvEIjQl/gAGNv5CDkkYKVQ6a0Cii tG3scAwqt+fWxpPThEjQ9MxGp7pY7FA4jKe5iAiawha9gsyc787kYUcpdQUD1P335nqfbH /9GezyICuayPbXn/Tqnaoi3E9F2+ruDt3JeR+1k1f39rRnf3dTRZxGGdPspS40tqXy3emM t4oAuM1Y4BqneiR2tmDVztwOr0sXpPom36hpAnlQoQ3M+03x1NmZC5lLd0N7HA== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of a@unstable.cc designates 2001:67c:2050:b231:465::102 as permitted sender) smtp.mailfrom=a@unstable.cc From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Jun 2026 15:32:48 +0200 Message-ID: <20260608133251.3128542-6-a@unstable.cc> In-Reply-To: <20260608133251.3128542-1-a@unstable.cc> References: <20260608133251.3128542-1-a@unstable.cc> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4gYtJp1pP9z9tPH X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli ovpn_peer_endpoints_update() builds the new remote endpoint in an on-stack struct sockaddr_storage that is left uninitialized. For IPv4 only sin_family/sin_addr/sin_port are written, leaving the 8-byt [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_MSPIKE_H5 RBL: Excellent reputation (+5) [80.241.56.172 listed in wl.mailspike.net] -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Headers-End: 1wWa6I-0004wb-Eb Subject: [Openvpn-devel] [PATCH ovpn net v2 6/9] ovpn: zero-initialize sockaddr before learning a floated endpoint X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1867435839535776539 X-GMAIL-MSGID: 1867435839535776539 From: Antonio Quartulli ovpn_peer_endpoints_update() builds the new remote endpoint in an on-stack struct sockaddr_storage that is left uninitialized. For IPv4 only sin_family/sin_addr/sin_port are written, leaving the 8-byte sin_zero padding as stack garbage (for IPv6, sin6_flowinfo is left uninitialized likewise). ovpn_peer_reset_sockaddr() -> ovpn_bind_from_sockaddr() then memcpy()s sizeof(struct sockaddr_in)/sizeof(struct sockaddr_in6) bytes - padding included - into bind->remote. That buffer is later hashed with jhash() over the same length to place the peer in the by_transp_addr table, so the garbage padding lands the floated peer in an essentially random bucket. Lockless lookups in ovpn_peer_get_by_transp_addr() build their key from a zero-initialized sockaddr_storage, compute a different bucket and fail to find the peer. This is also a plain use of uninitialized stack memory in jhash(). Zero-initialize the sockaddr_storage, matching what the lookup and netlink paths already do. Fixes: f0281c1d3732 ("ovpn: add support for updating local or remote UDP endpoint") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/peer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index ee88251f2196..4aa5edc75dec 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -220,7 +220,7 @@ static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, */ void ovpn_peer_endpoints_update(struct ovpn_peer *peer, struct sk_buff *skb) { - struct sockaddr_storage ss; + struct sockaddr_storage ss = {}; struct sockaddr_in6 *sa6; bool reset_cache = false; struct sockaddr_in *sa; From patchwork Mon Jun 8 13:32:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 5009 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:bc1d:b0:861:c897:cb9d with SMTP id jc29csp1885268mab; Mon, 8 Jun 2026 06:33:17 