diff options
| author | Guillaume Nault <g.nault@alphalink.fr> | 2016-11-29 07:09:44 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-11-30 14:14:07 -0500 |
| commit | 0382a25af3c771a8e4d5e417d1834cbe28c2aaac (patch) | |
| tree | 91d6b49fc8dab4cb02312da66d018a72975bd408 | |
| parent | bb83d62fa83405d7c325873a317c9374f98eedef (diff) | |
l2tp: lock socket before checking flags in connect()
Socket flags aren't updated atomically, so the socket must be locked
while reading the SOCK_ZAPPED flag.
This issue exists for both l2tp_ip and l2tp_ip6. For IPv6, this patch
also brings error handling for __ip6_datagram_connect() failures.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/net/ipv6.h | 2 | ||||
| -rw-r--r-- | net/ipv6/datagram.c | 4 | ||||
| -rw-r--r-- | net/l2tp/l2tp_ip.c | 19 | ||||
| -rw-r--r-- | net/l2tp/l2tp_ip6.c | 16 |
4 files changed, 28 insertions, 13 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 8fed1cd78658..f11ca837361b 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h | |||
| @@ -970,6 +970,8 @@ int compat_ipv6_setsockopt(struct sock *sk, int level, int optname, | |||
| 970 | int compat_ipv6_getsockopt(struct sock *sk, int level, int optname, | 970 | int compat_ipv6_getsockopt(struct sock *sk, int level, int optname, |
| 971 | char __user *optval, int __user *optlen); | 971 | char __user *optval, int __user *optlen); |
| 972 | 972 | ||
| 973 | int __ip6_datagram_connect(struct sock *sk, struct sockaddr *addr, | ||
| 974 | int addr_len); | ||
| 973 | int ip6_datagram_connect(struct sock *sk, struct sockaddr *addr, int addr_len); | 975 | int ip6_datagram_connect(struct sock *sk, struct sockaddr *addr, int addr_len); |
| 974 | int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *addr, | 976 | int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *addr, |
| 975 | int addr_len); | 977 | int addr_len); |
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index 37874e2f30ed..ccf40550c475 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c | |||
| @@ -139,7 +139,8 @@ void ip6_datagram_release_cb(struct sock *sk) | |||
| 139 | } | 139 | } |
| 140 | EXPORT_SYMBOL_GPL(ip6_datagram_release_cb); | 140 | EXPORT_SYMBOL_GPL(ip6_datagram_release_cb); |
| 141 | 141 | ||
| 142 | static int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) | 142 | int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, |
| 143 | int addr_len) | ||
| 143 | { | 144 | { |
| 144 | struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; | 145 | struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr; |
| 145 | struct inet_sock *inet = inet_sk(sk); | 146 | struct inet_sock *inet = inet_sk(sk); |
| @@ -252,6 +253,7 @@ ipv4_connected: | |||
| 252 | out: | 253 | out: |
| 253 | return err; | 254 | return err; |
| 254 | } | 255 | } |
| 256 | EXPORT_SYMBOL_GPL(__ip6_datagram_connect); | ||
| 255 | 257 | ||
| 256 | int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) | 258 | int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
| 257 | { | 259 | { |
diff --git a/net/l2tp/l2tp_ip.c b/net/l2tp/l2tp_ip.c index 982f6c44ea01..1f57094d3111 100644 --- a/net/l2tp/l2tp_ip.c +++ b/net/l2tp/l2tp_ip.c | |||
| @@ -308,21 +308,24 @@ static int l2tp_ip_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len | |||
| 308 | struct sockaddr_l2tpip *lsa = (struct sockaddr_l2tpip *) uaddr; | 308 | struct sockaddr_l2tpip *lsa = (struct sockaddr_l2tpip *) uaddr; |
| 309 | int rc; | 309 | int rc; |
| 310 | 310 | ||
| 311 | if (sock_flag(sk, SOCK_ZAPPED)) /* Must bind first - autobinding does not work */ | ||
