On Wed, Mar 21, 2018 at 09:03:57AM +0800, xu heng wrote:
> Yes, i have tested it for 146390 seconds in my board, it's ok now. Thanks!
>
Feel free to add your Tested-by tag to the patch if you want to.
Thanks for your report.
Guillaume
BTW, for your future exchanges on the list, please avoid top-
On Thu, Mar 22, 2018 at 05:55:30PM -0700, Daniel Rosenberg wrote:
> f3c66d4e144a0904ea9b95d23ed9f8eb38c11bfb l2tp: prevent creation of
> sessions on terminated tunnels
> 9ee369a405c57613d7c83a3967780c3e30c52ecc l2tp: initialise session's
> refcount before making it reachable
> dbdbc73
On Sat, Mar 24, 2018 at 11:29:42PM -0700, Joel Fernandes wrote:
> On Fri, Mar 23, 2018 at 1:41 PM, Thomas Gleixner wrote:
> > On Fri, 23 Mar 2018, Joel Fernandes wrote:
> >> On Fri, Mar 23, 2018 at 2:11 AM, Thomas Gleixner
> >> wrote:
> >> > On Thu, 22 Mar 2018, Joel Fernandes wrote:
> >> Sorry.
Sessions must be fully initialised before calling
l2tp_session_add_to_tunnel(). Otherwise, there's a short time frame
where partially initialised sessions can be accessed by external users.
Fixes: dbdbc73b4478 ("l2tp: fix duplicate session creation")
Signed-off-by: Guillaume Nault
Use l2tp_tunnel_get() to retrieve tunnel, so that it can't go away on
us. Otherwise l2tp_tunnel_destruct() might release the last reference
count concurrently, thus freeing the tunnel while we're using it.
Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP")
Sign
plify things and call kfree_rcu() directly in
l2tp_tunnel_dec_refcount(). Extra assertions and debugging code
provided by l2tp_tunnel_free() didn't help catching any of the
reference counting and socket handling issues found while working on
this series.
Fixes: 309795f4bec2 ("l2tp: Add netlink control
tlink control API for L2TP")
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_netlink.c | 27 +++
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c
index d61e75b4e619..ae5170e26281 100644
--- a/net/l2tp/l2tp
often combine this issue with other more or less subtle
races. They will be fixed incrementally in followup series.
Guillaume Nault (5):
l2tp: hold tunnel while looking up sessions in l2tp_netlink
l2tp: hold tunnel while processing genl delete command
l2tp: hold tunnel while handling genl tunnel up
l2tp_nl_cmd_tunnel_delete() needs to take a reference on the tunnel, to
prevent it from being concurrently freed by l2tp_tunnel_destruct().
Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP")
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_netlink.c | 6 --
1 file
We need to make sure the tunnel is not going to be destroyed by
l2tp_tunnel_destruct() concurrently.
Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP")
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_netlink.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
On Tue, Feb 19, 2019 at 04:36:55PM +, James Chapman wrote:
> On 19/02/2019 13:09, t.mart...@avm.de wrote:
> >
> > Because everytime a LCCE decapsulates such traffic it'll suffer from
> > unaligned access to the inner IP header (likewise for the outer IP
> > header when encapsulating). It's a fu
to revert the work done by tcp_try_fastopen()
(with reqsk_fastopen_remove()).
Fixes: 7716682cc58e ("tcp/dccp: fix another race at listener dismantle")
Signed-off-by: Guillaume Nault
---
Note for stable backports: this patch relies on da8ab57863ed
("tcp/dccp: remove reqsk_put() from
On Fri, Mar 08, 2019 at 01:33:02PM -0800, Eric Dumazet wrote:
>
>
> On 03/08/2019 01:09 PM, Guillaume Nault wrote:
> > @@ -216,7 +216,12 @@ struct sock *tcp_get_cookie_sock(struct sock *sk,
> > struct sk_buff *skb,
> > refcount_set(&req->rsk_refcnt
On Fri, Mar 08, 2019 at 02:34:07PM -0800, Eric Dumazet wrote:
>
>
> On 03/08/2019 02:22 PM, Guillaume Nault wrote:
> > On Fri, Mar 08, 2019 at 01:33:02PM -0800, Eric Dumazet wrote:
> >>
> >>
> >> On 03/08/2019 01:09 PM, Guillaume Nault wro
On Fri, Mar 08, 2019 at 03:47:25PM -0800, Eric Dumazet wrote:
>
> On 03/08/2019 02:40 PM, Guillaume Nault wrote:
> > On Fri, Mar 08, 2019 at 02:34:07PM -0800, Eric Dumazet wrote:
> >
> > Long term, do we want to keep the WARN_ON_ONCE()? If so, we should
> > probab
As Eric Dumazet said, "We do not have a way to tell if the req was ever
inserted in a hash table, so better play safe.".
