add new system file

hc

2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c

 kernel/net/l2tp/l2tp_core.c
..
..
@@ -1,5 +1,5 @@
1
-/*
2
- * L2TP core.
1
+// SPDX-License-Identifier: GPL-2.0-only
2
+/* L2TP core.
3
3
  *
4
4
  * Copyright (c) 2008,2009,2010 Katalix Systems Ltd
5
5
  *
..
..
@@ -12,10 +12,6 @@
12
12
  *		Michal Ostrowski <mostrows@speakeasy.net>
13
13
  *		Arnaldo Carvalho de Melo <acme@xconectiva.com.br>
14
14
  *		David S. Miller (davem@redhat.com)
15
- *
16
- * This program is free software; you can redistribute it and/or modify
17
- * it under the terms of the GNU General Public License version 2 as
18
- * published by the Free Software Foundation.
19
15
  */
20
16
 
21
17
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
..
..
@@ -65,6 +61,10 @@
65
61
 #include <linux/atomic.h>
66
62
 
67
63
 #include "l2tp_core.h"
64
+#include "trace.h"
65
+
66
+#define CREATE_TRACE_POINTS
67
+#include "trace.h"
68
68
 
69
69
 #define L2TP_DRV_VERSION	"V2.0"
70
70
 
..
..
@@ -97,16 +97,18 @@
97
97
 	unsigned long		expires;
98
98
 };
99
99
 
100
-#define L2TP_SKB_CB(skb)	((struct l2tp_skb_cb *) &skb->cb[sizeof(struct inet_skb_parm)])
100
+#define L2TP_SKB_CB(skb)	((struct l2tp_skb_cb *)&(skb)->cb[sizeof(struct inet_skb_parm)])
101
101
 
102
102
 static struct workqueue_struct *l2tp_wq;
103
103
 
104
104
 /* per-net private data for this module */
105
105
 static unsigned int l2tp_net_id;
106
106
 struct l2tp_net {
107
-	struct list_head l2tp_tunnel_list;
108
-	spinlock_t l2tp_tunnel_list_lock;
107
+	/* Lock for write access to l2tp_tunnel_idr */
108
+	spinlock_t l2tp_tunnel_idr_lock;
109
+	struct idr l2tp_tunnel_idr;
109
110
 	struct hlist_head l2tp_session_hlist[L2TP_HASH_SIZE_2];
111
+	/* Lock for write access to l2tp_session_hlist */
110
112
 	spinlock_t l2tp_session_hlist_lock;
111
113
 };
112
114
 
..
..
@@ -118,15 +120,8 @@
118
120
 }
119
121
 #endif
120
122
 
121
-static inline struct l2tp_tunnel *l2tp_tunnel(struct sock *sk)
122
-{
123
-	return sk->sk_user_data;
124
-}
125
-
126
123
 static inline struct l2tp_net *l2tp_pernet(const struct net *net)
127
124
 {
128
-	BUG_ON(!net);
129
-
130
125
 	return net_generic(net, l2tp_net_id);
131
126
 }
132
127
 
..
..
@@ -139,7 +134,6 @@
139
134
 l2tp_session_id_hash_2(struct l2tp_net *pn, u32 session_id)
140
135
 {
141
136
 	return &pn->l2tp_session_hlist[hash_32(session_id, L2TP_HASH_BITS_2)];
142
-
143
137
 }
144
138
 
145
139
 /* Session hash list.
..
..
@@ -154,12 +148,58 @@
154
148
 	return &tunnel->session_hlist[hash_32(session_id, L2TP_HASH_BITS)];
155
149
 }
156
150
 
157
-void l2tp_tunnel_free(struct l2tp_tunnel *tunnel)
151
+static void l2tp_tunnel_free(struct l2tp_tunnel *tunnel)
158
152
 {
153
+	trace_free_tunnel(tunnel);
159
154
 	sock_put(tunnel->sock);
160
155
 	/* the tunnel is freed in the socket destructor */
161
156
 }
162
-EXPORT_SYMBOL(l2tp_tunnel_free);
157
+
158
+static void l2tp_session_free(struct l2tp_session *session)
159
+{
160
+	trace_free_session(session);
161
+	if (session->tunnel)
162
+		l2tp_tunnel_dec_refcount(session->tunnel);
163
+	kfree(session);
164
+}
165
+
166
+struct l2tp_tunnel *l2tp_sk_to_tunnel(struct sock *sk)
167
+{
168
+	struct l2tp_tunnel *tunnel = sk->sk_user_data;
169
+
170
+	if (tunnel)
171
+		if (WARN_ON(tunnel->magic != L2TP_TUNNEL_MAGIC))
172
+			return NULL;
173
+
174
+	return tunnel;
175
+}
176
+EXPORT_SYMBOL_GPL(l2tp_sk_to_tunnel);
177
+
178
+void l2tp_tunnel_inc_refcount(struct l2tp_tunnel *tunnel)
179
+{
180
+	refcount_inc(&tunnel->ref_count);
181
+}
182
+EXPORT_SYMBOL_GPL(l2tp_tunnel_inc_refcount);
183
+
184
+void l2tp_tunnel_dec_refcount(struct l2tp_tunnel *tunnel)
185
+{
186
+	if (refcount_dec_and_test(&tunnel->ref_count))
187
+		l2tp_tunnel_free(tunnel);
188
+}
189
+EXPORT_SYMBOL_GPL(l2tp_tunnel_dec_refcount);
190
+
191
+void l2tp_session_inc_refcount(struct l2tp_session *session)
192
+{
193
+	refcount_inc(&session->ref_count);
194
+}
195
+EXPORT_SYMBOL_GPL(l2tp_session_inc_refcount);
196
+
197
+void l2tp_session_dec_refcount(struct l2tp_session *session)
198
+{
199
+	if (refcount_dec_and_test(&session->ref_count))
200
+		l2tp_session_free(session);
201
+}
202
+EXPORT_SYMBOL_GPL(l2tp_session_dec_refcount);
163
203
 
164
204
 /* Lookup a tunnel. A new reference is held on the returned tunnel. */
165
205
 struct l2tp_tunnel *l2tp_tunnel_get(const struct net *net, u32 tunnel_id)
..
..
@@ -168,13 +208,10 @@
168
208
 	struct l2tp_tunnel *tunnel;
169
209
 
170
210
 	rcu_read_lock_bh();
171
-	list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
172
-		if (tunnel->tunnel_id == tunnel_id &&
173
-		    refcount_inc_not_zero(&tunnel->ref_count)) {
174
-			rcu_read_unlock_bh();
175
-
176
-			return tunnel;
177
-		}
211
+	tunnel = idr_find(&pn->l2tp_tunnel_idr, tunnel_id);
212
+	if (tunnel && refcount_inc_not_zero(&tunnel->ref_count)) {
213
+		rcu_read_unlock_bh();
214
+		return tunnel;
178
215
 	}
179
216
 	rcu_read_unlock_bh();
180
217
 
..
..
@@ -184,13 +221,14 @@
184
221
 
185
222
 struct l2tp_tunnel *l2tp_tunnel_get_nth(const struct net *net, int nth)
186
223
 {
187
-	const struct l2tp_net *pn = l2tp_pernet(net);
224
+	struct l2tp_net *pn = l2tp_pernet(net);
225
+	unsigned long tunnel_id, tmp;
188
226
 	struct l2tp_tunnel *tunnel;
189
227
 	int count = 0;
190
228
 
191
229
 	rcu_read_lock_bh();
192
-	list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
193
-		if (++count > nth &&
230
+	idr_for_each_entry_ul(&pn->l2tp_tunnel_idr, tunnel, tmp, tunnel_id) {
231
+		if (tunnel && ++count > nth &&
194
232
 		    refcount_inc_not_zero(&tunnel->ref_count)) {
195
233
 			rcu_read_unlock_bh();
196
234
 			return tunnel;
..
..
@@ -347,6 +385,8 @@
347
385
 	hlist_add_head(&session->hlist, head);
348
386
 	write_unlock_bh(&tunnel->hlist_lock);
349
387
 
388
+	trace_register_session(session);
389
+
350
390
 	return 0;
351
391
 
352
392
 err_tlock_pnlock:
..
..
@@ -375,10 +415,6 @@
375
415
 	skb_queue_walk_safe(&session->reorder_q, skbp, tmp) {
376
416
 		if (L2TP_SKB_CB(skbp)->ns > ns) {
377
417
 			__skb_queue_before(&session->reorder_q, skbp, skb);
378
-			l2tp_dbg(session, L2TP_MSG_SEQ,
379
-				 "%s: pkt %hu, inserted before %hu, reorder_q len=%d\n",
380
-				 session->name, ns, L2TP_SKB_CB(skbp)->ns,
381
-				 skb_queue_len(&session->reorder_q));
382
418
 			atomic_long_inc(&session->stats.rx_oos_packets);
383
419
 			goto out;
384
420
 		}
..
..
@@ -411,13 +447,11 @@
411
447
 		/* Bump our Nr */
412
448
 		session->nr++;
413
449
 		session->nr &= session->nr_max;
414
-
415
-		l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated nr to %hu\n",
416
-			 session->name, session->nr);
450
+		trace_session_seqnum_update(session);
417
451
 	}
418
452
 
419
453
 	/* call private receive handler */
420
-	if (session->recv_skb != NULL)
454
+	if (session->recv_skb)
421
455
 		(*session->recv_skb)(session, skb, L2TP_SKB_CB(skb)->length);
422
456
 	else
423
457
 		kfree_skb(skb);
..
..
@@ -438,37 +472,27 @@
438
472
 start:
439
473
 	spin_lock_bh(&session->reorder_q.lock);
440
474
 	skb_queue_walk_safe(&session->reorder_q, skb, tmp) {
441
-		if (time_after(jiffies, L2TP_SKB_CB(skb)->expires)) {
475
+		struct l2tp_skb_cb *cb = L2TP_SKB_CB(skb);
476
+
477
+		/* If the packet has been pending on the queue for too long, discard it */
478
+		if (time_after(jiffies, cb->expires)) {
442
479
 			atomic_long_inc(&session->stats.rx_seq_discards);
443
480
 			atomic_long_inc(&session->stats.rx_errors);
444
-			l2tp_dbg(session, L2TP_MSG_SEQ,
445
-				 "%s: oos pkt %u len %d discarded (too old), waiting for %u, reorder_q_len=%d\n",
446
-				 session->name, L2TP_SKB_CB(skb)->ns,
447
-				 L2TP_SKB_CB(skb)->length, session->nr,
448
-				 skb_queue_len(&session->reorder_q));
481
+			trace_session_pkt_expired(session, cb->ns);
449
482
 			session->reorder_skip = 1;
450
483
 			__skb_unlink(skb, &session->reorder_q);
451
484
 			kfree_skb(skb);
452
485
 			continue;
453
486
 		}
454
487
 
455
-		if (L2TP_SKB_CB(skb)->has_seq) {
488
+		if (cb->has_seq) {
456
489
 			if (session->reorder_skip) {
457
-				l2tp_dbg(session, L2TP_MSG_SEQ,
458
-					 "%s: advancing nr to next pkt: %u -> %u",
459
-					 session->name, session->nr,
460
-					 L2TP_SKB_CB(skb)->ns);
461
490
 				session->reorder_skip = 0;
462
-				session->nr = L2TP_SKB_CB(skb)->ns;
491
+				session->nr = cb->ns;
492
+				trace_session_seqnum_reset(session);
463
493
 			}
464
-			if (L2TP_SKB_CB(skb)->ns != session->nr) {
465
-				l2tp_dbg(session, L2TP_MSG_SEQ,
466
-					 "%s: holding oos pkt %u len %d, waiting for %u, reorder_q_len=%d\n",
467
-					 session->name, L2TP_SKB_CB(skb)->ns,
468
-					 L2TP_SKB_CB(skb)->length, session->nr,
469
-					 skb_queue_len(&session->reorder_q));
494
+			if (cb->ns != session->nr)
470
495
 				goto out;
471
-			}
472
496
 		}
473
497
 		__skb_unlink(skb, &session->reorder_q);
474
498
 
..
..
@@ -501,14 +525,13 @@
501
525
  */
502
526
 static int l2tp_recv_data_seq(struct l2tp_session *session, struct sk_buff *skb)
503
527
 {
504
-	if (!l2tp_seq_check_rx_window(session, L2TP_SKB_CB(skb)->ns)) {
528
+	struct l2tp_skb_cb *cb = L2TP_SKB_CB(skb);
529
+
530
+	if (!l2tp_seq_check_rx_window(session, cb->ns)) {
505
531
 		/* Packet sequence number is outside allowed window.
506
532
 		 * Discard it.
507
533
 		 */
508
-		l2tp_dbg(session, L2TP_MSG_SEQ,
509
-			 "%s: pkt %u len %d discarded, outside window, nr=%u\n",
510
-			 session->name, L2TP_SKB_CB(skb)->ns,
511
-			 L2TP_SKB_CB(skb)->length, session->nr);
534
+		trace_session_pkt_outside_rx_window(session, cb->ns);
512
535
 		goto discard;
513
536
 	}
514
537
 
..
..
@@ -525,10 +548,10 @@
525
548
 	 * is seen. After nr_oos_count_max in-sequence packets, reset the
526
549
 	 * sequence number to re-enable packet reception.
527
550
 	 */
528
-	if (L2TP_SKB_CB(skb)->ns == session->nr) {
551
+	if (cb->ns == session->nr) {
529
552
 		skb_queue_tail(&session->reorder_q, skb);
530
553
 	} else {
531
-		u32 nr_oos = L2TP_SKB_CB(skb)->ns;
554
+		u32 nr_oos = cb->ns;
532
555
 		u32 nr_next = (session->nr_oos + 1) & session->nr_max;
533
556
 
534
557
 		if (nr_oos == nr_next)
..
..
@@ -539,17 +562,10 @@
539
562
 		session->nr_oos = nr_oos;
540
563
 		if (session->nr_oos_count > session->nr_oos_count_max) {
541
564
 			session->reorder_skip = 1;
542
-			l2tp_dbg(session, L2TP_MSG_SEQ,
543
-				 "%s: %d oos packets received. Resetting sequence numbers\n",
544
-				 session->name, session->nr_oos_count);
545
565
 		}
546
566
 		if (!session->reorder_skip) {
547
567
 			atomic_long_inc(&session->stats.rx_seq_discards);
548
-			l2tp_dbg(session, L2TP_MSG_SEQ,
549
-				 "%s: oos pkt %u len %d discarded, waiting for %u, reorder_q_len=%d\n",
550
-				 session->name, L2TP_SKB_CB(skb)->ns,
551
-				 L2TP_SKB_CB(skb)->length, session->nr,
552
-				 skb_queue_len(&session->reorder_q));
568
+			trace_session_pkt_oos(session, cb->ns);
553
569
 			goto discard;
554
570
 		}
555
571
 		skb_queue_tail(&session->reorder_q, skb);
..
..
@@ -627,15 +643,13 @@
627
643
 {
628
644
 	struct l2tp_tunnel *tunnel = session->tunnel;
629
645
 	int offset;
630
-	u32 ns, nr;
631
646
 
632
647
 	/* Parse and check optional cookie */
633
648
 	if (session->peer_cookie_len > 0) {
634
649
 		if (memcmp(ptr, &session->peer_cookie[0], session->peer_cookie_len)) {
635
-			l2tp_info(tunnel, L2TP_MSG_DATA,
636
-				  "%s: cookie mismatch (%u/%u). Discarding.\n",
637
-				  tunnel->name, tunnel->tunnel_id,
638
-				  session->session_id);
650
+			pr_debug_ratelimited("%s: cookie mismatch (%u/%u). Discarding.\n",
651
+					     tunnel->name, tunnel->tunnel_id,
652
+					     session->session_id);
639
653
 			atomic_long_inc(&session->stats.rx_cookie_discards);
640
654
 			goto discard;
641
655
 		}
..
..
@@ -649,49 +663,35 @@
649
663
 	 * the control of the LNS.  If no sequence numbers present but
650
664
 	 * we were expecting them, discard frame.
651
665
 	 */
652
-	ns = nr = 0;
653
666
 	L2TP_SKB_CB(skb)->has_seq = 0;
654
667
 	if (tunnel->version == L2TP_HDR_VER_2) {
655
668
 		if (hdrflags & L2TP_HDRFLAG_S) {
656
-			ns = ntohs(*(__be16 *) ptr);
657
-			ptr += 2;
658
-			nr = ntohs(*(__be16 *) ptr);
659
-			ptr += 2;
660
-
661
669
 			/* Store L2TP info in the skb */
662
-			L2TP_SKB_CB(skb)->ns = ns;
670
+			L2TP_SKB_CB(skb)->ns = ntohs(*(__be16 *)ptr);
663
671
 			L2TP_SKB_CB(skb)->has_seq = 1;
672
+			ptr += 2;
673
+			/* Skip past nr in the header */
674
+			ptr += 2;
664
675
 
