ipv4: use RCU protection in ip_dst_mtu_maybe_forward()

ip_dst_mtu_maybe_forward() must use RCU protection to make
sure the net structure it reads does not disappear.

Fixes: f87c10a8aa1e8 ("ipv4: introduce ip_dst_mtu_maybe_forward and protect forwarding path against pmtu spoofing")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250205155120.1676781-4-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/include/net/ip.h b/include/net/ip.h
index 9f5e33e371fcdd8ea88c54584b8d4b6c50e7d0c9..ba7b43447775e51b3b9a8cbf5c3345d6308bb525 100644 (file)
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -471,9 +471,12 @@ static inline unsigned int ip_dst_mtu_maybe_forward(const struct dst_entry *dst,
                                                    bool forwarding)
 {
        const struct rtable *rt = dst_rtable(dst);
-       struct net *net = dev_net(dst->dev);
-       unsigned int mtu;
+       unsigned int mtu, res;
+       struct net *net;
+
+       rcu_read_lock();
 
+       net = dev_net_rcu(dst->dev);
        if (READ_ONCE(net->ipv4.sysctl_ip_fwd_use_pmtu) ||
            ip_mtu_locked(dst) ||
            !forwarding) {
@@ -497,7 +500,11 @@ static inline unsigned int ip_dst_mtu_maybe_forward(const struct dst_entry *dst,
 out:
        mtu = min_t(unsigned int, mtu, IP_MAX_MTU);
 
-       return mtu - lwtunnel_headroom(dst->lwtstate, mtu);
+       res = mtu - lwtunnel_headroom(dst->lwtstate, mtu);
+
+       rcu_read_unlock();
+
+       return res;
 }
 
 static inline unsigned int ip_skb_dst_mtu(struct sock *sk,