git.itanic.dy.fi Git - linux-stable/commit

author	Guillaume Nault <g.nault@alphalink.fr>
	Thu, 2 Apr 2020 17:32:47 +0000 (18:32 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 13 Apr 2020 08:31:27 +0000 (10:31 +0200)
commit	e613c62082429796e6b29e893b554a51c7ef5b07
tree	22b8740e0bdb97949617ba4d265f9d45606deae4	tree \| snapshot
parent	bbece67424d9990f25b68416ba51384cabdb9a59	commit \| diff

l2tp: fix duplicate session creation

commit dbdbc73b44782e22b3b4b6e8b51e7a3d245f3086 upstream.

l2tp_session_create() relies on its caller for checking for duplicate
sessions. This is racy since a session can be concurrently inserted
after the caller's verification.

Fix this by letting l2tp_session_create() verify sessions uniqueness
upon insertion. Callers need to be adapted to check for
l2tp_session_create()'s return code instead of calling
l2tp_session_find().

pppol2tp_connect() is a bit special because it has to work on existing
sessions (if they're not connected) or to create a new session if none
is found. When acting on a preexisting session, a reference must be
held or it could go away on us. So we have to use l2tp_session_get()
instead of l2tp_session_find() and drop the reference before exiting.

Fixes: d9e31d17ceba ("l2tp: Add L2TP ethernet pseudowire support")
Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

net/l2tp/l2tp_core.c		diff \| blob \| history
net/l2tp/l2tp_eth.c		diff \| blob \| history
net/l2tp/l2tp_ppp.c		diff \| blob \| history