On Mon, Mar 12, 2018 at 09:53:18AM +0100, Paolo Abeni wrote:
> On Fri, 2018-03-09 at 19:26 +0100, Guillaume Nault wrote:
> > On Fri, Mar 09, 2018 at 06:58:00PM +0100, Paolo Abeni wrote:
> > > The single threaded reproducer does not trigger anymore after 1/2,
> > > _but_ if ask syzbot to test 1/2 th
On Fri, 2018-03-09 at 19:26 +0100, Guillaume Nault wrote:
> On Fri, Mar 09, 2018 at 06:58:00PM +0100, Paolo Abeni wrote:
> > The single threaded reproducer does not trigger anymore after 1/2,
> > _but_ if ask syzbot to test 1/2 that will trigger another splat,
> > because syzbot will do also multi
On Fri, Mar 09, 2018 at 06:58:00PM +0100, Paolo Abeni wrote:
> On Fri, 2018-03-09 at 18:47 +0100, Guillaume Nault wrote:
> > On Fri, Mar 09, 2018 at 06:04:03PM +0100, Paolo Abeni wrote:
> > > Hi,
> > >
> > > On Fri, 2018-03-09 at 17:43 +0100, Guillaume Nault wrote:
> > > > > diff --git a/net/l2tp/
On Fri, 2018-03-09 at 18:47 +0100, Guillaume Nault wrote:
> On Fri, Mar 09, 2018 at 06:04:03PM +0100, Paolo Abeni wrote:
> > Hi,
> >
> > On Fri, 2018-03-09 at 17:43 +0100, Guillaume Nault wrote:
> > > > diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
> > > > index 83421c6f0bef..9726e3f377
On Fri, Mar 09, 2018 at 06:04:03PM +0100, Paolo Abeni wrote:
> Hi,
>
> On Fri, 2018-03-09 at 17:43 +0100, Guillaume Nault wrote:
> > > diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
> > > index 83421c6f0bef..9726e3f37745 100644
> > > --- a/net/l2tp/l2tp_core.c
> > > +++ b/net/l2tp/l2tp_c
Hi,
On Fri, 2018-03-09 at 17:43 +0100, Guillaume Nault wrote:
> > diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
> > index 83421c6f0bef..9726e3f37745 100644
> > --- a/net/l2tp/l2tp_core.c
> > +++ b/net/l2tp/l2tp_core.c
> > @@ -1112,11 +1125,32 @@ int l2tp_xmit_skb(struct l2tp_session *se
> diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
> index 83421c6f0bef..9726e3f37745 100644
> --- a/net/l2tp/l2tp_core.c
> +++ b/net/l2tp/l2tp_core.c
> @@ -1112,11 +1125,32 @@ int l2tp_xmit_skb(struct l2tp_session *session,
> struct sk_buff *skb, int hdr_len
> goto out_unloc
When creating a new socket, l2tp_tunnel_create() ensures that
such socket is connected, but when using a socket provided by
the user space, no check is done on the socket state.
This may foul the later check for ipv6 sockets that are
ipv4-mapped, e.g. in case of unconnected ipv6 socket bound to
ip