l2tp: Fix inet_opt conversion.
authorDavid S. Miller <davem@davemloft.net>
Thu, 28 Apr 2011 20:54:06 +0000 (13:54 -0700)
committerDavid S. Miller <davem@davemloft.net>
Thu, 28 Apr 2011 20:54:06 +0000 (13:54 -0700)
We don't actually hold the socket lock at this point, so the
rcu_dereference_protected() isn't' correct.  Thanks to Eric
Dumazet for pointing this out.

Thankfully, we're only interested in fetching the faddr value
if srr is enabled, so we can simply make this an RCU sequence
and use plain rcu_dereference().

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/l2tp/l2tp_ip.c

index 962a607b51da8400cd043d7410bba093db145f0a..e13c166824e00b5098741db2af10110d9c4a37d1 100644 (file)
@@ -472,13 +472,15 @@ static int l2tp_ip_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *m
        if (rt == NULL) {
                struct ip_options_rcu *inet_opt;
 
-               inet_opt = rcu_dereference_protected(inet->inet_opt,
-                                                    sock_owned_by_user(sk));
+               rcu_read_lock();
+               inet_opt = rcu_dereference(inet->inet_opt);
 
                /* Use correct destination address if we have options. */
                if (inet_opt && inet_opt->opt.srr)
                        daddr = inet_opt->opt.faddr;
 
+               rcu_read_unlock();
+
                /* If this fails, retransmit mechanism of transport layer will
                 * keep trying until route appears or the connection times
                 * itself out.