Hi Greg. This is for 4.14. We received a PoC (code to run as root with a KASAN kernel) demonstrating the existence of a use-after-free in pppol2tp_sendmsg. This was accompanied by a patch to resolve it, consisting mostly of parts of patch 3 plus a little of 4. The following patches all apply cleanly and compile with allmodconfig. However, I lack the hardware to test them. The changes are already in 4.19. I'll post the changes for 4.9 next. Regards, Giuliano. Guillaume Nault (4): l2tp: don't register sessions in l2tp_session_create() l2tp: initialise l2tp_eth sessions before registering them l2tp: protect sock pointer of struct pppol2tp_session with RCU l2tp: initialise PPP sessions before registering them net/l2tp/l2tp_core.c | 21 ++-- net/l2tp/l2tp_core.h | 3 + net/l2tp/l2tp_eth.c | 99 +++++++++++++----- net/l2tp/l2tp_ppp.c | 238 +++++++++++++++++++++++++++---------------- 4 files changed, 238 insertions(+), 123 deletions(-) -- 2.26.2.761.g0e0b3e54be-goog
