[PATCH net-next 7/8] tcp: use dst_dev_rcu() in... | netdev

[PATCH net-next 0/8] net: add rcu safety to dst->dev · Eric Dumazet <edumazet@google.com> · 2025-08-28
[PATCH net-next 1/8] net: dst: introduce dst->dev_rcu · Eric Dumazet <edumazet@google.com> · 2025-08-28
Re: [PATCH net-next 1/8] net: dst: introduce dst->dev_rcu · David Ahern <dsahern@kernel.org> · 2025-08-28
[PATCH net-next 2/8] ipv6: start using dst_dev_rcu() · Eric Dumazet <edumazet@google.com> · 2025-08-28
Re: [PATCH net-next 2/8] ipv6: start using dst_dev_rcu() · David Ahern <dsahern@kernel.org> · 2025-08-28
[PATCH net-next 3/8] ipv6: use RCU in ip6_xmit() · Eric Dumazet <edumazet@google.com> · 2025-08-28
Re: [PATCH net-next 3/8] ipv6: use RCU in ip6_xmit() · David Ahern <dsahern@kernel.org> · 2025-08-28
[PATCH net-next 4/8] ipv6: use RCU in ip6_output() · Eric Dumazet <edumazet@google.com> · 2025-08-28
Re: [PATCH net-next 4/8] ipv6: use RCU in ip6_output() · David Ahern <dsahern@kernel.org> · 2025-08-28
[PATCH net-next 5/8] net: use dst_dev_rcu() in sk_setup_caps() · Eric Dumazet <edumazet@google.com> · 2025-08-28
Re: [PATCH net-next 5/8] net: use dst_dev_rcu() in sk_setup_caps() · David Ahern <dsahern@kernel.org> · 2025-08-28
[PATCH net-next 6/8] tcp_metrics: use dst_dev_net_rcu() · Eric Dumazet <edumazet@google.com> · 2025-08-28
Re: [PATCH net-next 6/8] tcp_metrics: use dst_dev_net_rcu() · David Ahern <dsahern@kernel.org> · 2025-08-28
[PATCH net-next 7/8] tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() · Eric Dumazet <edumazet@google.com> · 2025-08-28
Re: [PATCH net-next 7/8] tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() · David Ahern <dsahern@kernel.org> · 2025-08-28
[PATCH net-next 8/8] ipv4: start using dst_dev_rcu() · Eric Dumazet <edumazet@google.com> · 2025-08-28
Re: [PATCH net-next 8/8] ipv4: start using dst_dev_rcu() · David Ahern <dsahern@kernel.org> · 2025-08-28
Re: [PATCH net-next 0/8] net: add rcu safety to dst->dev · patchwork-bot+netdevbpf@kernel.org · 2025-08-30

STALE275d

[PATCH net-next 7/8] tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()

From: Eric Dumazet <edumazet@google.com>
Date: 2025-08-28 19:58:47
Subsystem: networking [general], networking [tcp], the rest · Maintainers: "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Neal Cardwell, Linus Torvalds

Use RCU to avoid a pair of atomic operations and a potential
UAF on dst_dev()->flags.

Signed-off-by: Eric Dumazet <edumazet@google.com>
---
 net/ipv4/tcp_fastopen.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c
index f1884f0c9e523d50b2d120175cc94bc40b489dfb..7d945a527daf093f87882c7949e21058ed6df1cc 100644
--- a/net/ipv4/tcp_fastopen.c
+++ b/net/ipv4/tcp_fastopen.c

@@ -576,11 +576,12 @@ void tcp_fastopen_active_disable_ofo_check(struct sock *sk)
 		}
 	} else if (tp->syn_fastopen_ch &&
 		   atomic_read(&sock_net(sk)->ipv4.tfo_active_disable_times)) {
-		dst = sk_dst_get(sk);
-		dev = dst ? dst_dev(dst) : NULL;
+		rcu_read_lock();
+		dst = __sk_dst_get(sk);
+		dev = dst ? dst_dev_rcu(dst) : NULL;
 		if (!(dev && (dev->flags & IFF_LOOPBACK)))
 			atomic_set(&sock_net(sk)->ipv4.tfo_active_disable_times, 0);
-		dst_release(dst);
+		rcu_read_unlock();
 	}
 }

-- 
2.51.0.318.gd7df087d1a-goog

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help