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ/7yanE+4s1A9deDZ1OYKz68iiYF3JlUvusUDAqwVG54IWZwBFL2YYRKTZWzLINDDKNbJbKLNDdlb4=@openvpn.net X-Received: by 2002:a05:6871:8541:10b0:43e:e5bf:1ab4 with SMTP id 586e51a60fabf-4413db70a96mr4906172fac.21.1780925596861; Mon, 08 Jun 2026 06:33:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780925596; cv=none; d=google.com; s=arc-20240605; b=PyivA8R6acahjEF383tP25g+aEvZB/scMirpxhdlysmCPhaCcgtySg7CsQ1S2GAKac bFJkiJ6nKtxbRHZ/JZnqEbzil8L/AxregwAJepzzSVOY7uDbaQ7DlXqwLnRhJX2j06eS QAT5m0E2lMqlrZcZNpOkWk28LpLEvBxtckAmWkLxMFBo2m3z83DD6WjMy6yOtfuSGPrG D0xK+J2BriCYmxL7EwgK84Whx96qkjW0KbpBqQwOxkwWMi0lqG03ADqh66+G0FCHNxtp Im36YFtuBTEzzSKCN3aod7baUFXAwnHfpKziMlfik5ETfkCWNHZlldNpbbT2V/UfzrX4 F5kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=jN4zHer3RzqQESuqm0GxIRinTL4bHFIxNTbrbpLm+1M=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=NwovnVwIpknYZkgkzSu1gmhjMg47G05NJO0hlp6ngq8CypbOFa1wzVbJ8HmWJ7RnaA 2NSJcURAcJJlPXEad0+BVJLjlCCmXsAKfj8OTwNhTB9fqvZr/0EmAuxOEU/2ZRbxftHU GSpnvaFtxlwxZZ+lB2n+cPv70THZLbnfmAh69QCaQwqiBpQBTIsRmqiiu7157BTxsKHc ivodkgyrvNle0XMlAk+CGWoevgZ3PqYEO1CaFDURyQLncaK0VdqpdWL7lM5dVLz81rej DR6jdfxTl0gnkOfUWpXt0o8PnImmjtPGDhlJvtSNSBpqkRT/m5wYRIGr0fK87T1K1Mer MlDg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=eEzVLBuK; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="V5iaM65/"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=IUyALLta; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=1dgMEE8s; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-440d8875c22si12873228fac.351.2026.06.08.06.33.16 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jun 2026 06:33:16 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=eEzVLBuK; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="V5iaM65/"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=IUyALLta; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=1dgMEE8s; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=jN4zHer3RzqQESuqm0GxIRinTL4bHFIxNTbrbpLm+1M=; b=eEzVLBuK9pL/5B7BxHL0s7EEIB 7mbkLm+iaKiINv44efOxFayc/WantudbFs+WYZJhDi6WqVY0Yx/MgLC7ytp/yUzDQFpG9HmNeSTyF f8SPFZfTYOGJdm/v1IqTGkR5cWI1iQyRzxPKvWlhdiEoOsXqKsPIMttAxuTK5c4zalH8=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wWa6L-0001DD-8P; Mon, 08 Jun 2026 13:33:13 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wWa6J-0001Cy-H6 for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:12 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=uEM1M0o4BsUr++BYgQjSK3e69OlePGCX93Q9PCp8ct8=; b=V5iaM65/7SHvf+qaaRp9WtGrvK hJG19oCtVQM+olKzKlmbaaY9t1aa2ungodkMLSY9U3MkiiJT2i3YSl+geaK0gvsfZPNQr4U+vm1OL LR/6coHyOxpB3981woCWcg26NlQCjicBSpMlROhbvmF4a+qNBSenwdQp5Nq1lML+p4OE=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=uEM1M0o4BsUr++BYgQjSK3e69OlePGCX93Q9PCp8ct8=; b=IUyALLta430ECEmnR6+ppensN5 ayC0Y7NRChBZUZ7/XM1XKCWJ69CxiSlQ/w/FYxfbxyXJX+ngp0XShQwo1WMvBY79uWOnQuyG27EN/ kQkRtKhXmGV675+cDbx8Px9ig+Ei7o2OBjhMgOr9ChY056QWae0E8VP0HieuPUHObvpI=; Received: from mout-p-102.mailbox.org ([80.241.56.152]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wWa6J-0004wf-2x for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:12 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4gYtJp5v8sz9vKt; Mon, 