smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). - linux/linux-stable.git

diff options

author	Kuniyuki Iwashima <kuniyu@google.com>	2025-09-16 21:47:20 +0000
committer	Jakub Kicinski <kuba@kernel.org>	2025-09-17 18:10:21 -0700
commit	935d783e5de9b64587f3adb25641dd8385e64ddb (patch)
tree	c960791bb1db7430f7c7d219e45bfc754d3c2263 /rust/kernel/workqueue.rs
parent	3d3466878afd8d43ec0ca2facfbc7f03e40d0f79 (diff)

smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().

smc_clc_prfx_set() is called during connect() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dev_dst_rcu() under rcu_read_lock() after kernel_getsockname(). Note that the returned value of smc_clc_prfx_set() is not used in the caller. While at it, we change the 1st arg of smc_clc_prfx_set[46]_rcu() not to touch dst there. Fixes: a046d57da19f ("smc: CLC handshake (incl. preparation steps)") Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20250916214758.650211-3-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'rust/kernel/workqueue.rs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: