[PATCH net 0/5] pull request: fixes for ovpn 2026-05-14

Netdev List
 help / color / mirror / Atom feed

From: Antonio Quartulli <antonio@openvpn.net>
To: netdev@vger.kernel.org
Cc: Sabrina Dubroca <sd@queasysnail.net>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	Ralf Lici <ralf@mandelbit.com>,
	Antonio Quartulli <antonio@openvpn.net>
Subject: [PATCH net 0/5] pull request: fixes for ovpn 2026-05-14
Date: Fri, 15 May 2026 01:15:39 +0200	[thread overview]
Message-ID: <20260514231544.795993-1-antonio@openvpn.net> (raw)

Hello netdev team,

This batch includes a few fixes for net. Specifically:

Patch 1 fixes the remaining of the selftests in order to avoid
TCP failures on slow kernels, where pings cannot be always
delivered on time.

Patch 2 fixes a RCU deref outside of the RCU read critical area.

Patch 3 fixes a potential UAF in case of a TCP peer that fails
to be added to the hash table, while being fully initialized.
In this scenario, potentially ongoing TCP socket syscalls would
attempt accessing a free'd peer.

Patch 4 fixes a race condition betwen interface teardown and a
new peer being added via netlink. The race condition would lead
to the "ghost peer" endlessly holding the netdev while the core
is waiting for it to be released.

Patch 5 fixes dev dstats updates by ensuring they are always
performed with BH disabled, to avoid concurrent updates on the
same CPU.

Please pull or let me know of any issue.

Thanks a lot,
	Antonio


The following changes since commit 93d809adc13001e9d3a3ceb8d1e60fae2fb740d6:

  Merge branch 'vsock-virtio-fix-vsockmon-tap-skb-construction' (2026-05-12 12:52:18 +0200)

are available in the Git repository at:

  https://github.com/OpenVPN/ovpn-net-next.git tags/ovpn-net-20260514

for you to fetch changes up to 0c0dddc07d272a8d25922e48041e8e4d2434df7e:

  ovpn: disable BHs when updating device stats (2026-05-15 00:43:55 +0200)

----------------------------------------------------------------
Included fixes:
* fix TCP selftest failures by reducing number of attempted pings
* fix RCU ptr deref outside of RCU read section
* fix UAF in case of TCP peer failed to be added to hashtable
* fix race condition between iface teardown and new peer being added
* ensure dstats are updated with BH disabled to avoid concurrency

----------------------------------------------------------------
Antonio Quartulli (1):
      ovpn: fix race between deleting interface and adding new peer

David Carlier (2):
      ovpn: tcp - use cached peer pointer in ovpn_tcp_close()
      ovpn: respect peer refcount in CMD_NEW_PEER error path

Ralf Lici (2):
      selftests: ovpn: reduce remaining ping flood counts
      ovpn: disable BHs when updating device stats

 drivers/net/ovpn/io.c                              | 12 +++++------
 drivers/net/ovpn/main.c                            | 12 ++---------
 drivers/net/ovpn/netlink.c                         |  8 +++++---
 drivers/net/ovpn/peer.c                            | 23 ++++++++++++++++++----
 drivers/net/ovpn/peer.h                            |  1 -
 drivers/net/ovpn/stats.h                           | 16 +++++++++++++++
 drivers/net/ovpn/tcp.c                             | 19 +++++++++++-------
 drivers/net/ovpn/udp.c                             |  2 +-
 .../selftests/net/ovpn/test-close-socket.sh        |  2 +-
 tools/testing/selftests/net/ovpn/test-mark.sh      |  6 +++---
 tools/testing/selftests/net/ovpn/test.sh           |  4 ++--
 11 files changed, 67 insertions(+), 38 deletions(-)

next             reply	other threads:[~2026-05-14 23:15 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-14 23:15 Antonio Quartulli [this message]
2026-05-14 23:15 ` [PATCH net 1/5] selftests: ovpn: reduce remaining ping flood counts Antonio Quartulli
2026-05-14 23:15 ` [PATCH net 2/5] ovpn: tcp - use cached peer pointer in ovpn_tcp_close() Antonio Quartulli
2026-05-14 23:15 ` [PATCH net 3/5] ovpn: respect peer refcount in CMD_NEW_PEER error path Antonio Quartulli
2026-05-14 23:15 ` [PATCH net 4/5] ovpn: fix race between deleting interface and adding new peer Antonio Quartulli
2026-05-14 23:15 ` [PATCH net 5/5] ovpn: disable BHs when updating device stats Antonio Quartulli

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260514231544.795993-1-antonio@openvpn.net \
    --to=antonio@openvpn.net \
    --cc=andrew+netdev@lunn.ch \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=ralf@mandelbit.com \
    --cc=sd@queasysnail.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox