Re: [PATCH net] ovpn: hold peer before scheduling keepalive work

Next message: Jamal Hadi Salim: "Re: [PATCH net v2 1/1] net/sched: fix pedit partial COW leading to page cache corruption"
Previous message: Vlastimil Babka (SUSE): "Re: [PATCH] mm/mempool: use static key for boot-time debug enablement"
Next in thread: Antonio Quartulli: "Re: [PATCH net] ovpn: hold peer before scheduling keepalive work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sabrina Dubroca

Date: Wed May 27 2026 - 12:48:38 EST

2026-05-23, 20:38:27 +0545, Shuvam Pandey wrote:
> ovpn_peer_keepalive_send() passes its peer reference to
> ovpn_xmit_special(), which ultimately drops it. The keepalive scheduler
> currently queues the work first and takes the reference only after
> schedule_work() reports that the work was queued.
>
> Once schedule_work() queues the item, another CPU may run the worker
> before the caller gets to ovpn_peer_hold(). In that case the worker can
> consume a reference that was not acquired for it, corrupting the peer
> lifetime accounting.
>
> Take the peer reference before queueing the work and drop it again when
> the work was already pending.
>
> Fixes: 3ecfd9349f40 ("ovpn: implement keepalive mechanism")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Shuvam Pandey <shuvampandey1@xxxxxxxxx>
> ---
> drivers/net/ovpn/peer.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)

Reviewed-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>

--
Sabrina