665
-			l2tp_dbg(session, L2TP_MSG_SEQ,
666
-				 "%s: recv data ns=%u, nr=%u, session nr=%u\n",
667
-				 session->name, ns, nr, session->nr);
668
676
 		}
669
677
 	} else if (session->l2specific_type == L2TP_L2SPECTYPE_DEFAULT) {
670
-		u32 l2h = ntohl(*(__be32 *) ptr);
678
+		u32 l2h = ntohl(*(__be32 *)ptr);
671
679
 
672
680
 		if (l2h & 0x40000000) {
673
-			ns = l2h & 0x00ffffff;
674
-
675
681
 			/* Store L2TP info in the skb */
676
-			L2TP_SKB_CB(skb)->ns = ns;
682
+			L2TP_SKB_CB(skb)->ns = l2h & 0x00ffffff;
677
683
 			L2TP_SKB_CB(skb)->has_seq = 1;
678
-
679
-			l2tp_dbg(session, L2TP_MSG_SEQ,
680
-				 "%s: recv data ns=%u, session nr=%u\n",
681
-				 session->name, ns, session->nr);
682
684
 		}
683
685
 		ptr += 4;
684
686
 	}
685
687
 
686
688
 	if (L2TP_SKB_CB(skb)->has_seq) {
687
-		/* Received a packet with sequence numbers. If we're the LNS,
689
+		/* Received a packet with sequence numbers. If we're the LAC,
688
690
 		 * check if we sre sending sequence numbers and if not,
689
691
 		 * configure it so.
690
692
 		 */
691
-		if ((!session->lns_mode) && (!session->send_seq)) {
692
-			l2tp_info(session, L2TP_MSG_SEQ,
693
-				  "%s: requested to enable seq numbers by LNS\n",
694
-				  session->name);
693
+		if (!session->lns_mode && !session->send_seq) {
694
+			trace_session_seqnum_lns_enable(session);
695
695
 			session->send_seq = 1;
696
696
 			l2tp_session_set_header_len(session, tunnel->version);
697
697
 		}
..
..
@@ -700,9 +700,8 @@
700
700
 		 * If user has configured mandatory sequence numbers, discard.
701
701
 		 */
702
702
 		if (session->recv_seq) {
703
-			l2tp_warn(session, L2TP_MSG_SEQ,
704
-				  "%s: recv data has no seq numbers when required. Discarding.\n",
705
-				  session->name);
703
+			pr_debug_ratelimited("%s: recv data has no seq numbers when required. Discarding.\n",
704
+					     session->name);
706
705
 			atomic_long_inc(&session->stats.rx_seq_discards);
707
706
 			goto discard;
708
707
 		}
..
..
@@ -712,16 +711,13 @@
712
711
 		 * If we're the LNS and we're sending sequence numbers, the
713
712
 		 * LAC is broken. Discard the frame.
714
713
 		 */
715
-		if ((!session->lns_mode) && (session->send_seq)) {
716
-			l2tp_info(session, L2TP_MSG_SEQ,
717
-				  "%s: requested to disable seq numbers by LNS\n",
718
-				  session->name);
714
+		if (!session->lns_mode && session->send_seq) {
715
+			trace_session_seqnum_lns_disable(session);
719
716
 			session->send_seq = 0;
720
717
 			l2tp_session_set_header_len(session, tunnel->version);
721
718
 		} else if (session->send_seq) {
722
-			l2tp_warn(session, L2TP_MSG_SEQ,
723
-				  "%s: recv data has no seq numbers when required. Discarding.\n",
724
-				  session->name);
719
+			pr_debug_ratelimited("%s: recv data has no seq numbers when required. Discarding.\n",
720
+					     session->name);
725
721
 			atomic_long_inc(&session->stats.rx_seq_discards);
726
722
 			goto discard;
727
723
 		}
..
..
@@ -775,20 +771,18 @@
775
771
 	atomic_long_inc(&session->stats.rx_errors);
776
772
 	kfree_skb(skb);
777
773
 }
778
-EXPORT_SYMBOL(l2tp_recv_common);
774
+EXPORT_SYMBOL_GPL(l2tp_recv_common);
779
775
 
780
776
 /* Drop skbs from the session's reorder_q
781
777
  */
782
-static int l2tp_session_queue_purge(struct l2tp_session *session)
778
+static void l2tp_session_queue_purge(struct l2tp_session *session)
783
779
 {
784
780
 	struct sk_buff *skb = NULL;
785
-	BUG_ON(!session);
786
-	BUG_ON(session->magic != L2TP_SESSION_MAGIC);
781
+
787
782
 	while ((skb = skb_dequeue(&session->reorder_q))) {
788
783
 		atomic_long_inc(&session->stats.rx_errors);
789
784
 		kfree_skb(skb);
790
785
 	}
791
-	return 0;
792
786
 }
793
787
 
794
788
 /* Internal UDP receive frame. Do the real work of receiving an L2TP data frame
..
..
@@ -813,47 +807,32 @@
813
807
 
814
808
 	/* Short packet? */
815
809
 	if (!pskb_may_pull(skb, L2TP_HDR_SIZE_MAX)) {
816
-		l2tp_info(tunnel, L2TP_MSG_DATA,
817
-			  "%s: recv short packet (len=%d)\n",
818
-			  tunnel->name, skb->len);
819
-		goto error;
820
-	}
821
-
822
-	/* Trace packet contents, if enabled */
823
-	if (tunnel->debug & L2TP_MSG_DATA) {
824
-		length = min(32u, skb->len);
825
-		if (!pskb_may_pull(skb, length))
826
-			goto error;
827
-
828
-		pr_debug("%s: recv\n", tunnel->name);
829
-		print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, skb->data, length);
810
+		pr_debug_ratelimited("%s: recv short packet (len=%d)\n",
811
+				     tunnel->name, skb->len);
812
+		goto invalid;
830
813
 	}
831
814
 
832
815
 	/* Point to L2TP header */
833
-	optr = ptr = skb->data;
816
+	optr = skb->data;
817
+	ptr = skb->data;
834
818
 
835
819
 	/* Get L2TP header flags */
836
-	hdrflags = ntohs(*(__be16 *) ptr);
820
+	hdrflags = ntohs(*(__be16 *)ptr);
837
821
 
838
822
 	/* Check protocol version */
839
823
 	version = hdrflags & L2TP_HDR_VER_MASK;
840
824
 	if (version != tunnel->version) {
841
-		l2tp_info(tunnel, L2TP_MSG_DATA,
842
-			  "%s: recv protocol version mismatch: got %d expected %d\n",
843
-			  tunnel->name, version, tunnel->version);
844
-		goto error;
825
+		pr_debug_ratelimited("%s: recv protocol version mismatch: got %d expected %d\n",
826
+				     tunnel->name, version, tunnel->version);
827
+		goto invalid;
845
828
 	}
846
829
 
847
830
 	/* Get length of L2TP packet */
848
831
 	length = skb->len;
849
832
 
850
833
 	/* If type is control packet, it is handled by userspace. */
851
-	if (hdrflags & L2TP_HDRFLAG_T) {
852
-		l2tp_dbg(tunnel, L2TP_MSG_DATA,
853
-			 "%s: recv control packet, len=%d\n",
854
-			 tunnel->name, length);
855
-		goto error;
856
-	}
834
+	if (hdrflags & L2TP_HDRFLAG_T)
835
+		goto pass;
857
836
 
