git.ipfire.org Git - thirdparty/linux.git/commit

author	Kuniyuki Iwashima <kuniyu@google.com>
	Tue, 16 Sep 2025 21:47:20 +0000 (21:47 +0000)
committer	Jakub Kicinski <kuba@kernel.org>
	Thu, 18 Sep 2025 01:10:21 +0000 (18:10 -0700)
commit	935d783e5de9b64587f3adb25641dd8385e64ddb
tree	c960791bb1db7430f7c7d219e45bfc754d3c2263	tree \| snapshot
parent	3d3466878afd8d43ec0ca2facfbc7f03e40d0f79	commit \| diff

smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().

smc_clc_prfx_set() is called during connect() and not under RCU
nor RTNL.

Using sk_dst_get(sk)->dev could trigger UAF.

Let's use __sk_dst_get() and dev_dst_rcu() under rcu_read_lock()
after kernel_getsockname().

Note that the returned value of smc_clc_prfx_set() is not used
in the caller.

While at it, we change the 1st arg of smc_clc_prfx_set[46]_rcu()
not to touch dst there.

Fixes: a046d57da19f ("smc: CLC handshake (incl. preparation steps)")
Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20250916214758.650211-3-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>