{"id":808764,"url":"http://patchwork.ozlabs.org/api/1.0/patches/808764/?format=json","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/1.0/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<17c6806db17f27621fbf4fd12d864775cf0411da.1504277892.git.g.nault@alphalink.fr>","date":"2017-09-01T15:58:51","name":"[net,2/2] l2tp: pass tunnel pointer to ->session_create()","commit_ref":null,"pull_url":null,"state":"accepted","archived":true,"hash":"f33dadd59b6256ff273108ecc6041d8d87dbc8b5","submitter":{"id":22975,"url":"http://patchwork.ozlabs.org/api/1.0/people/22975/?format=json","name":"Guillaume Nault","email":"g.nault@alphalink.fr"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/1.0/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/17c6806db17f27621fbf4fd12d864775cf0411da.1504277892.git.g.nault@alphalink.fr/mbox/","series":[{"id":1055,"url":"http://patchwork.ozlabs.org/api/1.0/series/1055/?format=json","date":"2017-09-01T15:58:48","name":"l2tp: session creation fixes","version":1,"mbox":"http://patchwork.ozlabs.org/series/1055/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/808764/checks/","tags":{},"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xkP7C3m3Hz9t3P\n\tfor <patchwork-incoming@ozlabs.org>;\n\tSat,  2 Sep 2017 01:59:03 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752169AbdIAP7B (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tFri, 1 Sep 2017 11:59:01 -0400","from zimbra.alphalink.fr ([217.15.80.77]:46016 \"EHLO\n\tzimbra.alphalink.fr\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1752148AbdIAP67 (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Fri, 1 Sep 2017 11:58:59 -0400","from localhost (localhost [127.0.0.1])\n\tby mail-2-cbv2.admin.alphalink.fr (Postfix) with ESMTP id\n\t072142B52068; Fri,  1 Sep 2017 17:58:58 +0200 (CEST)","from zimbra.alphalink.fr ([127.0.0.1])\n\tby localhost (mail-2-cbv2.admin.alphalink.fr [127.0.0.1])\n\t(amavisd-new, port 10032)\n\twith ESMTP id KWxnLZRQeAZI; Fri,  1 Sep 2017 17:58:51 +0200 (CEST)","from localhost (localhost [127.0.0.1])\n\tby mail-2-cbv2.admin.alphalink.fr (Postfix) with ESMTP id\n\t79DB32B5212C; Fri,  1 Sep 2017 17:58:51 +0200 (CEST)","from zimbra.alphalink.fr ([127.0.0.1])\n\tby localhost (mail-2-cbv2.admin.alphalink.fr [127.0.0.1])\n\t(amavisd-new, port 10026)\n\twith ESMTP id XeuMfeKdwzO2; Fri,  1 Sep 2017 17:58:51 +0200 (CEST)","from c-dev-0.admin.alphalink.fr (94-84-15-217.reverse.alphalink.fr\n\t[217.15.84.94])\n\tby mail-2-cbv2.admin.alphalink.fr (Postfix) with ESMTP id\n\t532C82B52120; Fri,  1 Sep 2017 17:58:51 +0200 (CEST)","by c-dev-0.admin.alphalink.fr (Postfix, from userid 1000)\n\tid 3814160141; Fri,  1 Sep 2017 17:58:51 +0200 (CEST)"],"X-Virus-Scanned":"amavisd-new at mail-2-cbv2.admin.alphalink.fr","Date":"Fri, 1 Sep 2017 17:58:51 +0200","From":"Guillaume Nault <g.nault@alphalink.fr>","To":"netdev@vger.kernel.org","Cc":"James Chapman <jchapman@katalix.com>","Subject":"[PATCH net 2/2] l2tp: pass tunnel pointer to ->session_create()","Message-ID":"<17c6806db17f27621fbf4fd12d864775cf0411da.1504277892.git.g.nault@alphalink.fr>","References":"<cover.1504277892.git.g.nault@alphalink.fr>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<cover.1504277892.git.g.nault@alphalink.fr>","X-Mutt-Fcc":"=Sent","User-Agent":"NeoMutt/20170609 (1.8.3)","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"Using l2tp_tunnel_find() in pppol2tp_session_create() and\nl2tp_eth_create() is racy, because no reference is held on the\nreturned session. These functions are only used to implement the\n->session_create callback which is run by l2tp_nl_cmd_session_create().\nTherefore searching for the parent tunnel isn't necessary because\nl2tp_nl_cmd_session_create() already has a pointer to it and holds a\nreference.\n\nThis patch modifies ->session_create()'s prototype to directly pass the\nthe parent tunnel as parameter, thus avoiding searching for it in\npppol2tp_session_create() and l2tp_eth_create().\n\nSince we have to touch the ->session_create() call in\nl2tp_nl_cmd_session_create(), let's also remove the useless conditional:\nwe know that ->session_create isn't NULL at this point because it's\nalready been checked earlier in this same function.