858
837
 	/* Skip flags */
859
838
 	ptr += 2;
..
..
@@ -864,14 +843,14 @@
864
843
 			ptr += 2;
865
844
 
866
845
 		/* Extract tunnel and session ID */
867
-		tunnel_id = ntohs(*(__be16 *) ptr);
846
+		tunnel_id = ntohs(*(__be16 *)ptr);
868
847
 		ptr += 2;
869
-		session_id = ntohs(*(__be16 *) ptr);
848
+		session_id = ntohs(*(__be16 *)ptr);
870
849
 		ptr += 2;
871
850
 	} else {
872
851
 		ptr += 2;	/* skip reserved bits */
873
852
 		tunnel_id = tunnel->tunnel_id;
874
-		session_id = ntohl(*(__be32 *) ptr);
853
+		session_id = ntohl(*(__be32 *)ptr);
875
854
 		ptr += 4;
876
855
 	}
877
856
 
..
..
@@ -882,16 +861,15 @@
882
861
 			l2tp_session_dec_refcount(session);
883
862
 
884
863
 		/* Not found? Pass to userspace to deal with */
885
-		l2tp_info(tunnel, L2TP_MSG_DATA,
886
-			  "%s: no session found (%u/%u). Passing up.\n",
887
-			  tunnel->name, tunnel_id, session_id);
888
-		goto error;
864
+		pr_debug_ratelimited("%s: no session found (%u/%u). Passing up.\n",
865
+				     tunnel->name, tunnel_id, session_id);
866
+		goto pass;
889
867
 	}
890
868
 
891
869
 	if (tunnel->version == L2TP_HDR_VER_3 &&
892
870
 	    l2tp_v3_ensure_opt_in_linear(session, skb, &ptr, &optr)) {
893
871
 		l2tp_session_dec_refcount(session);
894
-		goto error;
872
+		goto invalid;
895
873
 	}
896
874
 
897
875
 	l2tp_recv_common(session, skb, ptr, optr, hdrflags, length);
..
..
@@ -899,7 +877,10 @@
899
877
 
900
878
 	return 0;
901
879
 
902
-error:
880
+invalid:
881
+	atomic_long_inc(&tunnel->stats.rx_invalid);
882
+
883
+pass:
903
884
 	/* Put UDP header back */
904
885
 	__skb_push(skb, sizeof(struct udphdr));
905
886
 
..
..
@@ -916,12 +897,17 @@
916
897
 {
917
898
 	struct l2tp_tunnel *tunnel;
918
899
 
900
+	/* Note that this is called from the encap_rcv hook inside an
901
+	 * RCU-protected region, but without the socket being locked.
902
+	 * Hence we use rcu_dereference_sk_user_data to access the
903
+	 * tunnel data structure rather the usual l2tp_sk_to_tunnel
904
+	 * accessor function.
905
+	 */
919
906
 	tunnel = rcu_dereference_sk_user_data(sk);
920
-	if (tunnel == NULL)
907
+	if (!tunnel)
921
908
 		goto pass_up;
922
-
923
-	l2tp_dbg(tunnel, L2TP_MSG_DATA, "%s: received %d bytes\n",
924
-		 tunnel->name, skb->len);
909
+	if (WARN_ON(tunnel->magic != L2TP_TUNNEL_MAGIC))
910
+		goto pass_up;
925
911
 
926
912
 	if (l2tp_udp_recv_core(tunnel, skb))
927
913
 		goto pass_up;
..
..
@@ -960,8 +946,7 @@
960
946
 		*bufp++ = 0;
961
947
 		session->ns++;
962
948
 		session->ns &= 0xffff;
963
-		l2tp_dbg(session, L2TP_MSG_SEQ, "%s: updated ns to %u\n",
964
-			 session->name, session->ns);
949
+		trace_session_seqnum_update(session);
965
950
 	}
966
951
 
967
952
 	return bufp - optr;
..
..
@@ -978,13 +963,13 @@
978
963
 	 */
979
964
 	if (tunnel->encap == L2TP_ENCAPTYPE_UDP) {
980
965
 		u16 flags = L2TP_HDR_VER_3;
981
-		*((__be16 *) bufp) = htons(flags);
966
+		*((__be16 *)bufp) = htons(flags);
982
967
 		bufp += 2;
983
-		*((__be16 *) bufp) = 0;
968
+		*((__be16 *)bufp) = 0;
984
969
 		bufp += 2;
985
970
 	}
986
971
 
987
-	*((__be32 *) bufp) = htonl(session->peer_session_id);
972
+	*((__be32 *)bufp) = htonl(session->peer_session_id);
988
973
 	bufp += 4;
989
974
 	if (session->cookie_len) {
990
975
 		memcpy(bufp, &session->cookie[0], session->cookie_len);
..
..
@@ -997,9 +982,7 @@
997
982
 			l2h = 0x40000000 | session->ns;
998
983
 			session->ns++;
999
984
 			session->ns &= 0xffffff;
1000
-			l2tp_dbg(session, L2TP_MSG_SEQ,
1001
-				 "%s: updated ns to %u\n",
1002
-				 session->name, session->ns);
985
+			trace_session_seqnum_update(session);
1003
986
 		}
1004
987
 
1005
988
 		*((__be32 *)bufp) = htonl(l2h);
..
..
@@ -1009,89 +992,56 @@
1009
992
 	return bufp - optr;
1010
993
 }
1011
994
 
1012
-static void l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb,
1013
-			   struct flowi *fl, size_t data_len)
995
+/* Queue the packet to IP for output: tunnel socket lock must be held */
996
+static int l2tp_xmit_queue(struct l2tp_tunnel *tunnel, struct sk_buff *skb, struct flowi *fl)
1014
997
 {
1015
-	struct l2tp_tunnel *tunnel = session->tunnel;
1016
-	unsigned int len = skb->len;
1017
-	int error;
998
+	int err;
1018
999
 
1019
-	/* Debug */
1020
-	if (session->send_seq)
1021
-		l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %zd bytes, ns=%u\n",
1022
-			 session->name, data_len, session->ns - 1);
1023
-	else
1024
-		l2tp_dbg(session, L2TP_MSG_DATA, "%s: send %zd bytes\n",
1025
-			 session->name, data_len);
1026
-
1027
-	if (session->debug & L2TP_MSG_DATA) {
1028
-		int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1029
-		unsigned char *datap = skb->data + uhlen;
1030
-
1031
-		pr_debug("%s: xmit\n", session->name);
1032
-		print_hex_dump_bytes("", DUMP_PREFIX_OFFSET,
1033
-				     datap, min_t(size_t, 32, len - uhlen));
1034
-	}
1035
-
1036
-	/* Queue the packet to IP for output */
1037
1000
 	skb->ignore_df = 1;
1038
1001
 	skb_dst_drop(skb);
1039
1002
 #if IS_ENABLED(CONFIG_IPV6)
1040
1003
 	if (l2tp_sk_is_v6(tunnel->sock))
1041
-		error = inet6_csk_xmit(tunnel->sock, skb, NULL);
1004
+		err = inet6_csk_xmit(tunnel->sock, skb, NULL);
1042
1005
 	else
1043
1006
 #endif
1044
-		error = ip_queue_xmit(tunnel->sock, skb, fl);
1007
+		err = ip_queue_xmit(tunnel->sock, skb, fl);
1045
1008
 
1046
-	/* Update stats */
1047
-	if (error >= 0) {
1048
-		atomic_long_inc(&tunnel->stats.tx_packets);
1049
-		atomic_long_add(len, &tunnel->stats.tx_bytes);
1050
-		atomic_long_inc(&session->stats.tx_packets);
1051
-		atomic_long_add(len, &session->stats.tx_bytes);
1052
-	} else {
1053
-		atomic_long_inc(&tunnel->stats.tx_errors);
1054
-		atomic_long_inc(&session->stats.tx_errors);
1055
-	}
1009
+	return err >= 0 ? NET_XMIT_SUCCESS : NET_XMIT_DROP;
1056
1010
 }
1057
1011
 
1058
-/* If caller requires the skb to have a ppp header, the header must be
1059
- * inserted in the skb data before calling this function.
1060
- */
1061
-int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len)
1012
+static int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb, unsigned int *len)
1062
1013
 {
1063
-	int data_len = skb->len;
1064
1014
 	struct l2tp_tunnel *tunnel = session->tunnel;
1015
+	unsigned int data_len = skb->len;
1065
1016
 	struct sock *sk = tunnel->sock;
1066
-	struct flowi *fl;
1067
-	struct udphdr *uh;
1068
-	struct inet_sock *inet;
1069
-	int headroom;
1070
-	int uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(struct udphdr) : 0;
1071
-	int udp_len;
1017
+	int headroom, uhlen, udp_len;
1072
1018
 	int ret = NET_XMIT_SUCCESS;
1019
+	struct inet_sock *inet;
1020
+	struct udphdr *uh;
1073
1021
 
1074
1022
 	/* Check that there's enough headroom in the skb to insert IP,
1075
1023
 	 * UDP and L2TP headers. If not enough, expand it to
1076
1024
 	 * make room. Adjust truesize.
1077
1025
 	 */
1078
-	headroom = NET_SKB_PAD + sizeof(struct iphdr) +
1079
-		uhlen + hdr_len;
1026
+	uhlen = (tunnel->encap == L2TP_ENCAPTYPE_UDP) ? sizeof(*uh) : 0;
1027
+	headroom = NET_SKB_PAD + sizeof(struct iphdr) + uhlen + session->hdr_len;
1080
1028
 	if (skb_cow_head(skb, headroom)) {
1081
1029
 		kfree_skb(skb);
1082
1030
 		return NET_XMIT_DROP;
1083
1031
 	}
1084
1032
 
1085
1033
 	/* Setup L2TP header */
1086
-	session->build_header(session, __skb_push(skb, hdr_len));
1034
+	if (tunnel->version == L2TP_HDR_VER_2)
1035
+		l2tp_build_l2tpv2_header(session, __skb_push(skb, session->hdr_len));
1036
+	else
1037
+		l2tp_build_l2tpv3_header(session, __skb_push(skb, session->hdr_len));
1087
1038
 
1088
1039
 	/* Reset skb netfilter state */
1089
1040
 	memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1090
-	IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
1091
-			      IPSKB_REROUTED);
1092
-	nf_reset(skb);
1041
+	IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | IPSKB_REROUTED);
1042
+	nf_reset_ct(skb);
1093
1043
 
1094
-	bh_lock_sock(sk);
1044
+	bh_lock_sock_nested(sk);
1095
1045
 	if (sock_owned_by_user(sk)) {
1096
1046
 		kfree_skb(skb);
1097
1047
 		ret = NET_XMIT_DROP;
..
..
@@ -1107,8 +1057,12 @@
1107
1057
 		goto out_unlock;
1108
1058
 	}
1109
1059
 
1060
+	/* Report transmitted length before we add encap header, which keeps
1061
+	 * statistics consistent for both UDP and IP encap tx/rx paths.
1062
+	 */
1063
+	*len = skb->len;
1064
+
1110
1065
 	inet = inet_sk(sk);
1111
-	fl = &inet->cork.fl;
1112
1066
 	switch (tunnel->encap) {
1113
1067
 	case L2TP_ENCAPTYPE_UDP:
1114
1068
 		/* Setup UDP header */
..
..
@@ -1117,7 +1071,7 @@
1117
1071
 		uh = udp_hdr(skb);
1118
1072
 		uh->source = inet->inet_sport;
1119
1073
 		uh->dest = inet->inet_dport;
1120
-		udp_len = uhlen + hdr_len + data_len;
1074
+		udp_len = uhlen + session->hdr_len + data_len;
1121
1075
 		uh->len = htons(udp_len);
1122
1076
 
1123
1077
 		/* Calculate UDP checksum if configured to do so */
..
..
@@ -1128,18 +1082,40 @@
1128
1082
 				      &sk->sk_v6_daddr, udp_len);
1129
1083
 		else
1130
1084
 #endif
1131
-		udp_set_csum(sk->sk_no_check_tx, skb, inet->inet_saddr,
1132
-			     inet->inet_daddr, udp_len);
1085
+			udp_set_csum(sk->sk_no_check_tx, skb, inet->inet_saddr,
1086
+				     inet->inet_daddr, udp_len);
1133
1087
 		break;
1134
1088
 
1135
1089
 	case L2TP_ENCAPTYPE_IP:
1136
1090
 		break;
1137
1091
 	}
1138
1092
 
1139
-	l2tp_xmit_core(session, skb, fl, data_len);
1093
+	ret = l2tp_xmit_queue(tunnel, skb, &inet->cork.fl);
1094
+
1140
1095
 out_unlock:
1141
1096
 	bh_unlock_sock(sk);
1142
1097
 
1098
+	return ret;
1099
+}
1100
+
1101
+/* If caller requires the skb to have a ppp header, the header must be
1102
+ * inserted in the skb data before calling this function.
1103
+ */
1104
+int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb)
1105
+{
1106
+	unsigned int len = 0;
1107
+	int ret;
1108
+
1109
+	ret = l2tp_xmit_core(session, skb, &len);
1110
+	if (ret == NET_XMIT_SUCCESS) {
1111
+		atomic_long_inc(&session->tunnel->stats.tx_packets);
1112
+		atomic_long_add(len, &session->tunnel->stats.tx_bytes);
1113
+		atomic_long_inc(&session->stats.tx_packets);
1114
+		atomic_long_add(len, &session->stats.tx_bytes);
1115
+	} else {
1116
+		atomic_long_inc(&session->tunnel->stats.tx_errors);
1117
+		atomic_long_inc(&session->stats.tx_errors);
1118
+	}
1143
1119
 	return ret;
1144
1120
 }
1145
1121
 EXPORT_SYMBOL_GPL(l2tp_xmit_skb);
..
..
@@ -1154,12 +1130,10 @@
1154
1130
  */
1155
1131
 static void l2tp_tunnel_destruct(struct sock *sk)
1156
1132
 {
1157
-	struct l2tp_tunnel *tunnel = l2tp_tunnel(sk);
1133
+	struct l2tp_tunnel *tunnel = l2tp_sk_to_tunnel(sk);
1158
1134
 
1159
-	if (tunnel == NULL)
1135
+	if (!tunnel)
1160
1136
 		goto end;
1161
-
1162
-	l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing...\n", tunnel->name);
1163
1137
 
1164
1138
 	/* Disable udp encapsulation */
1165
1139
 	switch (tunnel->encap) {
..
..
@@ -1174,8 +1148,10 @@
1174
1148
 	}
1175
1149
 
1176
1150
 	/* Remove hooks into tunnel socket */
1151
+	write_lock_bh(&sk->sk_callback_lock);
1177
1152
 	sk->sk_destruct = tunnel->old_sk_destruct;
1178
1153
 	sk->sk_user_data = NULL;
1154
+	write_unlock_bh(&sk->sk_callback_lock);
1179
1155
 
1180
1156
 	/* Call the original destructor */
1181
1157
 	if (sk->sk_destruct)
..
..
@@ -1184,6 +1160,30 @@
1184
1160
 	kfree_rcu(tunnel, rcu);
1185
1161
 end:
1186
1162
 	return;
1163
+}
1164
+
1165
+/* Remove an l2tp session from l2tp_core's hash lists. */
1166
+static void l2tp_session_unhash(struct l2tp_session *session)
1167
+{
1168
+	struct l2tp_tunnel *tunnel = session->tunnel;
1169
+
1170
+	/* Remove the session from core hashes */
1171
+	if (tunnel) {
1172
+		/* Remove from the per-tunnel hash */
1173
+		write_lock_bh(&tunnel->hlist_lock);
1174
+		hlist_del_init(&session->hlist);
1175
+		write_unlock_bh(&tunnel->hlist_lock);
1176
+
1177
+		/* For L2TPv3 we have a per-net hash: remove from there, too */
1178
+		if (tunnel->version != L2TP_HDR_VER_2) {
1179
+			struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1180
+
1181
+			spin_lock_bh(&pn->l2tp_session_hlist_lock);
1182
+			hlist_del_init_rcu(&session->global_hlist);
1183
+			spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1184
+			synchronize_rcu();
1185
+		}
1186
+	}
1187
1187
 }
1188
1188
 