Let's remove this comment, so that nobody will be tempted to drop the
WARN_ON_ONCE() line.
Signed-off-by: Guillaume Nault
---
include/net/request_sock.h | 1 -
gh ->rsk_refcnt might be non-null.
Now we can consolidate the error path of tcp_get_cookie_sock() and
tcp_conn_request().
Signed-off-by: Guillaume Nault
---
include/net/request_sock.h | 10 +++---
net/ipv4/syncookies.c | 17 -
net/ipv4/tcp_input.c | 5 ++---
3 f
On Tue, Apr 23, 2019 at 09:43:26AM -0700, Eric Dumazet wrote:
> Canonical way to fetch sk_user_data from an encap_rcv() handler called
> from UDP stack in rcu protected section is to use
> rcu_dereference_sk_user_data(),
> otherwise compiler might read it multiple times.
>
That reminds me the mor
On Wed, Apr 24, 2019 at 04:33:47AM -0700, Eric Dumazet wrote:
> On Wed, Apr 24, 2019 at 2:58 AM Guillaume Nault wrote:
> >
> > On Tue, Apr 23, 2019 at 09:43:26AM -0700, Eric Dumazet wrote:
> > > Canonical way to fetch sk_user_data from an encap_rcv() handler called
>
On Wed, Apr 24, 2019 at 11:29:25AM -0700, Eric Dumazet wrote:
> On Wed, Apr 24, 2019 at 11:21 AM Guillaume Nault wrote:
>
> >
> > And then, we'd need to make sure that ->sk_user_data is in sync with
> > the encap_rcv() callback (or whatever actually uses the d
On Tue, May 14, 2019 at 03:43:00PM +0800, YueHaibing wrote:
>
> If ppp_deflate fails to register in deflate_init,
> module initialization failed out, however
> ppp_deflate_draft may has been regiestred and not
> unregistered before return.
> Then the seconed modprobe will trigger crash like this.
On Tue, May 14, 2019 at 10:55:32PM +0800, YueHaibing wrote:
> If ppp_deflate fails to register in deflate_init,
> module initialization failed out, however
> ppp_deflate_draft may has been regiestred and not
> unregistered before return.
>
Thanks!
Acked-by: Guillaume Nault
On Tue, Oct 03, 2017 at 06:40:03PM +0200, Guillaume Nault wrote:
> On Tue, Oct 03, 2017 at 09:44:14AM +0200, Beniamino Galvani wrote:
> > Call Trace:
> > ppp_destroy_interface+0xd8/0xe0 [ppp_generic]
> > ppp_disconnect_channel+0xda/0x110 [ppp_generic]
> > ppp_un
On Fri, Oct 06, 2017 at 10:09:03AM +0200, Beniamino Galvani wrote:
> On Thu, Oct 05, 2017 at 04:55:03PM +0200, Guillaume Nault wrote:
> > Sorry for the delay, I've followed a few complicated dead ends before
> > getting to this simple and rather obvious fix.
> >
r ppp_release() nor
ppp_disconnect_channel() can call ppp_destroy_interface() in the interim.
Reported-by: Beniamino Galvani
Fixes: 8cb775bc0a34 ("ppp: fix device unregistration upon netns deletion")
Signed-off-by: Guillaume Nault
---
drivers/net/ppp/ppp_generic.c | 20 +++
On Tue, Oct 03, 2017 at 08:27:32AM +0100, James Chapman wrote:
> On 2 October 2017 at 19:35, SviMik wrote:
> > Hi, James!
> >
> > No, I'm suffering from kernel panics since I started using 4.x
> > kernels.
> It's interesting that you are seeing l2tp issues since switching to
> 4.x kernels. Are you
to avoid dereferencing a NULL pointer.
Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP")
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_ppp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index bc6e8bfc5be4..f50452b919d5 100
Just a set of unrelated trivial cleanups (remove unused code, make
local functions static, etc.).