8 Jun 2026 15:32:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1780925578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uEM1M0o4BsUr++BYgQjSK3e69OlePGCX93Q9PCp8ct8=; b=1dgMEE8sTHwK4RlLJw3bum+3Xp8VwdNwFcwcBEkeFDYVNDgq9c980Ql3jF3HPsXlYxJjqM T233Eow9dSvZVUtDKW99f41KSv7K+9gAu2ZMbg2nMfvx6qcdoKYebAJ77gYXnOR8ZBth/J Xk968z02gSCgSzVZIQTDxnhP25OPZPdt6VzWIL026JF70i1INsxbqjHXyep5rVzRZd8PWh CADuVfcbkzy/stVz3C66ygG4EfUnFToCehs5NIljZCNPVUHd1P91P84izG9V7gopYIOTs9 CCI2i7kzRrJbA7Dweuf6I7mpO1naTciLhoWWChtCUjLvBICwSE8NwNCIwRHHaw== From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Jun 2026 15:32:49 +0200 Message-ID: <20260608133251.3128542-7-a@unstable.cc> In-Reply-To: <20260608133251.3128542-1-a@unstable.cc> References: <20260608133251.3128542-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli The by_transp_addr table is keyed on the peer's remote transport address, but the float rehash hashed bind->remote directly, while the two other sites that touch the table build a clean key first: ovp [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1wWa6J-0004wf-2x Subject: [Openvpn-devel] [PATCH ovpn net v2 7/9] ovpn: hash floated peer by transport identity only X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1867435838642453777 X-GMAIL-MSGID: 1867435838642453777 From: Antonio Quartulli The by_transp_addr table is keyed on the peer's remote transport address, but the float rehash hashed bind->remote directly, while the two other sites that touch the table build a clean key first: ovpn_peer_add_mp() and the lookup in ovpn_peer_get_by_transp_addr() both hash a sockaddr holding only family/address/port. For a link-local IPv6 peer, bind->remote carries sin6_scope_id (set from ipv6_iface_scope_id() when the endpoint is learned), and that field is folded into the jhash() over sizeof(struct sockaddr_in6). The lookup never sets sin6_scope_id, so after such a peer floats it is rehashed into a scope_id-dependent bucket that lookups (scope_id 0) never visit, making the peer unreachable through the by_transp_addr fallback. ovpn_peer_transp_match() only compares address and port, so the hash was keying on a field the match ignores. sin6_scope_id must stay in bind->remote because the TX path uses it as flowi6_oif, so it cannot just be cleared there. Instead build the hash key from family/address/port only, exactly like ovpn_peer_add_mp() and the lookup, so all three sites agree on the bucket. Fixes: f0281c1d3732 ("ovpn: add support for updating local or remote UDP endpoint") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/peer.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c index 4aa5edc75dec..96a46ac7dbe3 100644 --- a/drivers/net/ovpn/peer.c +++ b/drivers/net/ovpn/peer.c @@ -911,7 +911,10 @@ bool ovpn_peer_check_by_src(struct ovpn_priv *ovpn, struct sk_buff *skb, static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, const struct ovpn_bind *bind) { + struct sockaddr_storage sa = {}; struct hlist_nulls_head *nhead; + struct sockaddr_in6 *sa6; + struct sockaddr_in *sa4; size_t salen; lockdep_assert_held(&peer->ovpn->lock); @@ -927,12 +930,26 @@ static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, if (unlikely(hlist_unhashed(&peer->hash_entry_id))) return; + /* Build the hash key from the transport identity only + * (family/address/port), matching ovpn_peer_add_mp() and the lookup + * in ovpn_peer_get_by_transp_addr(). Hashing bind->remote directly + * would fold in sin6_scope_id (set on the float path but never by the + * lookup), scattering the peer into a bucket lookups cannot reach. + */ switch (bind->remote.in4.sin_family) { case AF_INET: - salen = sizeof(struct sockaddr_in); + sa4 = (struct sockaddr_in *)&sa; + sa4->sin_family = AF_INET; + sa4->sin_addr.s_addr = bind->remote.in4.sin_addr.s_addr; + sa4->sin_port = bind->remote.in4.sin_port; + salen = sizeof(*sa4); break; case AF_INET6: - salen = sizeof(struct sockaddr_in6); + sa6 = (struct sockaddr_in6 *)&sa; + sa6->sin6_family = AF_INET6; + sa6->sin6_addr = bind->remote.in6.sin6_addr; + sa6->sin6_port = bind->remote.in6.sin6_port; + salen = sizeof(*sa6); break; default: return; @@ -941,8 +958,8 @@ static void __ovpn_peer_hash_transp_addr(struct ovpn_peer *peer, /* remove old hashing (no-op if entry is not currently linked) */ hlist_nulls_del_init_rcu(&peer->hash_entry_transp_addr); /* re-add with current transport address */ - nhead = ovpn_get_hash_head(peer->ovpn->peers->by_transp_addr, - &bind->remote, salen); + nhead = ovpn_get_hash_head(peer->ovpn->peers->by_transp_addr, &sa, + salen); hlist_nulls_add_head_rcu(&peer->hash_entry_transp_addr, nhead); } From patchwork Mon Jun 8 13:32:50 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 5011 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:bc1d:b0:861:c897:cb9d with SMTP id jc29csp1885321mab; Mon, 8 Jun 2026 06:33:20 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ8nc4ZUxdjqjF/GB4zCW4DY0VlO2jERQSb8Uc5eL9VFkEAsL40ImEwDjIZA8lXcz1k4DVO32jloEJ4=@openvpn.net X-Received: by 2002:a05:6830:2714:b0:7d7:570b:6800 with SMTP id 46e09a7af769-7e70cab96a1mr9394994a34.23.1780925600418; Mon, 08 Jun 2026 06:33:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780925600; cv=none; d=google.com; s=arc-20240605; b=iQY5T2jXxrgZ40CGPtepe0bKC8/XxaT5Ue1T5Ru7+Djgqygcf2adGNozl20Ek9cnjW 2k6AH6S7dTr6TVivq3E3V7HT3AXcz/wfuOSBF5dxB6uDda9dVUtKwtZJHqNHlkYmTlXI Vd7vRIDeUhlSUE1388Ba5YhwX4JChPz7oMAsEX9Ycqf8ahGe0WrE00pJmlKC+YgqhE8Y sgdIjU38QCjDkXLhu6enQ6pwvYWd7ljdwZPaVjvfh9b31MxGTTVcYUktIshAxklAQsXv OxYki9LaKhji95lwA03k1OF992FocIFuXUwL1oCAJos8x7um5EPEfvL8f3VXRKTWJXmy 9LFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=t1ZTKnxNlJ21b8DnJVy3g2SCl09PIytM7iPDmSMLlyA=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=j7rDC8i/JVG0ha7hiwqiJ+WW/d512Wa9wUbmV2IIzfh/dtrc6N2oQzsc7U2zR/AXbp jqaCcZClxATbNX8/NUk9LOYmQzVHCkiqesEi3aUIXenZ+nMrbb0rtmApUIWG64PKh0dA P1//blLfwoZJYeLMuIu6dmzSIQOZywgw0mqoD2k8ceGo4aX8P7lAD+wdHTjs32+W0LKj 3KD5DyrpZWRHaEZbS5iMGmIHR2Mn0I7jlj+EWDod+wiRynOSYyIQrVxbuE+0HOxOqoLy wu/xKVLTUffwC30H9NvTYHUV9+nGgjg5cKaMjfk6dFzUElpH8DnhByi3wpRDwsk4sT9L L6Tw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=NoUUnuwO; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=WyqXLtLT; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Xdh+oUXb; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=hBTlLV4B; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-440d7b93796si13620481fac.2.2026.06.08.06.33.