• G
    l2tp: hold tunnel while looking up sessions in l2tp_netlink · 54652eb1
    Guillaume Nault 提交于
    l2tp_tunnel_find() doesn't take a reference on the returned tunnel.
    Therefore, it's unsafe to use it because the returned tunnel can go
    away on us anytime.
    
    Fix this by defining l2tp_tunnel_get(), which works like
    l2tp_tunnel_find(), but takes a reference on the returned tunnel.
    Caller then has to drop this reference using l2tp_tunnel_dec_refcount().
    
    As l2tp_tunnel_dec_refcount() needs to be moved to l2tp_core.h, let's
    simplify the patch and not move the L2TP_REFCNT_DEBUG part. This code
    has been broken (not even compiling) in May 2012 by
    commit a4ca44fa ("net: l2tp: Standardize logging styles")
    and fixed more than two years later by
    commit 29abe2fd ("l2tp: fix missing line continuation"). So it
    doesn't appear to be used by anyone.
    
    Same thing for l2tp_tunnel_free(); instead of moving it to l2tp_core.h,
    let's just simplify things and call kfree_rcu() directly in
    l2tp_tunnel_dec_refcount(). Extra assertions and debugging code
    provided by l2tp_tunnel_free() didn't help catching any of the
    reference counting and socket handling issues found while working on
    this series.
    
    Fixes: 309795f4 ("l2tp: Add netlink control API for L2TP")
    Signed-off-by: NGuillaume Nault <g.nault@alphalink.fr>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    54652eb1
l2tp_netlink.c 26.6 KB