Guillaume Nault (7):
l2tp: remove pppol2tp_session_close()
l2tp: remove .show from struct l2tp_tunnel
l2tp: remove l2tp_tunnel_priv()
l2tp: don't export l2tp_session_queue_purge()
This function, and the associated .priv field, are unused.
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_core.h | 7 ---
1 file changed, 7 deletions(-)
diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h
index b21c20a4e08f..15e1171ecf7b 100644
--- a/net/l2tp/l2tp_core.h
+++ b/net
l2tp_core.c verifies that ->session_close() is defined before calling
it. There's no need for a stub.
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_ppp.c | 7 ---
1 file changed, 7 deletions(-)
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index 55188382845c..eea5
Replace 'l2tp_pernet(tunnel->l2tp_net)' with 'pn', which has been set
on the preceding line.
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_core.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index 96e
It always returns 0, and nobody reads the return value anyway.
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_core.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index 88c3001531b4..1ea285bad84b 100644
--- a/net/l2tp
This function is only used in l2tp_core.c.
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_core.c | 3 +--
net/l2tp/l2tp_core.h | 1 -
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index 40261cb68e83..3adef4c35a3a 100644
--- a/net
This function is only used in l2tp_core.c.
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_core.c | 3 +--
net/l2tp/l2tp_core.h | 1 -
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index 3adef4c35a3a..96e31f2ae7cd 100644
--- a/net
This callback has never been implemented.
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_core.h| 3 ---
net/l2tp/l2tp_debugfs.c | 3 ---
2 files changed, 6 deletions(-)
diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h
index c199020f8a8a..b21c20a4e08f 100644
--- a/net/l2tp
tp_connect().
A new structure, l2tp_connect_info, is used to pass sockaddr data back
to pppol2tp_connect(), to avoid passing too many parameters to
l2tp_sockaddr_get_info(). Also, the first parameter is void* in order
to avoid casting between all sockaddr_* structures manually.
Signed-off-by: Guill
On Thu, Mar 08, 2018 at 03:37:27PM +0100, Paolo Abeni wrote:
> When creating a new socket, l2tp_tunnel_create() ensures that
> such socket is connected, but when using a socket provided by
> the user space, no check is done on the socket state.
>
> This may foul the later check for ipv6 sockets th
> diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
> index 83421c6f0bef..9726e3f37745 100644
> --- a/net/l2tp/l2tp_core.c
> +++ b/net/l2tp/l2tp_core.c
> @@ -1112,11 +1125,32 @@ int l2tp_xmit_skb(struct l2tp_session *session,
> struct sk_buff *skb, int hdr_len
> goto out_unloc
On Fri, Mar 09, 2018 at 06:04:03PM +0100, Paolo Abeni wrote:
> Hi,
>
> On Fri, 2018-03-09 at 17:43 +0100, Guillaume Nault wrote:
> > > diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
> > > index 83421c6f0bef..9726e3f37745 100644
> > > --- a/net/l
On Fri, Mar 09, 2018 at 06:58:00PM +0100, Paolo Abeni wrote:
> On Fri, 2018-03-09 at 18:47 +0100, Guillaume Nault wrote:
> > On Fri, Mar 09, 2018 at 06:04:03PM +0100, Paolo Abeni wrote:
> > > Hi,
> > >
> > > On Fri, 2018-03-09 at 17:43 +0100, Guillaume Nault wr
On Mon, Mar 12, 2018 at 09:53:18AM +0100, Paolo Abeni wrote:
> On Fri, 2018-03-09 at 19:26 +0100, Guillaume Nault wrote:
> > On Fri, Mar 09, 2018 at 06:58:00PM +0100, Paolo Abeni wrote:
> > > The single threaded reproducer does not trigger anymore after 1/2,
> > > _but
eries:
Reviewed-by: Guillaume Nault
On Thu, Mar 15, 2018 at 12:10:57PM +0300, Kirill Tkhai wrote:
> Init method is rather simple. Exit method queues del_work
> for every tunnel from per-net list. This seems to be safe
> to be marked async.
