| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250530101254.24044-1-antonio@openvpn.net>
Date: Fri, 30 May 2025 12:12:49 +0200
From: Antonio Quartulli <antonio@...nvpn.net>
To: netdev@...r.kernel.org
Cc: Antonio Quartulli <antonio@...nvpn.net>,
Sabrina Dubroca <sd@...asysnail.net>,
"David S . Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>
Subject: [PATCH net 0/5] pull request: fixes for ovpn 2025-05-30
Hi netdev-team,
I am targeting net this time as I see that ovpn has landed there.
In this batch you can find the following bug fixes:
Patch 1: when releasing a UDP socket we were wrongly invoking
setup_udp_tunnel_sock() with an empty config. This was not
properly shutting down the UDP encap state.
With this patch we simply undo what was done during setup.
Patch 2: ovpn was holding a reference to a 'struct socket'
without increasing its reference counter. This was intended
and worked as expected until we hit a race condition where
user space tries to close the socket while kernel space is
also releasing it. In this case the (struct socket *)->sk
member would disappear under our feet leading to a null-ptr-deref.
This patch fixes this issue by having struct ovpn_socket hold
a reference directly to the sk member while also increasing
its reference counter.
Patch 3: in case of errors along the TCP RX path (softirq)
we want to immediately delete the peer, but this operation may
sleep. With this patch we move the peer deletion to a scheduled
worker.
Patch 4 and 5 are instead fixing minor issues in the ovpn
kselftests.
Please pull or let me know of any issue
Thanks a lot,
Antonio
The following changes since commit f65dca1752b70ec4f678ae4dbdd5892335bcbbd8:
Merge tag 'linux-can-fixes-for-6.16-20250529' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can (2025-05-29 12:55:34 +0200)
are available in the Git repository at:
https://github.com/OpenVPN/ovpn-net-next tags/ovpn-net-next-20250530
for you to fetch changes up to 64a63e888318cf3259a549662411fa1bd8babb44:
selftest/net/ovpn: fix missing file (2025-05-30 11:45:27 +0200)
----------------------------------------------------------------
This bugfix batch includes the following changes:
* dropped bogus call to setup_udp_tunnel_sock() during
cleanup, substituted by proper state unwind
* fixed race condition between peer removal (by kernel
space) and socket closing (by user space)
* fixed sleep in atomic context along TCP RX error path
* fixes for ovpn kselftests
----------------------------------------------------------------
Antonio Quartulli (5):
ovpn: properly deconfigure UDP-tunnel
ovpn: ensure sk is still valid during cleanup
ovpn: avoid sleep in atomic context in TCP RX error path
selftest/net/ovpn: fix TCP socket creation
selftest/net/ovpn: fix missing file
drivers/net/ovpn/io.c | 8 +--
drivers/net/ovpn/netlink.c | 16 ++---
drivers/net/ovpn/peer.c | 4 +-
drivers/net/ovpn/socket.c | 68 +++++++++++---------
drivers/net/ovpn/socket.h | 4 +-
drivers/net/ovpn/tcp.c | 73 +++++++++++-----------
drivers/net/ovpn/tcp.h | 3 +-
drivers/net/ovpn/udp.c | 46 +++++++-------
drivers/net/ovpn/udp.h | 4 +-
tools/testing/selftests/net/ovpn/ovpn-cli.c | 1 +
tools/testing/selftests/net/ovpn/test-large-mtu.sh | 9 +++
11 files changed, 128 insertions(+), 108 deletions(-)
create mode 100755 tools/testing/selftests/net/ovpn/test-large-mtu.sh
Powered by blists - more mailing lists