4 Feb
2025
4 Feb
'25
4:18 p.m.
2025-02-03, 10:52:41 +0100, Sabrina Dubroca wrote:
2025-01-13, 10:31:26 +0100, Antonio Quartulli wrote:
+static void ovpn_encrypt_post(struct sk_buff *skb, int ret) +{
- struct ovpn_peer *peer = ovpn_skb_cb(skb)->peer;
- if (unlikely(ret < 0))
goto err;- skb_mark_not_on_list(skb);
- switch (peer->sock->sock->sk->sk_protocol) {
We have a ref on the peer, but not on the ovpn_sock. DEL_PEER could have detached the sock by the time the crypto completes.
(unfortunately I don't have any idea to fix this yet)
Maybe an idea:
Since ovpn_sock itself lives under RCU (because of sk_user_data), peer->sock should be an RCU pointer and also follow RCU rules. For most parts (io.c, netlink.c) the conversion is not too problematic. TCP is more difficult.
I still need to think about whether this works, and whether this is worth the complexity, or if we could solve this in another way.
--
Sabrina