git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Eric Dumazet <edumazet@google.com>
	Thu, 8 Jan 2026 13:36:51 +0000 (13:36 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 23 Jan 2026 10:21:16 +0000 (11:21 +0100)
commit	6dbead9c7677186f22b7981dd085a0feec1f038e
tree	07c10becf5947473578482519e90190c9725e2b6	tree
parent	da6d0370eb74e6d15724558117097ccb6bd8482c	commit \| diff

macvlan: fix possible UAF in macvlan_forward_source()

[ Upstream commit 7470a7a63dc162f07c26dbf960e41ee1e248d80e ]

Add RCU protection on (struct macvlan_source_entry)->vlan.

Whenever macvlan_hash_del_source() is called, we must clear
entry->vlan pointer before RCU grace period starts.

This allows macvlan_forward_source() to skip over
entries queued for freeing.

Note that macvlan_dev are already RCU protected, as they
are embedded in a standard netdev (netdev_priv(ndev)).

Fixes: 79cf79abce71 ("macvlan: add source mode")
Reported-by: syzbot+7182fbe91e58602ec1fe@syzkaller.appspotmail.com
https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20260108133651.1130486-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>