From: Paolo Abeni <pabeni@redhat.com>
To: Antonio Quartulli <antonio@openvpn.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Donald Hunter <donald.hunter@gmail.com>,
Shuah Khan <shuah@kernel.org>,
sd@queasysnail.net, ryazanov.s.a@gmail.com,
Andrew Lunn <andrew@lunn.ch>
Cc: Simon Horman <horms@kernel.org>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH net-next v12 17/22] ovpn: implement peer add/get/dump/delete via netlink
Date: Tue, 3 Dec 2024 18:46:43 +0100 [thread overview]
Message-ID: <c6ec324f-dcfe-46c0-8bfb-1af77c03cb59@redhat.com> (raw)
In-Reply-To: <20241202-b4-ovpn-v12-17-239ff733bf97@openvpn.net>
On 12/2/24 16:07, Antonio Quartulli wrote:
> +/**
> + * ovpn_nl_peer_modify - modify the peer attributes according to the incoming msg
> + * @peer: the peer to modify
> + * @info: generic netlink info from the user request
> + * @attrs: the attributes from the user request
> + *
> + * Return: a negative error code in case of failure, 0 on success or 1 on
> + * success and the VPN IPs have been modified (requires rehashing in MP
> + * mode)
> + */
> +static int ovpn_nl_peer_modify(struct ovpn_peer *peer, struct genl_info *info,
> + struct nlattr **attrs)
> +{
> + struct sockaddr_storage ss = {};
> + u32 sockfd, interv, timeout;
> + struct socket *sock = NULL;
> + u8 *local_ip = NULL;
> + bool rehash = false;
> + int ret;
> +
> + if (attrs[OVPN_A_PEER_SOCKET]) {
> + if (peer->sock) {
> + NL_SET_ERR_MSG_FMT_MOD(info->extack,
> + "peer socket can't be modified");
> + return -EINVAL;
> + }
> +
> + /* lookup the fd in the kernel table and extract the socket
> + * object
> + */
> + sockfd = nla_get_u32(attrs[OVPN_A_PEER_SOCKET]);
> + /* sockfd_lookup() increases sock's refcounter */
> + sock = sockfd_lookup(sockfd, &ret);
> + if (!sock) {
> + NL_SET_ERR_MSG_FMT_MOD(info->extack,
> + "cannot lookup peer socket (fd=%u): %d",
> + sockfd, ret);
> + return -ENOTSOCK;
> + }
> +
> + /* Only when using UDP as transport protocol the remote endpoint
> + * can be configured so that ovpn knows where to send packets
> + * to.
> + *
> + * In case of TCP, the socket is connected to the peer and ovpn
> + * will just send bytes over it, without the need to specify a
> + * destination.
> + */
> + if (sock->sk->sk_protocol != IPPROTO_UDP &&
> + (attrs[OVPN_A_PEER_REMOTE_IPV4] ||
> + attrs[OVPN_A_PEER_REMOTE_IPV6])) {
> + NL_SET_ERR_MSG_FMT_MOD(info->extack,
> + "unexpected remote IP address for non UDP socket");
> + sockfd_put(sock);
> + return -EINVAL;
> + }
> +
> + peer->sock = ovpn_socket_new(sock, peer);
> + if (IS_ERR(peer->sock)) {
> + NL_SET_ERR_MSG_FMT_MOD(info->extack,
> + "cannot encapsulate socket: %ld",
> + PTR_ERR(peer->sock));
> + sockfd_put(sock);
> + peer->sock = NULL;
This looks race-prone. If any other CPU can do concurrent read access to
peer->sock it could observe an invalid pointer
Even if such race does not exist, it would be cleaner store
ovpn_socket_new() return value in a local variable and set peer->sock
only on successful creation.
/P
next prev parent reply other threads:[~2024-12-03 17:46 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-02 15:07 [PATCH net-next v12 00/22] Introducing OpenVPN Data Channel Offload Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 01/22] net: introduce OpenVPN Data Channel Offload (ovpn) Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 02/22] ovpn: add basic netlink support Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 03/22] ovpn: add basic interface creation/destruction/management routines Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 04/22] ovpn: keep carrier always on for MP interfaces Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 05/22] ovpn: introduce the ovpn_peer object Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 06/22] ovpn: introduce the ovpn_socket object Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 07/22] ovpn: implement basic TX path (UDP) Antonio Quartulli
2024-12-03 14:55 ` Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 08/22] ovpn: implement basic RX " Antonio Quartulli
2024-12-03 14:34 ` Paolo Abeni
2024-12-03 14:38 ` Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 09/22] ovpn: implement packet processing Antonio Quartulli
2024-12-03 14:58 ` Paolo Abeni
2024-12-03 15:04 ` Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 10/22] ovpn: store tunnel and transport statistics Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 11/22] ovpn: implement TCP transport Antonio Quartulli
2024-12-03 15:19 ` Paolo Abeni
2024-12-04 11:15 ` Antonio Quartulli
2024-12-04 21:37 ` Antonio Quartulli
2024-12-04 22:52 ` Antonio Quartulli
2024-12-04 23:09 ` Antonio Quartulli
2024-12-09 10:46 ` Matthieu Baerts
2024-12-09 10:58 ` Antonio Quartulli
2024-12-09 11:31 ` Matthieu Baerts
2024-12-09 14:08 ` Antonio Quartulli
2024-12-09 16:26 ` Matthieu Baerts
2024-12-02 15:07 ` [PATCH net-next v12 12/22] ovpn: implement multi-peer support Antonio Quartulli
2024-12-05 10:33 ` Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 13/22] ovpn: implement peer lookup logic Antonio Quartulli
2024-12-03 14:58 ` Antonio Quartulli
2024-12-03 16:09 ` Sabrina Dubroca
2024-12-04 8:28 ` Antonio Quartulli
2024-12-04 14:13 ` Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 14/22] ovpn: implement keepalive mechanism Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 15/22] ovpn: add support for updating local UDP endpoint Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 16/22] ovpn: add support for peer floating Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 17/22] ovpn: implement peer add/get/dump/delete via netlink Antonio Quartulli
2024-12-03 17:46 ` Paolo Abeni [this message]
2024-12-04 8:43 ` Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 18/22] ovpn: implement key add/get/del/swap " Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 19/22] ovpn: kill key and notify userspace in case of IV exhaustion Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 20/22] ovpn: notify userspace when a peer is deleted Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 21/22] ovpn: add basic ethtool support Antonio Quartulli
2024-12-02 15:07 ` [PATCH net-next v12 22/22] testing/selftests: add test tool and scripts for ovpn module Antonio Quartulli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c6ec324f-dcfe-46c0-8bfb-1af77c03cb59@redhat.com \
--to=pabeni@redhat.com \
--cc=andrew@lunn.ch \
--cc=antonio@openvpn.net \
--cc=donald.hunter@gmail.com \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=ryazanov.s.a@gmail.com \
--cc=sd@queasysnail.net \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox