aboutsummaryrefslogtreecommitdiffstats
path: root/net/l2tp
diff options
context:
space:
mode:
Diffstat (limited to 'net/l2tp')
-rw-r--r--net/l2tp/Kconfig4
-rw-r--r--net/l2tp/l2tp_core.c425
-rw-r--r--net/l2tp/l2tp_core.h29
-rw-r--r--net/l2tp/l2tp_debugfs.c28
-rw-r--r--net/l2tp/l2tp_ip.c25
-rw-r--r--net/l2tp/l2tp_ip6.c20
-rw-r--r--net/l2tp/l2tp_netlink.c73
-rw-r--r--net/l2tp/l2tp_ppp.c123
8 files changed, 387 insertions, 340 deletions
diff --git a/net/l2tp/Kconfig b/net/l2tp/Kconfig
index 147a8fd47a17..adb9843dd7cf 100644
--- a/net/l2tp/Kconfig
+++ b/net/l2tp/Kconfig
@@ -46,8 +46,8 @@ config L2TP_DEBUGFS
46 will be called l2tp_debugfs. 46 will be called l2tp_debugfs.
47 47
48config L2TP_V3 48config L2TP_V3
49 bool "L2TPv3 support (EXPERIMENTAL)" 49 bool "L2TPv3 support"
50 depends on EXPERIMENTAL && L2TP 50 depends on L2TP
51 help 51 help
52 Layer Two Tunneling Protocol Version 3 52 Layer Two Tunneling Protocol Version 3
53 53
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index 1a9f3723c13c..8aecf5df6656 100644
--- a/net/l2tp/l2tp_core.c
+++ b/net/l2tp/l2tp_core.c
@@ -101,6 +101,7 @@ struct l2tp_skb_cb {
101 101
102static atomic_t l2tp_tunnel_count; 102static atomic_t l2tp_tunnel_count;
103static atomic_t l2tp_session_count; 103static atomic_t l2tp_session_count;
104static struct workqueue_struct *l2tp_wq;
104 105
105/* per-net private data for this module */ 106/* per-net private data for this module */
106static unsigned int l2tp_net_id; 107static unsigned int l2tp_net_id;
@@ -113,7 +114,6 @@ struct l2tp_net {
113 114
114static void l2tp_session_set_header_len(struct l2tp_session *session, int version); 115static void l2tp_session_set_header_len(struct l2tp_session *session, int version);
115static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel); 116static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel);
116static void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel);
117 117
118static inline struct l2tp_net *l2tp_pernet(struct net *net) 118static inline struct l2tp_net *l2tp_pernet(struct net *net)
119{ 119{
@@ -122,7 +122,6 @@ static inline struct l2tp_net *l2tp_pernet(struct net *net)
122 return net_generic(net, l2tp_net_id); 122 return net_generic(net, l2tp_net_id);
123} 123}
124 124
125
126/* Tunnel reference counts. Incremented per session that is added to 125/* Tunnel reference counts. Incremented per session that is added to
127 * the tunnel. 126 * the tunnel.
128 */ 127 */
@@ -168,6 +167,53 @@ l2tp_session_id_hash_2(struct l2tp_net *pn, u32 session_id)
168 167
169} 168}
170 169
170/* Lookup the tunnel socket, possibly involving the fs code if the socket is
171 * owned by userspace. A struct sock returned from this function must be
172 * released using l2tp_tunnel_sock_put once you're done with it.
173 */
174struct sock *l2tp_tunnel_sock_lookup(struct l2tp_tunnel *tunnel)
175{
176 int err = 0;
177 struct socket *sock = NULL;
178 struct sock *sk = NULL;
179
180 if (!tunnel)
181 goto out;
182
183 if (tunnel->fd >= 0) {
184 /* Socket is owned by userspace, who might be in the process
185 * of closing it. Look the socket up using the fd to ensure
186 * consistency.
187 */
188 sock = sockfd_lookup(tunnel->fd, &err);
189 if (sock)
190 sk = sock->sk;
191 } else {
192 /* Socket is owned by kernelspace */
193 sk = tunnel->sock;
194 sock_hold(sk);
195 }
196
197out:
198 return sk;
199}
200EXPORT_SYMBOL_GPL(l2tp_tunnel_sock_lookup);
201
202/* Drop a reference to a tunnel socket obtained via. l2tp_tunnel_sock_put */
203void l2tp_tunnel_sock_put(struct sock *sk)
204{
205 struct l2tp_tunnel *tunnel = l2tp_sock_to_tunnel(sk);
206 if (tunnel) {
207 if (tunnel->fd >= 0) {
208 /* Socket is owned by userspace */
209 sockfd_put(sk->sk_socket);
210 }
211 sock_put(sk);
212 }
213 sock_put(sk);
214}
215EXPORT_SYMBOL_GPL(l2tp_tunnel_sock_put);
216
171/* Lookup a session by id in the global session list 217/* Lookup a session by id in the global session list
172 */ 218 */
173static struct l2tp_session *l2tp_session_find_2(struct net *net, u32 session_id) 219static struct l2tp_session *l2tp_session_find_2(struct net *net, u32 session_id)
@@ -176,10 +222,9 @@ static struct l2tp_session *l2tp_session_find_2(struct net *net, u32 session_id)
176 struct hlist_head *session_list = 222 struct hlist_head *session_list =
177 l2tp_session_id_hash_2(pn, session_id); 223 l2tp_session_id_hash_2(pn, session_id);
178 struct l2tp_session *session; 224 struct l2tp_session *session;
179 struct hlist_node *walk;
180 225
181 rcu_read_lock_bh(); 226 rcu_read_lock_bh();
182 hlist_for_each_entry_rcu(session, walk, session_list, global_hlist) { 227 hlist_for_each_entry_rcu(session, session_list, global_hlist) {
183 if (session->session_id == session_id) { 228 if (session->session_id == session_id) {
184 rcu_read_unlock_bh(); 229 rcu_read_unlock_bh();
185 return session; 230 return session;
@@ -208,7 +253,6 @@ struct l2tp_session *l2tp_session_find(struct net *net, struct l2tp_tunnel *tunn
208{ 253{
209 struct hlist_head *session_list; 254 struct hlist_head *session_list;
210 struct l2tp_session *session; 255 struct l2tp_session *session;
211 struct hlist_node *walk;
212 256
213 /* In L2TPv3, session_ids are unique over all tunnels and we 257 /* In L2TPv3, session_ids are unique over all tunnels and we
214 * sometimes need to look them up before we know the 258 * sometimes need to look them up before we know the
@@ -219,7 +263,7 @@ struct l2tp_session *l2tp_session_find(struct net *net, struct l2tp_tunnel *tunn
219 263
220 session_list = l2tp_session_id_hash(tunnel, session_id); 264 session_list = l2tp_session_id_hash(tunnel, session_id);
221 read_lock_bh(&tunnel->hlist_lock); 265 read_lock_bh(&tunnel->hlist_lock);
222 hlist_for_each_entry(session, walk, session_list, hlist) { 266 hlist_for_each_entry(session, session_list, hlist) {
223 if (session->session_id == session_id) { 267 if (session->session_id == session_id) {
224 read_unlock_bh(&tunnel->hlist_lock); 268 read_unlock_bh(&tunnel->hlist_lock);
225 return session; 269 return session;
@@ -234,13 +278,12 @@ EXPORT_SYMBOL_GPL(l2tp_session_find);
234struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth) 278struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth)
235{ 279{
236 int hash; 280 int hash;
237 struct hlist_node *walk;
238 struct l2tp_session *session; 281 struct l2tp_session *session;
239 int count = 0; 282 int count = 0;
240 283
241 read_lock_bh(&tunnel->hlist_lock); 284 read_lock_bh(&tunnel->hlist_lock);
242 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) { 285 for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
243 hlist_for_each_entry(session, walk, &tunnel->session_hlist[hash], hlist) { 286 hlist_for_each_entry(session, &tunnel->session_hlist[hash], hlist) {
244 if (++count > nth) { 287 if (++count > nth) {
245 read_unlock_bh(&tunnel->hlist_lock); 288 read_unlock_bh(&tunnel->hlist_lock);
246 return session; 289 return session;
@@ -261,12 +304,11 @@ struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname)
261{ 304{
262 struct l2tp_net *pn = l2tp_pernet(net); 305 struct l2tp_net *pn = l2tp_pernet(net);
263 int hash; 306 int hash;
264 struct hlist_node *walk;
265 struct l2tp_session *session; 307 struct l2tp_session *session;
266 308
267 rcu_read_lock_bh(); 309 rcu_read_lock_bh();
268 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) { 310 for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++) {
269 hlist_for_each_entry_rcu(session, walk, &pn->l2tp_session_hlist[hash], global_hlist) { 311 hlist_for_each_entry_rcu(session, &pn->l2tp_session_hlist[hash], global_hlist) {
270 if (!strcmp(session->ifname, ifname)) { 312 if (!strcmp(session->ifname, ifname)) {
271 rcu_read_unlock_bh(); 313 rcu_read_unlock_bh();
272 return session; 314 return session;
@@ -332,10 +374,8 @@ static void l2tp_recv_queue_skb(struct l2tp_session *session, struct sk_buff *sk
332 struct sk_buff *skbp; 374 struct sk_buff *skbp;
333 struct sk_buff *tmp; 375 struct sk_buff *tmp;
334 u32 ns = L2TP_SKB_CB(skb)->ns; 376 u32 ns = L2TP_SKB_CB(skb)->ns;
335 struct l2tp_stats *sstats;
336 377
337 spin_lock_bh(&session->reorder_q.lock); 378 spin_lock_bh(&session->reorder_q.lock);
338 sstats = &session->stats;
339 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) { 379 skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
340 if (L2TP_SKB_CB(skbp)->ns > ns) { 380 if (L2TP_SKB_CB(skbp)->ns > ns) {
341 __skb_queue_before(&session->reorder_q, skbp, skb); 381 __skb_queue_before(&session->reorder_q, skbp, skb);
@@ -343,9 +383,7 @@ static void l2tp_recv_queue_skb(struct l2tp_session *session, struct sk_buff *sk
343 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n", 383 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
344 session->name, ns, L2TP_SKB_CB(skbp)->ns, 384 session->name, ns, L2TP_SKB_CB(skbp)->ns,
345 skb_queue_len(&session->reorder_q)); 385 skb_queue_len(&session->reorder_q));
346 u64_stats_update_begin(&sstats->syncp); 386 atomic_long_inc(&session->stats.rx_oos_packets);
347 sstats->rx_oos_packets++;
348 u64_stats_update_end(&sstats->syncp);
349 goto out; 387 goto out;
350 } 388 }
351 } 389 }
@@ -362,23 +400,16 @@ static void l2tp_recv_dequeue_skb(struct l2tp_session *session, struct sk_buff *
362{ 400{
363 struct l2tp_tunnel *tunnel = session->tunnel; 401 struct l2tp_tunnel *tunnel = session->tunnel;
364 int length = L2TP_SKB_CB(skb)->length; 402 int length = L2TP_SKB_CB(skb)->length;
365 struct l2tp_stats *tstats, *sstats;
366 403
367 /* We're about to requeue the skb, so return resources 404 /* We're about to requeue the skb, so return resources
368 * to its current owner (a socket receive buffer). 405 * to its current owner (a socket receive buffer).
369 */ 406 */
370 skb_orphan(skb); 407 skb_orphan(skb);
371 408
372 tstats = &tunnel->stats; 409 atomic_long_inc(&tunnel->stats.rx_packets);
373 u64_stats_update_begin(&tstats->syncp); 410 atomic_long_add(length, &tunnel->stats.rx_bytes);
374 sstats = &session->stats; 411 atomic_long_inc(&session->stats.rx_packets);
375 u64_stats_update_begin(&sstats->syncp); 412 atomic_long_add(length, &session->stats.rx_bytes);
376 tstats->rx_packets++;
377 tstats->rx_bytes += length;
378 sstats->rx_packets++;
379 sstats->rx_bytes += length;
380 u64_stats_update_end(&tstats->syncp);
381 u64_stats_update_end(&sstats->syncp);
382 413
383 if (L2TP_SKB_CB(skb)->has_seq) { 414 if (L2TP_SKB_CB(skb)->has_seq) {
384 /* Bump our Nr */ 415 /* Bump our Nr */
@@ -409,7 +440,6 @@ static void l2tp_recv_dequeue(struct l2tp_session *session)
409{ 440{
410 struct sk_buff *skb; 441 struct sk_buff *skb;
411 struct sk_buff *tmp; 442 struct sk_buff *tmp;
412 struct l2tp_stats *sstats;
413 443
414 /* If the pkt at the head of the queue has the nr that we 444 /* If the pkt at the head of the queue has the nr that we
415 * expect to send up next, dequeue it and any other 445 * expect to send up next, dequeue it and any other
@@ -417,13 +447,10 @@ static void l2tp_recv_dequeue(struct l2tp_session *session)
417 */ 447 */
418start: 448start:
419 spin_lock_bh(&session->reorder_q.lock); 449 spin_lock_bh(&session->reorder_q.lock);
420 sstats = &session->stats;
421 skb_queue_walk_safe(&session->reorder_q, skb, tmp) { 450 skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
422 if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) { 451 if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) {
423 u64_stats_update_begin(&sstats->syncp); 452 atomic_long_inc(&session->stats.rx_seq_discards);
424 sstats->rx_seq_discards++; 453 atomic_long_inc(&session->stats.rx_errors);
425 sstats->rx_errors++;
426 u64_stats_update_end(&sstats->syncp);
427 l2tp_dbg(session, L2TP_MSG_SEQ, 454 l2tp_dbg(session, L2TP_MSG_SEQ,
428 "%s: oos pkt %u len %d discarded (too old), waiting for %u, reorder_q_len=%d\n", 455 "%s: oos pkt %u len %d discarded (too old), waiting for %u, reorder_q_len=%d\n",
429 session->name, L2TP_SKB_CB(skb)->ns, 456 session->name, L2TP_SKB_CB(skb)->ns,
@@ -582,7 +609,6 @@ void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
582 struct l2tp_tunnel *tunnel = session->tunnel; 609 struct l2tp_tunnel *tunnel = session->tunnel;
583 int offset; 610 int offset;
584 u32 ns, nr; 611 u32 ns, nr;
585 struct l2tp_stats *sstats = &session->stats;
586 612
587 /* The ref count is increased since we now hold a pointer to 613 /* The ref count is increased since we now hold a pointer to
588 * the session. Take care to decrement the refcnt when exiting 614 * the session. Take care to decrement the refcnt when exiting
@@ -599,9 +625,7 @@ void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
599 "%s: cookie mismatch (%u/%u). Discarding.\n", 625 "%s: cookie mismatch (%u/%u). Discarding.\n",
600 tunnel->name, tunnel->tunnel_id, 626 tunnel->name, tunnel->tunnel_id,
601 session->session_id); 627 session->session_id);
602 u64_stats_update_begin(&sstats->syncp); 628 atomic_long_inc(&session->stats.rx_cookie_discards);
603 sstats->rx_cookie_discards++;
604 u64_stats_update_end(&sstats->syncp);
605 goto discard; 629 goto discard;
606 } 630 }
607 ptr += session->peer_cookie_len; 631 ptr += session->peer_cookie_len;
@@ -670,9 +694,7 @@ void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
670 l2tp_warn(session, L2TP_MSG_SEQ, 694 l2tp_warn(session, L2TP_MSG_SEQ,
671 "%s: recv data has no seq numbers when required. Discarding.\n", 695 "%s: recv data has no seq numbers when required. Discarding.\n",
672 session->name); 696 session->name);
673 u64_stats_update_begin(&sstats->syncp); 697 atomic_long_inc(&session->stats.rx_seq_discards);
674 sstats->rx_seq_discards++;
675 u64_stats_update_end(&sstats->syncp);
676 goto discard; 698 goto discard;
677 } 699 }
678 700
@@ -691,9 +713,7 @@ void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
691 l2tp_warn(session, L2TP_MSG_SEQ, 713 l2tp_warn(session, L2TP_MSG_SEQ,
692 "%s: recv data has no seq numbers when required. Discarding.\n", 714 "%s: recv data has no seq numbers when required. Discarding.\n",
693 session->name); 715 session->name);
694 u64_stats_update_begin(&sstats->syncp); 716 atomic_long_inc(&session->stats.rx_seq_discards);
695 sstats->rx_seq_discards++;
696 u64_stats_update_end(&sstats->syncp);
697 goto discard; 717 goto discard;
698 } 718 }
699 } 719 }
@@ -747,9 +767,7 @@ void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
747 * packets 767 * packets
748 */ 768 */
749 if (L2TP_SKB_CB(skb)->ns != session->nr) { 769 if (L2TP_SKB_CB(skb)->ns != session->nr) {
750 u64_stats_update_begin(&sstats->syncp); 770 atomic_long_inc(&session->stats.rx_seq_discards);
751 sstats->rx_seq_discards++;
752 u64_stats_update_end(&sstats->syncp);
753 l2tp_dbg(session, L2TP_MSG_SEQ, 771 l2tp_dbg(session, L2TP_MSG_SEQ,
754 "%s: oos pkt %u len %d discarded, waiting for %u, reorder_q_len=%d\n", 772 "%s: oos pkt %u len %d discarded, waiting for %u, reorder_q_len=%d\n",
755 session->name, L2TP_SKB_CB(skb)->ns, 773 session->name, L2TP_SKB_CB(skb)->ns,
@@ -775,9 +793,7 @@ void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb,
775 return; 793 return;
776 794
777discard: 795discard:
778 u64_stats_update_begin(&sstats->syncp); 796 atomic_long_inc(&session->stats.rx_errors);
779 sstats->rx_errors++;
780 u64_stats_update_end(&sstats->syncp);
781 kfree_skb(skb); 797 kfree_skb(skb);
782 798
783 if (session->deref) 799 if (session->deref)
@@ -787,6 +803,23 @@ discard:
787} 803}
788EXPORT_SYMBOL(l2tp_recv_common); 804EXPORT_SYMBOL(l2tp_recv_common);
789 805
806/* Drop skbs from the session's reorder_q
807 */
808int l2tp_session_queue_purge(struct l2tp_session *session)
809{
810 struct sk_buff *skb = NULL;
811 BUG_ON(!session);
812 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
813 while ((skb = skb_dequeue(&session->reorder_q))) {
814 atomic_long_inc(&session->stats.rx_errors);
815 kfree_skb(skb);
816 if (session->deref)
817 (*session->deref)(session);
818 }
819 return 0;
820}
821EXPORT_SYMBOL_GPL(l2tp_session_queue_purge);
822
790/* Internal UDP receive frame. Do the real work of receiving an L2TP data frame 823/* Internal UDP receive frame. Do the real work of receiving an L2TP data frame
791 * here. The skb is not on a list when we get here. 824 * here. The skb is not on a list when we get here.
792 * Returns 0 if the packet was a data packet and was successfully passed on. 825 * Returns 0 if the packet was a data packet and was successfully passed on.
@@ -802,7 +835,6 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb,
802 u32 tunnel_id, session_id; 835 u32 tunnel_id, session_id;
803 u16 version; 836 u16 version;
804 int length; 837 int length;
805 struct l2tp_stats *tstats;
806 838
807 if (tunnel->sock && l2tp_verify_udp_checksum(tunnel->sock, skb)) 839 if (tunnel->sock && l2tp_verify_udp_checksum(tunnel->sock, skb))
808 goto discard_bad_csum; 840 goto discard_bad_csum;
@@ -891,10 +923,7 @@ static int l2tp_udp_recv_core(struct l2tp_tunnel *tunnel, struct sk_buff *skb,
891discard_bad_csum: 923discard_bad_csum:
892 LIMIT_NETDEBUG("%s: UDP: bad checksum\n", tunnel->name); 924 LIMIT_NETDEBUG("%s: UDP: bad checksum\n", tunnel->name);
893 UDP_INC_STATS_USER(tunnel->l2tp_net, UDP_MIB_INERRORS, 0); 925 UDP_INC_STATS_USER(tunnel->l2tp_net, UDP_MIB_INERRORS, 0);
894 tstats = &tunnel->stats; 926 atomic_long_inc(&tunnel->stats.rx_errors);
895 u64_stats_update_begin(&tstats->syncp);
896 tstats->rx_errors++;
897 u64_stats_update_end(&tstats->syncp);
898 kfree_skb(skb); 927 kfree_skb(skb);
899 928
900 return 0; 929 return 0;
@@ -1021,7 +1050,6 @@ static int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb,
1021 struct l2tp_tunnel *tunnel = session->tunnel; 1050 struct l2tp_tunnel *tunnel = session->tunnel;
1022 unsigned int len = skb->len; 1051 unsigned int len = skb->len;
1023 int error; 1052 int error;
1024 struct l2tp_stats *tstats, *sstats;
1025 1053
1026 /* Debug */ 1054 /* Debug */
1027 if (session->send_seq) 1055 if (session->send_seq)
@@ -1050,21 +1078,15 @@ static int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb,
1050 error = ip_queue_xmit(skb, fl); 1078 error = ip_queue_xmit(skb, fl);
1051 1079
1052 /* Update stats */ 1080 /* Update stats */
1053 tstats = &tunnel->stats;
1054 u64_stats_update_begin(&tstats->syncp);
1055 sstats = &session->stats;
1056 u64_stats_update_begin(&sstats->syncp);
1057 if (error >= 0) { 1081 if (error >= 0) {
1058 tstats->tx_packets++; 1082 atomic_long_inc(&tunnel->stats.tx_packets);
1059 tstats->tx_bytes += len; 1083 atomic_long_add(len, &tunnel->stats.tx_bytes);
1060 sstats->tx_packets++; 1084 atomic_long_inc(&session->stats.tx_packets);
1061 sstats->tx_bytes += len; 1085 atomic_long_add(len, &session->stats.tx_bytes);
1062 } else { 1086 } else {
1063 tstats->tx_errors++; 1087 atomic_long_inc(&tunnel->stats.tx_errors);
