--- /dev/null
+From 0d0d9a388a858e271bb70e71e99e7fe2a6fd6f64 Mon Sep 17 00:00:00 2001
+From: Ridge Kennedy <ridge.kennedy@alliedtelesis.co.nz>
+Date: Tue, 4 Feb 2020 12:24:00 +1300
+Subject: l2tp: Allow duplicate session creation with UDP
+
+From: Ridge Kennedy <ridge.kennedy@alliedtelesis.co.nz>
+
+commit 0d0d9a388a858e271bb70e71e99e7fe2a6fd6f64 upstream.
+
+In the past it was possible to create multiple L2TPv3 sessions with the
+same session id as long as the sessions belonged to different tunnels.
+The resulting sessions had issues when used with IP encapsulated tunnels,
+but worked fine with UDP encapsulated ones. Some applications began to
+rely on this behaviour to avoid having to negotiate unique session ids.
+
+Some time ago a change was made to require session ids to be unique across
+all tunnels, breaking the applications making use of this "feature".
+
+This change relaxes the duplicate session id check to allow duplicates
+if both of the colliding sessions belong to UDP encapsulated tunnels.
+
+Fixes: dbdbc73b4478 ("l2tp: fix duplicate session creation")
+Signed-off-by: Ridge Kennedy <ridge.kennedy@alliedtelesis.co.nz>
+Acked-by: James Chapman <jchapman@katalix.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/l2tp/l2tp_core.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/l2tp/l2tp_core.c
++++ b/net/l2tp/l2tp_core.c
+@@ -351,8 +351,13 @@ int l2tp_session_register(struct l2tp_se
+
+ spin_lock_bh(&pn->l2tp_session_hlist_lock);
+
++ /* IP encap expects session IDs to be globally unique, while
++ * UDP encap doesn't.
++ */
+ hlist_for_each_entry(session_walk, g_head, global_hlist)
+- if (session_walk->session_id == session->session_id) {
++ if (session_walk->session_id == session->session_id &&
++ (session_walk->tunnel->encap == L2TP_ENCAPTYPE_IP ||
++ tunnel->encap == L2TP_ENCAPTYPE_IP)) {
+ err = -EEXIST;
+ goto err_tlock_pnlock;
+ }
--- /dev/null
+From ba69ead9e9e9bb3cec5faf03526c36764ac8942a Mon Sep 17 00:00:00 2001
+From: Martin Wilck <mwilck@suse.com>
+Date: Mon, 27 Nov 2017 23:47:34 +0100
+Subject: scsi: scsi_devinfo: handle non-terminated strings
+
+From: Martin Wilck <mwilck@suse.com>
+
+commit ba69ead9e9e9bb3cec5faf03526c36764ac8942a upstream.
+
+devinfo->vendor and devinfo->model aren't necessarily
+zero-terminated.
+
+Fixes: b8018b973c7c "scsi_devinfo: fixup string compare"
+Signed-off-by: Martin Wilck <mwilck@suse.com>
+Reviewed-by: Bart Van Assche <bart.vanassche@wdc.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/scsi_devinfo.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/scsi_devinfo.c
++++ b/drivers/scsi/scsi_devinfo.c
+@@ -443,7 +443,8 @@ static struct scsi_dev_info_list *scsi_d
+ /*
+ * vendor strings must be an exact match
+ */
+- if (vmax != strlen(devinfo->vendor) ||
++ if (vmax != strnlen(devinfo->vendor,
++ sizeof(devinfo->vendor)) ||
+ memcmp(devinfo->vendor, vskip, vmax))
+ continue;
+
+@@ -451,7 +452,7 @@ static struct scsi_dev_info_list *scsi_d
+ * @model specifies the full string, and
+ * must be larger or equal to devinfo->model
+ */
+- mlen = strlen(devinfo->model);
++ mlen = strnlen(devinfo->model, sizeof(devinfo->model));
+ if (mmax < mlen || memcmp(devinfo->model, mskip, mlen))
+ continue;
+ return devinfo;
sched-rt-net-use-config_preemption.patch.patch
net-core-device_rename-use-rwsem-instead-of-a-seqcou.patch
net-revert-pkt_sched-fq-use-proper-locking-in-fq_dump_stats.patch
+scsi-scsi_devinfo-handle-non-terminated-strings.patch
+l2tp-allow-duplicate-session-creation-with-udp.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
