From: Sabrina Dubroca <sd@queasysnail.net>
To: David Carlier <devnexen@gmail.com>
Cc: netdev@vger.kernel.org, Antonio Quartulli <antonio@openvpn.net>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH net 2/2] ovpn: respect peer refcount in CMD_NEW_PEER error path
Date: Tue, 12 May 2026 17:13:47 +0200 [thread overview]
Message-ID: <agNDqz_4aUnwkusN@krikkit> (raw)
In-Reply-To: <20260512042036.19870-3-devnexen@gmail.com>
2026-05-12, 05:19:13 +0100, David Carlier wrote:
> diff --git a/drivers/net/ovpn/netlink.c b/drivers/net/ovpn/netlink.c
> index 291e2e5bb450..4c66c1ec497e 100644
> --- a/drivers/net/ovpn/netlink.c
> +++ b/drivers/net/ovpn/netlink.c
> @@ -462,10 +462,12 @@ int ovpn_nl_peer_new_doit(struct sk_buff *skb, struct genl_info *info)
> sock_release:
> ovpn_socket_release(peer);
> peer_release:
> - /* release right away because peer was not yet hashed, thus it is not
> - * used in any context
> + /* For UDP, the peer is unreachable until added to the hashtables, so
> + * dropping the initial reference is enough. For TCP, the peer may be
> + * concurrently reachable via sk_user_data->peer until
> + * ovpn_socket_release() detaches; rely on the refcount.
> */
> - ovpn_peer_release(peer);
> + ovpn_peer_put(peer);
>
> return ret;
> }
nit: after this change, ovpn_peer_release() is only used within
peer.c, and can become static.
I think it'd be nicer to do that now with a v2, but if Antonio wants
to pick this patch up directly, the fix LGTM:
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
--
Sabrina
next prev parent reply other threads:[~2026-05-12 15:13 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-12 4:19 [PATCH net 0/2] ovpn: fix TCP teardown UAF races David Carlier
2026-05-12 4:19 ` [PATCH net 1/2] ovpn: tcp - use cached peer pointer in ovpn_tcp_close() David Carlier
2026-05-12 4:29 ` Eric Dumazet
2026-05-12 4:56 ` David CARLIER
2026-05-12 7:29 ` Antonio Quartulli
2026-05-12 13:55 ` Antonio Quartulli
2026-05-12 14:11 ` Sabrina Dubroca
2026-05-12 14:17 ` Antonio Quartulli
2026-05-12 15:04 ` Sabrina Dubroca
2026-05-12 4:19 ` [PATCH net 2/2] ovpn: respect peer refcount in CMD_NEW_PEER error path David Carlier
2026-05-12 7:33 ` Antonio Quartulli
2026-05-12 15:13 ` Sabrina Dubroca [this message]
2026-05-13 9:10 ` Antonio Quartulli
2026-05-13 10:55 ` [PATCH net v2 0/2] ovpn: fix TCP teardown UAF races David Carlier
2026-05-14 14:20 ` Antonio Quartulli
2026-05-13 10:55 ` [PATCH v2 1/2] ovpn: tcp - use cached peer pointer in ovpn_tcp_close() David Carlier
2026-05-13 10:55 ` [PATCH v2 2/2] ovpn: respect peer refcount in CMD_NEW_PEER error path David Carlier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=agNDqz_4aUnwkusN@krikkit \
--to=sd@queasysnail.net \
--cc=andrew+netdev@lunn.ch \
--cc=antonio@openvpn.net \
--cc=davem@davemloft.net \
--cc=devnexen@gmail.com \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.