1064 sstats->tx_errors++; 1088 atomic_long_inc(&session->stats.tx_errors);
1065 } 1089 }
1066 u64_stats_update_end(&tstats->syncp);
1067 u64_stats_update_end(&sstats->syncp);
1068 1090
1069 return 0; 1091 return 0;
1070} 1092}
@@ -1123,8 +1145,6 @@ int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len
1123 struct udphdr *uh; 1145 struct udphdr *uh;
1124 struct inet_sock *inet; 1146 struct inet_sock *inet;
1125 __wsum csum; 1147 __wsum csum;
1126 int old_headroom;
1127 int new_headroom;
1128 int headroom; 1148 int headroom;
1129 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0; 1149 int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1130 int udp_len; 1150 int udp_len;
@@ -1136,16 +1156,12 @@ int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len
1136 */ 1156 */
1137 headroom = NET_SKB_PAD + sizeof(struct iphdr) + 1157 headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1138 uhlen + hdr_len; 1158 uhlen + hdr_len;
1139 old_headroom = skb_headroom(skb);
1140 if (skb_cow_head(skb, headroom)) { 1159 if (skb_cow_head(skb, headroom)) {
1141 kfree_skb(skb); 1160 kfree_skb(skb);
1142 return NET_XMIT_DROP; 1161 return NET_XMIT_DROP;
1143 } 1162 }
1144 1163
1145 new_headroom = skb_headroom(skb);
1146 skb_orphan(skb); 1164 skb_orphan(skb);
1147 skb->truesize += new_headroom - old_headroom;
1148
1149 /* Setup L2TP header */ 1165 /* Setup L2TP header */
1150 session->build_header(session, __skb_push(skb, hdr_len)); 1166 session->build_header(session, __skb_push(skb, hdr_len));
1151 1167
@@ -1232,6 +1248,7 @@ EXPORT_SYMBOL_GPL(l2tp_xmit_skb);
1232static void l2tp_tunnel_destruct(struct sock *sk) 1248static void l2tp_tunnel_destruct(struct sock *sk)
1233{ 1249{
1234 struct l2tp_tunnel *tunnel; 1250 struct l2tp_tunnel *tunnel;
1251 struct l2tp_net *pn;
1235 1252
1236 tunnel = sk->sk_user_data; 1253 tunnel = sk->sk_user_data;
1237 if (tunnel == NULL) 1254 if (tunnel == NULL)
@@ -1239,38 +1256,44 @@ static void l2tp_tunnel_destruct(struct sock *sk)
1239 1256
1240 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing...\n", tunnel->name); 1257 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing...\n", tunnel->name);
1241 1258
1242 /* Close all sessions */
1243 l2tp_tunnel_closeall(tunnel);
1244 1259
1260 /* Disable udp encapsulation */
1245 switch (tunnel->encap) { 1261 switch (tunnel->encap) {
1246 case L2TP_ENCAPTYPE_UDP: 1262 case L2TP_ENCAPTYPE_UDP:
1247 /* No longer an encapsulation socket. See net/ipv4/udp.c */ 1263 /* No longer an encapsulation socket. See net/ipv4/udp.c */
1248 (udp_sk(sk))->encap_type = 0; 1264 (udp_sk(sk))->encap_type = 0;
1249 (udp_sk(sk))->encap_rcv = NULL; 1265 (udp_sk(sk))->encap_rcv = NULL;
1266 (udp_sk(sk))->encap_destroy = NULL;
1250 break; 1267 break;
1251 case L2TP_ENCAPTYPE_IP: 1268 case L2TP_ENCAPTYPE_IP:
1252 break; 1269 break;
1253 } 1270 }
1254 1271
1255 /* Remove hooks into tunnel socket */ 1272 /* Remove hooks into tunnel socket */
1256 tunnel->sock = NULL;
1257 sk->sk_destruct = tunnel->old_sk_destruct; 1273 sk->sk_destruct = tunnel->old_sk_destruct;
1258 sk->sk_user_data = NULL; 1274 sk->sk_user_data = NULL;
1275 tunnel->sock = NULL;
1259 1276
1260 /* Call the original destructor */ 1277 /* Remove the tunnel struct from the tunnel list */
1261 if (sk->sk_destruct) 1278 pn = l2tp_pernet(tunnel->l2tp_net);
1262 (*sk->sk_destruct)(sk); 1279 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1280 list_del_rcu(&tunnel->list);
1281 spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1282 atomic_dec(&l2tp_tunnel_count);
1263 1283
1264 /* We're finished with the socket */ 1284 l2tp_tunnel_closeall(tunnel);
1265 l2tp_tunnel_dec_refcount(tunnel); 1285 l2tp_tunnel_dec_refcount(tunnel);
1266 1286
1287 /* Call the original destructor */
1288 if (sk->sk_destruct)
1289 (*sk->sk_destruct)(sk);
1267end: 1290end:
1268 return; 1291 return;
1269} 1292}
1270 1293
1271/* When the tunnel is closed, all the attached sessions need to go too. 1294/* When the tunnel is closed, all the attached sessions need to go too.
1272 */ 1295 */
1273static void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel) 1296void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel)
1274{ 1297{
1275 int hash; 1298 int hash;
1276 struct hlist_node *walk; 1299 struct hlist_node *walk;
@@ -1293,25 +1316,13 @@ again:
1293 1316
1294 hlist_del_init(&session->hlist); 1317 hlist_del_init(&session->hlist);
1295 1318
1296 /* Since we should hold the sock lock while
1297 * doing any unbinding, we need to release the
1298 * lock we're holding before taking that lock.
1299 * Hold a reference to the sock so it doesn't
1300 * disappear as we're jumping between locks.
1301 */
1302 if (session->ref != NULL) 1319 if (session->ref != NULL)
1303 (*session->ref)(session); 1320 (*session->ref)(session);
1304 1321
1305 write_unlock_bh(&tunnel->hlist_lock); 1322 write_unlock_bh(&tunnel->hlist_lock);
1306 1323
1307 if (tunnel->version != L2TP_HDR_VER_2) { 1324 __l2tp_session_unhash(session);
1308 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net); 1325 l2tp_session_queue_purge(session);
1309
1310 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1311 hlist_del_init_rcu(&session->global_hlist);
1312 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1313 synchronize_rcu();
1314 }
1315 1326
1316 if (session->session_close != NULL) 1327 if (session->session_close != NULL)
1317 (*session->session_close)(session); 1328 (*session->session_close)(session);
@@ -1319,6 +1330,8 @@ again:
1319 if (session->deref != NULL) 1330 if (session->deref != NULL)
1320 (*session->deref)(session); 1331 (*session->deref)(session);
1321 1332
1333 l2tp_session_dec_refcount(session);
1334
1322 write_lock_bh(&tunnel->hlist_lock); 1335 write_lock_bh(&tunnel->hlist_lock);
1323 1336
1324 /* Now restart from the beginning of this hash 1337 /* Now restart from the beginning of this hash
@@ -1331,54 +1344,96 @@ again:
1331 } 1344 }
1332 write_unlock_bh(&tunnel->hlist_lock); 1345 write_unlock_bh(&tunnel->hlist_lock);
1333} 1346}
1347EXPORT_SYMBOL_GPL(l2tp_tunnel_closeall);
1348
1349/* Tunnel socket destroy hook for UDP encapsulation */
1350static void l2tp_udp_encap_destroy(struct sock *sk)
1351{
1352 struct l2tp_tunnel *tunnel = l2tp_sock_to_tunnel(sk);
1353 if (tunnel) {
1354 l2tp_tunnel_closeall(tunnel);
1355 sock_put(sk);
1356 }
1357}
1334 1358
1335/* Really kill the tunnel. 1359/* Really kill the tunnel.
1336 * Come here only when all sessions have been cleared from the tunnel. 1360 * Come here only when all sessions have been cleared from the tunnel.
1337 */ 1361 */
1338static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel) 1362static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel)
1339{ 1363{
1340 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1341
1342 BUG_ON(atomic_read(&tunnel->ref_count) != 0); 1364 BUG_ON(atomic_read(&tunnel->ref_count) != 0);
1343 BUG_ON(tunnel->sock != NULL); 1365 BUG_ON(tunnel->sock != NULL);
1344
1345 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: free...\n", tunnel->name); 1366 l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: free...\n", tunnel->name);
1346
1347 /* Remove from tunnel list */
1348 spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1349 list_del_rcu(&tunnel->list);
1350 kfree_rcu(tunnel, rcu); 1367 kfree_rcu(tunnel, rcu);
1351 spin_unlock_bh(&pn->l2tp_tunnel_list_lock); 1368}
1352 1369
1353 atomic_dec(&l2tp_tunnel_count); 1370/* Workqueue tunnel deletion function */
1371static void l2tp_tunnel_del_work(struct work_struct *work)
1372{
1373 struct l2tp_tunnel *tunnel = NULL;
1374 struct socket *sock = NULL;
1375 struct sock *sk = NULL;
1376
1377 tunnel = container_of(work, struct l2tp_tunnel, del_work);
1378 sk = l2tp_tunnel_sock_lookup(tunnel);
1379 if (!sk)
1380 return;
1381
1382 sock = sk->sk_socket;
1383
1384 /* If the tunnel socket was created by userspace, then go through the
1385 * inet layer to shut the socket down, and let userspace close it.
1386 * Otherwise, if we created the socket directly within the kernel, use
1387 * the sk API to release it here.
1388 * In either case the tunnel resources are freed in the socket
1389 * destructor when the tunnel socket goes away.
1390 */
1391 if (tunnel->fd >= 0) {
1392 if (sock)
1393 inet_shutdown(sock, 2);
1394 } else {
1395 if (sock)
1396 kernel_sock_shutdown(sock, SHUT_RDWR);
1397 sk_release_kernel(sk);
1398 }
1399
1400 l2tp_tunnel_sock_put(sk);
1354} 1401}
1355 1402
1356/* Create a socket for the tunnel, if one isn't set up by 1403/* Create a socket for the tunnel, if one isn't set up by
1357 * userspace. This is used for static tunnels where there is no 1404 * userspace. This is used for static tunnels where there is no
1358 * managing L2TP daemon. 1405 * managing L2TP daemon.
1406 *
1407 * Since we don't want these sockets to keep a namespace alive by
1408 * themselves, we drop the socket's namespace refcount after creation.
1409 * These sockets are freed when the namespace exits using the pernet
1410 * exit hook.
1359 */ 1411 */
1360static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct socket **sockp) 1412static int l2tp_tunnel_sock_create(struct net *net,
1413 u32 tunnel_id,
1414 u32 peer_tunnel_id,
1415 struct l2tp_tunnel_cfg *cfg,
1416 struct socket **sockp)
1361{ 1417{
1362 int err = -EINVAL; 1418 int err = -EINVAL;
1363 struct sockaddr_in udp_addr; 1419 struct socket *sock = NULL;
1420 struct sockaddr_in udp_addr = {0};
1421 struct sockaddr_l2tpip ip_addr = {0};
1364#if IS_ENABLED(CONFIG_IPV6) 1422#if IS_ENABLED(CONFIG_IPV6)
1365 struct sockaddr_in6 udp6_addr; 1423 struct sockaddr_in6 udp6_addr = {0};
1366 struct sockaddr_l2tpip6 ip6_addr; 1424 struct sockaddr_l2tpip6 ip6_addr = {0};
1367#endif 1425#endif
1368 struct sockaddr_l2tpip ip_addr;
1369 struct socket *sock = NULL;
1370 1426
1371 switch (cfg->encap) { 1427 switch (cfg->encap) {
1372 case L2TP_ENCAPTYPE_UDP: 1428 case L2TP_ENCAPTYPE_UDP:
1373#if IS_ENABLED(CONFIG_IPV6) 1429#if IS_ENABLED(CONFIG_IPV6)
1374 if (cfg->local_ip6 && cfg->peer_ip6) { 1430 if (cfg->local_ip6 && cfg->peer_ip6) {
1375 err = sock_create(AF_INET6, SOCK_DGRAM, 0, sockp); 1431 err = sock_create_kern(AF_INET6, SOCK_DGRAM, 0, &sock);
1376 if (err < 0) 1432 if (err < 0)
1377 goto out; 1433 goto out;
1378 1434
1379 sock = *sockp; 1435 sk_change_net(sock->sk, net);
1380 1436
1381 memset(&udp6_addr, 0, sizeof(udp6_addr));
1382 udp6_addr.sin6_family = AF_INET6; 1437 udp6_addr.sin6_family = AF_INET6;
1383 memcpy(&udp6_addr.sin6_addr, cfg->local_ip6, 1438 memcpy(&udp6_addr.sin6_addr, cfg->local_ip6,
1384 sizeof(udp6_addr.sin6_addr)); 1439 sizeof(udp6_addr.sin6_addr));
@@ -1400,13 +1455,12 @@ static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2t
1400 } else 1455 } else
1401#endif 1456#endif
1402 { 1457 {
1403 err = sock_create(AF_INET, SOCK_DGRAM, 0, sockp); 1458 err = sock_create_kern(AF_INET, SOCK_DGRAM, 0, &sock);
1404 if (err < 0) 1459 if (err < 0)
1405 goto out; 1460 goto out;
1406 1461
1407 sock = *sockp; 1462 sk_change_net(sock->sk, net);
1408 1463
1409 memset(&udp_addr, 0, sizeof(udp_addr));
1410 udp_addr.sin_family = AF_INET; 1464 udp_addr.sin_family = AF_INET;
1411 udp_addr.sin_addr = cfg->local_ip; 1465 udp_addr.sin_addr = cfg->local_ip;
1412 udp_addr.sin_port = htons(cfg->local_udp_port); 1466 udp_addr.sin_port = htons(cfg->local_udp_port);
@@ -1433,14 +1487,13 @@ static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2t
1433 case L2TP_ENCAPTYPE_IP: 1487 case L2TP_ENCAPTYPE_IP:
1434#if IS_ENABLED(CONFIG_IPV6) 1488#if IS_ENABLED(CONFIG_IPV6)
1435 if (cfg->local_ip6 && cfg->peer_ip6) { 1489 if (cfg->local_ip6 && cfg->peer_ip6) {
1436 err = sock_create(AF_INET6, SOCK_DGRAM, IPPROTO_L2TP, 1490 err = sock_create_kern(AF_INET6, SOCK_DGRAM,
1437 sockp); 1491 IPPROTO_L2TP, &sock);
1438 if (err < 0) 1492 if (err < 0)
1439 goto out; 1493 goto out;
1440 1494
1441 sock = *sockp; 1495 sk_change_net(sock->sk, net);
1442 1496
1443 memset(&ip6_addr, 0, sizeof(ip6_addr));
1444 ip6_addr.l2tp_family = AF_INET6; 1497 ip6_addr.l2tp_family = AF_INET6;
1445 memcpy(&ip6_addr.l2tp_addr, cfg->local_ip6, 1498 memcpy(&ip6_addr.l2tp_addr, cfg->local_ip6,
1446 sizeof(ip6_addr.l2tp_addr)); 1499 sizeof(ip6_addr.l2tp_addr));
@@ -1462,14 +1515,13 @@ static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2t
1462 } else 1515 } else
1463#endif 1516#endif
1464 { 1517 {
1465 err = sock_create(AF_INET, SOCK_DGRAM, IPPROTO_L2TP, 1518 err = sock_create_kern(AF_INET, SOCK_DGRAM,
1466 sockp); 1519 IPPROTO_L2TP, &sock);
1467 if (err < 0) 1520 if (err < 0)
1468 goto out; 1521 goto out;
1469 1522
1470 sock = *sockp; 1523 sk_change_net(sock->sk, net);
1471 1524
1472 memset(&ip_addr, 0, sizeof(ip_addr));
1473 ip_addr.l2tp_family = AF_INET; 1525 ip_addr.l2tp_family = AF_INET;
1474 ip_addr.l2tp_addr = cfg->local_ip; 1526 ip_addr.l2tp_addr = cfg->local_ip;
1475 ip_addr.l2tp_conn_id = tunnel_id; 1527 ip_addr.l2tp_conn_id = tunnel_id;
@@ -1493,8 +1545,10 @@ static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2t
1493 } 1545 }
1494 1546
1495out: 1547out:
1548 *sockp = sock;
1496 if ((err < 0) && sock) { 1549 if ((err < 0) && sock) {
1497 sock_release(sock); 1550 kernel_sock_shutdown(sock, SHUT_RDWR);
1551 sk_release_kernel(sock->sk);
1498 *sockp = NULL; 1552 *sockp = NULL;
1499 } 1553 }
1500 1554
@@ -1517,15 +1571,23 @@ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32
1517 * kernel socket. 1571 * kernel socket.
1518 */ 1572 */
1519 if (fd < 0) { 1573 if (fd < 0) {
1520 err = l2tp_tunnel_sock_create(tunnel_id, peer_tunnel_id, cfg, &sock); 1574 err = l2tp_tunnel_sock_create(net, tunnel_id, peer_tunnel_id,
1575 cfg, &sock);
1521 if (err < 0) 1576 if (err < 0)
1522 goto err; 1577 goto err;
1523 } else { 1578 } else {
1524 err = -EBADF;
1525 sock = sockfd_lookup(fd, &err); 1579 sock = sockfd_lookup(fd, &err);
1526 if (!sock) { 1580 if (!sock) {
1527 pr_err("tunl %hu: sockfd_lookup(fd=%d) returned %d\n", 1581 pr_err("tunl %u: sockfd_lookup(fd=%d) returned %d\n",
1528 tunnel_id, fd, err); 1582 tunnel_id, fd, err);
1583 err = -EBADF;
1584 goto err;
1585 }
1586
1587 /* Reject namespace mismatches */
1588 if (!net_eq(sock_net(sock->sk), net)) {
1589 pr_err("tunl %u: netns mismatch\n", tunnel_id);
1590 err = -EINVAL;
1529 goto err; 1591 goto err;
1530 } 1592 }
1531 } 1593 }
@@ -1591,6 +1653,7 @@ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32
1591 /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */ 1653 /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1592 udp_sk(sk)->encap_type = UDP_ENCAP_L2TPINUDP; 1654 udp_sk(sk)->encap_type = UDP_ENCAP_L2TPINUDP;
1593 udp_sk(sk)->encap_rcv = l2tp_udp_encap_recv; 1655 udp_sk(sk)->encap_rcv = l2tp_udp_encap_recv;
1656 udp_sk(sk)->encap_destroy = l2tp_udp_encap_destroy;
1594#if IS_ENABLED(CONFIG_IPV6) 1657#if IS_ENABLED(CONFIG_IPV6)
1595 if (sk->sk_family == PF_INET6) 1658 if (sk->sk_family == PF_INET6)
1596 udpv6_encap_enable(); 1659 udpv6_encap_enable();
@@ -1607,10 +1670,14 @@ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32
1607 tunnel->old_sk_destruct = sk->sk_destruct; 1670 tunnel->old_sk_destruct = sk->sk_destruct;
1608 sk->sk_destruct = &l2tp_tunnel_destruct; 1671 sk->sk_destruct = &l2tp_tunnel_destruct;
1609 tunnel->sock = sk; 1672 tunnel->sock = sk;
1673 tunnel->fd = fd;
1610 lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class, "l2tp_sock"); 1674 lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class, "l2tp_sock");
1611 1675
1612 sk->sk_allocation = GFP_ATOMIC; 1676 sk->sk_allocation = GFP_ATOMIC;
1613 1677
1678 /* Init delete workqueue struct */
1679 INIT_WORK(&tunnel->del_work, l2tp_tunnel_del_work);
1680
1614 /* Add tunnel to our list */ 1681 /* Add tunnel to our list */
1615 INIT_LIST_HEAD(&tunnel->list); 1682 INIT_LIST_HEAD(&tunnel->list);
1616 atomic_inc(&l2tp_tunnel_count); 1683 atomic_inc(&l2tp_tunnel_count);
@@ -1642,25 +1709,8 @@ EXPORT_SYMBOL_GPL(l2tp_tunnel_create);
1642 */ 1709 */
1643int l2tp_tunnel_delete(struct l2tp_tunnel *tunnel) 1710int l2tp_tunnel_delete(struct l2tp_tunnel *tunnel)
1644{ 1711{
1645 int err = 0; 1712 l2tp_tunnel_closeall(tunnel);
1646 struct socket *sock = tunnel->sock ? tunnel->sock->sk_socket : NULL; 1713 return (false == queue_work(l2tp_wq, &tunnel->del_work));
1647
1648 /* Force the tunnel socket to close. This will eventually
1649 * cause the tunnel to be deleted via the normal socket close
1650 * mechanisms when userspace closes the tunnel socket.
1651 */
1652 if (sock != NULL) {
1653 err = inet_shutdown(sock, 2);
1654
1655 /* If the tunnel's socket was created by the kernel,
1656 * close the socket here since the socket was not
1657 * created by userspace.
1658 */
1659 if (sock->file == NULL)
1660 err = inet_release(sock);
1661 }
1662
1663 return err;
1664} 1714}
1665EXPORT_SYMBOL_GPL(l2tp_tunnel_delete); 1715EXPORT_SYMBOL_GPL(l2tp_tunnel_delete);
1666 1716
@@ -1668,62 +1718,71 @@ EXPORT_SYMBOL_GPL(l2tp_tunnel_delete);
1668 */ 1718 */
1669void l2tp_session_free(struct l2tp_session *session) 1719void l2tp_session_free(struct l2tp_session *session)
1670{ 1720{
1671 struct l2tp_tunnel *tunnel; 1721 struct l2tp_tunnel *tunnel = session->tunnel;
1672 1722
1673 BUG_ON(atomic_read(&session->ref_count) != 0); 1723 BUG_ON(atomic_read(&session->ref_count) != 0);
1674 1724
1675 tunnel = session->tunnel; 1725 if (tunnel) {
1676 if (tunnel != NULL) {
1677 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC); 1726 BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1727 if (session->session_id != 0)
1728 atomic_dec(&l2tp_session_count);
1729 sock_put(tunnel->sock);
1730 session->tunnel = NULL;
1731 l2tp_tunnel_dec_refcount(tunnel);
1732 }
1733
1734 kfree(session);
1735
1736 return;
1737}
1738EXPORT_SYMBOL_GPL(l2tp_session_free);
1739
1740/* Remove an l2tp session from l2tp_core's hash lists.
1741 * Provides a tidyup interface for pseudowire code which can't just route all
1742 * shutdown via. l2tp_session_delete and a pseudowire-specific session_close
1743 * callback.
