From nobody Sat Oct 4 21:01:18 2025 Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BCBB2F8BC4; Tue, 12 Aug 2025 15:52:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013970; cv=none; b=nKyED6qyX8k6hpz4XTXsyJqU89ao4+vEDsj5ExalxcoTDXhVSJjgTB09Pa6N2RfX3ffFf1q1C1SoC78+YLGJP8/aZ5P5fc6GsQmaFOdjddOFj518KEb4r14aL8bVZFJ3TVJG7/UWNVA02k7WtJ6HUPHElNPxphFzPtbWPXrmLWY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013970; c=relaxed/simple; bh=vvOHe9u+/zNDaZKxeW2eoRXHJCvHl2v5R/bFdM2LQis=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ifyF6LZySsez7NO35/TTWV/yHxjo333NXEfQ05gVXIQ+6bS+5p3HnDSvCLIKr8ZhCBp4Zxi2UQfjY3QJuFPwjkd1oI4isvwj169Qo4hRhHcbiaOU2dpWN4PPBGDiihjsZxLvucl3qNy7Q2qfMvQUr5WpNLiIe6bHSqsvfGebJd8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.214.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-24306318aeeso5098455ad.1; Tue, 12 Aug 2025 08:52:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755013968; x=1755618768; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5xhittB1Z3BFmPBedtymhQdJl4mLRLMPRy6NV0jWS1k=; b=VXU6sli/wmPCSRLf36NwMDbfAGGjy82gw+e/OpYski5x3Tj7/5FPPEj86hTKFP6KaJ qOyOZXgwY6cxiv/5n0TdtKEJsf7Bec5BVFACOFXDe1PT2bClFy0b5vXmWBiUTphV41j4 Nx/ph3BZhSnemDay7rz7pjF6O71QylZ2AoGWejpI0soCyq//kQgmge2i9PZ6SpVdUfzs ZVGtXvheeXr+OpK0j8orOWiHM51ZdHe3NX/EEJuUhU36940xExbNMtKq1Y1BgihhJuR+ MKR89pM20cVcTKZZzRQ56owuilwV1TDHqCW5wG5VFM8S2C/Ib3yB+nQ2k3VO9yroNPZA RQJw== X-Forwarded-Encrypted: i=1; AJvYcCWKVeeAUmaO4r9GFN4fNLjNZpsj2dDgzVf1iUn3hbZyiGVwX7Zs4wWml9edGpY0QwIbXMKtT4l3vAxAaCw=@vger.kernel.org, AJvYcCXVIvwAFiCTUiJOQFA7bMYooASWQeJ4fNKIl//FsED+cG0f03RIzTljA74PgiRNepCekGJoBuVW1GOxFq3wHUUk@vger.kernel.org X-Gm-Message-State: AOJu0YwsW/exyKQs3xs1KzW41ZW3cjSG+Ntbc7aY+ANPW13tV5ris6VU C+8PDZ77ZosTt5nb/clqZQrJQ9OqqFlZQ3pLkZ2S5zRU/HOqAXCweajV6JWh X-Gm-Gg: ASbGncu8RL44rEN7876vKN3wlpe0vEQ7at/y69avMPLCPvkzP7exq5YCPqHo5fl797f jwxF6n7OcYTwkrMHrMWZK/AE0HRW0qucwRgPbhKFm3vvwyE+6CBj5q7QV4AlVi80xhlRPd3ARVT oSBwVGvBX0Y7XEwTyLHy4GX0GWFxy4RgMunDOUekaVpPXkiQkfV/aAqdvmKEWLA5+oJ0y41mM6U zBJ5mjx6YQWAfwYuy9x5zwtg8sezO951+nZ0GpH0UUeCVLm0cdBNacx7S6TMShRHeJ+Yzn6zDaA UQkqRELv/kELSsf3PRVi3ti/lNSoW2ip0w46t1cUG/xL6jb0leJ/mbSkw/8UDoQ600gAl7vbN9r 8BauRoT24mJuz6poh2mT2obpNo7TD+rzwweoBZIdSK6jwK3j8KUnirgUEgY8= X-Google-Smtp-Source: AGHT+IFoG9C56EZHwN/MxrzFFA3UJZXB7gFcizSUrt7Y/XjCXBdEhjPeu8ZIdfLSs1+cGeiDc4xfCg== X-Received: by 2002:a17:903:1aac:b0:243:3da:17bb with SMTP id d9443c01a7336-2430c10d63fmr3177625ad.32.1755013967516; Tue, 12 Aug 2025 08:52:47 -0700 (PDT) Received: from localhost (c-73-158-218-242.hsd1.ca.comcast.net. [73.158.218.242]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-241e899b4adsm304377985ad.132.2025.08.12.08.52.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Aug 2025 08:52:47 -0700 (PDT) From: Stanislav Fomichev To: netdev@vger.kernel.org Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, ayush.sawal@chelsio.com, andrew+netdev@lunn.ch, gregkh@linuxfoundation.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, steffen.klassert@secunet.com, sdf@fomichev.me, mhal@rbox.co, abhishektamboli9@gmail.com, linux-kernel@vger.kernel.org, linux-staging@lists.linux.dev, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, herbert@gondor.apana.org.au Subject: [PATCH net-next 1/7] net: Add skb_dst_reset and skb_dst_restore Date: Tue, 12 Aug 2025 08:52:39 -0700 Message-ID: <20250812155245.507012-2-sdf@fomichev.me> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250812155245.507012-1-sdf@fomichev.me> References: <20250812155245.507012-1-sdf@fomichev.me> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Going forward skb_dst_set will assert that skb dst_entry is empty during skb_dst_set to prevent potential leaks. There are few places that still manually manage dst_entry not using the helpers. Convert them to the following new helpers: - skb_dst_reset that resets dst_entry and returns previous dst_entry value - skb_dst_restore that restores dst_entry previously reset via skb_dst_rest= ore Signed-off-by: Stanislav Fomichev Tested-by: syzbot@syzkaller.appspotmail.com --- include/linux/skbuff.h | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 14b923ddb6df..8240e0826204 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -1159,6 +1159,37 @@ static inline struct dst_entry *skb_dst(const struct= sk_buff *skb) return (struct dst_entry *)(skb->_skb_refdst & SKB_DST_PTRMASK); } =20 +/** + * skb_dst_reset() - return current dst_entry value and clear it + * @skb: buffer + * + * Resets skb dst_entry without adjusting its reference count. Useful in + * cases where dst_entry needs to be temporarily reset and restored. + * Note that the returned value cannot be used directly because it + * might contain SKB_DST_NOREF bit. + * + * When in doubt, prefer skb_dst_drop() over skb_dst_reset() to correctly + * handle dst_entry reference counting. + * + * Returns: original skb dst_entry. + */ +static inline unsigned long skb_dst_reset(struct sk_buff *skb) +{ + unsigned long refdst =3D skb->_skb_refdst; + + skb->_skb_refdst =3D 0; + return refdst; +} + +/** + * skb_dst_restore() - restore skb dst_entry saved via skb_dst_reset + * @skb: buffer + */ +static inline void skb_dst_restore(struct sk_buff *skb, unsigned long refd= st) +{ + skb->_skb_refdst =3D refdst; +} + /** * skb_dst_set - sets skb dst * @skb: buffer --=20 2.50.1 From nobody Sat Oct 4 21:01:18 2025 Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A6BD2F8BD8; Tue, 12 Aug 2025 15:52:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013970; cv=none; b=c3YYqtgM4l1WrnNJkDsKF1fXAbJkfcarMNBDWNZre4QsFvfnM1/NwecBo6EKDg+rm1pb+oNZcycNa9YkvL2ebhA4PgJdQ2ivdwF19y22PGaUx9ntpup+/Aff8jLDWJphBMj6mcD7KIsCTDlsSk8nseJprW4LIFt6rT2ZRyG4KRY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013970; c=relaxed/simple; bh=Y6yt61AOmS8VLZtjJ1BuuUWNqePIcTOn+4ook9c6mRM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NQ+8hspQe6Kr6XSUWsBH20H8Rle1YXSDHgj5G/g1MyfZLQ4WUqlrNFEdnNtR5CrsOj0wU6SDMMm9mRjMqsg2QJs+1hx/Rbd+XyYkOVYHuaARLE4U7QJ99m6EATBSOdIgB1mIqUo4Da9xarFyXefnJUZXZoQBG5sOyjbyyBXu+bA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.210.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-76bed310fa1so4853850b3a.2; Tue, 12 Aug 2025 08:52:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755013969; x=1755618769; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qmQTgKFXI0yRI1h+Wuwej2H5g2T+K6OFKy/n9+ooPsI=; b=rkhiSYqB3SRqv63VXadYYzCCKq5om3JlN2SgnrKTmr47HNpFkS51eQOaWJ4XE53M1N o0/9mgCpwsFiCjwPoVhXfbZ3FZDexfBiCpSJ62wYGZPmvjUt1TYme18U5F8ES2929UEC C04t7uvUPyH0cWvzS0QU8JMXiFITdhuXEWsiy/usvYqn+hUAltGoquYwG9KidQVcUu4o 5Ts0rYmsUD7nQxNj9LAsLbBKy+NjCSgvAeJm1znoKkRZm/koCCqgohzt8j6kX/w3GMj9 UMyOHqvqxyDnkpUsz1Y/RK1wBbOfr8cHUkm2jmU+jF4GhOsQL9iciRvo9U8XQ3skvmy/ D+FQ== X-Forwarded-Encrypted: i=1; AJvYcCUoDFgyT76x68VYZXa3oJEnYVpmI+HpzuB3yoivc1Lk0kX8yOMR4RPVsFTRk6bjpUz/IGPejSoShEOrw1gZojfK@vger.kernel.org, AJvYcCVkdkClJC8Xd9d2ZUQatB2Uq01jOfZTQoYkydR+M/mmOiI3oWU9ioRUfVPtT2+ZQPaE9GXzCmPKVkNX6H8=@vger.kernel.org X-Gm-Message-State: AOJu0YxOsEW4U7/m4FeY5f7+t7gKCX37GKSBQN+RTEfpTUlfLgQ90yLG ljGc5JFBQTexY1Hl/pZ0eYEFuTSB8KgJh10HTonFgauYUYwxWkH5mW9JJ6qv X-Gm-Gg: ASbGnct1QIDYRsnI+NHBEHXwfuzx/Bo/eJTmexX3Aa063TAh7MBkBK/6a0MTY97Aoty fB0bevkX43OhESpRZKmp+PiMqxu20HDSZssxlF8YMiv6sp0svWsd4DZS2Zz3lTeButiPyE61Mf8 tf8sdvX1bMzRwhzoulz7O0yp6fxIyfF8WSKWlSCCogNKP3yMgqntNN6C5kMWSqFnKXnoVwQAc0N PwQVMACEWVWALROwqPZXIrzfhXMVSePqR3OGggyJxJmL/gq9jR7TdPs6UzeZNVzRTwk2tu6VK9d sKGxGOF/P/CN23kwz7V6VPovN5wg8K5B4fnt/OZ04UzpEy9ej14EzRZKMvexcb65w5NFkgLeBnj LmB56poo4bulqUTFtqnzAzh9Q9n/woE3Jndsx+UAKArROAy0tgK9qBmGTX/4= X-Google-Smtp-Source: AGHT+IGJSjbc3JsMK2uU2uNHTgltCW9hcJeoyzvVY/wYRm8KIQ5ucZ82mLJT2TdzcjIEdgViuEX/LA== X-Received: by 2002:a17:902:c94f:b0:23f:f983:5ca1 with SMTP id d9443c01a7336-2430c01c8f1mr2953545ad.12.1755013968571; Tue, 12 Aug 2025 08:52:48 -0700 (PDT) Received: from localhost (c-73-158-218-242.hsd1.ca.comcast.net. [73.158.218.242]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-241e899d347sm300038675ad.140.2025.08.12.08.52.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Aug 2025 08:52:48 -0700 (PDT) From: Stanislav Fomichev To: netdev@vger.kernel.org Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, ayush.sawal@chelsio.com, andrew+netdev@lunn.ch, gregkh@linuxfoundation.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, steffen.klassert@secunet.com, sdf@fomichev.me, mhal@rbox.co, abhishektamboli9@gmail.com, linux-kernel@vger.kernel.org, linux-staging@lists.linux.dev, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, herbert@gondor.apana.org.au Subject: [PATCH net-next 2/7] xfrm: Switch to skb_dst_reset to clear dst_entry Date: Tue, 12 Aug 2025 08:52:40 -0700 Message-ID: <20250812155245.507012-3-sdf@fomichev.me> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250812155245.507012-1-sdf@fomichev.me> References: <20250812155245.507012-1-sdf@fomichev.me> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Going forward skb_dst_set will assert that skb dst_entry is empty during skb_dst_set. skb_dst_reset is added to reset existing entry without doing refcnt. Switch to skb_dst_reset in __xfrm_route_forward and add a comment on why it's safe to skip skb_dst_restore. Signed-off-by: Stanislav Fomichev Tested-by: syzbot@syzkaller.appspotmail.com --- net/xfrm/xfrm_policy.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index c5035a9bc3bb..a5ffe26b64d5 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -3881,12 +3881,18 @@ int __xfrm_route_forward(struct sk_buff *skb, unsig= ned short family) } =20 skb_dst_force(skb); - if (!skb_dst(skb)) { + dst =3D skb_dst(skb); + if (!dst) { XFRM_INC_STATS(net, LINUX_MIB_XFRMFWDHDRERROR); return 0; } =20 - dst =3D xfrm_lookup(net, skb_dst(skb), &fl, NULL, XFRM_LOOKUP_QUEUE); + /* ignore return value from skb_dst_reset, xfrm_lookup takes + * care of dropping the refcnt if needed. + */ + skb_dst_reset(skb); + + dst =3D xfrm_lookup(net, dst, &fl, NULL, XFRM_LOOKUP_QUEUE); if (IS_ERR(dst)) { res =3D 0; dst =3D NULL; --=20 2.50.1 From nobody Sat Oct 4 21:01:18 2025 Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F83C2F8BF7; Tue, 12 Aug 2025 15:52:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013972; cv=none; b=T/0Y9xJHEEvJ6EjFvOtSKI0YnqQVyGAEID9sEtkHphAQh8V8Zp3oTx/Gct8jghNy6N5v1m/TXjoGXzzHbR6tEHL+iaPp+UBs8EV2x6EEy1e5gL7bXDTmdHiYih2uyVO8FtVoHxQu0CduAkz1AW7v4RIg9sgrd0TV4CuQv06ujuU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013972; c=relaxed/simple; bh=fXCtUvE3yZ8Ta3ENIVmkZfYuYynYoj4o1BaMKekS+tQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=h0cwxyEuuZl0vtqDA0E+ZQ7RhJ3umSqGj2JoKB6jBxnYhFCePgS+QOkTkKxsKmVnM42G4dm6dlW0UEW3jYIewau2YzPis1eoaBxWh3ZxPsVmqx/1X2iXawQMluZyrjQNv1Llns+V2iRQRnF/vmzl8dPt5ICYdloY0t8Bf8E5d4c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.216.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pj1-f51.google.com with SMTP id 98e67ed59e1d1-31ecd40352fso5001553a91.2; Tue, 12 Aug 2025 08:52:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755013969; x=1755618769; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gZ2PNbTnzBBRXiHAIHDOCvJVs332KZDFwAXo2dsewkU=; b=EougUcT86cWxInPR9oxemeZ2y4RYjfJffsN0ILS56dYusLJUyy2c/6r7bE5iouKCjw 7LQdjJeP2tHLErnv+rLu+tq0ltadvfYQ+rLbxbvIMIzqTEk+OtnjevaEWeD11j2sRGp3 kUgQVpgHGovqoUsjbVNfe/HvX4SYjDYN/BiAUnMpuKMwk5s1Q3SNSKLwFXT83lJMnlT3 7W5FG7qDjp0tLAO5bAqoXy/n3BhR+WpKX+5pA/RomyNp4ltDIg0vTj+TfnxllRmqfWHo gyfSmKW7B5+87mYLoVNDqNiqf1TsEbEPFptJ9jLPcEbhS+GXkmwgU/TVx0QWVATpwR6i MmgQ== X-Forwarded-Encrypted: i=1; AJvYcCVESpRdBbuMAryK0yvzNvvZB68kv91AEQSCM1Bv2Z6TuC210hZgQGxGshwQkrJUyhfVQKMnupnwXIlb5JQ=@vger.kernel.org, AJvYcCWl4EqJOADLBFfTKXzJuW50Na04d1gHMpQUNsz3Wm0TJHs8FFaWYqvNwNxjgJax4JnivdJ4+a6EOIxiplRT+uSN@vger.kernel.org X-Gm-Message-State: AOJu0Yyzo96kxrK8L6ZTJhYSCr++zHi0MlBW0+ZQ2PTI8uqG1tEan/Tw AquLAdIEw4p6oflBad6eYo6K9STSeRTs8tW7r7lLxydLZUHiucQQG+Uehos3 X-Gm-Gg: ASbGncviSUcSBB0nYcIQaUMJQjz/v4OVoP4rKNgw8Zpv9q5EyOGujatKMY54IyXu9K7 R6R/vRYFBCFacaMpJ8XULmixyCSarg3oyEKAXsSnQrcjvAhRXqeRErgm017FZBqHA/eSQNoBS3H 2SjgyBXNQukOFmy91hUwCjrDbdclutOH+TyS2lCn9m0FaM1eZzfq0sOHcOlY9xKzsvruKSBsGeO dxuk17ltt/awG+/2wxF83X5UApCq9N6rrsjipNE0aLenb5y2bN4eDUC55CmkFjcVX/EWTyeObLr nTP5AlBq5rDdhE3NheqL6ZPoJB2Bh/05Pi1nOWGUq6xI969eDOGSc55pLTIfrRTQCs8mFmqFC8h LGiLr/fxqDoRAWVriVdj8IwH5F6AbbnJ5NrTmXfUCLwieHaHktio/AedeeZA= X-Google-Smtp-Source: AGHT+IG5NYGRXdG18GJL96gJWerOeV9DFgASgRy1fmywR5uXPOGO/k6Sov9SDfx/URQS3SioUvKMIg== X-Received: by 2002:a17:90b:48:b0:312:26d9:d5b2 with SMTP id 98e67ed59e1d1-321cf614e8amr157587a91.0.1755013969520; Tue, 12 Aug 2025 08:52:49 -0700 (PDT) Received: from localhost (c-73-158-218-242.hsd1.ca.comcast.net. [73.158.218.242]) by smtp.gmail.com with UTF8SMTPSA id 98e67ed59e1d1-321c2be2c2csm2278407a91.12.2025.08.12.08.52.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Aug 2025 08:52:49 -0700 (PDT) From: Stanislav Fomichev To: netdev@vger.kernel.org Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, ayush.sawal@chelsio.com, andrew+netdev@lunn.ch, gregkh@linuxfoundation.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, steffen.klassert@secunet.com, sdf@fomichev.me, mhal@rbox.co, abhishektamboli9@gmail.com, linux-kernel@vger.kernel.org, linux-staging@lists.linux.dev, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, herbert@gondor.apana.org.au Subject: [PATCH net-next 3/7] netfilter: Switch to skb_dst_reset to clear dst_entry Date: Tue, 12 Aug 2025 08:52:41 -0700 Message-ID: <20250812155245.507012-4-sdf@fomichev.me> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250812155245.507012-1-sdf@fomichev.me> References: <20250812155245.507012-1-sdf@fomichev.me> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Going forward skb_dst_set will assert that skb dst_entry is empty during skb_dst_set. skb_dst_reset is added to reset existing entry without doing refcnt. Switch to skb_dst_reset in ip[6]_route_me_harder and add a comment on why it's safe to skip skb_dst_restore. Signed-off-by: Stanislav Fomichev Acked-by: Florian Westphal Tested-by: syzbot@syzkaller.appspotmail.com --- net/ipv4/netfilter.c | 5 ++++- net/ipv6/netfilter.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c index 0565f001120d..bda67bb0e63b 100644 --- a/net/ipv4/netfilter.c +++ b/net/ipv4/netfilter.c @@ -65,7 +65,10 @@ int ip_route_me_harder(struct net *net, struct sock *sk,= struct sk_buff *skb, un if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && xfrm_decode_session(net, skb, flowi4_to_flowi(&fl4), AF_INET) =3D=3D = 0) { struct dst_entry *dst =3D skb_dst(skb); - skb_dst_set(skb, NULL); + /* ignore return value from skb_dst_reset, xfrm_lookup takes + * care of dropping the refcnt if needed. + */ + skb_dst_reset(skb); dst =3D xfrm_lookup(net, dst, flowi4_to_flowi(&fl4), sk, 0); if (IS_ERR(dst)) return PTR_ERR(dst); diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index 45f9105f9ac1..6743c075133d 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c @@ -63,7 +63,10 @@ int ip6_route_me_harder(struct net *net, struct sock *sk= _partial, struct sk_buff #ifdef CONFIG_XFRM if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && xfrm_decode_session(net, skb, flowi6_to_flowi(&fl6), AF_INET6) =3D=3D= 0) { - skb_dst_set(skb, NULL); + /* ignore return value from skb_dst_reset, xfrm_lookup takes + * care of dropping the refcnt if needed. + */ + skb_dst_reset(skb); dst =3D xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0); if (IS_ERR(dst)) return PTR_ERR(dst); --=20 2.50.1 From nobody Sat Oct 4 21:01:18 2025 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 73AF723D7EE; Tue, 12 Aug 2025 15:52:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013973; cv=none; b=oLJ15eF0BXmTuXoO2BLHk6wFT23YGxTMFbsAuLwGEEd4vxIbDuRVGtWR5vsBE6toXtpvStYXSC2lDaZ7k6KVi5a2p7vh0JTGXqOumnBFI2b9G4uQ3nodPwiHoa+QHOVx/Z5Zw1nXi/maE7vSpyKrEnEYkAhR2BNnOpEsfFk/lcg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013973; c=relaxed/simple; bh=aD8GbCKvKiWaTtzd6D9lq/XvzMzboWn1cL6psXbvr88=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=srhlZcrF6rdxK1PcZEd83zaZqHS3zB10KO4GT62r3E84gVi2ICi0jbnp58w427bpH3dfnasBhH+cpomyT9h/hIHC6hLkyVk20hmkjM6KfDQYlahYPyxjOhwWXwlYSusA+fAfjrKw+OjXTiIS/WQyEgM0aYqRvfjmzZXB7qLFrpI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-24099fade34so41283625ad.0; Tue, 12 Aug 2025 08:52:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755013970; x=1755618770; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mfa3i9rOipmYMsnw23KZ5Tctd8O9telY4wmzE+SpLWU=; b=wQiB896WanZX2YHbi+fdqunfOsY3vlmDsaa6NAEYgLMyfLwgq7otu+AIHpxFIW4r4+ FOErrts/jfIRFFjxSasLIz+hC78ZmXjZNzzuXV6ex2ClKx14lKlVjmvgTXyd8/KfUHlV 0GgUs70JUKhlJrqTJTKigLHZG7noxG1COMwAA99Fp0RtJAg7U5HH1+A/EC4G2W/j9sfK vY1Mheri1pfpJ/ua5ZF5Y4YMXASMnvnrDJUBobhuq37P8zcoW/GpwYA6AD6gMbOYISIm D2Wqfritbd4Um95fTLf8nsqsNC0fIafw9TBhJQnnS2ZcaXlYH+GJJRxA6Ew200ccCB4Z TfXA== X-Forwarded-Encrypted: i=1; AJvYcCW0OK2AL/EVWv5+zmSZqO+G22ZWkYtghiDt0J8ENFuidLD+AjISjdwTfHvIf8noN+NTZYkZ04dcBiTgg2lIM0Vf@vger.kernel.org, AJvYcCWZQYbyU/zTepGY7cGehcPmQFw5lITNo5C3MhtdU5OlG+xcUqy7q/b5mze6WSOgCXcvwqNavPdgXKvqWxI=@vger.kernel.org X-Gm-Message-State: AOJu0YwJI766cflGKtaJlLMt4LKdsPnS7eU4PktcYB+Lo0TsVJevk91f HZnBSeyJQPqaiTgl/beTesWwQrThZP6o73HJ+FdV+XO2AFgxDHlLnYot3CQM X-Gm-Gg: ASbGnct7X6KVLMyzrj3eVExS+shC1h2Ba9DlLO39X8BrUEBAjfRV5Yszgi3N8uBr1vY MLi747mXLTeBzdsNlrvK89nQk+UHUMu47PaLimY9PoodnBG59MW2e+dyeMf9aiqLAoae1RyUNIr RhMGEdcXcqHMZb2WSM/IdB4y533+hgUJdiGlZZugRbsONofCyRNWPpwubjWpxQzrX2m1jP1/kOS gyImYNEc5ceZ+ZgHw75PQe4xsyC02NKf1u7sB6JVwty9aSTolAqdfAnczhcUYHKo6KCQ6xMcA42 Ae+uv8mlW6ho3sPZd0R9KuZp/ILe7sNUa68oRnOJh3DhIRCrvcNpqIT8NlLzjjO9WmEXss+1BLi QbwWJi6LzTMo2FfMsK46c+jD/e+Ks+eG4vZa9nNDRpgk6aqp/kf4rD2t5bnI= X-Google-Smtp-Source: AGHT+IGBGkmr9pZr40H+xsMkIBamZYWaMKPk4BVzM+vCAsfxbVPqNX7XjaIWfAH5MMccHcGWAr36sg== X-Received: by 2002:a17:902:f551:b0:240:6766:ac01 with SMTP id d9443c01a7336-2430bfeb488mr3595155ad.2.1755013970508; Tue, 12 Aug 2025 08:52:50 -0700 (PDT) Received: from localhost (c-73-158-218-242.hsd1.ca.comcast.net. [73.158.218.242]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-241e8975c94sm303016765ad.93.2025.08.12.08.52.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Aug 2025 08:52:50 -0700 (PDT) From: Stanislav Fomichev To: netdev@vger.kernel.org Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, ayush.sawal@chelsio.com, andrew+netdev@lunn.ch, gregkh@linuxfoundation.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, steffen.klassert@secunet.com, sdf@fomichev.me, mhal@rbox.co, abhishektamboli9@gmail.com, linux-kernel@vger.kernel.org, linux-staging@lists.linux.dev, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, herbert@gondor.apana.org.au Subject: [PATCH net-next 4/7] net: Switch to skb_dst_reset/skb_dst_restore for ip_route_input callers Date: Tue, 12 Aug 2025 08:52:42 -0700 Message-ID: <20250812155245.507012-5-sdf@fomichev.me> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250812155245.507012-1-sdf@fomichev.me> References: <20250812155245.507012-1-sdf@fomichev.me> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Going forward skb_dst_set will assert that skb dst_entry is empty during skb_dst_set. skb_dst_reset is added to reset existing entry without doing refcnt. skb_dst_restore should be used to restore the previous entry. Convert icmp_route_lookup and ip_options_rcv_srr to these helpers. Add extra call to skb_dst_drop to icmp_route_lookup to clear the ip_route_input entry. Signed-off-by: Stanislav Fomichev Tested-by: syzbot@syzkaller.appspotmail.com --- net/ipv4/icmp.c | 7 ++++--- net/ipv4/ip_options.c | 5 ++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 2ffe73ea644f..93a166a7ec8d 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -544,14 +544,15 @@ static struct rtable *icmp_route_lookup(struct net *n= et, struct flowi4 *fl4, goto relookup_failed; } /* Ugh! */ - orefdst =3D skb_in->_skb_refdst; /* save old refdst */ - skb_dst_set(skb_in, NULL); + orefdst =3D skb_dst_reset(skb_in); err =3D ip_route_input(skb_in, fl4_dec.daddr, fl4_dec.saddr, dscp, rt2->dst.dev) ? -EINVAL : 0; =20 dst_release(&rt2->dst); rt2 =3D skb_rtable(skb_in); - skb_in->_skb_refdst =3D orefdst; /* restore old refdst */ + /* steal dst entry from skb_in, don't drop refcnt */ + skb_dst_reset(skb_in); + skb_dst_restore(skb_in, orefdst); } =20 if (err) diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c index e3321932bec0..95f113dc37d8 100644 --- a/net/ipv4/ip_options.c +++ b/net/ipv4/ip_options.c @@ -615,14 +615,13 @@ int ip_options_rcv_srr(struct sk_buff *skb, struct ne= t_device *dev) } memcpy(&nexthop, &optptr[srrptr-1], 4); =20 - orefdst =3D skb->_skb_refdst; - skb_dst_set(skb, NULL); + orefdst =3D skb_dst_reset(skb); err =3D ip_route_input(skb, nexthop, iph->saddr, ip4h_dscp(iph), dev) ? -EINVAL : 0; rt2 =3D skb_rtable(skb); if (err || (rt2->rt_type !=3D RTN_UNICAST && rt2->rt_type !=3D RTN_LOCAL= )) { skb_dst_drop(skb); - skb->_skb_refdst =3D orefdst; + skb_dst_restore(skb, orefdst); return -EINVAL; } refdst_drop(orefdst); --=20 2.50.1 From nobody Sat Oct 4 21:01:18 2025 Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 809092F7466; Tue, 12 Aug 2025 15:52:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013974; cv=none; b=SBVrZBX11AhBZkJ1JUlOhvCL/1uWkCEAOk+WQntumph4uN8sE6CxUAwWaxbVIGcQ3WqD5knVy49d3WYaTWkhdAuqUG0ag9dRUfRj/YvYmH38vHyOm1MABP6TqZ4/TloYVlXCkwwGGMxWdN9ecQPRPEkZrsgEH6fQwUe/g8OaG/s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013974; c=relaxed/simple; bh=H8Qm7sDR6sFfmMhYO70q6TApPQXnFgsGJ5LF44w2Ni0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HJGOeoARqSiHP8CxK00DHo+3ZUxvSiXQSFXExjWGHfn2bc3MPS1CvWPXrVojU0Q1c990bJ8gyBGaTVp9t+RoK+m7ff7ij7qNxQSt8yIG8eTXSRDSRNs8GPObMRXttnndt6zBwe2Kr+7047eqZocGIAvvuQC+aQz4aJTMuMnZKRY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.210.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-76858e9e48aso4979739b3a.2; Tue, 12 Aug 2025 08:52:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755013972; x=1755618772; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hw6APkuisRn1IO+Yq90b/XIN4JEuOM+T0XNRQV/DOFA=; b=r+CrILgIT4vpCrlMy/9JfpzS07jLENdKpo9xxG+yoMc+uOWnpKnVf3Cu5XQy0vzdJc QYO0oIPED3RnjX9Q8B/8BEC6BfQXHhMfSLe9tv3MQWP3+ntv7P2TX1HCV1CijLME5tHs IEASTvxjua8bnGVvYxFxPoMBF2hFGHo/xtu0Dd8ZIH+Ne5Ghjf/+5gl51Sr0NxwEdFmV XqW8r5u9QJ29BmBYVuZEMceVUkrBrOPy+ZLvI1kMyV1n0foucCl13AWWiB9jYG/hkkFP TNcyoovvsDiUPU5w2DPRUBdSKqcEVT+L4vHsDVLYBUQbx7Em762s/8AeOu+BLtvusjoI FgNQ== X-Forwarded-Encrypted: i=1; AJvYcCVssFLqx4VFrEr28GuMEd1pGIDDNGDkwYHpGkFxlT32d55/hO/DdNtrzXI+esSJDpp639w4fJVZ4Eqm9Ag=@vger.kernel.org, AJvYcCW5w4JQaNzLPPa0WV+PzaIDbWKNIhg2cMFzLyGvmZ1y6O5ArqGM3JaW9vQV0VyCJrBFomITCVKhgbRbq29YYBsm@vger.kernel.org X-Gm-Message-State: AOJu0Yy+dLAhqnfdjZpbXjQH6D8+btod5j6D+R630u++MS9rlm1BAOVx 9z2AD3V9yc6QHa8VsLtUdexSs479c4mGpTmo/qrqwFgKME3X9+LveTeIG2oA X-Gm-Gg: ASbGncvWaR9Z1XGuBDCjEeg/kXis4a2cCjDz+Xfs1X+2+iNNx0mAQEgD1F/xA6vdT93 l3hX1nFmWKehKAkOe8CWJDwBfX6rE2wq90LpU/L0TFUXQ2DCUV39lV6IVK95cXe50BWwni8JNlP nBWrBb2fZ8AMR43M1/qa8o9cFO4/gomM4kE40wtAtjL4qgX8aaKbQVwXgzuyFSLevtNLpPZbe1M IOYHOnPlMLFXhU3cC6OKVEzwE8tOmqRW8AaHWg7sZp8YJBqiIU1Krq/K5hpaNraxliWQE7L1cva 3P842rtM9GwCjZFQyfHe8ISpBuZis0W38MPvckqd1Xv2A9Oi1TCnNQ5xG6EDIC2Jp7Gc8dKljQ0 jDO4JEP6XdBQNH68zgGhRgTw7FUAzNxGA7UAQTqCt1CEYMAJNcru73TGJtew= X-Google-Smtp-Source: AGHT+IE9mqitrJgp0ti2dNmcFeTLvil3ZhGhwEi8BPipsrW15PJbfSzyXxpXrXvlwLEBV343ULlwnA== X-Received: by 2002:a05:6a20:72a6:b0:240:1f14:f6a0 with SMTP id adf61e73a8af0-2409a97167cmr6622771637.25.1755013971622; Tue, 12 Aug 2025 08:52:51 -0700 (PDT) Received: from localhost (c-73-158-218-242.hsd1.ca.comcast.net. [73.158.218.242]) by smtp.gmail.com with UTF8SMTPSA id 41be03b00d2f7-b428ca11a67sm12235295a12.53.2025.08.12.08.52.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Aug 2025 08:52:51 -0700 (PDT) From: Stanislav Fomichev To: netdev@vger.kernel.org Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, ayush.sawal@chelsio.com, andrew+netdev@lunn.ch, gregkh@linuxfoundation.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, steffen.klassert@secunet.com, sdf@fomichev.me, mhal@rbox.co, abhishektamboli9@gmail.com, linux-kernel@vger.kernel.org, linux-staging@lists.linux.dev, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, herbert@gondor.apana.org.au Subject: [PATCH net-next 5/7] staging: octeon: Convert to skb_dst_drop Date: Tue, 12 Aug 2025 08:52:43 -0700 Message-ID: <20250812155245.507012-6-sdf@fomichev.me> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250812155245.507012-1-sdf@fomichev.me> References: <20250812155245.507012-1-sdf@fomichev.me> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Instead of doing dst_release and skb_dst_set, do skb_dst_drop which should do the right thing. Signed-off-by: Stanislav Fomichev Acked-by: Greg Kroah-Hartman Tested-by: syzbot@syzkaller.appspotmail.com --- drivers/staging/octeon/ethernet-tx.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/staging/octeon/ethernet-tx.c b/drivers/staging/octeon/= ethernet-tx.c index 261f8dbdc382..0ba240e634a1 100644 --- a/drivers/staging/octeon/ethernet-tx.c +++ b/drivers/staging/octeon/ethernet-tx.c @@ -346,8 +346,7 @@ netdev_tx_t cvm_oct_xmit(struct sk_buff *skb, struct ne= t_device *dev) * The skbuff will be reused without ever being freed. We must * cleanup a bunch of core things. */ - dst_release(skb_dst(skb)); - skb_dst_set(skb, NULL); + skb_dst_drop(skb); skb_ext_reset(skb); nf_reset_ct(skb); skb_reset_redirect(skb); --=20 2.50.1 From nobody Sat Oct 4 21:01:18 2025 Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A19A13093B7; Tue, 12 Aug 2025 15:52:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013975; cv=none; b=ajXUnYgfm7emKjEmg5LaCLeLLZfwVhJmE323uwtZU2IT2fCtVzT9u3RVsa8VeNsTb5GGIuoCF2mNayCPcB5VkKpyeAsOt+y0mxJA3yf7dHlk12qD5GRlYdtbov+hUx7cwKL08nDFB+Fh3uID/SfprpB+9Y7FuWr1gvNmXaq5u3A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013975; c=relaxed/simple; bh=n0sQUuKqf3jLXpNCjqUW24KyPE8yGVDwJlEFI3R/YWo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qFpZWsFjDa9uf9R8Y9teUOM46+EzGquw+Ro7BF9FezP2kdAYIOF04dDF6eqHiQYlxgL083sG605+IUOeYPmsvLxPGqzAFuy+G/8WrkH7VHIyOl6ErhArEnqIO/qAfaVUqKa+EBpZy5IvB6aVlRQ80lUiqn3LDP1OED0+5s4shQY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.210.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-76bed310fa1so4853914b3a.2; Tue, 12 Aug 2025 08:52:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755013973; x=1755618773; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dZz85zxG1Fdx2Dk3+7K6+fby+2lWmdMlXym1/uID5+g=; b=tYzbO33YSCGHMb7VV+rCVtUBBZChkv3FDyRoUMS5YA/55ihbUoX58t5STVYoyJ3yF6 mexMdFyagSDyic1dmWb2WjpdvTqXyzFGQX17fFFv192+77l9IZEsCpYVEkWRg6jUscLp mR0mh7odkzgO/d2yWn4Dh/3H1ZkqbxBntDQPyJdzLr9ebExN7XQCiXPWYo75wGlZv5+M EgJTUeuErmWzvW2QHKoCaH+DBNFkEhwllgfVXHqx6dJN9wvJGKPaazgZy/BbCAiwLs+S mlNPSSozZV1yyg2fginMjRCgjKEwtXl1n7G8tNgu5ansPCkNmOEVZidSEPplQGyoPmwS h0rQ== X-Forwarded-Encrypted: i=1; AJvYcCVQMunbWqYwWCeRri/lzeCMU4GN4M4WI7f7110LqSJ2htUfYqJrfnLcvqrPJQYsV4amJCqznGCnqbbDX9yxOD29@vger.kernel.org, AJvYcCWTylQjfjuJf8uILJJJV14nx3W+iqLUqx9W5l3mCUsL2rkyln+rirVVt/8I/T9GM0WrcOt+1PKgfwOCXrs=@vger.kernel.org X-Gm-Message-State: AOJu0Yxrr09dFHGPAER7mmXtnoAoQMvnWvrryO6kcZP/YgnpkJPZStHY BzXI0fKoBwlLMOm/DYuM1nTbPF7SKAq4GyIHZsSg1RstezTMZzCpU0Wj/KpK X-Gm-Gg: ASbGncukl/qF8b+79NzuP9OAHlJY2dtXxOCxw8h+TYKmSZSnpiDAL/hLhZJgbElukDX Q7bSjnk1F2uXx0AHQ7BEHPt9A9BqRv5ce6XR2lzAb8CB/Rr3JLkSfwge4gsFk1nlNH1YAA75rn5 HD/YykkEAcO8vP3pdpHvi/wokuWbZJaSwWYxr4WxvbIFzko5KvRxXdeVDhO3DVNh6+DHlWW/lBl WJDxnRZvlE1xVYlOWAN7tauGdG+gF+BjYz4Bb6JzImPwklbVO8laXIFRnWfJqUDOUR2yeaxQ3ad XmhOtMYPa+6q1Kx6JrcLaAY0RNgQSzpUDv80hvmwrviNa23+xJmhaWK86MQ351rnCc4trli91xh LWeBP5usSlwkx9Ux02V3WDe2NAFkhMOOZRPfAqaoKRJ3i7vbriVy701/Tc08= X-Google-Smtp-Source: AGHT+IEO5Z5M/KtjpW0VLb1+nruS8V4gTPoqbW8FOI4fKlCjaJC6j7Dcr7qiVY+6B9jvyJru9WYgYw== X-Received: by 2002:a17:902:da8c:b0:242:a3fa:edb4 with SMTP id d9443c01a7336-2430c133180mr2455155ad.44.1755013972729; Tue, 12 Aug 2025 08:52:52 -0700 (PDT) Received: from localhost (c-73-158-218-242.hsd1.ca.comcast.net. [73.158.218.242]) by smtp.gmail.com with UTF8SMTPSA id d9443c01a7336-241e899a81fsm302235345ad.120.2025.08.12.08.52.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Aug 2025 08:52:52 -0700 (PDT) From: Stanislav Fomichev To: netdev@vger.kernel.org Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, ayush.sawal@chelsio.com, andrew+netdev@lunn.ch, gregkh@linuxfoundation.