git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Kuniyuki Iwashima <kuniyu@google.com>
	Tue, 16 Sep 2025 21:47:23 +0000 (21:47 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 17 Jan 2026 15:31:18 +0000 (16:31 +0100)
commit	f09cd209359a23f88d4f3fa3d2379d057027e53c
tree	c537f75c63a9bc7a91d4607762b4ba32e5366f0b	tree \| snapshot
parent	6f468f6ff233c6a81e0e761d9124e982903fe9a5	commit \| diff

tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

commit c65f27b9c3be2269918e1cbad6d8884741f835c5 upstream.

get_netdev_for_sock() is called during setsockopt(),
so not under RCU.

Using sk_dst_get(sk)->dev could trigger UAF.

Let's use __sk_dst_get() and dst_dev_rcu().

Note that the only ->ndo_sk_get_lower_dev() user is
bond_sk_get_lower_dev(), which uses RCU.

Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure")
Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://patch.msgid.link/20250916214758.650211-6-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
[ Keerthana: Backport to v6.12.y ]
Signed-off-by: Keerthana K <keerthana.kalyanasundaram@broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>