• Guillaume Nault's avatar
    l2tp: fix duplicate session creation · 0463e1a5
    Guillaume Nault authored
    commit dbdbc73b upstream.
    
    l2tp_session_create() relies on its caller for checking for duplicate
    sessions. This is racy since a session can be concurrently inserted
    after the caller's verification.
    
    Fix this by letting l2tp_session_create() verify sessions uniqueness
    upon insertion. Callers need to be adapted to check for
    l2tp_session_create()'s return code instead of calling
    l2tp_session_find().
    
    pppol2tp_connect() is a bit special because it has to work on existing
    sessions (if they're not connected) or to create a new session if none
    is found. When acting on a preexisting session, a reference must be
    held or it could go away on us. So we have to use l2tp_session_get()
    instead of l2tp_session_find() and drop the reference before exiting.
    
    Fixes: d9e31d17 ("l2tp: Add L2TP ethernet pseudowire support")
    Fixes: fd558d18 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts")
    Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    [bwh: Backported to 3.2: add 'pos' parameter to
     hlist_for_each_entry{,_rcu}() calls]
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    0463e1a5
l2tp_ppp.c 46.2 KB