2025-01-13, 10:31:24 +0100, Antonio Quartulli wrote:
> +static int ovpn_peer_del_p2p(struct ovpn_peer *peer,
> + enum ovpn_del_peer_reason reason)
> +{
> + struct ovpn_peer *tmp;
> +
> + lockdep_assert_held(&peer->ovpn->lock);
> +
> + tmp = rcu_dereference_protected(peer->ovpn->peer,
> + lockdep_is_held(&peer->ovpn->lock));
> + if (tmp != peer) {
> + DEBUG_NET_WARN_ON_ONCE(1);
I think this WARN should be removed. If 2 almost-simultanenous
DEL_PEER manage to fetch the peer, the first will delete it and NULL
peer->ovpn->peer, then when it releases ovpn->lock, the 2nd will find
NULL != peer and hit this WARN.
(probably not happening in practical cases, but syzbot will manage to
hit it)
> + return -ENOENT;
> + }
> +
> + ovpn_peer_remove(peer, reason);
> +
> + return 0;
> +}
--
Sabrina
