Patchwork [net-next-2.6,v4,00/14] l2tp: Introduce L2TPv3 support

login
register
mail settings
Submitter Eric Dumazet
Date April 4, 2010, 7:54 a.m.
Message ID <1270367668.1971.3.camel@edumazet-laptop>
Download mbox | patch
Permalink /patch/49348/
State Accepted
Delegated to: David Miller
Headers show

Comments

Eric Dumazet - April 4, 2010, 7:54 a.m.
Le samedi 03 avril 2010 à 14:25 -0700, David Miller a écrit :
> From: James Chapman <jchapman@katalix.com>
> Date: Fri, 02 Apr 2010 17:18:23 +0100
> 
> > This patch series adds L2TPv3 support. It splits the existing pppol2tp
> > driver to separate its L2TP and PPP parts, then adds new L2TPv3
> > functionality. The patches implement a new socket family for L2TPv3 IP
> > encapsulation, expose virtual netdevices for each L2TPv3 ethernet
> > pseudowire and add a netlink interface.
> 
> Ok I'm going to toss this into net-next-2.6, we have time to
> fixup any remaining issues people might discover.
> 

[PATCH net-next-2.6] l2tp: unmanaged L2TPv3 tunnels fixes

Followup to commit 789a4a2c 
(l2tp: Add support for static unmanaged L2TPv3 tunnels)

One missing init in l2tp_tunnel_sock_create() could access random kernel
memory, and a bit field should be unsigned.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
---
 net/l2tp/l2tp_core.c |    2 +-
 net/l2tp/l2tp_core.h |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller - April 4, 2010, 8:02 a.m.
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Sun, 04 Apr 2010 09:54:28 +0200

> [PATCH net-next-2.6] l2tp: unmanaged L2TPv3 tunnels fixes
> 
> Followup to commit 789a4a2c 
> (l2tp: Add support for static unmanaged L2TPv3 tunnels)
> 
> One missing init in l2tp_tunnel_sock_create() could access random kernel
> memory, and a bit field should be unsigned.
> 
> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>

Applied, thanks Eric.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Eric Dumazet - April 4, 2010, 8:14 a.m.
Le dimanche 04 avril 2010 à 01:02 -0700, David Miller a écrit :
> From: Eric Dumazet <eric.dumazet@gmail.com>
> Date: Sun, 04 Apr 2010 09:54:28 +0200
> 
> > [PATCH net-next-2.6] l2tp: unmanaged L2TPv3 tunnels fixes
> > 
> > Followup to commit 789a4a2c 
> > (l2tp: Add support for static unmanaged L2TPv3 tunnels)
> > 
> > One missing init in l2tp_tunnel_sock_create() could access random kernel
> > memory, and a bit field should be unsigned.
> > 
> > Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
> 
> Applied, thanks Eric.

I am going to work on net/l2tp/l2tp_core.c, since RCU conversion is
wrong (but original code was wong too...)

Example :

There is no real protection in following code, since no refcount is
taken on session before releasing rcu_read_lock :

static struct l2tp_session *l2tp_session_find_2(struct net *net, u32 session_id)
{
        struct l2tp_net *pn = l2tp_pernet(net);
        struct hlist_head *session_list =
                l2tp_session_id_hash_2(pn, session_id);
        struct l2tp_session *session;
        struct hlist_node *walk;

        rcu_read_lock_bh();
        hlist_for_each_entry_rcu(session, walk, session_list, global_hlist) {
                if (session->session_id == session_id) {
                        rcu_read_unlock_bh();
                        return session;
                }
        }
        rcu_read_unlock_bh();

        return NULL;
}


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index 13ed85b..98dfcce 100644
--- a/net/l2tp/l2tp_core.c
+++ b/net/l2tp/l2tp_core.c
@@ -1227,7 +1227,7 @@  static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2t
 	int err = -EINVAL;
 	struct sockaddr_in udp_addr;
 	struct sockaddr_l2tpip ip_addr;
-	struct socket *sock;
+	struct socket *sock = NULL;
 
 	switch (cfg->encap) {
 	case L2TP_ENCAPTYPE_UDP:
diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h
index 91b1b9c..f0f318e 100644
--- a/net/l2tp/l2tp_core.h
+++ b/net/l2tp/l2tp_core.h
@@ -152,7 +152,7 @@  struct l2tp_tunnel_cfg {
 	struct in_addr		peer_ip;
 	u16			local_udp_port;
 	u16			peer_udp_port;
-	int			use_udp_checksums:1;
+	unsigned int		use_udp_checksums:1;
 };
 
 struct l2tp_tunnel {