l2tp: hold tunnel while looking up sessions in l2tp_netlink
authorGuillaume Nault <g.nault@alphalink.fr>
Fri, 25 Aug 2017 14:51:40 +0000 (16:51 +0200)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Aug 2017 18:34:58 +0000 (11:34 -0700)
commit54652eb12c1b72e9602d09cb2821d5760939190f
tree3f53546dd44567d09e5070f0dbc8917902f6882e
parent9ee369a405c57613d7c83a3967780c3e30c52ecc
l2tp: hold tunnel while looking up sessions in l2tp_netlink

l2tp_tunnel_find() doesn't take a reference on the returned tunnel.
Therefore, it's unsafe to use it because the returned tunnel can go
away on us anytime.

Fix this by defining l2tp_tunnel_get(), which works like
l2tp_tunnel_find(), but takes a reference on the returned tunnel.
Caller then has to drop this reference using l2tp_tunnel_dec_refcount().

As l2tp_tunnel_dec_refcount() needs to be moved to l2tp_core.h, let's
simplify the patch and not move the L2TP_REFCNT_DEBUG part. This code
has been broken (not even compiling) in May 2012 by
commit a4ca44fa578c ("net: l2tp: Standardize logging styles")
and fixed more than two years later by
commit 29abe2fda54f ("l2tp: fix missing line continuation"). So it
doesn't appear to be used by anyone.

Same thing for l2tp_tunnel_free(); instead of moving it to l2tp_core.h,
let's just simplify things and call kfree_rcu() directly in
l2tp_tunnel_dec_refcount(). Extra assertions and debugging code
provided by l2tp_tunnel_free() didn't help catching any of the
reference counting and socket handling issues found while working on
this series.

Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
net/l2tp/l2tp_netlink.c