dst->dev is safe under RTNL or RCU.

syzbot demonstrated that an unsafe use of sk_dst_get()->dev
leads to use-after-free.

Let's add two helpers to fix such issues.

Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
---
 include/net/sock.h | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/include/net/sock.h b/include/net/sock.h
index fb13322a11fc..e1ae975c1920 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -2157,6 +2157,25 @@ sk_dst_get(const struct sock *sk)
 	return dst;
 }
 
+static inline struct net_device *sk_dst_dev_rcu(const struct sock *sk)
+{
+	struct dst_entry *dst = __sk_dst_get(sk);
+
+	return dst ? dst_dev_rcu(dst) : NULL;
+}
+
+static inline struct net_device *sk_dst_dev_get(const struct sock *sk)
+{
+	struct net_device *dev;
+
+	rcu_read_lock();
+	dev = sk_dst_dev_rcu(sk);
+	dev_hold(dev);
+	rcu_read_unlock();
+
+	return dev;
+}
+
 static inline void __dst_negative_advice(struct sock *sk)
 {
 	struct dst_entry *dst = __sk_dst_get(sk);
-- 
2.51.0.384.g4c02a37b29-goog