From: Guillaume Nault <gnault@redhat.com>
To: Alexander Lobakin <alexandr.lobakin@intel.com>
Cc: Shigeru Yoshida <syoshida@redhat.com>,
jchapman@katalix.com, davem@davemloft.net, edumazet@google.com,
kuba@kernel.org, pabeni@redhat.com, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
Date: Mon, 13 Feb 2023 16:45:54 +0100 [thread overview]
Message-ID: <Y+pbMgEq0epVbB4P@debian> (raw)
In-Reply-To: <cd8907dc-0319-6c04-271c-489ca4550579@intel.com>
On Mon, Feb 13, 2023 at 04:05:59PM +0100, Alexander Lobakin wrote:
> From: Shigeru Yoshida <syoshida@redhat.com>
> Date: Mon, 13 Feb 2023 01:26:23 +0900
>
> > When a file descriptor of pppol2tp socket is passed as file descriptor
> > of UDP socket, a recursive deadlock occurs in l2tp_tunnel_register().
> > This situation is reproduced by the following program:
>
> [...]
>
> > +static struct l2tp_tunnel *pppol2tp_tunnel_get(struct net *net,
> > + struct l2tp_connect_info *info,
> > + bool *new_tunnel)
> > +{
> > + struct l2tp_tunnel *tunnel;
> > + int error;
> > +
> > + *new_tunnel = false;
> > +
> > + tunnel = l2tp_tunnel_get(net, info->tunnel_id);
> > +
> > + /* Special case: create tunnel context if session_id and
> > + * peer_session_id is 0. Otherwise look up tunnel using supplied
> > + * tunnel id.
> > + */
> > + if (!info->session_id && !info->peer_session_id) {
> > + if (!tunnel) {
>
> This `if` is the sole thing the outer `if` contains, could we combine them?
The logic of this code is a bit convoluted, sure, but if we want to
rework it, let's simplify it for real:
tunnel = l2tp_tunnel_get(...)
if (tunnel)
return tunnel; /* the original !tunnel->sock test is useless I believe */
/* Tunnel not found. Try to create one if both session_id and
* peer_session_id are 0. Fail otherwise.
*/
if (info->session_id || info->peer_session_id)
return ERR_PTR(-ENOENT);
[...] /* Tunnel creation code */
However, I'd prefer to keep such refactoring for later. Keeping the
same structure in pppol2tp_tunnel_get() as in the original code helps
reviewing the patch.
> > + struct l2tp_tunnel_cfg tcfg = {
> > + .encap = L2TP_ENCAPTYPE_UDP,
> > + };
> > +
> > + /* Prevent l2tp_tunnel_register() from trying to set up
> > + * a kernel socket.
> > + */
> > + if (info->fd < 0)
> > + return ERR_PTR(-EBADF);
> > +
> > + error = l2tp_tunnel_create(info->fd,
> > + info->version,
>
> This fits into the prev line.
>
> > + info->tunnel_id,
> > + info->peer_tunnel_id, &tcfg,
> > + &tunnel);
> > + if (error < 0)
> > + return ERR_PTR(error);
> > +
> > + l2tp_tunnel_inc_refcount(tunnel);
> > + error = l2tp_tunnel_register(tunnel, net, &tcfg);
> > + if (error < 0) {
> > + kfree(tunnel);
> > + return ERR_PTR(error);
> > + }
> > +
> > + *new_tunnel = true;
> > + }
> > + } else {
> > + /* Error if we can't find the tunnel */
> > + if (!tunnel)
> > + return ERR_PTR(-ENOENT);
>
> [...]
>
> Thanks,
> Olek
>
next prev parent reply other threads:[~2023-02-13 15:47 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-12 16:26 [PATCH v2] l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register() Shigeru Yoshida
2023-02-13 14:55 ` Guillaume Nault
2023-02-14 16:49 ` Shigeru Yoshida
2023-02-14 17:09 ` Guillaume Nault
2023-02-15 16:39 ` Shigeru Yoshida
2023-02-13 15:05 ` Alexander Lobakin
2023-02-13 15:45 ` Guillaume Nault [this message]
2023-02-14 16:52 ` Shigeru Yoshida
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y+pbMgEq0epVbB4P@debian \
--to=gnault@redhat.com \
--cc=alexandr.lobakin@intel.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jchapman@katalix.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syoshida@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.