>
Acked-by: Guillaume Nault
On Wed, Mar 14, 2018 at 08:02:17AM -0700, Stephen Hemminger wrote:
>
>
> Begin forwarded message:
>
> Date: Wed, 14 Mar 2018 06:56:09 +
> From: bugzilla-dae...@bugzilla.kernel.org
> To: step...@networkplumber.org
> Subject: [Bug 199109] New: pptp: kernel printk "recursion detected", and then
On Fri, Mar 16, 2018 at 02:49:40PM +0800, xu heng wrote:
>
> For testing, in __ppp_channel_push(), disable sending anything from
> the attached unit, just disable __ppp_xmit_process(ppp) in
> __ppp_channel_push(). In my opinion, __ppp_xmit_process() should only called
> by ppp_xmit_proc
On Fri, Mar 16, 2018 at 09:02:40PM +0100, Guillaume Nault wrote:
> On Fri, Mar 16, 2018 at 02:49:40PM +0800, xu heng wrote:
> >
> > For testing, in __ppp_channel_push(), disable sending anything from
> > the attached unit, just disable __ppp_xmit_process(ppp) in
&
t;ppp: avoid dealock on recursive xmit")
Signed-off-by: Guillaume Nault
---
drivers/net/ppp/ppp_generic.c | 26 ++
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index fa2a9bdd1866..da1
kaddr *uaddr,
> struct in6_addr *daddr, old_daddr;
> __be32 fl6_flowlabel = 0;
> __be32 old_fl6_flowlabel;
> - __be32 old_dport;
> + __be16 old_dport;
> int a
Ignore options "peer-offset" and "offset" when creating sessions. Keep
them when dumping sessions in order to avoid breaking external scripts.
"peer-offset" has always been a noop in iproute2. "offset" is now
ignored in Linux 4.16 (and was broken befor
On Wed, Apr 04, 2018 at 04:43:10PM -0700, Stephen Hemminger wrote:
> On Tue, 3 Apr 2018 17:39:54 +0200
> Guillaume Nault wrote:
>
> > Ignore options "peer-offset" and "offset" when creating sessions. Keep
> > them when dumping sessions in order to avoid
The offset and peer_offset parameters are only printed to avoid
confusing external scripts that may parse "ip l2tp show session"
output. There's no reason to keep them in JSON.
Signed-off-by: Guillaume Nault
---
ip/ipl2tp.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions
No 'g' to hairpin.
Signed-off-by: Guillaume Nault
---
bridge/link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bridge/link.c b/bridge/link.c
index 579d57e7..8d89aca2 100644
--- a/bridge/link.c
+++ b/bridge/link.c
@@ -312,7 +312,7 @@ static int brlink_modif
On Tue, Apr 10, 2018 at 11:28:10AM +0530, tejas...@codeaurora.org wrote:
> On 2018-04-09 20:34, David Miller wrote:
> > From: Tejaswi Tanikella
> > Date: Mon, 9 Apr 2018 14:23:49 +0530
> >
> > > @@ -673,6 +677,7 @@ struct slcompress *
> > > if (cs->cs_tcp.doff > 5)
> > > memcpy(cs->cs_tcpop
check for
duplicate tunnels in a race-free way. This is done in patch #2, which
incidentally removes the last use of l2tp_tunnel_find().
Guillaume Nault (2):
l2tp: fix races in tunnel creation
l2tp: fix race in duplicate tunnel detection
net/l2tp/l2tp_core.c
ly as it isn't use anywhere
anymore.
Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP")
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_core.c| 35 ++-
net/l2tp/l2tp_core.h| 1 -
net/l2tp/l2tp_netlink.c | 6 --
3 files ch
86df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp
parts")
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_core.c| 192 ++--
net/l2tp/l2tp_core.h| 3 +
net/l2tp/l2tp_netlink.c | 16 +++-
net/l2tp/l2tp_ppp.c | 9 ++
4 files cha
using the tunnel.
Convert netlink dumps to make them safe against concurrent tunnel
deletion.
Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP")
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_core.c| 20
net/l2tp/l2tp_core.h| 2 ++
net/l2tp/l2tp
the last
accessed tunnel in l2tp_dfs_seq_stop().
That was the last use of l2tp_tunnel_find_nth().
Fixes: 0ad6614048cf ("l2tp: Add debugfs files for dumping l2tp debug info")
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_core.c| 20
net/l2tp/l2tp_core.h|
Using l2tp_tunnel_find_nth() is racy, because the returned tunnel can
go away as soon as this function returns. This series introduce
l2tp_tunnel_get_nth() as a safe replacement to fixes these races.
With this series, all unsafe tunnel/session lookups are finally gone.
Guillaume Nault (3
ng any new
reference. However, in case of error, pppol2tp_seq_stop() is called
directly, so we have to drop the reference there.
Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp
parts")
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_ppp.c | 24
On Fri, Apr 13, 2018 at 10:57:03AM -0400, David Miller wrote:
> From: Guillaume Nault
> Date: Thu, 12 Apr 2018 20:50:33 +0200
>
> > l2tp_tunnel_find_nth() is unsafe: no reference is held on the returned
> > tunnel, therefore it can be freed whenever the caller uses it.
&
On Wed, Feb 21, 2018 at 12:04:30PM -0800, Cong Wang wrote:
> On Thu, Feb 15, 2018 at 11:31 AM, Guillaume Nault
> wrote:
> > On Thu, Feb 15, 2018 at 06:01:16PM +0200, Denys Fedoryshchenko wrote:
> >> On 2018-02-15 17:55, Guillaume Nault wrote:
> >> > On Thu,
On Thu, Feb 22, 2018 at 08:51:19PM +0200, Denys Fedoryshchenko wrote:
> I'm using accel-ppp that has unit-cache option, i guess for "reusing" ppp
> interfaces (because creating a lot of interfaces on BRAS with 8k users quite
> expensive).
> Maybe it is somehow related and can be that scenario causi
On Fri, Feb 23, 2018 at 11:41:43AM +0200, Denys Fedoryshchenko wrote:
> On 2018-02-23 11:38, Guillaume Nault wrote:
> > On Thu, Feb 22, 2018 at 08:51:19PM +0200, Denys Fedoryshchenko wrote:
> > > I'm using accel-ppp that has unit-cache option, i guess for
> > >
On Thu, Feb 22, 2018 at 12:08:19PM -0500, jesse_coo...@codeholics.com wrote:
>
> Quoting Guillaume Nault :
>
> > On Wed, Feb 21, 2018 at 07:59:24PM -0600, Jesse Cooper wrote:
> > > Thank you for the suggestions. This is on a raspberry pi 3 not sure if
> > >
On Thu, Feb 22, 2018 at 07:30:38PM +0100, Guillaume Nault wrote:
> On Wed, Feb 21, 2018 at 12:04:30PM -0800, Cong Wang wrote:
> > For me it looks like pch->clist is not removed from the list ppp->channels
> > when destroyed via ppp_release(). But I don't want to pretend
On Tue, Feb 27, 2018 at 12:58:55PM +0200, Denys Fedoryshchenko wrote:
> On 2018-02-23 12:07, Guillaume Nault wrote:
> > On Fri, Feb 23, 2018 at 11:41:43AM +0200, Denys Fedoryshchenko wrote:
> > > On 2018-02-23 11:38, Guillaume Nault wrote:
> > > > On Thu, Feb 22, 2
On Tue, Feb 27, 2018 at 07:56:27PM +0100, Guillaume Nault wrote:
> On Tue, Feb 27, 2018 at 12:58:55PM +0200, Denys Fedoryshchenko wrote:
> > On 2018-02-23 12:07, Guillaume Nault wrote:
> > > On Fri, Feb 23, 2018 at 11:41:43AM +0200, Denys Fedoryshchenko wrote:
> >
e git history (successfully reproduced on
Linux 2.6.26 and earlier PPP commits are unrelated).
Signed-off-by: Guillaume Nault
---
drivers/net/ppp/ppp_generic.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 255a5def56e9.
On Thu, Mar 01, 2018 at 10:07:05PM +0200, Denys Fedoryshchenko wrote:
> On 2018-03-01 22:01, Guillaume Nault wrote:
> > diff --git a/drivers/net/ppp/ppp_generic.c
> > b/drivers/net/ppp/ppp_generic.c
> > index 255a5def56e9..2acf4b0eabd1 100644
> > --- a/drivers/net/
On Sat, Mar 03, 2018 at 11:33:53AM +0200, Denys Fedoryshchenko wrote:
> On 2018-03-02 19:43, Guillaume Nault wrote:
> > Out of curiosity, did unit-cache really bring performance improvements
> > on your workload?
> On old kernels it definitely did, due local specifics (electr
the source of so many reports.
Acked-by: Guillaume Nault
On Tue, Mar 06, 2018 at 07:54:53AM -0800, Eric Dumazet wrote:
> From: Eric Dumazet
>
> In another patch, we shall replace all pr_err() by less intrusive
> pr_debug() so that syzkaller can find other bugs faster.
>
Or maybe just remove them entirely. These messages aren't very useful
anyway, espe
On Tue, Sep 19, 2017 at 03:40:40PM +0200, Sabrina Dubroca wrote:
> If we try to delete the same tunnel twice, the first delete operation
> does a lookup (l2tp_tunnel_get), finds the tunnel, calls
> l2tp_tunnel_delete, which queues it for deletion by
> l2tp_tunnel_del_work.
>
> The second delete op
ket before calling
pppol2tp_session_close(), we're sure that pppol2tp_session_close() and
pppol2tp_session_destruct() are paired and called in the right order.
So the reference taken by the former will be released by the later.
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_ppp.c | 8
1
given session, but thanks to
proper locking and re-initialisation of list fields, this is not an
issue.
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_core.c | 6 ++
net/l2tp/l2tp_core.h | 1 +
2 files changed, 7 insertions(+)
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index ee4
.
This issue is similar to the tunnel deletion bug being worked on by
Sabrina: https://patchwork.ozlabs.org/patch/814173/
Guillaume Nault (2):
l2tp: ensure sessions are freed after their PPPOL2TP socket
l2tp: fix race between l2tp_session_delete() and
l2tp_tunnel_closeall()
net/l2tp
On Fri, Sep 22, 2017 at 06:16:24PM +0200, Sabrina Dubroca wrote:
> 2017-09-19, 18:43:37 +0200, Guillaume Nault wrote:
> > On Tue, Sep 19, 2017 at 03:40:40PM +0200, Sabrina Dubroca wrote:
> > > If we try to delete the same tunnel twice, the first delete operation
&
On Tue, Sep 26, 2017 at 04:16:43PM +0200, Sabrina Dubroca wrote:
> Add a dead flag to prevent firing the workqueue twice. Then we can
> remove the check of queue_work's result that was meant to prevent that
> race but doesn't.
>
Acked-by: Guillaume Nault
rop pernet handling
instead.
Fixes: d9e31d17ceba ("l2tp: Add L2TP ethernet pseudowire support")
Signed-off-by: Guillaume Nault
---
net/l2tp/l2tp_eth.c | 51 ++-
1 file changed, 2 insertions(+), 49 deletions(-)
diff --git a/net/l2tp/l
On Thu, Sep 28, 2017 at 03:17:28PM +0100, Tom Parkin wrote:
> On Thu, Sep 28, 2017 at 03:44:38PM +0200, Guillaume Nault wrote:
> > The l2tp_eth module crashes if its netlink callbacks are run when the
> > pernet data aren't initialised.
> >
> > We should normally
/ppp_generic.c:1422:13:got int *
...
Fixes: e5dadc65f9e0 ("ppp: Fix false xmit recursion detect with two ppp
devices")
Signed-off-by: Guillaume Nault
---
drivers/net/ppp/ppp_generic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ppp/ppp_generic.c
On Tue, Oct 03, 2017 at 09:44:14AM +0200, Beniamino Galvani wrote:
> Call Trace:
> ppp_destroy_interface+0xd8/0xe0 [ppp_generic]
> ppp_disconnect_channel+0xda/0x110 [ppp_generic]
> ppp_unregister_channel+0x5e/0x110 [ppp_generic]
> pppox_unbind_sock+0x23/0x30 [pppox]
> pppoe_connect+0x130
may be fixed by a patch that is already
> upstream and merged for v4.14. The fix is from Guillaume Nault:
>
> f3c66d4 l2tp: prevent creation of sessions on terminated tunnels
>
> If it's possible that the L2TP server may try to create a session in a
> tunnel that is being closed
430 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x3d/0xa2
==
Fixes: 224cf5ad14c0 ("ppp: Move the PPP drivers")
Reported-by: syzbot+f5f6080811c849739...@syzkaller.appspotmail.com
Signed-off-by: Guillaume Nault
---
On Fri, Sep 14, 2018 at 04:28:05PM +0200, Guillaume Nault wrote:
> pppoe_rcv() needs to look back at the Ethernet header in order to
> lookup the PPPoE session. Therefore we need to ensure that the mac
> header is big enough to contain an Ethernet header. Otherwise
> eth_hdr(skb)->
On Fri, Dec 22, 2017 at 03:10:18PM +0100, Lorenzo Bianconi wrote:
> Introduce peer_offset parameter in order to add the capability
> to specify two different values for payload offset on tx/rx side.
