Merge: ipv6: use RCU protection in ip6_default_advmss()

jcfaracco · jcfaracco · commit 9f8c863090b2 · 2025-03-28T16:49:16.000-03:00
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-10/-/merge_requests/581 JIRA: https://issues.redhat.com/browse/RHEL-81574 Upstream Status: linux.git CVE: CVE-2025-21765 Signed-off-by: Guillaume Nault <gnault@redhat.com> Approved-by: Antoine Tenart <atenart@redhat.com> Approved-by: Florian Westphal <fwestpha@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: Julio Faracco <jfaracco@redhat.com>
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
@@ -2577,6 +2577,12 @@ struct net *dev_net(const struct net_device *dev)
 	return read_pnet(&dev->nd_net);
 }
 
+static inline
+struct net *dev_net_rcu(const struct net_device *dev)
+{
+	return read_pnet_rcu(&dev->nd_net);
+}
+
 static inline
 void dev_net_set(struct net_device *dev, struct net *net)
 {
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
@@ -392,7 +392,7 @@ static inline struct net *read_pnet(const possible_net_t *pnet)
 #endif
 }
 
-static inline struct net *read_pnet_rcu(possible_net_t *pnet)
+static inline struct net *read_pnet_rcu(const possible_net_t *pnet)
 {
 #ifdef CONFIG_NET_NS
 	return rcu_dereference(pnet->net);
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
@@ -3196,13 +3196,18 @@ static unsigned int ip6_default_advmss(const struct dst_entry *dst)
 {
 	struct net_device *dev = dst->dev;
 	unsigned int mtu = dst_mtu(dst);
-	struct net *net = dev_net(dev);
+	struct net *net;
 
 	mtu -= sizeof(struct ipv6hdr) + sizeof(struct tcphdr);
 
+	rcu_read_lock();
+
+	net = dev_net_rcu(dev);
 	if (mtu < net->ipv6.sysctl.ip6_rt_min_advmss)
 		mtu = net->ipv6.sysctl.ip6_rt_min_advmss;
 
+	rcu_read_unlock();
+
 	/*
 	 * Maximal non-jumbo IPv6 payload is IPV6_MAXPLEN and
 	 * corresponding MSS is IPV6_MAXPLEN - tcp_header_size.

Original file line number	Diff line number	Diff line change
`@@ -2577,6 +2577,12 @@ struct net dev_net(const struct net_device dev)`
`2577`	`2577`	`return read_pnet(&dev->nd_net);`
`2578`	`2578`	`}`
`2579`	`2579`
	`2580`	`+static inline`
	`2581`	`+struct net dev_net_rcu(const struct net_device dev)`
	`2582`	`+{`
	`2583`	`+ return read_pnet_rcu(&dev->nd_net);`
	`2584`	`+}`
	`2585`	`+`
`2580`	`2586`	`static inline`
`2581`	`2587`	`void dev_net_set(struct net_device dev, struct net net)`
`2582`	`2588`	`{`
Original file line number	Diff line number	Diff line change
`@@ -392,7 +392,7 @@ static inline struct net read_pnet(const possible_net_t pnet)`
`392`	`392`	`#endif`
`393`	`393`	`}`
`394`	`394`
`395`		`-static inline struct net read_pnet_rcu(possible_net_t pnet)`
	`395`	`+static inline struct net read_pnet_rcu(const possible_net_t pnet)`
`396`	`396`	`{`
`397`	`397`	`#ifdef CONFIG_NET_NS`
`398`	`398`	`return rcu_dereference(pnet->net);`