Commit a42b69f6 authored by Eric Dumazet's avatar Eric Dumazet Committed by Jakub Kicinski
Browse files

arp: use RCU protection in arp_xmit() 



arp_xmit() can be called without RTNL or RCU protection.

Use RCU protection to avoid potential UAF.

Fixes: 29a26a56 ("netfilter: Pass struct net into the netfilter hooks")
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
Reviewed-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250207135841.1948589-5-edumazet@google.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent becbd585

net/ipv4/arp.c

+3 −1
Original line number Diff line number Diff line
@@ -659,10 +659,12 @@ static int arp_xmit_finish(struct net *net, struct sock *sk, struct sk_buff *skb 
 */

void arp_xmit(struct sk_buff *skb)

{

	rcu_read_lock();

	/* Send it off, maybe filter it using firewalling first.  */

	NF_HOOK(NFPROTO_ARP, NF_ARP_OUT,

		dev_net(skb->dev), NULL, skb, NULL, skb->dev,

		dev_net_rcu(skb->dev), NULL, skb, NULL, skb->dev,

		arp_xmit_finish);

	rcu_read_unlock();

}

EXPORT_SYMBOL(arp_xmit);