git.ipfire.org Git - thirdparty/linux.git/commit

author	Zhengchuan Liang <zcliangcn@gmail.com>
	Fri, 22 May 2026 09:31:55 +0000 (17:31 +0800)
committer	Steffen Klassert <steffen.klassert@secunet.com>
	Tue, 26 May 2026 08:35:30 +0000 (10:35 +0200)
commit	c16f74dc1d75d0e2e7670076d5375deda110ebeb
tree	a84111acd393d14f93ebfa2bbf81dafcb6a42934	tree \| snapshot
parent	3e52417318473782012b236d0325bf7d2266a597	commit \| diff

xfrm: input: hold netns during deferred transport reinjection

Transport-mode reinjection stores a struct net pointer in skb->cb and
uses it later from xfrm_trans_reinject(). That pointer must stay valid
until the deferred callback runs.

Take a netns reference when queueing deferred reinjection work and drop
it after the callback completes. Use maybe_get_net() so the queueing
path does not revive a namespace that is already being torn down.

This keeps the existing workqueue design and fixes the netns lifetime
handling in one place for all users of xfrm_trans_queue_net().

Fixes: 7b3801927e52 ("xfrm: introduce xfrm_trans_queue_net")
Cc: stable@kernel.org
Reported-by: Yuan Tan <yuantan098@gmail.com>
Reported-by: Xin Liu <bird@lzu.edu.cn>
Co-developed-by: Luxing Yin <tr0jan@lzu.edu.cn>
Signed-off-by: Luxing Yin <tr0jan@lzu.edu.cn>
Signed-off-by: Zhengchuan Liang <zcliangcn@gmail.com>
Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
Assisted-by: Codex:gpt-5.4
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>