1189
1189
 /* When the tunnel is closed, all the attached sessions need to go too.
..
..
@@ -1195,36 +1195,16 @@
1195
1195
 	struct hlist_node *tmp;
1196
1196
 	struct l2tp_session *session;
1197
1197
 
1198
-	BUG_ON(tunnel == NULL);
1199
-
1200
-	l2tp_info(tunnel, L2TP_MSG_CONTROL, "%s: closing all sessions...\n",
1201
-		  tunnel->name);
1202
-
1203
1198
 	write_lock_bh(&tunnel->hlist_lock);
1204
1199
 	tunnel->acpt_newsess = false;
1205
1200
 	for (hash = 0; hash < L2TP_HASH_SIZE; hash++) {
1206
1201
 again:
1207
1202
 		hlist_for_each_safe(walk, tmp, &tunnel->session_hlist[hash]) {
1208
1203
 			session = hlist_entry(walk, struct l2tp_session, hlist);
1209
-
1210
-			l2tp_info(session, L2TP_MSG_CONTROL,
1211
-				  "%s: closing session\n", session->name);
1212
-
1213
1204
 			hlist_del_init(&session->hlist);
1214
1205
 
1215
-			if (test_and_set_bit(0, &session->dead))
1216
-				goto again;
1217
-
1218
1206
 			write_unlock_bh(&tunnel->hlist_lock);
1219
-
1220
-			__l2tp_session_unhash(session);
1221
-			l2tp_session_queue_purge(session);
1222
-
1223
-			if (session->session_close != NULL)
1224
-				(*session->session_close)(session);
1225
-
1226
-			l2tp_session_dec_refcount(session);
1227
-
1207
+			l2tp_session_delete(session);
1228
1208
 			write_lock_bh(&tunnel->hlist_lock);
1229
1209
 
1230
1210
 			/* Now restart from the beginning of this hash
..
..
@@ -1241,10 +1221,19 @@
1241
1221
 /* Tunnel socket destroy hook for UDP encapsulation */
1242
1222
 static void l2tp_udp_encap_destroy(struct sock *sk)
1243
1223
 {
1244
-	struct l2tp_tunnel *tunnel = l2tp_tunnel(sk);
1224
+	struct l2tp_tunnel *tunnel = l2tp_sk_to_tunnel(sk);
1245
1225
 
1246
1226
 	if (tunnel)
1247
1227
 		l2tp_tunnel_delete(tunnel);
1228
+}
1229
+
1230
+static void l2tp_tunnel_remove(struct net *net, struct l2tp_tunnel *tunnel)
1231
+{
1232
+	struct l2tp_net *pn = l2tp_pernet(net);
1233
+
1234
+	spin_lock_bh(&pn->l2tp_tunnel_idr_lock);
1235
+	idr_remove(&pn->l2tp_tunnel_idr, tunnel->tunnel_id);
1236
+	spin_unlock_bh(&pn->l2tp_tunnel_idr_lock);
1248
1237
 }
1249
1238
 
1250
1239
 /* Workqueue tunnel deletion function */
..
..
@@ -1254,7 +1243,6 @@
1254
1243
 						  del_work);
1255
1244
 	struct sock *sk = tunnel->sock;
1256
1245
 	struct socket *sock = sk->sk_socket;
1257
-	struct l2tp_net *pn;
1258
1246
 
1259
1247
 	l2tp_tunnel_closeall(tunnel);
1260
1248
 
..
..
@@ -1268,12 +1256,7 @@
1268
1256
 		}
1269
1257
 	}
1270
1258
 
1271
-	/* Remove the tunnel struct from the tunnel list */
1272
-	pn = l2tp_pernet(tunnel->l2tp_net);
1273
-	spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1274
-	list_del_rcu(&tunnel->list);
1275
-	spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1276
-
1259
+	l2tp_tunnel_remove(tunnel->l2tp_net, tunnel);
1277
1260
 	/* drop initial ref */
1278
1261
 	l2tp_tunnel_dec_refcount(tunnel);
1279
1262
 
..
..
@@ -1291,10 +1274,10 @@
1291
1274
  * exit hook.
1292
1275
  */
1293
1276
 static int l2tp_tunnel_sock_create(struct net *net,
1294
-				u32 tunnel_id,
1295
-				u32 peer_tunnel_id,
1296
-				struct l2tp_tunnel_cfg *cfg,
1297
-				struct socket **sockp)
1277
+				   u32 tunnel_id,
1278
+				   u32 peer_tunnel_id,
1279
+				   struct l2tp_tunnel_cfg *cfg,
1280
+				   struct socket **sockp)
1298
1281
 {
1299
1282
 	int err = -EINVAL;
1300
1283
 	struct socket *sock = NULL;
..
..
@@ -1312,9 +1295,9 @@
1312
1295
 			memcpy(&udp_conf.peer_ip6, cfg->peer_ip6,
1313
1296
 			       sizeof(udp_conf.peer_ip6));
1314
1297
 			udp_conf.use_udp6_tx_checksums =
1315
-			  ! cfg->udp6_zero_tx_checksums;
1298
+			  !cfg->udp6_zero_tx_checksums;
1316
1299
 			udp_conf.use_udp6_rx_checksums =
1317
-			  ! cfg->udp6_zero_rx_checksums;
1300
+			  !cfg->udp6_zero_rx_checksums;
1318
1301
 		} else
1319
1302
 #endif
1320
1303
 		{
..
..
@@ -1339,7 +1322,7 @@
1339
1322
 			struct sockaddr_l2tpip6 ip6_addr = {0};
1340
1323
 
1341
1324
 			err = sock_create_kern(net, AF_INET6, SOCK_DGRAM,
1342
-					  IPPROTO_L2TP, &sock);
1325
+					       IPPROTO_L2TP, &sock);
1343
1326
 			if (err < 0)
1344
1327
 				goto out;
1345
1328
 
..
..
@@ -1347,7 +1330,7 @@
1347
1330
 			memcpy(&ip6_addr.l2tp_addr, cfg->local_ip6,
1348
1331
 			       sizeof(ip6_addr.l2tp_addr));
1349
1332
 			ip6_addr.l2tp_conn_id = tunnel_id;
1350
-			err = kernel_bind(sock, (struct sockaddr *) &ip6_addr,
1333
+			err = kernel_bind(sock, (struct sockaddr *)&ip6_addr,
1351
1334
 					  sizeof(ip6_addr));
1352
1335
 			if (err < 0)
1353
1336
 				goto out;
..
..
@@ -1357,7 +1340,7 @@
1357
1340
 			       sizeof(ip6_addr.l2tp_addr));
1358
1341
 			ip6_addr.l2tp_conn_id = peer_tunnel_id;
1359
1342
 			err = kernel_connect(sock,
1360
-					     (struct sockaddr *) &ip6_addr,
1343
+					     (struct sockaddr *)&ip6_addr,
1361
1344
 					     sizeof(ip6_addr), 0);
1362
1345
 			if (err < 0)
1363
1346
 				goto out;
..
..
@@ -1367,14 +1350,14 @@
1367
1350
 			struct sockaddr_l2tpip ip_addr = {0};
1368
1351
 
1369
1352
 			err = sock_create_kern(net, AF_INET, SOCK_DGRAM,
1370
-					  IPPROTO_L2TP, &sock);
1353
+					       IPPROTO_L2TP, &sock);
1371
1354
 			if (err < 0)
1372
1355
 				goto out;
1373
1356
 
1374
1357
 			ip_addr.l2tp_family = AF_INET;
1375
1358
 			ip_addr.l2tp_addr = cfg->local_ip;
1376
1359
 			ip_addr.l2tp_conn_id = tunnel_id;
1377
-			err = kernel_bind(sock, (struct sockaddr *) &ip_addr,
1360
+			err = kernel_bind(sock, (struct sockaddr *)&ip_addr,
1378
1361
 					  sizeof(ip_addr));
1379
1362
 			if (err < 0)
1380
1363
 				goto out;
..
..
@@ -1382,7 +1365,7 @@
1382
1365
 			ip_addr.l2tp_family = AF_INET;
1383
1366
 			ip_addr.l2tp_addr = cfg->peer_ip;
1384
1367
 			ip_addr.l2tp_conn_id = peer_tunnel_id;
1385
-			err = kernel_connect(sock, (struct sockaddr *) &ip_addr,
1368
+			err = kernel_connect(sock, (struct sockaddr *)&ip_addr,
1386
1369
 					     sizeof(ip_addr), 0);
1387
1370
 			if (err < 0)
1388
1371
 				goto out;
..
..
@@ -1395,7 +1378,7 @@
1395
1378
 
1396
1379
 out:
1397
1380
 	*sockp = sock;
1398
-	if ((err < 0) && sock) {
1381
+	if (err < 0 && sock) {
1399
1382
 		kernel_sock_shutdown(sock, SHUT_RDWR);
1400
1383
 		sock_release(sock);
1401
1384
 		*sockp = NULL;
..
..
@@ -1404,19 +1387,18 @@
1404
1387
 	return err;
1405
1388
 }
1406
1389
 
1407
-static struct lock_class_key l2tp_socket_class;
1408
-
1409
-int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32 peer_tunnel_id, struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp)
1390
+int l2tp_tunnel_create(int fd, int version, u32 tunnel_id, u32 peer_tunnel_id,
1391
+		       struct l2tp_tunnel_cfg *cfg, struct l2tp_tunnel **tunnelp)
1410
1392
 {
1411
1393
 	struct l2tp_tunnel *tunnel = NULL;
1412
1394
 	int err;
1413
1395
 	enum l2tp_encap_type encap = L2TP_ENCAPTYPE_UDP;
1414
1396
 
1415
-	if (cfg != NULL)
1397
+	if (cfg)
1416
1398
 		encap = cfg->encap;
1417
1399
 
1418
-	tunnel = kzalloc(sizeof(struct l2tp_tunnel), GFP_KERNEL);
1419
-	if (tunnel == NULL) {
1400
+	tunnel = kzalloc(sizeof(*tunnel), GFP_KERNEL);
1401
+	if (!tunnel) {
1420
1402
 		err = -ENOMEM;
1421
1403
 		goto err;
1422
1404
 	}
..
..
@@ -1424,15 +1406,11 @@
1424
1406
 	tunnel->version = version;
1425
1407
 	tunnel->tunnel_id = tunnel_id;
1426
1408
 	tunnel->peer_tunnel_id = peer_tunnel_id;
1427
-	tunnel->debug = L2TP_DEFAULT_DEBUG_FLAGS;
1428
1409
 
1429
1410
 	tunnel->magic = L2TP_TUNNEL_MAGIC;
1430
1411
 	sprintf(&tunnel->name[0], "tunl %u", tunnel_id);
1431
1412
 	rwlock_init(&tunnel->hlist_lock);
1432
1413
 	tunnel->acpt_newsess = true;
1433
-
1434
-	if (cfg != NULL)
1435
-		tunnel->debug = cfg->debug;
1436
1414
 
1437
1415
 	tunnel->encap = encap;
1438
1416
 
..
..
@@ -1478,11 +1456,18 @@
1478
1456
 int l2tp_tunnel_register(struct l2tp_tunnel *tunnel, struct net *net,
1479
1457
 			 struct l2tp_tunnel_cfg *cfg)
1480
1458
 {
1481
-	struct l2tp_tunnel *tunnel_walk;
1482
-	struct l2tp_net *pn;
1459
+	struct l2tp_net *pn = l2tp_pernet(net);
1460
+	u32 tunnel_id = tunnel->tunnel_id;
1483
1461
 	struct socket *sock;
1484
1462
 	struct sock *sk;
1485
1463
 	int ret;
1464
+
1465
+	spin_lock_bh(&pn->l2tp_tunnel_idr_lock);
1466
+	ret = idr_alloc_u32(&pn->l2tp_tunnel_idr, NULL, &tunnel_id, tunnel_id,
1467
+			    GFP_ATOMIC);
1468
+	spin_unlock_bh(&pn->l2tp_tunnel_idr_lock);
1469
+	if (ret)
1470
+		return ret == -ENOSPC ? -EEXIST : ret;
1486
1471
 
1487
1472
 	if (tunnel->fd < 0) {
1488
1473
 		ret = l2tp_tunnel_sock_create(net, tunnel->tunnel_id,
..
..
@@ -1494,30 +1479,16 @@
1494
1479
 		sock = sockfd_lookup(tunnel->fd, &ret);
1495
1480
 		if (!sock)
1496
1481
 			goto err;
1497
-
1498
-		ret = l2tp_validate_socket(sock->sk, net, tunnel->encap);
1499
-		if (ret < 0)
1500
-			goto err_sock;
1501
1482
 	}
1502
-
1503
-	tunnel->l2tp_net = net;
1504
-	pn = l2tp_pernet(net);
1505
-
1506
-	spin_lock_bh(&pn->l2tp_tunnel_list_lock);
1507
-	list_for_each_entry(tunnel_walk, &pn->l2tp_tunnel_list, list) {
1508
-		if (tunnel_walk->tunnel_id == tunnel->tunnel_id) {
1509
-			spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1510
-
1511
-			ret = -EEXIST;
1512
-			goto err_sock;
1513
-		}
1514
-	}
1515
-	list_add_rcu(&tunnel->list, &pn->l2tp_tunnel_list);
1516
-	spin_unlock_bh(&pn->l2tp_tunnel_list_lock);
1517
1483
 
1518
1484
 	sk = sock->sk;
1519
-	sock_hold(sk);
1520
-	tunnel->sock = sk;
1485
+	lock_sock(sk);
1486
+	write_lock_bh(&sk->sk_callback_lock);
1487
+	ret = l2tp_validate_socket(sk, net, tunnel->encap);
1488
+	if (ret < 0)
1489
+		goto err_inval_sock;
1490
+	rcu_assign_sk_user_data(sk, tunnel);
1491
+	write_unlock_bh(&sk->sk_callback_lock);
1521
1492
 
1522
1493
 	if (tunnel->encap == L2TP_ENCAPTYPE_UDP) {
1523
1494
 		struct udp_tunnel_sock_cfg udp_cfg = {
..
..
@@ -1528,27 +1499,38 @@
1528
1499
 		};
1529
1500
 
1530
1501
 		setup_udp_tunnel_sock(net, sock, &udp_cfg);
1531
-	} else {
1532
-		sk->sk_user_data = tunnel;
1533
1502
 	}
1534
1503
 
1535
1504
 	tunnel->old_sk_destruct = sk->sk_destruct;
1536
1505
 	sk->sk_destruct = &l2tp_tunnel_destruct;
1537
-	lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class,
1538
-				   "l2tp_sock");
1539
1506
 	sk->sk_allocation = GFP_ATOMIC;
1507
+	release_sock(sk);
1508
+
1509
+	sock_hold(sk);
1510
+	tunnel->sock = sk;
1511
+	tunnel->l2tp_net = net;
1512
+
1513
+	spin_lock_bh(&pn->l2tp_tunnel_idr_lock);
1514
+	idr_replace(&pn->l2tp_tunnel_idr, tunnel, tunnel->tunnel_id);
1515
+	spin_unlock_bh(&pn->l2tp_tunnel_idr_lock);
1516
+
1517
+	trace_register_tunnel(tunnel);
1540
1518
 
1541
1519
 	if (tunnel->fd >= 0)
1542
1520
 		sockfd_put(sock);
1543
1521
 
1544
1522
 	return 0;
1545
1523
 
1546
-err_sock:
1524
+err_inval_sock:
1525
+	write_unlock_bh(&sk->sk_callback_lock);
1526
+	release_sock(sk);
1527
+
1547
1528
 	if (tunnel->fd < 0)
1548
1529
 		sock_release(sock);
1549
1530
 	else
1550
1531
 		sockfd_put(sock);
1551
1532
 err:
1533
+	l2tp_tunnel_remove(net, tunnel);
1552
1534
 	return ret;
1553
1535
 }
1554
1536
 EXPORT_SYMBOL_GPL(l2tp_tunnel_register);
..
..
@@ -1558,73 +1540,25 @@
1558
1540
 void l2tp_tunnel_delete(struct l2tp_tunnel *tunnel)
1559
1541
 {
1560
1542
 	if (!test_and_set_bit(0, &tunnel->dead)) {
1543
+		trace_delete_tunnel(tunnel);
1561
1544
 		l2tp_tunnel_inc_refcount(tunnel);
1562
1545
 		queue_work(l2tp_wq, &tunnel->del_work);
1563
1546
 	}
1564
1547
 }
1565
1548
 EXPORT_SYMBOL_GPL(l2tp_tunnel_delete);
1566
1549
 