\n\nFinally, one might be tempted to think that the removed\nl2tp_tunnel_find() calls were harmless because they would return the\nsame tunnel as the one held by l2tp_nl_cmd_session_create() anyway.\nBut that tunnel might be removed and a new one created with same tunnel\nId before the l2tp_tunnel_find() call. In this case l2tp_tunnel_find()\nwould return the new tunnel which wouldn't be protected by the\nreference held by l2tp_nl_cmd_session_create().\n\nFixes: 309795f4bec2 (\"l2tp: Add netlink control API for L2TP\")\nFixes: d9e31d17ceba (\"l2tp: Add L2TP ethernet pseudowire support\")\nSigned-off-by: Guillaume Nault <g.nault@alphalink.fr>\n---\n net/l2tp/l2tp_core.h    |  4 +++-\n net/l2tp/l2tp_eth.c     | 11 +++--------\n net/l2tp/l2tp_netlink.c |  8 ++++----\n net/l2tp/l2tp_ppp.c     | 19 +++++++------------\n 4 files changed, 17 insertions(+), 25 deletions(-)","diff":"diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h\nindex 4593d48df953..a305e0c5925a 100644\n--- a/net/l2tp/l2tp_core.h\n+++ b/net/l2tp/l2tp_core.h\n@@ -201,7 +201,9 @@ struct l2tp_tunnel {\n };\n \n struct l2tp_nl_cmd_ops {\n-\tint (*session_create)(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg);\n+\tint (*session_create)(struct net *net, struct l2tp_tunnel *tunnel,\n+\t\t\t      u32 session_id, u32 peer_session_id,\n+\t\t\t      struct l2tp_session_cfg *cfg);\n \tint (*session_delete)(struct l2tp_session *session);\n };\n \ndiff --git a/net/l2tp/l2tp_eth.c b/net/l2tp/l2tp_eth.c\nindex 4de2ec94b08c..87da9ef61860 100644\n--- a/net/l2tp/l2tp_eth.c\n+++ b/net/l2tp/l2tp_eth.c\n@@ -262,24 +262,19 @@ static void l2tp_eth_adjust_mtu(struct l2tp_tunnel *tunnel,\n \tdev->needed_headroom += session->hdr_len;\n }\n \n-static int l2tp_eth_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)\n+static int l2tp_eth_create(struct net *net, struct l2tp_tunnel *tunnel,\n+\t\t\t   u32 session_id, u32 peer_session_id,\n+\t\t\t   struct l2tp_session_cfg *cfg)\n {\n \tunsigned char name_assign_type;\n \tstruct net_device *dev;\n \tchar name[IFNAMSIZ];\n-\tstruct l2tp_tunnel *tunnel;\n \tstruct l2tp_session *session;\n \tstruct l2tp_eth *priv;\n \tstruct l2tp_eth_sess *spriv;\n \tint rc;\n \tstruct l2tp_eth_net *pn;\n \n-\ttunnel = l2tp_tunnel_find(net, tunnel_id);\n-\tif (!tunnel) {\n-\t\trc = -ENODEV;\n-\t\tgoto out;\n-\t}\n-\n \tif (cfg->ifname) {\n \t\tstrlcpy(name, cfg->ifname, IFNAMSIZ);\n \t\tname_assign_type = NET_NAME_USER;\ndiff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c\nindex 57427d430f10..7135f4645d3a 100644\n--- a/net/l2tp/l2tp_netlink.c\n+++ b/net/l2tp/l2tp_netlink.c\n@@ -643,10 +643,10 @@ static int l2tp_nl_cmd_session_create(struct sk_buff *skb, struct genl_info *inf\n \t\tbreak;\n \t}\n \n-\tret = -EPROTONOSUPPORT;\n-\tif (l2tp_nl_cmd_ops[cfg.pw_type]->session_create)\n-\t\tret = (*l2tp_nl_cmd_ops[cfg.pw_type]->session_create)(net, tunnel_id,\n-\t\t\tsession_id, peer_session_id, &cfg);\n+\tret = l2tp_nl_cmd_ops[cfg.pw_type]->session_create(net, tunnel,\n+\t\t\t\t\t\t\t   session_id,\n+\t\t\t\t\t\t\t   peer_session_id,\n+\t\t\t\t\t\t\t   &cfg);\n \n \tif (ret >= 0) {\n \t\tsession = l2tp_session_get(net, tunnel, session_id, false);\ndiff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c\nindex f0edb7209079..50e3ee9a9d61 100644\n--- a/net/l2tp/l2tp_ppp.c\n+++ b/net/l2tp/l2tp_ppp.c\n@@ -788,25 +788,20 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,\n \n #ifdef CONFIG_L2TP_V3\n \n-/* Called when creating sessions via the netlink interface.\n- */\n-static int pppol2tp_session_create(struct net *net, u32 tunnel_id, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)\n+/* Called when creating sessions via the netlink interface. */\n+static int pppol2tp_session_create(struct net *net, struct l2tp_tunnel *tunnel,\n+\t\t\t\t   u32 session_id, u32 peer_session_id,\n+\t\t\t\t   struct l2tp_session_cfg *cfg)\n {\n \tint error;\n-\tstruct l2tp_tunnel *tunnel;\n \tstruct l2tp_session *session;\n \tstruct pppol2tp_session *ps;\n \n-\ttunnel = l2tp_tunnel_find(net, tunnel_id);\n-\n-\t/* Error if we can't find the tunnel */\n-\terror = -ENOENT;\n-\tif (tunnel == NULL)\n-\t\tgoto out;\n-\n \t/* Error if tunnel socket is not prepped */\n-\tif (tunnel->sock == NULL)\n+\tif (!tunnel->sock) {\n+\t\terror = -ENOENT;\n \t\tgoto out;\n+\t}\n \n \t/* Default MTU values. */\n \tif (cfg->mtu == 0)\n","prefixes":["net","2/2"]}