1744 */
1745void __l2tp_session_unhash(struct l2tp_session *session)
1746{
1747 struct l2tp_tunnel *tunnel = session->tunnel;
1678 1748
1679 /* Delete the session from the hash */ 1749 /* Remove the session from core hashes */
1750 if (tunnel) {
1751 /* Remove from the per-tunnel hash */
1680 write_lock_bh(&tunnel->hlist_lock); 1752 write_lock_bh(&tunnel->hlist_lock);
1681 hlist_del_init(&session->hlist); 1753 hlist_del_init(&session->hlist);
1682 write_unlock_bh(&tunnel->hlist_lock); 1754 write_unlock_bh(&tunnel->hlist_lock);
1683 1755
1684 /* Unlink from the global hash if not L2TPv2 */ 1756 /* For L2TPv3 we have a per-net hash: remove from there, too */
1685 if (tunnel->version != L2TP_HDR_VER_2) { 1757 if (tunnel->version != L2TP_HDR_VER_2) {
1686 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net); 1758 struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1687
1688 spin_lock_bh(&pn->l2tp_session_hlist_lock); 1759 spin_lock_bh(&pn->l2tp_session_hlist_lock);
1689 hlist_del_init_rcu(&session->global_hlist); 1760 hlist_del_init_rcu(&session->global_hlist);
1690 spin_unlock_bh(&pn->l2tp_session_hlist_lock); 1761 spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1691 synchronize_rcu(); 1762 synchronize_rcu();
1692 } 1763 }
1693
1694 if (session->session_id != 0)
1695 atomic_dec(&l2tp_session_count);
1696
1697 sock_put(tunnel->sock);
1698
1699 /* This will delete the tunnel context if this
1700 * is the last session on the tunnel.
1701 */
1702 session->tunnel = NULL;
1703 l2tp_tunnel_dec_refcount(tunnel);
1704 } 1764 }
1705
1706 kfree(session);
1707
1708 return;
1709} 1765}
1710EXPORT_SYMBOL_GPL(l2tp_session_free); 1766EXPORT_SYMBOL_GPL(__l2tp_session_unhash);
1711 1767
1712/* This function is used by the netlink SESSION_DELETE command and by 1768/* This function is used by the netlink SESSION_DELETE command and by
1713 pseudowire modules. 1769 pseudowire modules.
1714 */ 1770 */
1715int l2tp_session_delete(struct l2tp_session *session) 1771int l2tp_session_delete(struct l2tp_session *session)
1716{ 1772{
1773 if (session->ref)
1774 (*session->ref)(session);
1775 __l2tp_session_unhash(session);
1776 l2tp_session_queue_purge(session);
1717 if (session->session_close != NULL) 1777 if (session->session_close != NULL)
1718 (*session->session_close)(session); 1778 (*session->session_close)(session);
1719 1779 if (session->deref)
1780 (*session->ref)(session);
1720 l2tp_session_dec_refcount(session); 1781 l2tp_session_dec_refcount(session);
1721
1722 return 0; 1782 return 0;
1723} 1783}
1724EXPORT_SYMBOL_GPL(l2tp_session_delete); 1784EXPORT_SYMBOL_GPL(l2tp_session_delete);
1725 1785
1726
1727/* We come here whenever a session's send_seq, cookie_len or 1786/* We come here whenever a session's send_seq, cookie_len or
1728 * l2specific_len parameters are set. 1787 * l2specific_len parameters are set.
1729 */ 1788 */
@@ -1844,8 +1903,21 @@ static __net_init int l2tp_init_net(struct net *net)
1844 return 0; 1903 return 0;
1845} 1904}
1846 1905
1906static __net_exit void l2tp_exit_net(struct net *net)
1907{
1908 struct l2tp_net *pn = l2tp_pernet(net);
1909 struct l2tp_tunnel *tunnel = NULL;
1910
1911 rcu_read_lock_bh();
1912 list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
1913 (void)l2tp_tunnel_delete(tunnel);
1914 }
1915 rcu_read_unlock_bh();
1916}
1917
1847static struct pernet_operations l2tp_net_ops = { 1918static struct pernet_operations l2tp_net_ops = {
1848 .init = l2tp_init_net, 1919 .init = l2tp_init_net,
1920 .exit = l2tp_exit_net,
1849 .id = &l2tp_net_id, 1921 .id = &l2tp_net_id,
1850 .size = sizeof(struct l2tp_net), 1922 .size = sizeof(struct l2tp_net),
1851}; 1923};
@@ -1858,6 +1930,13 @@ static int __init l2tp_init(void)
1858 if (rc) 1930 if (rc)
1859 goto out; 1931 goto out;
1860 1932
1933 l2tp_wq = alloc_workqueue("l2tp", WQ_NON_REENTRANT | WQ_UNBOUND, 0);
1934 if (!l2tp_wq) {
1935 pr_err("alloc_workqueue failed\n");
1936 rc = -ENOMEM;
1937 goto out;
1938 }
1939
1861 pr_info("L2TP core driver, %s\n", L2TP_DRV_VERSION); 1940 pr_info("L2TP core driver, %s\n", L2TP_DRV_VERSION);
1862 1941
1863out: 1942out:
@@ -1867,6 +1946,10 @@ out:
1867static void __exit l2tp_exit(void) 1946static void __exit l2tp_exit(void)
1868{ 1947{
1869 unregister_pernet_device(&l2tp_net_ops); 1948 unregister_pernet_device(&l2tp_net_ops);
1949 if (l2tp_wq) {
1950 destroy_workqueue(l2tp_wq);
1951 l2tp_wq = NULL;
1952 }
1870} 1953}
1871 1954
1872module_init(l2tp_init); 1955module_init(l2tp_init);
diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h
index 56d583e083a7..485a490fd990 100644
--- a/net/l2tp/l2tp_core.h
+++ b/net/l2tp/l2tp_core.h
@@ -36,16 +36,15 @@ enum {
36struct sk_buff; 36struct sk_buff;
37 37
38struct l2tp_stats { 38struct l2tp_stats {
39 u64 tx_packets; 39 atomic_long_t tx_packets;
40 u64 tx_bytes; 40 atomic_long_t tx_bytes;
41 u64 tx_errors; 41 atomic_long_t tx_errors;
42 u64 rx_packets; 42 atomic_long_t rx_packets;
43 u64 rx_bytes; 43 atomic_long_t rx_bytes;
44 u64 rx_seq_discards; 44 atomic_long_t rx_seq_discards;
45 u64 rx_oos_packets; 45 atomic_long_t rx_oos_packets;
46 u64 rx_errors; 46 atomic_long_t rx_errors;
47 u64 rx_cookie_discards; 47 atomic_long_t rx_cookie_discards;
48 struct u64_stats_sync syncp;
49}; 48};
50 49
51struct l2tp_tunnel; 50struct l2tp_tunnel;
@@ -188,7 +187,10 @@ struct l2tp_tunnel {
188 int (*recv_payload_hook)(struct sk_buff *skb); 187 int (*recv_payload_hook)(struct sk_buff *skb);
189 void (*old_sk_destruct)(struct sock *); 188 void (*old_sk_destruct)(struct sock *);
190 struct sock *sock; /* Parent socket */ 189 struct sock *sock; /* Parent socket */
191 int fd; 190 int fd; /* Parent fd, if tunnel socket
191 * was created by userspace */
192
193 struct work_struct del_work;
192 194
193 uint8_t priv[0]; /* private data */ 195 uint8_t priv[0]; /* private data */
194}; 196};
@@ -228,6 +230,8 @@ out:
228 return tunnel; 230 return tunnel;
229} 231}
230 232
233extern struct sock *l2tp_tunnel_sock_lookup(struct l2tp_tunnel *tunnel);
234extern void l2tp_tunnel_sock_put(struct sock *sk);
231extern struct l2tp_session *l2tp_session_find(struct net *net, struct l2tp_tunnel *tunnel, u32 session_id); 235extern struct l2tp_session *l2tp_session_find(struct net *net, struct l2tp_tunnel *tunnel, u32 session_id);
232extern struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth); 236extern struct l2tp_session *l2tp_session_find_nth(struct l2tp_tunnel *tunnel, int nth);
233extern struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname); 237extern struct l2tp_session *l2tp_session_find_by_ifname(struct net *net, char *ifname);
@@ -235,11 +239,14 @@ extern struct l2tp_tunnel *l2tp_tunnel_find(struct net *net, u32 tunnel_id);
235extern struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth); 239extern struct l2tp_tunnel *l2tp_tunnel_find_nth(struct net *net, int nth);
236 240
237extern int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp); 241extern int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp);
242extern void l2tp_tunnel_closeall(struct l2tp_tunnel *tunnel);
238extern int l2tp_tunnel_delete(struct l2tp_tunnel *tunnel); 243extern int l2tp_tunnel_delete(struct l2tp_tunnel *tunnel);
239extern struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg); 244extern struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg);
245extern void __l2tp_session_unhash(struct l2tp_session *session);
240extern int l2tp_session_delete(struct l2tp_session *session); 246extern int l2tp_session_delete(struct l2tp_session *session);
241extern void l2tp_session_free(struct l2tp_session *session); 247extern void l2tp_session_free(struct l2tp_session *session);
242extern void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb, unsigned char *ptr, unsigned char *optr, u16 hdrflags, int length, int (*payload_hook)(struct sk_buff *skb)); 248extern void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb, unsigned char *ptr, unsigned char *optr, u16 hdrflags, int length, int (*payload_hook)(struct sk_buff *skb));
249extern int l2tp_session_queue_purge(struct l2tp_session *session);
243extern int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb); 250extern int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb);
244 251
245extern int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len); 252extern int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len);
diff --git a/net/l2tp/l2tp_debugfs.c b/net/l2tp/l2tp_debugfs.c
index c3813bc84552..072d7202e182 100644
--- a/net/l2tp/l2tp_debugfs.c
+++ b/net/l2tp/l2tp_debugfs.c
@@ -146,14 +146,14 @@ static void l2tp_dfs_seq_tunnel_show(struct seq_file *m, void *v)
146 tunnel->sock ? atomic_read(&tunnel->sock->sk_refcnt) : 0, 146 tunnel->sock ? atomic_read(&tunnel->sock->sk_refcnt) : 0,
147 atomic_read(&tunnel->ref_count)); 147 atomic_read(&tunnel->ref_count));
148 148
149 seq_printf(m, " %08x rx %llu/%llu/%llu rx %llu/%llu/%llu\n", 149 seq_printf(m, " %08x rx %ld/%ld/%ld rx %ld/%ld/%ld\n",