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jun 2026 06:33:20 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=NoUUnuwO; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=WyqXLtLT; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Xdh+oUXb; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b=hBTlLV4B; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=t1ZTKnxNlJ21b8DnJVy3g2SCl09PIytM7iPDmSMLlyA=; b=NoUUnuwOUov//KLuRvr3AstSOQ s5HhoU4lIF5n0vKqPSIC0ttLDBLmRJiy/XJf3epmlykU/yjMNGI8GLXZjO5zPWClAt/HjsgFf2rNa 3L/acyXsnygwLhdjhoNUTZO/5EB75qFNASJ6yN9NurNhQQPwdnxoMGrdFtFXC7rHPA/w=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wWa6R-0001xN-W4; Mon, 08 Jun 2026 13:33:17 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wWa6Q-0001xC-GQ for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=JHZVWxjay4RYYLB6BWpD0tHu23AweFOcnfRMIKrXRfY=; b=WyqXLtLTJq0lllJCD0EZlvFReU zpGU9zDUVHsLMQoFfptXtt5g9iyNtCMILLMXL7Q2sv0EYQitKRwxZ2E3zlndVj7Zwcqd2YRxHcfSI TujlONeozYrQnPAiSYAxCWNakssGmumOofMN1aOw75pmQh/3j4buXEew1vxN6RElFKvc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=JHZVWxjay4RYYLB6BWpD0tHu23AweFOcnfRMIKrXRfY=; b=Xdh+oUXbfKhIeLPt9JUEVumf3p n+R3s70UzA07ctFBKbpttYLHwQNsabSwd/l08kAJY9Qnv1fFIZE9OEq2zqT7AYmQQZi5jK5soHSif R3TFxdMyaWakwQo/QRbEfkR6vyu4NmMWoKJSiIsEy/1Q2jUST6QmO3EKoMYtn+JqiUpY=; Received: from mout-p-102.mailbox.org ([80.241.56.152]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wWa6J-0004wj-L3 for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:15 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4gYtJq30sNz9vL3; Mon, 8 Jun 2026 15:32:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1780925579; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JHZVWxjay4RYYLB6BWpD0tHu23AweFOcnfRMIKrXRfY=; b=hBTlLV4Bvh2PTILg2Ry/mQ58XU8nHlS8a3Q1TZ6BmFizOdBB2knS0e0DKo+Vk/s32R2OL2 9GMwbrxFDfhjUXr0YaHe6cmOSVLPkL3/IqP6jd3c/AnB6QD79LXm2ekXAWL+lvoW/1R0mt 9q+4JMw9TVzLaswR2veh5JwdavQG1uvVE9UL1s0LFbCaAl6o5YCGrG3hIH4HPsLoHVMuIX VH1UoDJTm/rCb7tiW/lQsVWs18BNM2gWa9ft2QohMbOPfre+2U/m2L/D8DnwST4fo0dZ0j 9+kL+8jbeBugKCvi2LQLOk5poBvdr9V664FiSTYzvTybPsLGhlAxhWONC2Gnug== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of a@unstable.cc designates 2001:67c:2050:b231:465::102 as permitted sender) smtp.mailfrom=a@unstable.cc From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Jun 2026 15:32:50 +0200 Message-ID: <20260608133251.3128542-8-a@unstable.cc> In-Reply-To: <20260608133251.3128542-1-a@unstable.cc> References: <20260608133251.3128542-1-a@unstable.cc> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4gYtJq30sNz9vL3 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli ovpn_mp_alloc() tried to disable SEND_REDIRECTS on a multipeer interface, but it runs from ovpn_net_init() (->ndo_init), which register_netdevice() invokes before the NETDEV_REGISTER notifier chain. T [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1wWa6J-0004wj-L3 Subject: [Openvpn-devel] [PATCH ovpn net v2 8/9] ovpn: disable IPv4 redirects on MP interface after registration X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1867435842325309247 X-GMAIL-MSGID: 1867435842325309247 From: Antonio Quartulli ovpn_mp_alloc() tried to disable SEND_REDIRECTS on a multipeer interface, but it runs