| 312 | return -EINVAL; | ||
| 313 | |||
| 314 | if (addr_len < sizeof(*lsa)) | 311 | if (addr_len < sizeof(*lsa)) |
| 315 | return -EINVAL; | 312 | return -EINVAL; |
| 316 | 313 | ||
| 317 | if (ipv4_is_multicast(lsa->l2tp_addr.s_addr)) | 314 | if (ipv4_is_multicast(lsa->l2tp_addr.s_addr)) |
| 318 | return -EINVAL; | 315 | return -EINVAL; |
| 319 | 316 | ||
| 320 | rc = ip4_datagram_connect(sk, uaddr, addr_len); | ||
| 321 | if (rc < 0) | ||
| 322 | return rc; | ||
| 323 | |||
| 324 | lock_sock(sk); | 317 | lock_sock(sk); |
| 325 | 318 | ||
| 319 | /* Must bind first - autobinding does not work */ | ||
| 320 | if (sock_flag(sk, SOCK_ZAPPED)) { | ||
| 321 | rc = -EINVAL; | ||
| 322 | goto out_sk; | ||
| 323 | } | ||
| 324 | |||
| 325 | rc = __ip4_datagram_connect(sk, uaddr, addr_len); | ||
| 326 | if (rc < 0) | ||
| 327 | goto out_sk; | ||
| 328 | |||
| 326 | l2tp_ip_sk(sk)->peer_conn_id = lsa->l2tp_conn_id; | 329 | l2tp_ip_sk(sk)->peer_conn_id = lsa->l2tp_conn_id; |
| 327 | 330 | ||
| 328 | write_lock_bh(&l2tp_ip_lock); | 331 | write_lock_bh(&l2tp_ip_lock); |
| @@ -330,7 +333,9 @@ static int l2tp_ip_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len | |||
| 330 | sk_add_bind_node(sk, &l2tp_ip_bind_table); | 333 | sk_add_bind_node(sk, &l2tp_ip_bind_table); |
| 331 | write_unlock_bh(&l2tp_ip_lock); | 334 | write_unlock_bh(&l2tp_ip_lock); |
| 332 | 335 | ||
| 336 | out_sk: | ||
| 333 | release_sock(sk); | 337 | release_sock(sk); |
| 338 | |||
| 334 | return rc; | 339 | return rc; |
| 335 | } | 340 | } |
| 336 | 341 | ||
diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c index 9978d01ba0ba..af9abfff637c 100644 --- a/net/l2tp/l2tp_ip6.c +++ b/net/l2tp/l2tp_ip6.c | |||
| @@ -371,9 +371,6 @@ static int l2tp_ip6_connect(struct sock *sk, struct sockaddr *uaddr, | |||
| 371 | int addr_type; | 371 | int addr_type; |
| 372 | int rc; | 372 | int rc; |
| 373 | 373 | ||
| 374 | if (sock_flag(sk, SOCK_ZAPPED)) /* Must bind first - autobinding does not work */ | ||
| 375 | return -EINVAL; | ||
| 376 | |||
| 377 | if (addr_len < sizeof(*lsa)) | 374 | if (addr_len < sizeof(*lsa)) |
| 378 | return -EINVAL; | 375 | return -EINVAL; |
| 379 | 376 | ||
| @@ -390,10 +387,18 @@ static int l2tp_ip6_connect(struct sock *sk, struct sockaddr *uaddr, | |||
| 390 | return -EINVAL; | 387 | return -EINVAL; |
| 391 | } | 388 | } |
| 392 | 389 | ||
| 393 | rc = ip6_datagram_connect(sk, uaddr, addr_len); | ||
| 394 | |||
| 395 | lock_sock(sk); | 390 | lock_sock(sk); |
| 396 | 391 | ||
| 392 | /* Must bind first - autobinding does not work */ | ||
| 393 | if (sock_flag(sk, SOCK_ZAPPED)) { | ||
| 394 | rc = -EINVAL; | ||
| 395 | goto out_sk; | ||
| 396 | } | ||
| 397 | |||
| 398 | rc = __ip6_datagram_connect(sk, uaddr, addr_len); | ||
| 399 | if (rc < 0) | ||
| 400 | goto out_sk; | ||
| 401 | |||
| 397 | l2tp_ip6_sk(sk)->peer_conn_id = lsa->l2tp_conn_id; | 402 | l2tp_ip6_sk(sk)->peer_conn_id = lsa->l2tp_conn_id; |
| 398 | 403 | ||
| 399 | write_lock_bh(&l2tp_ip6_lock); | 404 | write_lock_bh(&l2tp_ip6_lock); |
| @@ -401,6 +406,7 @@ static int l2tp_ip6_connect(struct sock *sk, struct sockaddr *uaddr, | |||
| 401 | sk_add_bind_node(sk, &l2tp_ip6_bind_table); | 406 | sk_add_bind_node(sk, &l2tp_ip6_bind_table); |
| 402 | write_unlock_bh(&l2tp_ip6_lock); | 407 | write_unlock_bh(&l2tp_ip6_lock); |
| 403 | 408 | ||
| 409 | out_sk: | ||
| 404 | release_sock(sk); | 410 | release_sock(sk); |
| 405 | 411 | ||
| 406 | return rc; | 412 | return rc; |