150 tunnel->debug, 150 tunnel->debug,
151 (unsigned long long)tunnel->stats.tx_packets, 151 atomic_long_read(&tunnel->stats.tx_packets),
152 (unsigned long long)tunnel->stats.tx_bytes, 152 atomic_long_read(&tunnel->stats.tx_bytes),
153 (unsigned long long)tunnel->stats.tx_errors, 153 atomic_long_read(&tunnel->stats.tx_errors),
154 (unsigned long long)tunnel->stats.rx_packets, 154 atomic_long_read(&tunnel->stats.rx_packets),
155 (unsigned long long)tunnel->stats.rx_bytes, 155 atomic_long_read(&tunnel->stats.rx_bytes),
156 (unsigned long long)tunnel->stats.rx_errors); 156 atomic_long_read(&tunnel->stats.rx_errors));
157 157
158 if (tunnel->show != NULL) 158 if (tunnel->show != NULL)
159 tunnel->show(m, tunnel); 159 tunnel->show(m, tunnel);
@@ -203,14 +203,14 @@ static void l2tp_dfs_seq_session_show(struct seq_file *m, void *v)
203 seq_printf(m, "\n"); 203 seq_printf(m, "\n");
204 } 204 }
205 205
206 seq_printf(m, " %hu/%hu tx %llu/%llu/%llu rx %llu/%llu/%llu\n", 206 seq_printf(m, " %hu/%hu tx %ld/%ld/%ld rx %ld/%ld/%ld\n",
207 session->nr, session->ns, 207 session->nr, session->ns,
208 (unsigned long long)session->stats.tx_packets, 208 atomic_long_read(&session->stats.tx_packets),
209 (unsigned long long)session->stats.tx_bytes, 209 atomic_long_read(&session->stats.tx_bytes),
210 (unsigned long long)session->stats.tx_errors, 210 atomic_long_read(&session->stats.tx_errors),
211 (unsigned long long)session->stats.rx_packets, 211 atomic_long_read(&session->stats.rx_packets),
212 (unsigned long long)session->stats.rx_bytes, 212 atomic_long_read(&session->stats.rx_bytes),
213 (unsigned long long)session->stats.rx_errors); 213 atomic_long_read(&session->stats.rx_errors));
214 214
215 if (session->show != NULL) 215 if (session->show != NULL)
216 session->show(m, session); 216 session->show(m, session);
diff --git a/net/l2tp/l2tp_ip.c b/net/l2tp/l2tp_ip.c
index 61d8b75d2686..571db8dd2292 100644
--- a/net/l2tp/l2tp_ip.c
+++ b/net/l2tp/l2tp_ip.c
@@ -49,10 +49,9 @@ static inline struct l2tp_ip_sock *l2tp_ip_sk(const struct sock *sk)
49 49
50static struct sock *__l2tp_ip_bind_lookup(struct net *net, __be32 laddr, int dif, u32 tunnel_id) 50static struct sock *__l2tp_ip_bind_lookup(struct net *net, __be32 laddr, int dif, u32 tunnel_id)
51{ 51{
52 struct hlist_node *node;
53 struct sock *sk; 52 struct sock *sk;
54 53
55 sk_for_each_bound(sk, node, &l2tp_ip_bind_table) { 54 sk_for_each_bound(sk, &l2tp_ip_bind_table) {
56 struct inet_sock *inet = inet_sk(sk); 55 struct inet_sock *inet = inet_sk(sk);
57 struct l2tp_ip_sock *l2tp = l2tp_ip_sk(sk); 56 struct l2tp_ip_sock *l2tp = l2tp_ip_sk(sk);
58 57
@@ -115,6 +114,7 @@ static inline struct sock *l2tp_ip_bind_lookup(struct net *net, __be32 laddr, in
115 */ 114 */
116static int l2tp_ip_recv(struct sk_buff *skb) 115static int l2tp_ip_recv(struct sk_buff *skb)
117{ 116{
117 struct net *net = dev_net(skb->dev);
118 struct sock *sk; 118 struct sock *sk;
119 u32 session_id; 119 u32 session_id;
120 u32 tunnel_id; 120 u32 tunnel_id;
@@ -142,7 +142,7 @@ static int l2tp_ip_recv(struct sk_buff *skb)
142 } 142 }
143 143
144 /* Ok, this is a data packet. Lookup the session. */ 144 /* Ok, this is a data packet. Lookup the session. */
145 session = l2tp_session_find(&init_net, NULL, session_id); 145 session = l2tp_session_find(net, NULL, session_id);
146 if (session == NULL) 146 if (session == NULL)
147 goto discard; 147 goto discard;
148 148
@@ -173,14 +173,14 @@ pass_up:
173 goto discard; 173 goto discard;
174 174
175 tunnel_id = ntohl(*(__be32 *) &skb->data[4]); 175 tunnel_id = ntohl(*(__be32 *) &skb->data[4]);
176 tunnel = l2tp_tunnel_find(&init_net, tunnel_id); 176 tunnel = l2tp_tunnel_find(net, tunnel_id);
177 if (tunnel != NULL) 177 if (tunnel != NULL)
178 sk = tunnel->sock; 178 sk = tunnel->sock;
179 else { 179 else {
180 struct iphdr *iph = (struct iphdr *) skb_network_header(skb); 180 struct iphdr *iph = (struct iphdr *) skb_network_header(skb);
181 181
182 read_lock_bh(&l2tp_ip_lock); 182 read_lock_bh(&l2tp_ip_lock);
183 sk = __l2tp_ip_bind_lookup(&init_net, iph->daddr, 0, tunnel_id); 183 sk = __l2tp_ip_bind_lookup(net, iph->daddr, 0, tunnel_id);
184 read_unlock_bh(&l2tp_ip_lock); 184 read_unlock_bh(&l2tp_ip_lock);
185 } 185 }
186 186
@@ -228,10 +228,16 @@ static void l2tp_ip_close(struct sock *sk, long timeout)
228static void l2tp_ip_destroy_sock(struct sock *sk) 228static void l2tp_ip_destroy_sock(struct sock *sk)
229{ 229{
230 struct sk_buff *skb; 230 struct sk_buff *skb;
231 struct l2tp_tunnel *tunnel = l2tp_sock_to_tunnel(sk);
231 232
232 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) 233 while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL)
233 kfree_skb(skb); 234 kfree_skb(skb);
234 235
236 if (tunnel) {
237 l2tp_tunnel_closeall(tunnel);
238 sock_put(sk);
239 }
240
235 sk_refcnt_debug_dec(sk); 241 sk_refcnt_debug_dec(sk);
236} 242}
237 243
@@ -239,6 +245,7 @@ static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
239{ 245{
240 struct inet_sock *inet = inet_sk(sk); 246 struct inet_sock *inet = inet_sk(sk);
241 struct sockaddr_l2tpip *addr = (struct sockaddr_l2tpip *) uaddr; 247 struct sockaddr_l2tpip *addr = (struct sockaddr_l2tpip *) uaddr;
248 struct net *net = sock_net(sk);
242 int ret; 249 int ret;
243 int chk_addr_ret; 250 int chk_addr_ret;
244 251
@@ -251,7 +258,8 @@ static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
251 258
252 ret = -EADDRINUSE; 259 ret = -EADDRINUSE;
253 read_lock_bh(&l2tp_ip_lock); 260 read_lock_bh(&l2tp_ip_lock);
254 if (__l2tp_ip_bind_lookup(&init_net, addr->l2tp_addr.s_addr, sk->sk_bound_dev_if, addr->l2tp_conn_id)) 261 if (__l2tp_ip_bind_lookup(net, addr->l2tp_addr.s_addr,
262 sk->sk_bound_dev_if, addr->l2tp_conn_id))
255 goto out_in_use; 263 goto out_in_use;
256 264
257 read_unlock_bh(&l2tp_ip_lock); 265 read_unlock_bh(&l2tp_ip_lock);
@@ -260,7 +268,7 @@ static int l2tp_ip_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
260 if (sk->sk_state != TCP_CLOSE || addr_len < sizeof(struct sockaddr_l2tpip)) 268 if (sk->sk_state != TCP_CLOSE || addr_len < sizeof(struct sockaddr_l2tpip))
261 goto out; 269 goto out;
262 270
263 chk_addr_ret = inet_addr_type(&init_net, addr->l2tp_addr.s_addr); 271 chk_addr_ret = inet_addr_type(net, addr->l2tp_addr.s_addr);
264 ret = -EADDRNOTAVAIL; 272 ret = -EADDRNOTAVAIL;
265 if (addr->l2tp_addr.s_addr && chk_addr_ret != RTN_LOCAL && 273 if (addr->l2tp_addr.s_addr && chk_addr_ret != RTN_LOCAL &&
266 chk_addr_ret != RTN_MULTICAST && chk_addr_ret != RTN_BROADCAST) 274 chk_addr_ret != RTN_MULTICAST && chk_addr_ret != RTN_BROADCAST)
@@ -369,7 +377,7 @@ static int l2tp_ip_backlog_recv(struct sock *sk, struct sk_buff *skb)
369 return 0; 377 return 0;
370 378
371drop: 379drop:
372 IP_INC_STATS(&init_net, IPSTATS_MIB_INDISCARDS); 380 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_INDISCARDS);
373 kfree_skb(skb); 381 kfree_skb(skb);
374 return -1; 382 return -1;
375} 383}
@@ -605,6 +613,7 @@ static struct inet_protosw l2tp_ip_protosw = {
605 613
606static struct net_protocol l2tp_ip_protocol __read_mostly = { 614static struct net_protocol l2tp_ip_protocol __read_mostly = {
607 .handler = l2tp_ip_recv, 615 .handler = l2tp_ip_recv,
616 .netns_ok = 1,
608}; 617};
609 618
610static int __init l2tp_ip_init(void) 619static int __init l2tp_ip_init(void)
diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c
index 927547171bc7..c74f5a91ff6a 100644
--- a/net/l2tp/l2tp_ip6.c
+++ b/net/l2tp/l2tp_ip6.c
@@ -60,10 +60,9 @@ static struct sock *__l2tp_ip6_bind_lookup(struct net *net,
60 struct in6_addr *laddr, 60 struct in6_addr *laddr,
61 int dif, u32 tunnel_id) 61 int dif, u32 tunnel_id)
62{ 62{
63 struct hlist_node *node;
64 struct sock *sk; 63 struct sock *sk;
65 64
66 sk_for_each_bound(sk, node, &l2tp_ip6_bind_table) { 65 sk_for_each_bound(sk, &l2tp_ip6_bind_table) {
67 struct in6_addr *addr = inet6_rcv_saddr(sk); 66 struct in6_addr *addr = inet6_rcv_saddr(sk);
68 struct l2tp_ip6_sock *l2tp = l2tp_ip6_sk(sk); 67 struct l2tp_ip6_sock *l2tp = l2tp_ip6_sk(sk);
69 68
@@ -242,10 +241,17 @@ static void l2tp_ip6_close(struct sock *sk, long timeout)
242 241
243static void l2tp_ip6_destroy_sock(struct sock *sk) 242static void l2tp_ip6_destroy_sock(struct sock *sk)
244{ 243{
244 struct l2tp_tunnel *tunnel = l2tp_sock_to_tunnel(sk);
245
245 lock_sock(sk); 246 lock_sock(sk);
246 ip6_flush_pending_frames(sk); 247 ip6_flush_pending_frames(sk);
247 release_sock(sk); 248 release_sock(sk);
248 249
250 if (tunnel) {
251 l2tp_tunnel_closeall(tunnel);
252 sock_put(sk);
253 }
254
249 inet6_destroy_sock(sk); 255 inet6_destroy_sock(sk);
250} 256}
251 257
@@ -554,8 +560,8 @@ static int l2tp_ip6_sendmsg(struct kiocb *iocb, struct sock *sk,
554 memset(opt, 0, sizeof(struct ipv6_txoptions)); 560 memset(opt, 0, sizeof(struct ipv6_txoptions));
555 opt->tot_len = sizeof(struct ipv6_txoptions); 561 opt->tot_len = sizeof(struct ipv6_txoptions);
556 562
