Pandora Sourcecodes - pandora-kernel.git/commit

author	Guillaume Nault <g.nault@alphalink.fr>
	Fri, 31 Mar 2017 11:02:25 +0000 (13:02 +0200)
committer	Ben Hutchings <ben@decadent.org.uk>
	Tue, 18 Jul 2017 17:38:39 +0000 (18:38 +0100)
commit	63a763d03a6c962c15159081812e67dc9715d9cc
tree	c5ad6d6e605391be9fde6d94d44700b50cf8d441	tree \| snapshot
parent	2a14908e68134912eeadc8f71690c52900abb371	commit \| diff

l2tp: fix race in l2tp_recv_common()

commit 61b9a047729bb230978178bca6729689d0c50ca2 upstream.

Taking a reference on sessions in l2tp_recv_common() is racy; this
has to be done by the callers.

To this end, a new function is required (l2tp_session_get()) to
atomically lookup a session and take a reference on it. Callers then
have to manually drop this reference.

Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 3.2:
- Drop changes to l2tp_ip6.c
- Add 'pos' parameter to hlist_for_each_entry{,_rcu}() calls
- Adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

net/l2tp/l2tp_core.c		diff \| blob \| history
net/l2tp/l2tp_core.h		diff \| blob \| history
net/l2tp/l2tp_ip.c		diff \| blob \| history