On 29/11/16 12:09, Guillaume Nault wrote:
> This series addresses problems found while working on commit 32c231164b76
> ("l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()").
>
> The first three patches fix races in socket's connect, recv and bind
> operations. The last two ones fix scenarios where l2tp fails to
> correctly lookup its userspace sockets.
>
> Apart from the last patch, which is l2tp_ip6 specific, every patch
> fixes the same problem in the L2TP IPv4 and IPv6 code.
>
> All problems fixed by this series exist since the creation of the
> l2tp_ip and l2tp_ip6 modules.
>
> Changes since v1:
> * Patch #3: fix possible uninitialised use of 'ret' in l2tp_ip_bind().
>
>
> Guillaume Nault (5):
> l2tp: lock socket before checking flags in connect()
> l2tp: hold socket before dropping lock in l2tp_ip{,6}_recv()
> l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()
> l2tp: fix lookup for sockets not bound to a device in l2tp_ip
> l2tp: fix address test in __l2tp_ip6_bind_lookup()
>
> include/net/ipv6.h | 2 ++
> net/ipv6/datagram.c | 4 ++-
> net/l2tp/l2tp_ip.c | 63 ++++++++++++++++++++++--------------------
> net/l2tp/l2tp_ip6.c | 79
> ++++++++++++++++++++++++++++-------------------------
> 4 files changed, 81 insertions(+), 67 deletions(-)
>
Looks good.
Acked-by: James Chapman <jchap...@katalix.com>
