2026-01-28, 13:44:08 +0100, Ralf Lici wrote:
> During initialization, we override socket callbacks and set sk_user_data
> to an ovpn_socket instance. Currently, these two operations are
> decoupled: callbacks are overridden before sk_user_data is set. While
> existing callbacks perform safety checks for NULL or non-ovpn
> sk_user_data, this condition causes a "half-formed" state where valid
> packets arriving during attachment trigger error logs (e.g., "invoked on
> non ovpn socket").
>
> Set sk_user_data before overriding the callbacks so that it can be
> accessed safely from them. Since we already check that the socket has no
> sk_user_data before setting it, this remains safe even if an interrupt
> accesses the socket after sk_user_data is set but before the callbacks
> are overridden.
>
> This also requires initializing all protocol-specific fields (such as
> tcp_tx_work and peer links) before calling ovpn_socket_attach, ensuring
> the ovpn_socket is fully formed before it becomes visible to any
> callback.
>
> Fixes: f6226ae7a0cd ("ovpn: introduce the ovpn_socket object")
> Signed-off-by: Ralf Lici <[email protected]>
> ---
> Changes since v1:
> - reset sk_user_data to NULL in case of error
> - removed a redundant goto sock_release in ovpn_socket_new
> - expanded commit message with additional information on the purpose of
> this change
> - added explanation in the commit message of why the per-protocol
> ovpn_sock initialization code in ovpn_socket_new was moved
> - added Fixes tag
Reviewed-by: Sabrina Dubroca <[email protected]>
Thanks!
--
Sabrina
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
