From: Jiri Pirko <jiri@nvidia.com> mainline inclusion from mainline-v6.7-rc1 commit 2034d90ae41ae93e30d492ebcf1f06f97a9cfba6 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPC6A CVE: CVE-2025-21764 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- Make the net pointer stored in possible_net_t structure annotated as an RCU pointer. Change the access helpers to treat it as such. Introduce read_pnet_rcu() helper to allow caller to dereference the net pointer under RCU read lock. Signed-off-by: Jiri Pirko <jiri@nvidia.com> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> Conflicts: include/net/net_namespace.h [commit 9ba74e6c9e9d add refcount tracker, which not merged lead to context conflict(no put_net_track())] Signed-off-by: Dong Chenchen <dongchenchen2@huawei.com> --- include/net/net_namespace.h | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index 8e7aa1aabe17..e5867b9af92b 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -332,21 +332,30 @@ static inline int check_net(const struct net *net) typedef struct { #ifdef CONFIG_NET_NS - struct net *net; + struct net __rcu *net; #endif } possible_net_t; static inline void write_pnet(possible_net_t *pnet, struct net *net) { #ifdef CONFIG_NET_NS - pnet->net = net; + rcu_assign_pointer(pnet->net, net); #endif } static inline struct net *read_pnet(const possible_net_t *pnet) { #ifdef CONFIG_NET_NS - return pnet->net; + return rcu_dereference_protected(pnet->net, true); +#else + return &init_net; +#endif +} + +static inline struct net *read_pnet_rcu(possible_net_t *pnet) +{ +#ifdef CONFIG_NET_NS + return rcu_dereference(pnet->net); #else return &init_net; #endif -- 2.25.1