[PATCH 4.9 51/64] l2tp: device MTU setup, tunnel socket needs a lock

From: Greg Kroah-Hartman
Date: Tue May 26 2020 - 14:59:27 EST


From: R. Parameswaran <parameswaran.r7@xxxxxxxxx>

commit 57240d007816486131bee88cd474c2a71f0fe224 upstream.

The MTU overhead calculation in L2TP device set-up
merged via commit b784e7ebfce8cfb16c6f95e14e8532d0768ab7ff
needs to be adjusted to lock the tunnel socket while
referencing the sub-data structures to derive the
socket's IP overhead.

Reported-by: Guillaume Nault <g.nault@xxxxxxxxxxxx>
Tested-by: Guillaume Nault <g.nault@xxxxxxxxxxxx>
Signed-off-by: R. Parameswaran <rparames@xxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Cc: Giuliano Procida <gprocida@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
include/linux/net.h | 2 +-
net/l2tp/l2tp_eth.c | 2 ++
net/socket.c | 2 +-
3 files changed, 4 insertions(+), 2 deletions(-)

--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -298,7 +298,7 @@ int kernel_sendpage(struct socket *sock,
int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg);
int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how);

-/* Following routine returns the IP overhead imposed by a socket. */
+/* Routine returns the IP overhead imposed by a (caller-protected) socket. */
u32 kernel_sock_ip_overhead(struct sock *sk);

#define MODULE_ALIAS_NETPROTO(proto) \
--- a/net/l2tp/l2tp_eth.c
+++ b/net/l2tp/l2tp_eth.c
@@ -240,7 +240,9 @@ static void l2tp_eth_adjust_mtu(struct l
dev->needed_headroom += session->hdr_len;
return;
}
+ lock_sock(tunnel->sock);
l3_overhead = kernel_sock_ip_overhead(tunnel->sock);
+ release_sock(tunnel->sock);
if (l3_overhead == 0) {
/* L3 Overhead couldn't be identified, this could be
* because tunnel->sock was NULL or the socket's
--- a/net/socket.c
+++ b/net/socket.c
@@ -3325,7 +3325,7 @@ EXPORT_SYMBOL(kernel_sock_shutdown);
/* This routine returns the IP overhead imposed by a socket i.e.
* the length of the underlying IP header, depending on whether
* this is an IPv4 or IPv6 socket and the length from IP options turned
- * on at the socket.
+ * on at the socket. Assumes that the caller has a lock on the socket.
*/
u32 kernel_sock_ip_overhead(struct sock *sk)
{