Commit ce6adea1 authored Sep 08, 2025 by Ido Schimmel Committed by Jakub Kicinski Sep 09, 2025

vxlan: Make vxlan_fdb_find_uc() more robust against NPDs



first_remote_rcu() can return NULL if the FDB entry points to an FDB
nexthop group instead of a remote destination. However, unlike other
users of first_remote_rcu(), NPD cannot currently happen in
vxlan_fdb_find_uc() as it is only invoked by one driver which vetoes the
creation of FDB nexthops.

Make the function more robust by making sure the remote destination is
only dereferenced if it is not NULL.

Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Wang Liang <wangliang74@huawei.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://patch.msgid.link/20250908075141.125087-1-idosch@nvidia.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 051b62b7

drivers/net/vxlan/vxlan_core.c

+4 −3

Original line number	Diff line number	Diff line
		@@ -446,7 +446,7 @@ int vxlan_fdb_find_uc(struct net_device dev, const u8 mac, __be32 vni,
		{
		struct vxlan_dev *vxlan = netdev_priv(dev);
		u8 eth_addr[ETH_ALEN + 2] = { 0 };
		struct vxlan_rdst *rdst;
		struct vxlan_rdst *rdst = NULL;
		struct vxlan_fdb *f;
		int rc = 0;

		@@ -459,12 +459,13 @@ int vxlan_fdb_find_uc(struct net_device dev, const u8 mac, __be32 vni,
		rcu_read_lock();

		f = vxlan_find_mac_rcu(vxlan, eth_addr, vni);
		if (!f) {
		if (f)
		rdst = first_remote_rcu(f);
		if (!rdst) {
		rc = -ENOENT;
		goto out;
		}

		rdst = first_remote_rcu(f);
		vxlan_fdb_switchdev_notifier_info(vxlan, f, rdst, NULL, fdb_info);

		out: