tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Use RCU to avoid a pair of atomic operations and a potential
UAF on dst_dev()->flags.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20250828195823.3958522-8-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Eric Dumazet and committed by

Jakub Kicinski 7 months ago b62a59c1 50c127a6

+4 -3

1 changed file

expand all

net

ipv4

tcp_fastopen.c

+4 -3

net/ipv4/tcp_fastopen.c

··· 576 576 } 577 577 } else if (tp->syn_fastopen_ch && 578 578 atomic_read(&sock_net(sk)->ipv4.tfo_active_disable_times)) { 579 - dst = sk_dst_get(sk); 580 - dev = dst ? dst_dev(dst) : NULL; 579 + rcu_read_lock(); 580 + dst = __sk_dst_get(sk); 581 + dev = dst ? dst_dev_rcu(dst) : NULL; 581 582 if (!(dev && (dev->flags & IFF_LOOPBACK))) 582 583 atomic_set(&sock_net(sk)->ipv4.tfo_active_disable_times, 0); 583 - dst_release(dst); 584 + rcu_read_unlock(); 584 585 } 585 586 } 586 587