summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2025-08-28 19:58:22 +0000
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2025-11-13 15:34:17 -0500
commitbc2b881a0896c111c1041d8bb1f92a3b3873ace5 (patch)
tree7f847a51373bdcae7f3b7e486349782dff93c038 /net
parent047c08808c22db39ebb44fc50908089756f45ad9 (diff)
downloadlinux-bc2b881a0896c111c1041d8bb1f92a3b3873ace5.tar.gz
linux-bc2b881a0896c111c1041d8bb1f92a3b3873ace5.tar.bz2
linux-bc2b881a0896c111c1041d8bb1f92a3b3873ace5.zip
tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
[ Upstream commit b62a59c18b692f892dcb8109c1c2e653b2abc95c ] Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags. Signed-off-by: Eric Dumazet <edumazet@google.com> Reviewed-by: David Ahern <dsahern@kernel.org> Link: https://patch.msgid.link/20250828195823.3958522-8-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/tcp_fastopen.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
index 86c995dc1c5e..f9460e7531ba 100644
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c
@@ -575,11 +575,12 @@ void tcp_fastopen_active_disable_ofo_check(struct sock *sk)
}
} else if (tp->syn_fastopen_ch &&
atomic_read(&sock_net(sk)->ipv4.tfo_active_disable_times)) {
- dst = sk_dst_get(sk);
- dev = dst ? dst_dev(dst) : NULL;
+ rcu_read_lock();
+ dst = __sk_dst_get(sk);
+ dev = dst ? dst_dev_rcu(dst) : NULL;
if (!(dev && (dev->flags & IFF_LOOPBACK)))
atomic_set(&sock_net(sk)->ipv4.tfo_active_disable_times, 0);
- dst_release(dst);
+ rcu_read_unlock();
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-06 18:19:44 +0000