vxlan: Remove synchronize_net() in vxlan_sock_release().

Initially, a dedicated workqueue was used to defer calling
udp_tunnel_sock_release(vxlan_sock->sock) and kfree(vxlan_sock).

Later, commit 0412bd931f5f ("vxlan: synchronously and race-free
destruction of vxlan sockets") removed the workqueue and instead
invoked these two functions immediately after synchronize_net().

This was intended to prevent UAF of the UDP socket in the fast path.

( Note that the "nondeterministic behaviour" mentioned in that
  commit was not addressed, as another thread not waiting RCU gp
  still sees the same behaviour. )

However, a week prior to that change, commit ca065d0cf80f ("udp:
no longer use SLAB_DESTROY_BY_RCU") had already moved UDP socket
freeing to after the RCU grace period.  This made the synchronize_net()
in vxlan_sock_release() completely redundant.

Since vxlan_sock now uses kfree_rcu() and is invoked after
udp_tunnel_sock_release(), vxlan_sock is guaranteed to be freed
either at the same time or after the UDP socket is released,
following the RCU grace period.

Let's remove the redundant synchronize_net() in vxlan_sock_release().

Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20260518050726.318824-2-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c
index 00facbfabced4353ce9cf7911880797e8e9af56f..8c3885665b5829ac3494b9be2f605a486702db97 100644 (file)
--- a/drivers/net/vxlan/vxlan_core.c
+++ b/drivers/net/vxlan/vxlan_core.c
@@ -1515,7 +1515,6 @@ static void vxlan_sock_release(struct vxlan_dev *vxlan)
 #endif
 
        RCU_INIT_POINTER(vxlan->vn4_sock, NULL);
-       synchronize_net();
 
        if (vxlan->cfg.flags & VXLAN_F_VNIFILTER)
                vxlan_vs_del_vnigrp(vxlan);