from ovpn_net_init() (->ndo_init), which register_netdevice() invokes before the NETDEV_REGISTER notifier chain. The IPv4 in_device is only created when that notifier reaches inetdev_event() -> inetdev_init(), so __in_dev_get_rtnl() always returned NULL at ndo_init time and the whole redirect-disabling block (both the per-device and the per-netns IPV4_DEVCONF_ALL write) was dead. MP interfaces therefore kept emitting ICMP redirects. Move the redirect-disabling to ovpn_newlink(), right after a successful register_netdevice(): at that point the NETDEV_REGISTER notifier has run and the in_device exists, and RTNL is held by the newlink path so __in_dev_get_rtnl() is safe. A successful register_netdevice() guarantees the in_device was created (otherwise the notifier would have failed and registration rolled back), so the in_device check is now a real guard rather than dead code. The peer-table allocation stays in ovpn_mp_alloc()/->ndo_init, where it belongs (it does not depend on the in_device and is freed in ->ndo_uninit). Fixes: 05003b408c20 ("ovpn: implement multi-peer support") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/main.c | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/drivers/net/ovpn/main.c b/drivers/net/ovpn/main.c index 9993c1dfe471..a881510aaac0 100644 --- a/drivers/net/ovpn/main.c +++ b/drivers/net/ovpn/main.c @@ -35,25 +35,11 @@ static void ovpn_priv_free(struct net_device *net) static int ovpn_mp_alloc(struct ovpn_priv *ovpn) { - struct in_device *dev_v4; int i; if (ovpn->mode != OVPN_MODE_MP) return 0; - dev_v4 = __in_dev_get_rtnl(ovpn->dev); - if (dev_v4) { - /* disable redirects as Linux gets confused by ovpn - * handling same-LAN routing. - * This happens because a multipeer interface is used as - * relay point between hosts in the same subnet, while - * in a classic LAN this would not be needed because the - * two hosts would be able to talk directly. - */ - IN_DEV_CONF_SET(dev_v4, SEND_REDIRECTS, false); - IPV4_DEVCONF_ALL(dev_net(ovpn->dev), SEND_REDIRECTS) = false; - } - /* the peer container is fairly large, therefore we allocate it only in * MP mode */ @@ -183,6 +169,8 @@ static int ovpn_newlink(struct net_device *dev, struct ovpn_priv *ovpn = netdev_priv(dev); struct nlattr **data = params->data; enum ovpn_mode mode = OVPN_MODE_P2P; + struct in_device *dev_v4; + int ret; if (data && data[IFLA_OVPN_MODE]) { mode = nla_get_u8(data[IFLA_OVPN_MODE]); @@ -207,7 +195,30 @@ static int ovpn_newlink(struct net_device *dev, else netif_carrier_off(dev); - return register_netdevice(dev); + ret = register_netdevice(dev); + if (ret < 0) + return ret; + + /* The IPv4 in_device is created by the NETDEV_REGISTER notifier, which + * fires inside register_netdevice() above, so this cannot be done + * earlier (e.g. in ndo_init). RTNL is held by the newlink path. + */ + if (ovpn->mode == OVPN_MODE_MP) { + dev_v4 = __in_dev_get_rtnl(dev); + if (dev_v4) { + /* disable redirects as Linux gets confused by ovpn + * handling same-LAN routing. + * This happens because a multipeer interface is used as + * relay point between hosts in the same subnet, while + * in a classic LAN this would not be needed because the + * two hosts would be able to talk