• Guillaume Nault's avatar
    l2tp: take a reference on sessions used in genetlink handlers · 0d3ab011
    Guillaume Nault authored
    commit 2777e2ab upstream.
    
    Callers of l2tp_nl_session_find() need to hold a reference on the
    returned session since there's no guarantee that it isn't going to
    disappear from under them.
    
    Relying on the fact that no l2tp netlink message may be processed
    concurrently isn't enough: sessions can be deleted by other means
    (e.g. by closing the PPPOL2TP socket of a ppp pseudowire).
    
    l2tp_nl_cmd_session_delete() is a bit special: it runs a callback
    function that may require a previous call to session->ref(). In
    particular, for ppp pseudowires, the callback is l2tp_session_delete(),
    which then calls pppol2tp_session_close() and dereferences the PPPOL2TP
    socket. The socket might already be gone at the moment
    l2tp_session_delete() calls session->ref(), so we need to take a
    reference during the session lookup. So we need to pass the do_ref
    variable down to l2tp_session_get() and l2tp_session_get_by_ifname().
    
    Since all callers have to be updated, l2tp_session_find_by_ifname() and
    l2tp_nl_session_find() are renamed to reflect their new behaviour.
    
    Fixes: 309795f4 ("l2tp: Add netlink control API for L2TP")
    Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    [bwh: Backported to 3.2: adjust context]
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    0d3ab011
l2tp_core.c 48.2 KB