> If just offset is provided by userspace use it for rx side as well
> in order to maintain compatib
On Thu, Dec 28, 2017 at 07:23:48PM +0100, Lorenzo Bianconi wrote:
> On Dec 28, Guillaume Nault wrote:
> > After a quick review of L2TPv3 and pseudowires RFCs, I still don't see
> > how adding some padding between the L2TPv3 header and the payload could
> > constitute a v
On Fri, Dec 29, 2017 at 06:53:56PM +, James Chapman wrote:
> On 28/12/17 19:45, Guillaume Nault wrote:
> > Here we have an option that:
> >* creates invalid packets (AFAIK),
> >* is buggy and leaks memory on the network,
> >* doesn't seem to hav
> > Lorenzo, is this being added to fix interoperability with another L2TPv3
> > implementation? If so, can you share more details?
> >
>
> Hi James,
>
> I introduced peer_offset parameter to fix a specific setup where
> tunnel endpoints
> running L2TPv3 would use different values for tx offset (
On Tue, Jan 02, 2018 at 08:28:03PM +0100, Lorenzo Bianconi wrote:
> Perhaps I am little bit polarized on UABI issue, but I was rethinking
> about it and maybe removing offset parameter would lead to an
> interoperability issue for device running L2TPv3 since offset
> parameter is there and it is no
On Tue, Jan 02, 2018 at 08:59:44PM +, James Chapman wrote:
> I just realised the peer_offset attribute changes are already applied in
> net-next. (I missed these when they were submitted just before Christmas.)
> Should these commits be reverted? We probably don't want v4.15 to get an
> additio
On Wed, Jan 03, 2018 at 04:06:28PM +0100, Lorenzo Bianconi wrote:
> I agree to remove offset parameter in this case. What about (as
> already suggested by James) to take into account possible alignment
> issues with previous version of L2TPv3 protocol using 'L2 specific
> sublayer'?
>
I think Jame
> diff --git a/net/l2tp/l2tp_debugfs.c b/net/l2tp/l2tp_debugfs.c
> index eb69411..2c30587 100644
> --- a/net/l2tp/l2tp_debugfs.c
> +++ b/net/l2tp/l2tp_debugfs.c
> @@ -180,8 +180,8 @@ static void l2tp_dfs_seq_session_show(struct seq_file *m,
> void *v)
> session->lns_mode ? "LNS" :
ore places talking about offsets:
* Description of SESSION_CREATE in include/uapi/linux/l2tp.h.
* Description of L2TPv3 packet format above l2tp_recv_common() in
net/l2tp/l2tp_core.c.
I can submit a followup patch to remove them.
Reviewed-by: Guillaume Nault
Tested-by: Guillaume Nault
On Thu, Jan 04, 2018 at 12:36:26PM +, James Chapman wrote:
> On 04/01/18 10:25, Guillaume Nault wrote:
> >> diff --git a/net/l2tp/l2tp_debugfs.c b/net/l2tp/l2tp_debugfs.c
> >> index eb69411..2c30587 100644
> >> --- a/net/l2tp/l2tp_debugfs.c
> >> +++ b
On Wed, Jan 03, 2018 at 10:58:01PM -0800, syzbot wrote:
> Hello,
>
>
> WARNING: possible recursive locking detected
> 4.15.0-rc6-next-20180103+ #87 Not tainted
>
> syzkaller221540/3462 is trying to acquire lo
On Fri, Jan 05, 2018 at 07:15:31PM +0100, Guillaume Nault wrote:
> That's probably worth a test anyway.
>
Copy/paste error :-/
Here's a version that should apply cleanly.
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git master
8<
diff
The "offset" option has been removed by
commit 900631ee6a26 ("l2tp: remove configurable payload offset").
Signed-off-by: Guillaume Nault
---
include/uapi/linux/l2tp.h | 2 +-
net/l2tp/l2tp_core.c | 7 +++
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git
ion upon netns deletion")
Reported-and-tested-by: syzbot+367889b9c9e279219...@syzkaller.appspotmail.com
Signed-off-by: Guillaume Nault
---
drivers/net/ppp/ppp_generic.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/pp
101 - 200 of 587 matches
Mail list logo