557 err = datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt, 563 err = ip6_datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt,
558 &hlimit, &tclass, &dontfrag); 564 &hlimit, &tclass, &dontfrag);
559 if (err < 0) { 565 if (err < 0) {
560 fl6_sock_release(flowlabel); 566 fl6_sock_release(flowlabel);
561 return err; 567 return err;
@@ -646,7 +652,7 @@ static int l2tp_ip6_recvmsg(struct kiocb *iocb, struct sock *sk,
646 struct msghdr *msg, size_t len, int noblock, 652 struct msghdr *msg, size_t len, int noblock,
647 int flags, int *addr_len) 653 int flags, int *addr_len)
648{ 654{
649 struct inet_sock *inet = inet_sk(sk); 655 struct ipv6_pinfo *np = inet6_sk(sk);
650 struct sockaddr_l2tpip6 *lsa = (struct sockaddr_l2tpip6 *)msg->msg_name; 656 struct sockaddr_l2tpip6 *lsa = (struct sockaddr_l2tpip6 *)msg->msg_name;
651 size_t copied = 0; 657 size_t copied = 0;
652 int err = -EOPNOTSUPP; 658 int err = -EOPNOTSUPP;
@@ -688,8 +694,8 @@ static int l2tp_ip6_recvmsg(struct kiocb *iocb, struct sock *sk,
688 lsa->l2tp_scope_id = IP6CB(skb)->iif; 694 lsa->l2tp_scope_id = IP6CB(skb)->iif;
689 } 695 }
690 696
691 if (inet->cmsg_flags) 697 if (np->rxopt.all)
692 ip_cmsg_recv(msg, skb); 698 ip6_datagram_recv_ctl(sk, msg, skb);
693 699
694 if (flags & MSG_TRUNC) 700 if (flags & MSG_TRUNC)
695 copied = skb->len; 701 copied = skb->len;
diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c
index bbba3a19e944..0825ff26e113 100644
--- a/net/l2tp/l2tp_netlink.c
+++ b/net/l2tp/l2tp_netlink.c
@@ -37,6 +37,7 @@ static struct genl_family l2tp_nl_family = {
37 .version = L2TP_GENL_VERSION, 37 .version = L2TP_GENL_VERSION,
38 .hdrsize = 0, 38 .hdrsize = 0,
39 .maxattr = L2TP_ATTR_MAX, 39 .maxattr = L2TP_ATTR_MAX,
40 .netnsok = true,
40}; 41};
41 42
42/* Accessed under genl lock */ 43/* Accessed under genl lock */
@@ -245,8 +246,6 @@ static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq, int fla
245#if IS_ENABLED(CONFIG_IPV6) 246#if IS_ENABLED(CONFIG_IPV6)
246 struct ipv6_pinfo *np = NULL; 247 struct ipv6_pinfo *np = NULL;
247#endif 248#endif
248 struct l2tp_stats stats;
249 unsigned int start;
250 249
251 hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags, 250 hdr = genlmsg_put(skb, portid, seq, &l2tp_nl_family, flags,
252 L2TP_CMD_TUNNEL_GET); 251 L2TP_CMD_TUNNEL_GET);
@@ -264,28 +263,22 @@ static int l2tp_nl_tunnel_send(struct sk_buff *skb, u32 portid, u32 seq, int fla
264 if (nest == NULL) 263 if (nest == NULL)
265 goto nla_put_failure; 264 goto nla_put_failure;
266 265
267 do { 266 if (nla_put_u64(skb, L2TP_ATTR_TX_PACKETS,
268 start = u64_stats_fetch_begin(&tunnel->stats.syncp); 267 atomic_long_read(&tunnel->stats.tx_packets)) ||
269 stats.tx_packets = tunnel->stats.tx_packets; 268 nla_put_u64(skb, L2TP_ATTR_TX_BYTES,
270 stats.tx_bytes = tunnel->stats.tx_bytes; 269 atomic_long_read(&tunnel->stats.tx_bytes)) ||
271 stats.tx_errors = tunnel->stats.tx_errors; 270 nla_put_u64(skb, L2TP_ATTR_TX_ERRORS,
272 stats.rx_packets = tunnel->stats.rx_packets; 271 atomic_long_read(&tunnel->stats.tx_errors)) ||
273 stats.rx_bytes = tunnel->stats.rx_bytes; 272 nla_put_u64(skb, L2TP_ATTR_RX_PACKETS,
274 stats.rx_errors = tunnel->stats.rx_errors; 273 atomic_long_read(&tunnel->stats.rx_packets)) ||
275 stats.rx_seq_discards = tunnel->stats.rx_seq_discards; 274 nla_put_u64(skb, L2TP_ATTR_RX_BYTES,
276 stats.rx_oos_packets = tunnel->stats.rx_oos_packets; 275 atomic_long_read(&tunnel->stats.rx_bytes)) ||
277 } while (u64_stats_fetch_retry(&tunnel->stats.syncp, start));
278
279 if (nla_put_u64(skb, L2TP_ATTR_TX_PACKETS, stats.tx_packets) ||
280 nla_put_u64(skb, L2TP_ATTR_TX_BYTES, stats.tx_bytes) ||
281 nla_put_u64(skb, L2TP_ATTR_TX_ERRORS, stats.tx_errors) ||
282 nla_put_u64(skb, L2TP_ATTR_RX_PACKETS, stats.rx_packets) ||
283 nla_put_u64(skb, L2TP_ATTR_RX_BYTES, stats.rx_bytes) ||
284 nla_put_u64(skb, L2TP_ATTR_RX_SEQ_DISCARDS, 276 nla_put_u64(skb, L2TP_ATTR_RX_SEQ_DISCARDS,
285 stats.rx_seq_discards) || 277 atomic_long_read(&tunnel->stats.rx_seq_discards)) ||
286 nla_put_u64(skb, L2TP_ATTR_RX_OOS_PACKETS, 278 nla_put_u64(skb, L2TP_ATTR_RX_OOS_PACKETS,
287 stats.rx_oos_packets) || 279 atomic_long_read(&tunnel->stats.rx_oos_packets)) ||
288 nla_put_u64(skb, L2TP_ATTR_RX_ERRORS, stats.rx_errors)) 280 nla_put_u64(skb, L2TP_ATTR_RX_ERRORS,
281 atomic_long_read(&tunnel->stats.rx_errors)))
289 goto nla_put_failure; 282 goto nla_put_failure;
290 nla_nest_end(skb, nest); 283 nla_nest_end(skb, nest);
291 284
@@ -611,8 +604,6 @@ static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq, int fl
611 struct nlattr *nest; 604 struct nlattr *nest;
612 struct l2tp_tunnel *tunnel = session->tunnel; 605 struct l2tp_tunnel *tunnel = session->tunnel;
613 struct sock *sk = NULL; 606 struct sock *sk = NULL;
614 struct l2tp_stats stats;
615 unsigned int start;
616 607
617 sk = tunnel->sock; 608 sk = tunnel->sock;
618 609
@@ -655,28 +646,22 @@ static int l2tp_nl_session_send(struct sk_buff *skb, u32 portid, u32 seq, int fl
655 if (nest == NULL) 646 if (nest == NULL)
656 goto nla_put_failure; 647 goto nla_put_failure;
657 648
658 do { 649 if (nla_put_u64(skb, L2TP_ATTR_TX_PACKETS,
659 start = u64_stats_fetch_begin(&session->stats.syncp); 650 atomic_long_read(&session->stats.tx_packets)) ||
660 stats.tx_packets = session->stats.tx_packets; 651 nla_put_u64(skb, L2TP_ATTR_TX_BYTES,
661 stats.tx_bytes = session->stats.tx_bytes; 652 atomic_long_read(&session->stats.tx_bytes)) ||
662 stats.tx_errors = session->stats.tx_errors; 653 nla_put_u64(skb, L2TP_ATTR_TX_ERRORS,
663 stats.rx_packets = session->stats.rx_packets; 654 atomic_long_read(&session->stats.tx_errors)) ||
664 stats.rx_bytes = session->stats.rx_bytes; 655 nla_put_u64(skb, L2TP_ATTR_RX_PACKETS,
665 stats.rx_errors = session->stats.rx_errors; 656 atomic_long_read(&session->stats.rx_packets)) ||
666 stats.rx_seq_discards = session->stats.rx_seq_discards; 657 nla_put_u64(skb, L2TP_ATTR_RX_BYTES,
667 stats.rx_oos_packets = session->stats.rx_oos_packets; 658 atomic_long_read(&session->stats.rx_bytes)) ||
668 } while (u64_stats_fetch_retry(&session->stats.syncp, start));
669
670 if (nla_put_u64(skb, L2TP_ATTR_TX_PACKETS, stats.tx_packets) ||
671 nla_put_u64(skb, L2TP_ATTR_TX_BYTES, stats.tx_bytes) ||
672 nla_put_u64(skb, L2TP_ATTR_TX_ERRORS, stats.tx_errors) ||
673 nla_put_u64(skb, L2TP_ATTR_RX_PACKETS, stats.rx_packets) ||
674 nla_put_u64(skb, L2TP_ATTR_RX_BYTES, stats.rx_bytes) ||
675 nla_put_u64(skb, L2TP_ATTR_RX_SEQ_DISCARDS, 659 nla_put_u64(skb, L2TP_ATTR_RX_SEQ_DISCARDS,
676 stats.rx_seq_discards) || 660 atomic_long_read(&session->stats.rx_seq_discards)) ||
677 nla_put_u64(skb, L2TP_ATTR_RX_OOS_PACKETS, 661 nla_put_u64(skb, L2TP_ATTR_RX_OOS_PACKETS,
678 stats.rx_oos_packets) || 662 atomic_long_read(&session->stats.rx_oos_packets)) ||
679 nla_put_u64(skb, L2TP_ATTR_RX_ERRORS, stats.rx_errors)) 663 nla_put_u64(skb, L2TP_ATTR_RX_ERRORS,
664 atomic_long_read(&session->stats.rx_errors)))
680 goto nla_put_failure; 665 goto nla_put_failure;
681 nla_nest_end(skb, nest); 666 nla_nest_end(skb, nest);
682 667
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index 286366ef8930..637a341c1e2d 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -97,6 +97,7 @@
97#include <net/ip.h> 97#include <net/ip.h>
98#include <net/udp.h> 98#include <net/udp.h>
99#include <net/xfrm.h> 99#include <net/xfrm.h>
100#include <net/inet_common.h>
100 101
101#include <asm/byteorder.h> 102#include <asm/byteorder.h>
102#include <linux/atomic.h> 103#include <linux/atomic.h>
@@ -259,7 +260,7 @@ static void pppol2tp_recv(struct l2tp_session *session, struct sk_buff *skb, int
259 session->name); 260 session->name);
260 261
261 /* Not bound. Nothing we can do, so discard. */ 262 /* Not bound. Nothing we can do, so discard. */
262 session->stats.rx_errors++; 263 atomic_long_inc(&session->stats.rx_errors);
263 kfree_skb(skb); 264 kfree_skb(skb);
264 } 265 }
265 266
@@ -355,6 +356,7 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh
355 l2tp_xmit_skb(session, skb, session->hdr_len); 356 l2tp_xmit_skb(session, skb, session->hdr_len);
356 357
357 sock_put(ps->tunnel_sock); 358 sock_put(ps->tunnel_sock);
359 sock_put(sk);
358 360
359 return error; 361 return error;
360 362
@@ -388,8 +390,6 @@ static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
388 struct l2tp_session *session; 390 struct l2tp_session *session;
389 struct l2tp_tunnel *tunnel; 391 struct l2tp_tunnel *tunnel;
390 struct pppol2tp_session *ps; 392 struct pppol2tp_session *ps;
391 int old_headroom;
392 int new_headroom;
393 int uhlen, headroom; 393 int uhlen, headroom;
394 394
395 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED)) 395 if (sock_flag(sk, SOCK_DEAD) || !(sk->sk_state & PPPOX_CONNECTED))
@@ -408,7 +408,6 @@ static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
408 if (tunnel == NULL) 408 if (tunnel == NULL)
409 goto abort_put_sess; 409 goto abort_put_sess;
410 410
411 old_headroom = skb_headroom(skb);
