[PATCH 3.16 151/204] l2tp: hold tunnel in pppol2tp_connect()
From: Ben Hutchings
Date: Thu Dec 28 2017 - 12:50:00 EST
3.16.52-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Guillaume Nault <g.nault@xxxxxxxxxxxx>
commit f9e56baf03f9d36043a78f16e3e8b2cfd211e09e upstream.
Use l2tp_tunnel_get() in pppol2tp_connect() to ensure the tunnel isn't
going to disappear while processing the rest of the function.
Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts")
Signed-off-by: Guillaume Nault <g.nault@xxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
net/l2tp/l2tp_ppp.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -603,6 +603,7 @@ static int pppol2tp_connect(struct socke
u32 tunnel_id, peer_tunnel_id;
u32 session_id, peer_session_id;
bool drop_refcnt = false;
+ bool drop_tunnel = false;
int ver = 2;
int fd;
@@ -671,7 +672,9 @@ static int pppol2tp_connect(struct socke
if (tunnel_id == 0)
goto end;
- tunnel = l2tp_tunnel_find(sock_net(sk), tunnel_id);
+ tunnel = l2tp_tunnel_get(sock_net(sk), tunnel_id);
+ if (tunnel)
+ drop_tunnel = true;
/* Special case: create tunnel context if session_id and
* peer_session_id is 0. Otherwise look up tunnel using supplied
@@ -800,6 +803,8 @@ out_no_ppp:
end:
if (drop_refcnt)
l2tp_session_dec_refcount(session);
+ if (drop_tunnel)
+ l2tp_tunnel_dec_refcount(tunnel);
release_sock(sk);
return error;