hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

l2tp: create tunnel sockets in the right namespace 

When creating unmanaged tunnel sockets we should honour the network namespace
passed to l2tp_tunnel_create.  Furthermore, unmanaged tunnel sockets should
not hold a reference to the network namespace lest they accidentally keep
alive a namespace which should otherwise have been released.

Unmanaged tunnel sockets now drop their namespace reference via sk_change_net,
and are released in a new pernet exit callback, l2tp_exit_net.

Signed-off-by: Tom Parkin <tparkin@katalix.com>
Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Tom Parkin 2013-01-31 23:43:03 +00:00 committed by David S. Miller
parent cbb95e0ca9
commit 167eb17e0b
1 changed files with 55 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
net/l2tp/l2tp_core.c
View File

@ -1409,18 +1409,18 @@ static void l2tp_tunnel_del_work(struct work_struct *work)
sock = sk->sk_socket; sock = sk->sk_socket;
BUG_ON(!sock); BUG_ON(!sock);
/* Force the tunnel socket to close. This will eventually /* If the tunnel socket was created directly by the kernel, use the
* cause the tunnel to be deleted via the normal socket close * sk_* API to release the socket now. Otherwise go through the
* mechanisms when userspace closes the tunnel socket. * inet_* layer to shut the socket down, and let userspace close it.
* In either case the tunnel resources are freed in the socket
* destructor when the tunnel socket goes away.
*/ */
inet_shutdown(sock, 2); if (sock->file == NULL) {
kernel_sock_shutdown(sock, SHUT_RDWR);
/* If the tunnel's socket was created by the kernel, sk_release_kernel(sk);
* close the socket here since the socket was not } else {
* created by userspace. inet_shutdown(sock, 2);
*/ }
if (sock->file == NULL)
inet_release(sock);
l2tp_tunnel_sock_put(sk); l2tp_tunnel_sock_put(sk);
} }
@ -1428,29 +1428,37 @@ static void l2tp_tunnel_del_work(struct work_struct *work)
/* Create a socket for the tunnel, if one isn't set up by /* Create a socket for the tunnel, if one isn't set up by
* userspace. This is used for static tunnels where there is no * userspace. This is used for static tunnels where there is no
* managing L2TP daemon. * managing L2TP daemon.
*
* Since we don't want these sockets to keep a namespace alive by
* themselves, we drop the socket's namespace refcount after creation.
* These sockets are freed when the namespace exits using the pernet
* exit hook.
*/ */
static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct socket **sockp) static int l2tp_tunnel_sock_create(struct net *net,
u32 tunnel_id,
u32 peer_tunnel_id,
struct l2tp_tunnel_cfg *cfg,
struct socket **sockp)
{ {
int err = -EINVAL; int err = -EINVAL;
struct sockaddr_in udp_addr;
#if IS_ENABLED(CONFIG_IPV6)
struct sockaddr_in6 udp6_addr;
struct sockaddr_l2tpip6 ip6_addr;
#endif
struct sockaddr_l2tpip ip_addr;
struct socket *sock = NULL; struct socket *sock = NULL;
struct sockaddr_in udp_addr = {0};
struct sockaddr_l2tpip ip_addr = {0};
#if IS_ENABLED(CONFIG_IPV6)
struct sockaddr_in6 udp6_addr = {0};
struct sockaddr_l2tpip6 ip6_addr = {0};
#endif
switch (cfg->encap) { switch (cfg->encap) {
case L2TP_ENCAPTYPE_UDP: case L2TP_ENCAPTYPE_UDP:
#if IS_ENABLED(CONFIG_IPV6) #if IS_ENABLED(CONFIG_IPV6)
if (cfg->local_ip6 && cfg->peer_ip6) { if (cfg->local_ip6 && cfg->peer_ip6) {
err = sock_create(AF_INET6, SOCK_DGRAM, 0, sockp); err = sock_create_kern(AF_INET6, SOCK_DGRAM, 0, &sock);
if (err < 0) if (err < 0)
goto out; goto out;
sock = *sockp; sk_change_net(sock->sk, net);
memset(&udp6_addr, 0, sizeof(udp6_addr));
udp6_addr.sin6_family = AF_INET6; udp6_addr.sin6_family = AF_INET6;
memcpy(&udp6_addr.sin6_addr, cfg->local_ip6, memcpy(&udp6_addr.sin6_addr, cfg->local_ip6,
sizeof(udp6_addr.sin6_addr)); sizeof(udp6_addr.sin6_addr));
@ -1472,13 +1480,12 @@ static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2t
} else } else
#endif #endif
{ {
err = sock_create(AF_INET, SOCK_DGRAM, 0, sockp); err = sock_create_kern(AF_INET, SOCK_DGRAM, 0, &sock);
if (err < 0) if (err < 0)
goto out; goto out;
sock = *sockp; sk_change_net(sock->sk, net);
memset(&udp_addr, 0, sizeof(udp_addr));
udp_addr.sin_family = AF_INET; udp_addr.sin_family = AF_INET;
udp_addr.sin_addr = cfg->local_ip; udp_addr.sin_addr = cfg->local_ip;
udp_addr.sin_port = htons(cfg->local_udp_port); udp_addr.sin_port = htons(cfg->local_udp_port);
@ -1505,14 +1512,13 @@ static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2t
case L2TP_ENCAPTYPE_IP: case L2TP_ENCAPTYPE_IP:
#if IS_ENABLED(CONFIG_IPV6) #if IS_ENABLED(CONFIG_IPV6)
if (cfg->local_ip6 && cfg->peer_ip6) { if (cfg->local_ip6 && cfg->peer_ip6) {
err = sock_create(AF_INET6, SOCK_DGRAM, IPPROTO_L2TP, err = sock_create_kern(AF_INET6, SOCK_DGRAM,
sockp); IPPROTO_L2TP, &sock);
if (err < 0) if (err < 0)
goto out; goto out;
sock = *sockp; sk_change_net(sock->sk, net);
memset(&ip6_addr, 0, sizeof(ip6_addr));
ip6_addr.l2tp_family = AF_INET6; ip6_addr.l2tp_family = AF_INET6;
memcpy(&ip6_addr.l2tp_addr, cfg->local_ip6, memcpy(&ip6_addr.l2tp_addr, cfg->local_ip6,
sizeof(ip6_addr.l2tp_addr)); sizeof(ip6_addr.l2tp_addr));
@ -1534,14 +1540,13 @@ static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2t
} else } else
#endif #endif
{ {
err = sock_create(AF_INET, SOCK_DGRAM, IPPROTO_L2TP, err = sock_create_kern(AF_INET, SOCK_DGRAM,
sockp); IPPROTO_L2TP, &sock);
if (err < 0) if (err < 0)
goto out; goto out;
sock = *sockp; sk_change_net(sock->sk, net);
memset(&ip_addr, 0, sizeof(ip_addr));
ip_addr.l2tp_family = AF_INET; ip_addr.l2tp_family = AF_INET;
ip_addr.l2tp_addr = cfg->local_ip; ip_addr.l2tp_addr = cfg->local_ip;
ip_addr.l2tp_conn_id = tunnel_id; ip_addr.l2tp_conn_id = tunnel_id;
@ -1565,8 +1570,10 @@ static int l2tp_tunnel_sock_create(u32 tunnel_id, u32 peer_tunnel_id, struct l2t
} }
out: out:
*sockp = sock;
if ((err < 0) && sock) { if ((err < 0) && sock) {
sock_release(sock); kernel_sock_shutdown(sock, SHUT_RDWR);
sk_release_kernel(sock->sk);
*sockp = NULL; *sockp = NULL;
} }
@ -1589,7 +1596,8 @@ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32
* kernel socket. * kernel socket.
*/ */
if (fd < 0) { if (fd < 0) {
err = l2tp_tunnel_sock_create(tunnel_id, peer_tunnel_id, cfg, &sock); err = l2tp_tunnel_sock_create(net, tunnel_id, peer_tunnel_id,
cfg, &sock);
if (err < 0) if (err < 0)
goto err; goto err;
} else { } else {
@ -1909,8 +1917,21 @@ static __net_init int l2tp_init_net(struct net *net)
return 0; return 0;
} }
static __net_exit void l2tp_exit_net(struct net *net)
{
struct l2tp_net *pn = l2tp_pernet(net);
struct l2tp_tunnel *tunnel = NULL;
rcu_read_lock_bh();
list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
(void)l2tp_tunnel_delete(tunnel);
}
rcu_read_unlock_bh();
}
static struct pernet_operations l2tp_net_ops = { static struct pernet_operations l2tp_net_ops = {
.init = l2tp_init_net, .init = l2tp_init_net,
.exit = l2tp_exit_net,
.id = &l2tp_net_id, .id = &l2tp_net_id,
.size = sizeof(struct l2tp_net), .size = sizeof(struct l2tp_net),
}; };