directly. + */ + IN_DEV_CONF_SET(dev_v4, SEND_REDIRECTS, false); + IPV4_DEVCONF_ALL(dev_net(dev), SEND_REDIRECTS) = false; + } + } + + return 0; } static int ovpn_fill_info(struct sk_buff *skb, const struct net_device *dev) From patchwork Mon Jun 8 13:32:51 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 5005 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:bc1d:b0:861:c897:cb9d with SMTP id jc29csp1885199mab; Mon, 8 Jun 2026 06:33:13 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ9OKUH3Rv4FEC2MXFD+ORn0n1BhR1cXDw7BfkfX6OVjjMQsPcoAFISksgGLEUf+yDkvcLJZd79mMI8=@openvpn.net X-Received: by 2002:a05:6870:2246:b0:435:25c0:a4b0 with SMTP id 586e51a60fabf-4413db33a22mr6930152fac.15.1780925592732; Mon, 08 Jun 2026 06:33:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780925592; cv=none; d=google.com; s=arc-20240605; b=e6D/yTqMDPdU8iPVJBB/FTx8KUHgO3tpFiUGpmr3zo+5ess3fae2GcJAux2GGXtJ6g uUJ4Bvg4mBJso/KMYt934VSLYXCEFCzB9TpiHhgChMEKvscXbfHC8xfXBD8PUimUwV+4 rlSFBS8YxODJgrTYYJhiFOdvvAq5my7JXETNX31cjDb2hOeeviM0iQrH/J7+h21sp9fy /bZFD8DeggGukq6+VWe2QXXPDqjBtm+o+gSaA81NkkhfSoc/VZ/0qaV9MUyX1cphPw01 fcsLek+Xkx0a/U3wQTyn9sVrGSk72z3tzcmj8ff0iKJ3Vfvf6te0p5PITsIu5y/8ROZO 0lcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=rUWQF8SNLD3wFAs7D7NWrVe1YnReAFzszAGiE/rgB48=; fh=BsMg/B0Yb/hS/rzP5Npz4luh0IleZm8REk1XWiWRt2A=; b=Y4Z55/v0cmZK9z+OLWurkyqI7YMTQTUwNVuvt3wAChfJv1waYx/EIKXYmcDn65zdlw CyGSa+sfgIKLw3gyCJptIA8FVSeynEcs0FspX1ji6Zpizco7cSDY0cGhgSqmqgKE+oI+ bA87lB4Z5/b7tq7q/yRH7Uyi/99AGtIklqz4UWsqpNAWo2xCX42wGw1y3U6xnmRsuJWK BaMoGSuouUJURCErQt+2d3DWWRRf07lVX1F+MZnIIcAfTTPcxUyN0G8om8Lf1kFnjg10 OjGpj+3ZJ4uKQ307ApWT+Lw97duRxSdXqEx/yfJ51cvWzTLMRzOzCSYlbr37CXgKf/1R SifA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=UhRjEu4a; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=GE3CaN4J; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=kTBhqr2x; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b="G2M/i67q"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-440d85dff51si13382501fac.138.2026.06.08.06.33.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jun 2026 06:33:12 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=UhRjEu4a; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=GE3CaN4J; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=kTBhqr2x; dkim=neutral (body hash did not verify) header.i=@unstable.cc header.s=MBO0001 header.b="G2M/i67q"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:Cc: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=rUWQF8SNLD3wFAs7D7NWrVe1YnReAFzszAGiE/rgB48=; b=UhRjEu4aMoZxq2d2dbcy3pvWhR a9d0G6VHSrnyfRHU+ugHALS7hdHKFZpXmtjt4ZkoEWnuPW3jJJe8JVCd7JFhJsuv1alPjZ7nRDgVM 5d/+RnM2Y8nArHmAhaRTIguU61IZUcgD0RRNStCdtDf8QK7jtF5M319EGEj8H67u4xMU=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wWa6K-0001wK-BE; Mon, 08 Jun 2026 13:33:09 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wWa6J-0001wC-D4 for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=oUrXqBhmSv6hUIjm7a15fhpW2j0ChPArt7p7zWguUEE=; b=GE3CaN4JLtwDXlqa7ikyV5y1X/ 5bzp6Y1lxSttg4tLedoYaYgXQbiBVomm4no0G+M0XxCf2cokDADaFlJ3KYRMLb9EFdHr73dTWzIue rf7lDIOgzo3ZIykmC5oazXxO4g+qMpkRlwe30MUtdweDjtIdDukPRmasCT64ROhaxZNw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=oUrXqBhmSv6hUIjm7a15fhpW2j0ChPArt7p7zWguUEE=; b=kTBhqr2xmOGuLGXcbAb5eCQ1/W