git.ipfire.org Git - thirdparty/linux.git/commit

author	Eric Dumazet <edumazet@google.com>
	Thu, 8 Jan 2026 13:36:51 +0000 (13:36 +0000)
committer	Jakub Kicinski <kuba@kernel.org>
	Sat, 10 Jan 2026 02:16:06 +0000 (18:16 -0800)
commit	7470a7a63dc162f07c26dbf960e41ee1e248d80e
tree	d050f69bea8a3d419066fa0fe170f80287c69f5e	tree \| snapshot
parent	eb74c19fe10872ee1f29a8f90ca5ce943921afe9	commit \| diff

macvlan: fix possible UAF in macvlan_forward_source()

Add RCU protection on (struct macvlan_source_entry)->vlan.

Whenever macvlan_hash_del_source() is called, we must clear
entry->vlan pointer before RCU grace period starts.

This allows macvlan_forward_source() to skip over
entries queued for freeing.

Note that macvlan_dev are already RCU protected, as they
are embedded in a standard netdev (netdev_priv(ndev)).

Fixes: 79cf79abce71 ("macvlan: add source mode")
Reported-by: syzbot+7182fbe91e58602ec1fe@syzkaller.appspotmail.com
https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20260108133651.1130486-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>