git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Eric Dumazet <edumazet@google.com>
	Thu, 8 Jan 2026 13:36:51 +0000 (13:36 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 23 Jan 2026 10:18:37 +0000 (11:18 +0100)
commit	8518712a2ca952d6da2238c6f0a16b4ae5ea3f13
tree	7dadf7a4466078f36ce014db9f1d625260882dda	tree \| snapshot
parent	dfd1f962f2773e18ecb88f7ad129bddaff591a44	commit \| diff

macvlan: fix possible UAF in macvlan_forward_source()

[ Upstream commit 7470a7a63dc162f07c26dbf960e41ee1e248d80e ]

Add RCU protection on (struct macvlan_source_entry)->vlan.

Whenever macvlan_hash_del_source() is called, we must clear
entry->vlan pointer before RCU grace period starts.

This allows macvlan_forward_source() to skip over
entries queued for freeing.

Note that macvlan_dev are already RCU protected, as they
are embedded in a standard netdev (netdev_priv(ndev)).

Fixes: 79cf79abce71 ("macvlan: add source mode")
Reported-by: syzbot+7182fbe91e58602ec1fe@syzkaller.appspotmail.com
https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20260108133651.1130486-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>