Zj4rt75W0A+G0P9G3zkeUVKuidg9RYviaZD3gzAaZvgIJS/bv7c9IkCYT8XhRQ0qgO0R9k5wkWJ5F jFB4DIOwrZntg5hmx9089+Cm0fDcA0kyJzkhZZMaEcIAnn1u8sqnhb91vU0GM8R9ZEzk=; Received: from mout-p-101.mailbox.org ([80.241.56.151]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wWa6F-0004wS-38 for openvpn-devel@lists.sourceforge.net; Mon, 08 Jun 2026 13:33:08 +0000 Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4gYtJq6Nztz9thr; Mon, 8 Jun 2026 15:32:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unstable.cc; s=MBO0001; t=1780925579; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oUrXqBhmSv6hUIjm7a15fhpW2j0ChPArt7p7zWguUEE=; b=G2M/i67quH8YxhFkZeZGTvlh+kMGwTHt5vghTDvL5jZrltKV6/SWG87YfjdOXMcncEYVHc Md2IdQMJOj9Mp2IZAvXveoht6VEHYUMAghkZNPP8AeGBZEz0xElZMaimGsUyyRuXRf2HPN 9ZmI9ERLaU17XeD7JZZNveE3Qw7ZmHX59GnfMTQam/NWh1J/6TmSWptnH4cAv9idRwtjYa g1WVxhTEd/Al7i/yz2z0raeuPNzdsKVZwHAPjriNGe1dDbnxnfm1E5CPMsvgo8PvzRIcY9 uwCyx/GyKudpdXgkbRBZIS9KJvK1KNDBoNbdGC1xlLZ0k0vTSsSrX5s5sUwJaA== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of a@unstable.cc designates 2001:67c:2050:b231:465::102 as permitted sender) smtp.mailfrom=a@unstable.cc From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Jun 2026 15:32:51 +0200 Message-ID: <20260608133251.3128542-9-a@unstable.cc> In-Reply-To: <20260608133251.3128542-1-a@unstable.cc> References: <20260608133251.3128542-1-a@unstable.cc> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4gYtJq6Nztz9thr X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Antonio Quartulli Netlink calls may access TCP global vars (i.e. when attaching a TCP socket), therefore we need to make sure the latters are initialized beforehand. For this reason move the global TCP initialization at the top of the module init function. Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wWa6F-0004wS-38 Subject: [Openvpn-devel] [PATCH ovpn net v2 9/9] ovpn: ensure TCP vars are initialized first X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1867435834549063503 X-GMAIL-MSGID: 1867435834549063503 From: Antonio Quartulli Netlink calls may access TCP global vars (i.e. when attaching a TCP socket), therefore we need to make sure the latters are initialized beforehand. For this reason move the global TCP initialization at the top of the module init function. Fixes: 11851cbd60ea ("ovpn: implement TCP transport") Signed-off-by: Antonio Quartulli --- drivers/net/ovpn/main.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/net/ovpn/main.c b/drivers/net/ovpn/main.c index a881510aaac0..0a88ca6bbf97 100644 --- a/drivers/net/ovpn/main.c +++ b/drivers/net/ovpn/main.c @@ -244,8 +244,14 @@ static struct rtnl_link_ops ovpn_link_ops = { static int __init ovpn_init(void) { - int err = rtnl_link_register(&ovpn_link_ops); + int err; + /* init TCP first so that any subsequent netlink operation + * is ensured to access initialized TCP global vars + */ + ovpn_tcp_init(); + + err = rtnl_link_register(&ovpn_link_ops); if (err) { pr_err("ovpn: can't register rtnl link ops: %d\n", err); return err; @@ -257,8 +263,6 @@ static int __init ovpn_init(void) goto unreg_rtnl; } - ovpn_tcp_init(); - return 0; unreg_rtnl: