Skip to content

Commit

Permalink
ipv4: use RCU protection in ip_dst_mtu_maybe_forward()
Browse files Browse the repository at this point in the history
ip_dst_mtu_maybe_forward() must use RCU protection to make
sure the net structure it reads does not disappear.

Fixes: f87c10a ("ipv4: introduce ip_dst_mtu_maybe_forward and protect forwarding path against pmtu spoofing")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250205155120.1676781-4-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
  • Loading branch information
Eric Dumazet authored and Jakub Kicinski committed Feb 7, 2025
1 parent 4693085 commit 071d801
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions include/net/ip.h
Original file line number Diff line number Diff line change
Expand Up @@ -471,9 +471,12 @@ static inline unsigned int ip_dst_mtu_maybe_forward(const struct dst_entry *dst,
bool forwarding)
{
const struct rtable *rt = dst_rtable(dst);
struct net *net = dev_net(dst->dev);
unsigned int mtu;
unsigned int mtu, res;
struct net *net;

rcu_read_lock();

net = dev_net_rcu(dst->dev);
if (READ_ONCE(net->ipv4.sysctl_ip_fwd_use_pmtu) ||
ip_mtu_locked(dst) ||
!forwarding) {
Expand All @@ -497,7 +500,11 @@ static inline unsigned int ip_dst_mtu_maybe_forward(const struct dst_entry *dst,
out:
mtu = min_t(unsigned int, mtu, IP_MAX_MTU);

return mtu - lwtunnel_headroom(dst->lwtstate, mtu);
res = mtu - lwtunnel_headroom(dst->lwtstate, mtu);

rcu_read_unlock();

return res;
}

static inline unsigned int ip_skb_dst_mtu(struct sock *sk,
Expand Down

0 comments on commit 071d801

Please sign in to comment.