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, steffen.klassert@secunet.com, sdf@fomichev.me, mhal@rbox.co, abhishektamboli9@gmail.com, linux-kernel@vger.kernel.org, linux-staging@lists.linux.dev, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, herbert@gondor.apana.org.au Subject: [PATCH net-next 6/7] chtls: Convert to skb_dst_reset Date: Tue, 12 Aug 2025 08:52:44 -0700 Message-ID: <20250812155245.507012-7-sdf@fomichev.me> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250812155245.507012-1-sdf@fomichev.me> References: <20250812155245.507012-1-sdf@fomichev.me> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Going forward skb_dst_set will assert that skb dst_entry is empty during skb_dst_set. skb_dst_reset is added to reset existing entry without doing refcnt. Chelsio driver is doing extra dst management via skb_dst_set(NULL). Replace these calls with skb_dst_reset. Signed-off-by: Stanislav Fomichev Tested-by: syzbot@syzkaller.appspotmail.com --- .../ethernet/chelsio/inline_crypto/chtls/chtls_cm.c | 10 +++++----- .../ethernet/chelsio/inline_crypto/chtls/chtls_cm.h | 4 ++-- .../ethernet/chelsio/inline_crypto/chtls/chtls_io.c | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c b/= drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c index 6f6525983130..b333da3b21bf 100644 --- a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c +++ b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c @@ -171,7 +171,7 @@ static void chtls_purge_receive_queue(struct sock *sk) struct sk_buff *skb; =20 while ((skb =3D __skb_dequeue(&sk->sk_receive_queue)) !=3D NULL) { - skb_dst_set(skb, (void *)NULL); + skb_dst_reset(skb); kfree_skb(skb); } } @@ -194,7 +194,7 @@ static void chtls_purge_recv_queue(struct sock *sk) struct sk_buff *skb; =20 while ((skb =3D __skb_dequeue(&tlsk->sk_recv_queue)) !=3D NULL) { - skb_dst_set(skb, NULL); + skb_dst_reset(skb); kfree_skb(skb); } } @@ -1734,7 +1734,7 @@ static int chtls_rx_data(struct chtls_dev *cdev, stru= ct sk_buff *skb) pr_err("can't find conn. for hwtid %u.\n", hwtid); return -EINVAL; } - skb_dst_set(skb, NULL); + skb_dst_reset(skb); process_cpl_msg(chtls_recv_data, sk, skb); return 0; } @@ -1786,7 +1786,7 @@ static int chtls_rx_pdu(struct chtls_dev *cdev, struc= t sk_buff *skb) pr_err("can't find conn. for hwtid %u.\n", hwtid); return -EINVAL; } - skb_dst_set(skb, NULL); + skb_dst_reset(skb); process_cpl_msg(chtls_recv_pdu, sk, skb); return 0; } @@ -1855,7 +1855,7 @@ static int chtls_rx_cmp(struct chtls_dev *cdev, struc= t sk_buff *skb) pr_err("can't find conn. for hwtid %u.\n", hwtid); return -EINVAL; } - skb_dst_set(skb, NULL); + skb_dst_reset(skb); process_cpl_msg(chtls_rx_hdr, sk, skb); =20 return 0; diff --git a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.h b/= drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.h index f61ca657601c..4ca919925455 100644 --- a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.h +++ b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.h @@ -171,14 +171,14 @@ static inline void chtls_set_req_addr(struct request_= sock *oreq, =20 static inline void chtls_free_skb(struct sock *sk, struct sk_buff *skb) { - skb_dst_set(skb, NULL); + skb_dst_reset(skb); __skb_unlink(skb, &sk->sk_receive_queue); __kfree_skb(skb); } =20 static inline void chtls_kfree_skb(struct sock *sk, struct sk_buff *skb) { - skb_dst_set(skb, NULL); + skb_dst_reset(skb); __skb_unlink(skb, &sk->sk_receive_queue); kfree_skb(skb); } diff --git a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c b/= drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c index 465fa8077964..85e4d90efd5b 100644 --- a/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c +++ b/drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_io.c @@ -1434,7 +1434,7 @@ static int chtls_pt_recvmsg(struct sock *sk, struct m= sghdr *msg, size_t len, continue; found_ok_skb: if (!skb->len) { - skb_dst_set(skb, NULL); + skb_dst_reset(skb); __skb_unlink(skb, &sk->sk_receive_queue); kfree_skb(skb); =20 --=20 2.50.1 From nobody Sat Oct 4 21:01:18 2025 Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D605230E83B; Tue, 12 Aug 2025 15:52:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013976; cv=none; b=vF3QrtqzFDySJIabitlo5aI3xYX5kf2t1MCoIxHa8JrPpbCGMn9gwiYeVrNjbKsS7I+7YSwktgxLIsyIvjmEKHPZ/wVatnvzodPseeutV3vy6v8hpniQnVpz6RTu8lfM274/cONLHQ7M8yIFdMzm7SbVdUe/d8744DCovCu2ljQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1755013976; c=relaxed/simple; bh=jmLedCN4R2YU+yGCxHz2Yf4utVRQz3r3OsmD+iWWE6Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mDZ56vJFp32x6GREUUSxBj1STS34esan2eZKbrGsJ0WQUQMhOSpE9ZTh8eKeaVU2nUZNwq1EDWb8BKiD+U+6Hr+FQmFF9ExOvojKSiba9zlHMQ9pZOmsYlJ3Tr3yX+SNAMMJLv4hAhzIx51eJB2t7ODjwmuH1bdXzDCWr+9SEVA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me; spf=pass smtp.mailfrom=gmail.com; arc=none smtp.client-ip=209.85.210.