1567
-/* Really kill the session.
1568
- */
1569
-void l2tp_session_free(struct l2tp_session *session)
1570
-{
1571
-	struct l2tp_tunnel *tunnel = session->tunnel;
1572
-
1573
-	BUG_ON(refcount_read(&session->ref_count) != 0);
1574
-
1575
-	if (tunnel) {
1576
-		BUG_ON(tunnel->magic != L2TP_TUNNEL_MAGIC);
1577
-		l2tp_tunnel_dec_refcount(tunnel);
1578
-	}
1579
-
1580
-	kfree(session);
1581
-}
1582
-EXPORT_SYMBOL_GPL(l2tp_session_free);
1583
-
1584
-/* Remove an l2tp session from l2tp_core's hash lists.
1585
- * Provides a tidyup interface for pseudowire code which can't just route all
1586
- * shutdown via. l2tp_session_delete and a pseudowire-specific session_close
1587
- * callback.
1588
- */
1589
-void __l2tp_session_unhash(struct l2tp_session *session)
1590
-{
1591
-	struct l2tp_tunnel *tunnel = session->tunnel;
1592
-
1593
-	/* Remove the session from core hashes */
1594
-	if (tunnel) {
1595
-		/* Remove from the per-tunnel hash */
1596
-		write_lock_bh(&tunnel->hlist_lock);
1597
-		hlist_del_init(&session->hlist);
1598
-		write_unlock_bh(&tunnel->hlist_lock);
1599
-
1600
-		/* For L2TPv3 we have a per-net hash: remove from there, too */
1601
-		if (tunnel->version != L2TP_HDR_VER_2) {
1602
-			struct l2tp_net *pn = l2tp_pernet(tunnel->l2tp_net);
1603
-			spin_lock_bh(&pn->l2tp_session_hlist_lock);
1604
-			hlist_del_init_rcu(&session->global_hlist);
1605
-			spin_unlock_bh(&pn->l2tp_session_hlist_lock);
1606
-			synchronize_rcu();
1607
-		}
1608
-	}
1609
-}
1610
-EXPORT_SYMBOL_GPL(__l2tp_session_unhash);
1611
-
1612
-/* This function is used by the netlink SESSION_DELETE command and by
1613
-   pseudowire modules.
1614
- */
1615
-int l2tp_session_delete(struct l2tp_session *session)
1550
+void l2tp_session_delete(struct l2tp_session *session)
1616
1551
 {
1617
1552
 	if (test_and_set_bit(0, &session->dead))
1618
-		return 0;
1553
+		return;
1619
1554
 
1620
-	__l2tp_session_unhash(session);
1555
+	trace_delete_session(session);
1556
+	l2tp_session_unhash(session);
1621
1557
 	l2tp_session_queue_purge(session);
1622
-	if (session->session_close != NULL)
1558
+	if (session->session_close)
1623
1559
 		(*session->session_close)(session);
1624
1560
 
1625
1561
 	l2tp_session_dec_refcount(session);
1626
-
1627
-	return 0;
1628
1562
 }
1629
1563
 EXPORT_SYMBOL_GPL(l2tp_session_delete);
1630
1564
 
..
..
@@ -1643,16 +1577,16 @@
1643
1577
 		if (session->tunnel->encap == L2TP_ENCAPTYPE_UDP)
1644
1578
 			session->hdr_len += 4;
1645
1579
 	}
1646
-
1647
1580
 }
1648
1581
 EXPORT_SYMBOL_GPL(l2tp_session_set_header_len);
1649
1582
 
1650
-struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id, u32 peer_session_id, struct l2tp_session_cfg *cfg)
1583
+struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunnel, u32 session_id,
1584
+					 u32 peer_session_id, struct l2tp_session_cfg *cfg)
1651
1585
 {
1652
1586
 	struct l2tp_session *session;
1653
1587
 
1654
-	session = kzalloc(sizeof(struct l2tp_session) + priv_size, GFP_KERNEL);
1655
-	if (session != NULL) {
1588
+	session = kzalloc(sizeof(*session) + priv_size, GFP_KERNEL);
1589
+	if (session) {
1656
1590
 		session->magic = L2TP_SESSION_MAGIC;
1657
1591
 		session->tunnel = tunnel;
1658
1592
 
..
..
@@ -1677,12 +1611,8 @@
1677
1611
 		INIT_HLIST_NODE(&session->hlist);
1678
1612
 		INIT_HLIST_NODE(&session->global_hlist);
1679
1613
 
1680
-		/* Inherit debug options from tunnel */
1681
-		session->debug = tunnel->debug;
1682
-
1683
1614
 		if (cfg) {
1684
1615
 			session->pwtype = cfg->pw_type;
1685
-			session->debug = cfg->debug;
1686
1616
 			session->send_seq = cfg->send_seq;
1687
1617
 			session->recv_seq = cfg->recv_seq;
1688
1618
 			session->lns_mode = cfg->lns_mode;
..
..
@@ -1693,11 +1623,6 @@
1693
1623
 			session->peer_cookie_len = cfg->peer_cookie_len;
1694
1624
 			memcpy(&session->peer_cookie[0], &cfg->peer_cookie[0], cfg->peer_cookie_len);
1695
1625
 		}
1696
-
1697
-		if (tunnel->version == L2TP_HDR_VER_2)
1698
-			session->build_header = l2tp_build_l2tpv2_header;
1699
-		else
1700
-			session->build_header = l2tp_build_l2tpv3_header;
1701
1626
 
1702
1627
 		l2tp_session_set_header_len(session, tunnel->version);
1703
1628
 
..
..
@@ -1719,8 +1644,8 @@
1719
1644
 	struct l2tp_net *pn = net_generic(net, l2tp_net_id);
1720
1645
 	int hash;
1721
1646
 
1722
-	INIT_LIST_HEAD(&pn->l2tp_tunnel_list);
1723
-	spin_lock_init(&pn->l2tp_tunnel_list_lock);
1647
+	idr_init(&pn->l2tp_tunnel_idr);
1648
+	spin_lock_init(&pn->l2tp_tunnel_idr_lock);
1724
1649
 
1725
1650
 	for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++)
1726
1651
 		INIT_HLIST_HEAD(&pn->l2tp_session_hlist[hash]);
..
..
@@ -1734,11 +1659,13 @@
1734
1659
 {
1735
1660
 	struct l2tp_net *pn = l2tp_pernet(net);
1736
1661
 	struct l2tp_tunnel *tunnel = NULL;
1662
+	unsigned long tunnel_id, tmp;
1737
1663
 	int hash;
1738
1664
 
1739
1665
 	rcu_read_lock_bh();
1740
-	list_for_each_entry_rcu(tunnel, &pn->l2tp_tunnel_list, list) {
1741
-		l2tp_tunnel_delete(tunnel);
1666
+	idr_for_each_entry_ul(&pn->l2tp_tunnel_idr, tunnel, tmp, tunnel_id) {
1667
+		if (tunnel)
1668
+			l2tp_tunnel_delete(tunnel);
1742
1669
 	}
1743
1670
 	rcu_read_unlock_bh();
1744
1671
 
..
..
@@ -1748,6 +1675,7 @@
1748
1675
 
1749
1676
 	for (hash = 0; hash < L2TP_HASH_SIZE_2; hash++)
1750
1677
 		WARN_ON_ONCE(!hlist_empty(&pn->l2tp_session_hlist[hash]));
1678
+	idr_destroy(&pn->l2tp_tunnel_idr);
1751
1679
 }
1752
1680
 
1753
1681
 static struct pernet_operations l2tp_net_ops = {