412 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0; 411 uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
413 headroom = NET_SKB_PAD + 412 headroom = NET_SKB_PAD +
414 sizeof(struct iphdr) + /* IP header */ 413 sizeof(struct iphdr) + /* IP header */
@@ -418,9 +417,6 @@ static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
418 if (skb_cow_head(skb, headroom)) 417 if (skb_cow_head(skb, headroom))
419 goto abort_put_sess_tun; 418 goto abort_put_sess_tun;
420 419
421 new_headroom = skb_headroom(skb);
422 skb->truesize += new_headroom - old_headroom;
423
424 /* Setup PPP header */ 420 /* Setup PPP header */
425 __skb_push(skb, sizeof(ppph)); 421 __skb_push(skb, sizeof(ppph));
426 skb->data[0] = ppph[0]; 422 skb->data[0] = ppph[0];
@@ -452,34 +448,16 @@ static void pppol2tp_session_close(struct l2tp_session *session)
452{ 448{
453 struct pppol2tp_session *ps = l2tp_session_priv(session); 449 struct pppol2tp_session *ps = l2tp_session_priv(session);
454 struct sock *sk = ps->sock; 450 struct sock *sk = ps->sock;
455 struct sk_buff *skb; 451 struct socket *sock = sk->sk_socket;
456 452
457 BUG_ON(session->magic != L2TP_SESSION_MAGIC); 453 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
458 454
459 if (session->session_id == 0)
460 goto out;
461
462 if (sk != NULL) {
463 lock_sock(sk);
464
465 if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND)) {
466 pppox_unbind_sock(sk);
467 sk->sk_state = PPPOX_DEAD;
468 sk->sk_state_change(sk);
469 }
470 455
471 /* Purge any queued data */ 456 if (sock) {
472 skb_queue_purge(&sk->sk_receive_queue); 457 inet_shutdown(sock, 2);
473 skb_queue_purge(&sk->sk_write_queue); 458 /* Don't let the session go away before our socket does */
474 while ((skb = skb_dequeue(&session->reorder_q))) { 459 l2tp_session_inc_refcount(session);
475 kfree_skb(skb);
476 sock_put(sk);
477 }
478
479 release_sock(sk);
480 } 460 }
481
482out:
483 return; 461 return;
484} 462}
485 463
@@ -488,19 +466,12 @@ out:
488 */ 466 */
489static void pppol2tp_session_destruct(struct sock *sk) 467static void pppol2tp_session_destruct(struct sock *sk)
490{ 468{
491 struct l2tp_session *session; 469 struct l2tp_session *session = sk->sk_user_data;
492 470 if (session) {
493 if (sk->sk_user_data != NULL) {
494 session = sk->sk_user_data;
495 if (session == NULL)
496 goto out;
497
498 sk->sk_user_data = NULL; 471 sk->sk_user_data = NULL;
499 BUG_ON(session->magic != L2TP_SESSION_MAGIC); 472 BUG_ON(session->magic != L2TP_SESSION_MAGIC);
500 l2tp_session_dec_refcount(session); 473 l2tp_session_dec_refcount(session);
501 } 474 }
502
503out:
504 return; 475 return;
505} 476}
506 477
@@ -530,16 +501,13 @@ static int pppol2tp_release(struct socket *sock)
530 session = pppol2tp_sock_to_session(sk); 501 session = pppol2tp_sock_to_session(sk);
531 502
532 /* Purge any queued data */ 503 /* Purge any queued data */
533 skb_queue_purge(&sk->sk_receive_queue);
534 skb_queue_purge(&sk->sk_write_queue);
535 if (session != NULL) { 504 if (session != NULL) {
536 struct sk_buff *skb; 505 __l2tp_session_unhash(session);
537 while ((skb = skb_dequeue(&session->reorder_q))) { 506 l2tp_session_queue_purge(session);
538 kfree_skb(skb);
539 sock_put(sk);
540 }
541 sock_put(sk); 507 sock_put(sk);
542 } 508 }
509 skb_queue_purge(&sk->sk_receive_queue);
510 skb_queue_purge(&sk->sk_write_queue);
543 511
544 release_sock(sk); 512 release_sock(sk);
545 513
@@ -885,18 +853,6 @@ out:
885 return error; 853 return error;
886} 854}
887 855
888/* Called when deleting sessions via the netlink interface.
889 */
890static int pppol2tp_session_delete(struct l2tp_session *session)
891{
892 struct pppol2tp_session *ps = l2tp_session_priv(session);
893
894 if (ps->sock == NULL)
895 l2tp_session_dec_refcount(session);
896
897 return 0;
898}
899
900#endif /* CONFIG_L2TP_V3 */ 856#endif /* CONFIG_L2TP_V3 */
901 857
902/* getname() support. 858/* getname() support.
@@ -1030,14 +986,14 @@ end:
1030static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest, 986static void pppol2tp_copy_stats(struct pppol2tp_ioc_stats *dest,
1031 struct l2tp_stats *stats) 987 struct l2tp_stats *stats)
1032{ 988{
1033 dest->tx_packets = stats->tx_packets; 989 dest->tx_packets = atomic_long_read(&stats->tx_packets);
1034 dest->tx_bytes = stats->tx_bytes; 990 dest->tx_bytes = atomic_long_read(&stats->tx_bytes);
1035 dest->tx_errors = stats->tx_errors; 991 dest->tx_errors = atomic_long_read(&stats->tx_errors);
1036 dest->rx_packets = stats->rx_packets; 992 dest->rx_packets = atomic_long_read(&stats->rx_packets);
1037 dest->rx_bytes = stats->rx_bytes; 993 dest->rx_bytes = atomic_long_read(&stats->rx_bytes);
1038 dest->rx_seq_discards = stats->rx_seq_discards; 994 dest->rx_seq_discards = atomic_long_read(&stats->rx_seq_discards);
1039 dest->rx_oos_packets = stats->rx_oos_packets; 995 dest->rx_oos_packets = atomic_long_read(&stats->rx_oos_packets);
1040 dest->rx_errors = stats->rx_errors; 996 dest->rx_errors = atomic_long_read(&stats->rx_errors);
1041} 997}
1042 998
1043/* Session ioctl helper. 999/* Session ioctl helper.
@@ -1671,14 +1627,14 @@ static void pppol2tp_seq_tunnel_show(struct seq_file *m, void *v)
1671 tunnel->name, 1627 tunnel->name,
1672 (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N', 1628 (tunnel == tunnel->sock->sk_user_data) ? 'Y' : 'N',
1673 atomic_read(&tunnel->ref_count) - 1); 1629 atomic_read(&tunnel->ref_count) - 1);
1674 seq_printf(m, " %08x %llu/%llu/%llu %llu/%llu/%llu\n", 1630 seq_printf(m, " %08x %ld/%ld/%ld %ld/%ld/%ld\n",
1675 tunnel->debug, 1631 tunnel->debug,
1676 (unsigned long long)tunnel->stats.tx_packets, 1632 atomic_long_read(&tunnel->stats.tx_packets),
1677 (unsigned long long)tunnel->stats.tx_bytes, 1633 atomic_long_read(&tunnel->stats.tx_bytes),
1678 (unsigned long long)tunnel->stats.tx_errors, 1634 atomic_long_read(&tunnel->stats.tx_errors),
1679 (unsigned long long)tunnel->stats.rx_packets, 1635 atomic_long_read(&tunnel->stats.rx_packets),
1680 (unsigned long long)tunnel->stats.rx_bytes, 1636 atomic_long_read(&tunnel->stats.rx_bytes),
1681 (unsigned long long)tunnel->stats.rx_errors); 1637 atomic_long_read(&tunnel->stats.rx_errors));
1682} 1638}
1683 1639
1684static void pppol2tp_seq_session_show(struct seq_file *m, void *v) 1640static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
@@ -1713,14 +1669,14 @@ static void pppol2tp_seq_session_show(struct seq_file *m, void *v)
1713 session->lns_mode ? "LNS" : "LAC", 1669 session->lns_mode ? "LNS" : "LAC",
1714 session->debug, 1670 session->debug,
1715 jiffies_to_msecs(session->reorder_timeout)); 1671 jiffies_to_msecs(session->reorder_timeout));
1716 seq_printf(m, " %hu/%hu %llu/%llu/%llu %llu/%llu/%llu\n", 1672 seq_printf(m, " %hu/%hu %ld/%ld/%ld %ld/%ld/%ld\n",
1717 session->nr, session->ns, 1673 session->nr, session->ns,
1718 (unsigned long long)session->stats.tx_packets, 1674 atomic_long_read(&session->stats.tx_packets),
1719 (unsigned long long)session->stats.tx_bytes, 1675 atomic_long_read(&session->stats.tx_bytes),
1720 (unsigned long long)session->stats.tx_errors, 1676 atomic_long_read(&session->stats.tx_errors),
1721 (unsigned long long)session->stats.rx_packets, 1677 atomic_long_read(&session->stats.rx_packets),
1722 (unsigned long long)session->stats.rx_bytes, 1678 atomic_long_read(&session->stats.rx_bytes),
1723 (unsigned long long)session->stats.rx_errors); 1679 atomic_long_read(&session->stats.rx_errors));
1724 1680
1725 if (po) 1681 if (po)
1726 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan)); 1682 seq_printf(m, " interface %s\n", ppp_dev_name(&po->chan));
@@ -1789,7 +1745,8 @@ static __net_init int pppol2tp_init_net(struct net *net)
1789 struct proc_dir_entry *pde; 1745 struct proc_dir_entry *pde;
1790 int err = 0; 1746 int err = 0;
1791 1747
1792 pde = proc_net_fops_create(net, "pppol2tp", S_IRUGO, &pppol2tp_proc_fops); 1748 pde = proc_create("pppol2tp", S_IRUGO, net->proc_net,
1749 &pppol2tp_proc_fops);
1793 if (!pde) { 1750 if (!pde) {
1794 err = -ENOMEM; 1751 err = -ENOMEM;
1795 goto out; 1752 goto out;
@@ -1801,7 +1758,7 @@ out:
1801 1758
1802static __net_exit void pppol2tp_exit_net(struct net *net) 1759static __net_exit void pppol2tp_exit_net(struct net *net)
1803{ 1760{
1804 proc_net_remove(net, "pppol2tp"); 1761 remove_proc_entry("pppol2tp", net->proc_net);
1805} 1762}
1806 1763
1807static struct pernet_operations pppol2tp_net_ops = { 1764static struct pernet_operations pppol2tp_net_ops = {
@@ -1843,7 +1800,7 @@ static const struct pppox_proto pppol2tp_proto = {
1843 1800
1844static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = { 1801static const struct l2tp_nl_cmd_ops pppol2tp_nl_cmd_ops = {
1845 .session_create = pppol2tp_session_create, 1802 .session_create = pppol2tp_session_create,
1846 .session_delete = pppol2tp_session_delete, 1803 .session_delete = l2tp_session_delete,
1847}; 1804};
1848 1805
1849#endif /* CONFIG_L2TP_V3 */ 1806#endif /* CONFIG_L2TP_V3 */
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-07 08:58:43 -0500