lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250530101254.24044-1-antonio@openvpn.net>
Date: Fri, 30 May 2025 12:12:49 +0200
From: Antonio Quartulli <antonio@...nvpn.net>
To: netdev@...r.kernel.org
Cc: Antonio Quartulli <antonio@...nvpn.net>,
	Sabrina Dubroca <sd@...asysnail.net>,
	"David S . Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>
Subject: [PATCH net 0/5] pull request: fixes for ovpn 2025-05-30

Hi netdev-team,
I am targeting net this time as I see that ovpn has landed there.

In this batch you can find the following bug fixes:

Patch 1: when releasing a UDP socket we were wrongly invoking
setup_udp_tunnel_sock() with an empty config. This was not
properly shutting down the UDP encap state.
With this patch we simply undo what was done during setup.

Patch 2: ovpn was holding a reference to a 'struct socket'
without increasing its reference counter. This was intended
and worked as expected until we hit a race condition where
user space tries to close the socket while kernel space is
also releasing it. In this case the (struct socket *)->sk
member would disappear under our feet leading to a null-ptr-deref.
This patch fixes this issue by having struct ovpn_socket hold
a reference directly to the sk member while also increasing
its reference counter.

Patch 3: in case of errors along the TCP RX path (softirq)
we want to immediately delete the peer, but this operation may
sleep. With this patch we move the peer deletion to a scheduled
worker.

Patch 4 and 5 are instead fixing minor issues in the ovpn
kselftests.


Please pull or let me know of any issue


Thanks a lot,
Antonio



The following changes since commit f65dca1752b70ec4f678ae4dbdd5892335bcbbd8:

  Merge tag 'linux-can-fixes-for-6.16-20250529' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can (2025-05-29 12:55:34 +0200)

are available in the Git repository at:

  https://github.com/OpenVPN/ovpn-net-next tags/ovpn-net-next-20250530

for you to fetch changes up to 64a63e888318cf3259a549662411fa1bd8babb44:

  selftest/net/ovpn: fix missing file (2025-05-30 11:45:27 +0200)

----------------------------------------------------------------
This bugfix batch includes the following changes:
* dropped bogus call to setup_udp_tunnel_sock() during
  cleanup, substituted by proper state unwind
* fixed race condition between peer removal (by kernel
  space) and socket closing (by user space)
* fixed sleep in atomic context along TCP RX error path
* fixes for ovpn kselftests

----------------------------------------------------------------
Antonio Quartulli (5):
      ovpn: properly deconfigure UDP-tunnel
      ovpn: ensure sk is still valid during cleanup
      ovpn: avoid sleep in atomic context in TCP RX error path
      selftest/net/ovpn: fix TCP socket creation
      selftest/net/ovpn: fix missing file

 drivers/net/ovpn/io.c                              |  8 +--
 drivers/net/ovpn/netlink.c                         | 16 ++---
 drivers/net/ovpn/peer.c                            |  4 +-
 drivers/net/ovpn/socket.c                          | 68 +++++++++++---------
 drivers/net/ovpn/socket.h                          |  4 +-
 drivers/net/ovpn/tcp.c                             | 73 +++++++++++-----------
 drivers/net/ovpn/tcp.h                             |  3 +-
 drivers/net/ovpn/udp.c                             | 46 +++++++-------
 drivers/net/ovpn/udp.h                             |  4 +-
 tools/testing/selftests/net/ovpn/ovpn-cli.c        |  1 +
 tools/testing/selftests/net/ovpn/test-large-mtu.sh |  9 +++
 11 files changed, 128 insertions(+), 108 deletions(-)
 create mode 100755 tools/testing/selftests/net/ovpn/test-large-mtu.sh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