2025-01-13, 10:31:26 +0100, Antonio Quartulli wrote:
> +static void ovpn_encrypt_post(struct sk_buff *skb, int ret)
> +{
> + struct ovpn_peer *peer = ovpn_skb_cb(skb)->peer;
> +
> + if (unlikely(ret < 0))
> + goto err;
> +
> + skb_mark_not_on_list(skb);
> +
> + switch (peer->sock->sock->sk->sk_protocol) {
We have a ref on the peer, but not on the ovpn_sock. DEL_PEER could
have detached the sock by the time the crypto completes.
(unfortunately I don't have any idea to fix this yet)
> + case IPPROTO_UDP:
> + ovpn_udp_send_skb(peer, skb);
> + break;
> + default:
> + /* no transport configured yet */
> + goto err;
> + }
> + /* skb passed down the stack - don't free it */
> + skb = NULL;
> +err:
> + if (unlikely(skb))
> + dev_core_stats_tx_dropped_inc(peer->ovpn->dev);
> + ovpn_peer_put(peer);
> + kfree_skb(skb);
> +}
--
Sabrina
