From patchwork Mon Jun 26 15:47:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 106350 Delivered-To: patch@linaro.org Received: by 10.140.101.48 with SMTP id t45csp161290qge; Mon, 26 Jun 2017 08:47:41 -0700 (PDT) X-Received: by 10.98.69.76 with SMTP id s73mr774547pfa.94.1498492061310; Mon, 26 Jun 2017 08:47:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1498492061; cv=none; d=google.com; s=arc-20160816; b=QoDI6FRewhaTcQ4xLh54K3SJvqD5MxRYk8otGGrEEIRLcoYuIBm9AW+jNiYKMeV++y u8eMPNdPoVXeHRbzFDFX0l7KFpXdzSqeCUCRwa9HD/6FfCL2VJX7QUrYJWv0NEdehjSw 3dS5ZQJieqhBL8Iuh1wrS7/o+mfBNdUkVpuQvKAm8FLCXgHXHahE3IuV4lM8jUDnmVZu UJ047UOteMP/LWtK00+RhwlOKIIBRwGMNmvPLqdY1mAvznhRtcdCNzJvzoDBWoGD8FpS oKxVlpI1uqFL9pEd8fSSqajUBANEE5uVE/58Kp0PiLmu6BaI+/DbZmb23LaMIKNyGGv8 w0ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=bh3V9Vd6MtwFPfOjfPWKBBdhYJ1FVGLBtEgzauAzeXo=; b=jJvGqDXhN8wfENCPGUL8xzQ+Ig/ijgerg7ekNy3eMA6cJxzFsUdLbWMlBvRmezA405 quOehwVC/FEmj2CmRO4nBuwc9Udy/x8dVlYUxFVmkp/sQO8G0q/ILVVhOxLujWTzBWRc pNYokAJJzXOa8+iYdoJ5NU/aCfOtFte5ZBdzek6tRXC2Eo1izWjqF5/oYS2Cwyr5o9rz Yep8Z9xfihRc5aAzdZw6dNfbgzKzuI4mhVRlzDBc7UGVP24vzGgv4b/TYjpdMGZFWuEU PWH5n2o4OIXdkr0l3NGqF6Ze1K2OlPLp67DjQViWplzkKZ/48K8WY8IzHrnCRlNp7hrp nHJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=Efkvh+LK; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 63si282868plf.50.2017.06.26.08.47.41; Mon, 26 Jun 2017 08:47:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=Efkvh+LK; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751963AbdFZPrc (ORCPT + 6 others); Mon, 26 Jun 2017 11:47:32 -0400 Received: from mail-pg0-f51.google.com ([74.125.83.51]:36473 "EHLO mail-pg0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751940AbdFZPrb (ORCPT ); Mon, 26 Jun 2017 11:47:31 -0400 Received: by mail-pg0-f51.google.com with SMTP id u62so2115866pgb.3 for ; Mon, 26 Jun 2017 08:47:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=bh3V9Vd6MtwFPfOjfPWKBBdhYJ1FVGLBtEgzauAzeXo=; b=Efkvh+LKolw0VQd/Q8VvxO40z04uQOxR7qjhBCI6HV+RL63A2HNemszaaNp1iB2Md1 jkAKFfAdcigJb8mlv357Re7gbqkFB2uMnUt4WhNMuomfenj0rSLAHSsapoSnNY8xCr0f wIInlebxVB0Uys8deQbGauXrQTs/1kRJB4wGk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=bh3V9Vd6MtwFPfOjfPWKBBdhYJ1FVGLBtEgzauAzeXo=; b=EYNaTTZUSBYyEzAruG/Jd7Rptota1IwNyHXr+rM5bq0J5OHhLH4AhEaXEUziLLZKaH nUelnx5y0KSvqfTfHwX75cOoJjZMD9U9cRplqeJ+eWFiHBm6pI8Ydl+5gVMPNBW/iJKP ie1QCRojBl7QocEZ+SgyFHHBB6pZh7zWXIIa8yJUJ00kcNTx8zTGQ9x+YsYYP6j9oe0B tDKgZv6hdgWeh3aLVMaZEBJgBBh28G6+EFVAL9uIf5FtumpKH63srEou6roDKBHk/XQh 7brshpE4/CTtvaY0eLAd+YftYGkGxWTSVBhhwR0C+xnJmb7zlqWwABtABSTmZXO9aulZ l7xQ== X-Gm-Message-State: AKS2vOxe/p2cB143ZDNHGzrIIwpYm0hNyomgNoTOarzPNlOEaVXwzmMP BVHho4O3dZEIh1D9 X-Received: by 10.84.197.3 with SMTP id m3mr882503pld.40.1498492051120; Mon, 26 Jun 2017 08:47:31 -0700 (PDT) Received: from localhost.localdomain ([106.51.139.251]) by smtp.gmail.com with ESMTPSA id s9sm829854pfe.21.2017.06.26.08.47.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 26 Jun 2017 08:47:30 -0700 (PDT) From: Amit Pundir To: Greg KH , Guillaume Nault , "David S . Miller" Cc: Stable Subject: [PATCH for-4.9 2/5] l2tp: ensure session can't get removed during pppol2tp_session_ioctl() Date: Mon, 26 Jun 2017 21:17:16 +0530 Message-Id: <1498492039-26905-3-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1498492039-26905-1-git-send-email-amit.pundir@linaro.org> References: <1498492039-26905-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Guillaume Nault commit 57377d63547861919ee634b845c7caa38de4a452 upstream. Holding a reference on session is required before calling pppol2tp_session_ioctl(). The session could get freed while processing the ioctl otherwise. Since pppol2tp_session_ioctl() uses the session's socket, we also need to take a reference on it in l2tp_session_get(). Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- net/l2tp/l2tp_ppp.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) -- 2.7.4 diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c index 1387f547a09e..c1c9a9e08d08 100644 --- a/net/l2tp/l2tp_ppp.c +++ b/net/l2tp/l2tp_ppp.c @@ -1141,11 +1141,18 @@ static int pppol2tp_tunnel_ioctl(struct l2tp_tunnel *tunnel, if (stats.session_id != 0) { /* resend to session ioctl handler */ struct l2tp_session *session = - l2tp_session_find(sock_net(sk), tunnel, stats.session_id); - if (session != NULL) - err = pppol2tp_session_ioctl(session, cmd, arg); - else + l2tp_session_get(sock_net(sk), tunnel, + stats.session_id, true); + + if (session) { + err = pppol2tp_session_ioctl(session, cmd, + arg); + if (session->deref) + session->deref(session); + l2tp_session_dec_refcount(session); + } else { err = -EBADR; + } break; } #ifdef CONFIG_XFRM