L2TP tunnel creation is racy. We need to make sure that the tunnel
returned by l2tp_tunnel_create() isn't going to be freed while the
caller is using it. This is done in patch #1, by separating tunnel
creation from tunnel registration.

With the tunnel registration code in place, we can now check for
duplicate tunnels in a race-free way. This is done in patch #2, which
incidentally removes the last use of l2tp_tunnel_find().

Guillaume Nault (2):
  l2tp: fix races in tunnel creation
  l2tp: fix race in duplicate tunnel detection

 net/l2tp/l2tp_core.c    | 225 +++++++++++++++++-----------------------
 net/l2tp/l2tp_core.h    |   4 +-
 net/l2tp/l2tp_netlink.c |  22 ++--
 net/l2tp/l2tp_ppp.c     |   9 ++
 4 files changed, 123 insertions(+), 137 deletions(-)


Reply via email to