l2tp: do not use udp_ioctl()
commit5b1bb4cbd7ec562d1964d37d642ca836f2b83a2c
authorEric Dumazet <edumazet@google.com>
Fri, 10 Feb 2017 00:15:52 +0000 (9 16:15 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 18 Feb 2017 14:11:43 +0000 (18 15:11 +0100)
tree0f94c20f159ad9b693eb12d514ccd5b734dc0ca4
parent12758a282435c0ab4878ef163e82420a8e250b73
l2tp: do not use udp_ioctl()

[ Upstream commit 72fb96e7bdbbdd4421b0726992496531060f3636 ]

udp_ioctl(), as its name suggests, is used by UDP protocols,
but is also used by L2TP :(

L2TP should use its own handler, because it really does not
look the same.

SIOCINQ for instance should not assume UDP checksum or headers.

Thanks to Andrey and syzkaller team for providing the report
and a nice reproducer.

While crashes only happen on recent kernels (after commit
7c13f97ffde6 ("udp: do fwd memory scheduling on dequeue")), this
probably needs to be backported to older kernels.

Fixes: 7c13f97ffde6 ("udp: do fwd memory scheduling on dequeue")
Fixes: 85584672012e ("udp: Fix udp_poll() and ioctl()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/l2tp/l2tp_core.h
net/l2tp/l2tp_ip.c
net/l2tp/l2tp_ip6.c