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fomichev.me Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-76a3818eb9bso5273621b3a.3; Tue, 12 Aug 2025 08:52:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755013974; x=1755618774; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K1U24j3avMI496lsvK/FFAte0M6oHVilfdD7GVgxXmw=; b=wi5rmb4uxG0+uYszwPxIdBOlJGp+r2QFTGHAMQDkqAN2/akDzQ4Hc/B5iGIBmDbxUq k7ZJOoKKr9xTfLcuC1gorlOILpYynI2q0eaCGLFu0BNCChB6jiI1OtvZcAxkpSrEBgbJ rHmAQvMab5nyw1DPGWkZWz/SyZLkDXk3+u8N/ECPtsTqHskKwEXTF8GSf50M6prSLlF5 8ULZCVA6tpcEJ89MBKpCQXLxCb06mHTcvL17EoQ5oPBzh8Q5VAUzZTa2oPStC79N4m38 bz4v/P7AthGqY0O6E7A0FiDSn8DRbo5aXmvZgB5IrhAt9VLOEqvRBmCtorCbLZs81YGk JBqw== X-Forwarded-Encrypted: i=1; AJvYcCVVGUheAv5zK8/uhiN1XFiuF3/7q5+SZZZPwMgxIBz+XJ1QRhvOUejyH5sWclrPHU8D9KSKtlqI3XwFi3zALhfe@vger.kernel.org, AJvYcCXqT4rDqwDK7VVwFFu36sTXMOpEJ8zSYuPO/cmlyW/sNEomO2Ncomgu1Bm+ALlxSco8okBIL+Xy6Lfv4hs=@vger.kernel.org X-Gm-Message-State: AOJu0Yz9sbmAzlq9t1K3pDL9g+A1ppl6FWeGPWMW1ynrkMyUqQY37D6Z Fe8yb+is4FXlCELpCel6oRtXRlph/qArXXePInIst4/SyIo0BK42vkAdpTj3 X-Gm-Gg: ASbGncuH9uQwglzV9pB7GwOyZmMTWe+d2B5phBuP83jhqxmJYDfKKE6Ae0TOeAWnoqM qbZzRRFKrMAcXIeN0W5VidlpoL8y3lhx7QrMsaQvB75eEdfyd/upZFvm4fELX5JLtTMnhustAQK saEj/4o8zdliZ+GpCEqPBcP93NmxBk4q2wBD9hwlmuaYLV3wvh3SfAbx8P2soeo8jjql/Lr4hj9 Re+jsMm3dgeapkHuPRzDP4ru9T1lnVZjBet5Ap+Xc6+j4W9pBiApiCzOJO6yGACVKVlSHfdSucv 2auSqtUYuGIlNfYx3VezUAGOjCm+vQi2qDEr4U0ki8Z6EYZp0e0Cjfo+4r02yVziuAhMrMm1mBa zBVYY5G3pObNPUWbev5rQSg7zQyNtPPGzWUwbqHaV2guQJFmFnTfuprPshrU= X-Google-Smtp-Source: AGHT+IFUKvjZ3Rba9MvqVnh8vH8eFopfwTUPgEOJxRTkNbViqfPFICyo8rbbnicPKgPRyQnCxRtE3g== X-Received: by 2002:aa7:88c8:0:b0:748:e1e4:71de with SMTP id d2e1a72fcca58-76e1fdb0881mr36267b3a.14.1755013973774; Tue, 12 Aug 2025 08:52:53 -0700 (PDT) Received: from localhost (c-73-158-218-242.hsd1.ca.comcast.net. [73.158.218.242]) by smtp.gmail.com with UTF8SMTPSA id d2e1a72fcca58-76bccfbd98csm29585074b3a.67.2025.08.12.08.52.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Aug 2025 08:52:53 -0700 (PDT) From: Stanislav Fomichev To: netdev@vger.kernel.org Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, ayush.sawal@chelsio.com, andrew+netdev@lunn.ch, gregkh@linuxfoundation.org, horms@kernel.org, dsahern@kernel.org, pablo@netfilter.org, kadlec@netfilter.org, steffen.klassert@secunet.com, sdf@fomichev.me, mhal@rbox.co, abhishektamboli9@gmail.com, linux-kernel@vger.kernel.org, linux-staging@lists.linux.dev, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, herbert@gondor.apana.org.au Subject: [PATCH net-next 7/7] net: Add skb_dst_check_unset Date: Tue, 12 Aug 2025 08:52:45 -0700 Message-ID: <20250812155245.507012-8-sdf@fomichev.me> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20250812155245.507012-1-sdf@fomichev.me> References: <20250812155245.507012-1-sdf@fomichev.me> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" To prevent dst_entry leaks, add warning when the non-NULL dst_entry is rewritten. Signed-off-by: Stanislav Fomichev Tested-by: syzbot@syzkaller.appspotmail.com --- include/linux/skbuff.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 8240e0826204..2f9dac54d627 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -1159,6 +1159,12 @@ static inline struct dst_entry *skb_dst(const struct= sk_buff *skb) return (struct dst_entry *)(skb->_skb_refdst & SKB_DST_PTRMASK); } =20 +static inline void skb_dst_check_unset(struct sk_buff *skb) +{ + DEBUG_NET_WARN_ON_ONCE((skb->_skb_refdst & SKB_DST_PTRMASK) && + !(skb->_skb_refdst & SKB_DST_NOREF)); +} + /** * skb_dst_reset() - return current dst_entry value and clear it * @skb: buffer @@ -1187,6 +1193,7 @@ static inline unsigned long skb_dst_reset(struct sk_b= uff *skb) */ static inline void skb_dst_restore(struct sk_buff *skb, unsigned long refd= st) { + skb_dst_check_unset(skb); skb->_skb_refdst =3D refdst; } =20 @@ -1200,6 +1207,7 @@ static inline void skb_dst_restore(struct sk_buff *sk= b, unsigned long refdst) */ static inline void skb_dst_set(struct sk_buff *skb, struct dst_entry *dst) { + skb_dst_check_unset(skb); skb->slow_gro |=3D !!dst; skb->_skb_refdst =3D (unsigned long)dst; } @@ -1216,6 +1224,7 @@ static inline void skb_dst_set(struct sk_buff *skb, s= truct dst_entry *dst) */ static inline void skb_dst_set_noref(struct sk_buff *skb, struct dst_entry= *dst) { + skb_dst_check_unset(skb); WARN_ON(!rcu_read_lock_held() && !rcu_read_lock_bh_held()); skb->slow_gro |=3D !!dst; skb->_skb_refdst =3D (unsigned long)dst | SKB_DST_NOREF; --=20 2.50.1