l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv() [Linux 3.16.72]

This Linux kernel change "l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv()" is included in the Linux 3.16.72 release. This change is authored by Eric Dumazet <edumazet [at] google.com> on Tue Apr 23 09:43:26 2019 -0700. The commit for this change in Linux stable tree is d9cf789 (patch) which is from upstream commit c1c4772. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream c1c4772.

l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv()

commit c1c477217882c610a2ba0268f5faf36c9c092528 upstream.

Canonical way to fetch sk_user_data from an encap_rcv() handler called
from UDP stack in rcu protected section is to use rcu_dereference_sk_user_data(),
otherwise compiler might read it multiple times.

Fixes: d00fa9adc528 ("il2tp: fix races with tunnel socket close")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: James Chapman <jchapman@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

There are 2 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/l2tp/l2tp_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index 661252a..ead3862 100644
--- a/net/l2tp/l2tp_core.c
+++ b/net/l2tp/l2tp_core.c
@@ -997,7 +997,7 @@ int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
 {
    struct l2tp_tunnel *tunnel;

-   tunnel = l2tp_tunnel(sk);
+   tunnel = rcu_dereference_sk_user_data(sk);
    if (tunnel == NULL)
        goto pass_up;

Leave a Reply

Your email address will not be published. Required fields are marked *