{"id":805890,"url":"http://patchwork.ozlabs.org/api/patches/805890/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/f37a31f7fbfa4c02c4a263672f86eac4e80be272.1503670839.git.g.nault@alphalink.fr/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<f37a31f7fbfa4c02c4a263672f86eac4e80be272.1503670839.git.g.nault@alphalink.fr>","list_archive_url":null,"date":"2017-08-25T14:22:17","name":"[net] l2tp: initialise session's refcount before making it reachable","commit_ref":null,"pull_url":null,"state":"accepted","archived":true,"hash":"b4dbe0f3fc5d686a5fc02e122ae56fb86d8ade06","submitter":{"id":22975,"url":"http://patchwork.ozlabs.org/api/people/22975/?format=json","name":"Guillaume Nault","email":"g.nault@alphalink.fr"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/f37a31f7fbfa4c02c4a263672f86eac4e80be272.1503670839.git.g.nault@alphalink.fr/mbox/","series":[],"comments":"http://patchwork.ozlabs.org/api/patches/805890/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/805890/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xf3Jy2CF1z9sNv\n\tfor <patchwork-incoming@ozlabs.org>;\n\tSat, 26 Aug 2017 00:22:26 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S932574AbdHYOWW (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tFri, 25 Aug 2017 10:22:22 -0400","from zimbra.alphalink.fr ([217.15.80.77]:50613 \"EHLO\n\tzimbra.alphalink.fr\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S932562AbdHYOWV (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Fri, 25 Aug 2017 10:22:21 -0400","from localhost (localhost [127.0.0.1])\n\tby mail-2-cbv2.admin.alphalink.fr (Postfix) with ESMTP id\n\tF386A2B5206F; Fri, 25 Aug 2017 16:22:19 +0200 (CEST)","from zimbra.alphalink.fr ([127.0.0.1])\n\tby localhost (mail-2-cbv2.admin.alphalink.fr [127.0.0.1])\n\t(amavisd-new, port 10032)\n\twith ESMTP id e54D0ape9IED; Fri, 25 Aug 2017 16:22:18 +0200 (CEST)","from localhost (localhost [127.0.0.1])\n\tby mail-2-cbv2.admin.alphalink.fr (Postfix) with ESMTP id\n\t4B48D2B5214B; Fri, 25 Aug 2017 16:22:18 +0200 (CEST)","from zimbra.alphalink.fr ([127.0.0.1])\n\tby localhost (mail-2-cbv2.admin.alphalink.fr [127.0.0.1])\n\t(amavisd-new, port 10026)\n\twith ESMTP id daOG4yFB_OPQ; Fri, 25 Aug 2017 16:22:18 +0200 (CEST)","from c-dev-0.admin.alphalink.fr (94-84-15-217.reverse.alphalink.fr\n\t[217.15.84.94])\n\tby mail-2-cbv2.admin.alphalink.fr (Postfix) with ESMTP id\n\t276892B52097; Fri, 25 Aug 2017 16:22:18 +0200 (CEST)","by c-dev-0.admin.alphalink.fr (Postfix, from userid 1000)\n\tid 0833D6024C; Fri, 25 Aug 2017 16:22:17 +0200 (CEST)"],"X-Virus-Scanned":"amavisd-new at mail-2-cbv2.admin.alphalink.fr","Date":"Fri, 25 Aug 2017 16:22:17 +0200","From":"Guillaume Nault <g.nault@alphalink.fr>","To":"netdev@vger.kernel.org","Cc":"James Chapman <jchapman@katalix.com>, David Miller <davem@davemloft.net>","Subject":"[PATCH net] l2tp: initialise session's refcount before making it\n\treachable","Message-ID":"<f37a31f7fbfa4c02c4a263672f86eac4e80be272.1503670839.git.g.nault@alphalink.fr>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","X-Mutt-Fcc":"=Sent","User-Agent":"NeoMutt/20170609 (1.8.3)","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"Sessions must be fully initialised before calling\nl2tp_session_add_to_tunnel(). Otherwise, there's a short time frame\nwhere partially initialised sessions can be accessed by external users.\n\nFixes: dbdbc73b4478 (\"l2tp: fix duplicate session creation\")\nSigned-off-by: Guillaume Nault <g.nault@alphalink.fr>\n---\n net/l2tp/l2tp_core.c | 6 ++----\n 1 file changed, 2 insertions(+), 4 deletions(-)","diff":"diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c\nindex b0c2d4ae781d..f363669eae47 100644\n--- a/net/l2tp/l2tp_core.c\n+++ b/net/l2tp/l2tp_core.c\n@@ -1844,6 +1844,8 @@ struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunn\n \n \t\tl2tp_session_set_header_len(session, tunnel->version);\n \n+\t\trefcount_set(&session->ref_count, 1);\n+\n \t\terr = l2tp_session_add_to_tunnel(tunnel, session);\n \t\tif (err) {\n \t\t\tkfree(session);\n@@ -1851,10 +1853,6 @@ struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunn\n \t\t\treturn ERR_PTR(err);\n \t\t}\n \n-\t\t/* Bump the reference count. The session context is deleted\n-\t\t * only when this drops to zero.\n-\t\t */\n-\t\trefcount_set(&session->ref_count, 1);\n \t\tl2tp_tunnel_inc_refcount(tunnel);\n \n \t\t/* Ensure tunnel socket isn't deleted */\n","prefixes":["net"]}