f3c66d4e144a0904ea9b95d23ed9f8eb38c11bfb        l2tp: prevent creation of sessions on terminated tunnels 9ee369a405c57613d7c83a3967780c3e30c52ecc        l2tp: initialise session's refcount before making it reachable dbdbc73b44782e22b3b4b6e8b51e7a3d245f3086        l2tp: fix duplicate session creation 61b9a047729bb230978178bca6729689d0c50ca2        l2tp: fix race in l2tp_recv_common()

For v3.18+. It requires some minor backporting.

Without these, I'm seeing a null pointer in l2tp_session_create. These logs are from a 3.18 kernel, although I was able to hit it on a 4.4 kernel I tested as well.

[  376.388847] c1  11731 Unable to handle kernel NULL pointer dereference at virtual address 0000006c [  376.388892] c1  11731 pgd = ffffffc093138000 [  376.388908] [0000006c] *pgd=000000010add3003, *pud=000000010add3003, *pmd=0000000000000000 [  376.388955] c1  11731 Internal error: Oops: 96000006 [#1] PREEMPT SMP [  376.388987] c1  11731 CPU: 1 PID: 11731 Comm: 0 Tainted: G    B   W      3.18.31-g3021f2f-00001-gea07e56-dirty #35 [  376.389005] c1  11731 Hardware name: HTC Corporation. MSM8996pro v1.1 + PMI8996 Marlin A (DT) [  376.389024] c1  11731 task: ffffffc09f582880 ti: ffffffc089ea4000 task.ti: ffffffc089ea4000 [  376.389062] c1  11731 PC is at l2tp_session_create+0x39c/0x5b8 [  376.389081] c1  11731 LR is at l2tp_session_create+0x394/0x5b8 [  376.389097] c1  11731 pc : [<ffffffc00127bbd4>] lr : [<ffffffc00127bbcc>] pstate: 20000145 [  376.389112] c1  11731 sp : ffffffc089ea7ca0 [  376.389127] x29: ffffffc089ea7ca0 x28: ffffffc03982fbf8 [  376.389154] x27: 0000000000000000 x26: ffffffc03982fca0 [  376.389180] x25: ffffffc099190ea8 x24: ffffffc03982fca8 [  376.389205] x23: ffffffc03982fbf0 x22: 0000000000000000 [  376.389230] x21: ffffffc03982fc98 x20: ffffffc099190e00 [  376.389254] x19: ffffffc03982fb80 x18: ffffffc001bd00e0 [  376.389277] x17: 0000000033293c44 x16: 000000006e1d9948 [  376.389301] x15: 0000000000000000 x14: 000000000000000a [  376.389324] x13: ffffffc0b982fc03 x12: 0000000000000000 [  376.389347] x11: 0000000000000000 x10: ffffffc03982fc0d [  376.389370] x9 : 00000000fffffffb x8 : ffffff8807305fb0 [  376.389393] x7 : fcfcfcfcfcfcfcfc x6 : ffffffc03982fba4 [  376.389415] x5 : 000000000000ffff x4 : ffffffc0019480db [  376.389438] x3 : 1ffffff8132321e9 x2 : dfffff9000000000 [  376.389461] x1 : 0000000000000000 x0 : 000000000000006c [  376.389486] c1  11731 [  376.389486] c1  11731 PC: 0xffffffc00127bad4: [  376.389504] bad4  7900627b 91004b00 97bd0420 7940271b 9100d260 97bd043a 79006a7b 91004300 [  376.389574] baf4  97bd041a 7940231b 9100ca60 97bd0434 7900667b 91007300 97bd044e b9401f1b [  376.389641] bb14  91008260 97bd0469 b900227b 91005301 91006260 b9801f02 97bd05c4 9100a300 [  376.389708] bb34  97bd0444 b9402b1b 9100b260 97bd045f b9002e7b 91008301 91009260 b9802b02 [  376.389777] bb54  97bd05ba 97baedb0 9104a278 aa1903e0 97bd0438 b940aa80 7100081f 540009c1 [  376.389843] bb74  97baeda9 aa1803e0 97bd048b 90ffffe0 91383000 f9009660 97baeda3 b940aa81 [  376.389910] bb94  aa1303e0 97fffb38 91020262 885f7c40 11000400 88017c40 35ffffa1 9104a282 [  376.389976] bbb4  885f7c40 11000400 88017c40 35ffffa1 91052280 97bd045b f940a680 9101b000 [  376.390042] bbd4  885f7c01 11000421 88027c01 35ffffa2 9100629b aa1b03e0 94028720 52800020 [  376.390107] bbf4  72b3c6e0 1b007ec0 b9006ba0 f94037a0 d35c7c16 910012c0 8b160e96 f90033a0 [  376.390174] bc14  8b000e80 97bd0447 f94012d8 aa1703e0 97bd0461 f9003a78 b40000b8 97baed7a [  376.390240] bc34  91002300 97bd045c f9000717 97baed76 f90012d7 aa1c03e0 97bd0457 f94033a0 [  376.390306] bc54  8b000e80 f9003e60 aa1b03e0 94028827 aa1903e0 97bd03f7 b940aa80 7100081f [  376.390372] bc74  54000920 97baed68 91048280 97bd042d f9409296 b50001d6 97baed63 e7f001f2 [  376.390439] bc94  97baed61 aa1503e0 97bd0408 12bfe000 17ffff16 97baed5c aa1803e0 97bd043e [  376.390508] bcb4  b0ffffe0 910f2000 17ffffb3 97baed56 d00065e0 b943a814 97ba0a9c 9134a2c0 [  376.390576] c1  11731 [  376.390576] c1  11731 LR: 0xffffffc00127bacc: [  376.390594] bacc  9100c260 97bd0440 7900627b 91004b00 97bd0420 7940271b 9100d260 97bd043a [  376.390662] baec  79006a7b 91004300 97bd041a 7940231b 9100ca60 97bd0434 7900667b 91007300 [  376.390728] bb0c  97bd044e b9401f1b 91008260 97bd0469 b900227b 91005301 91006260 b9801f02 [  376.390795] bb2c  97bd05c4 9100a300 97bd0444 b9402b1b 9100b260 97bd045f b9002e7b 91008301 [  376.390862] bb4c  91009260 b9802b02 97bd05ba 97baedb0 9104a278 aa1903e0 97bd0438 b940aa80 [  376.390929] bb6c  7100081f 540009c1 97baeda9 aa1803e0 97bd048b 90ffffe0 91383000 f9009660 [  376.390995] bb8c  97baeda3 b940aa81 aa1303e0 97fffb38 91020262 885f7c40 11000400 88017c40 [  376.391061] bbac  35ffffa1 9104a282 885f7c40 11000400 88017c40 35ffffa1 91052280 97bd045b [  376.391128] bbcc  f940a680 9101b000 885f7c01 11000421 88027c01 35ffffa2 9100629b aa1b03e0 [  376.391195] bbec  94028720 52800020 72b3c6e0 1b007ec0 b9006ba0 f94037a0 d35c7c16 910012c0 [  376.391262] bc0c  8b160e96 f90033a0 8b000e80 97bd0447 f94012d8 aa1703e0 97bd0461 f9003a78 [  376.391328] bc2c  b40000b8 97baed7a 91002300 97bd045c f9000717 97baed76 f90012d7 aa1c03e0 [  376.391394] bc4c  97bd0457 f94033a0 8b000e80 f9003e60 aa1b03e0 94028827 aa1903e0 97bd03f7 [  376.391461] bc6c  b940aa80 7100081f 54000920 97baed68 91048280 97bd042d f9409296 b50001d6 [  376.391528] bc8c  97baed63 e7f001f2 97baed61 aa1503e0 97bd0408 12bfe000 17ffff16 97baed5c [  376.391594] bcac  aa1803e0 97bd043e b0ffffe0 910f2000 17ffffb3 97baed56 d00065e0 b943a814 [  376.391663] c1  11731 [  376.391663] c1  11731 SP: 0xffffffc089ea7ba0: [  376.391680] 7ba0  019480db ffffffc0 0000ffff 00000000 3982fba4 ffffffc0 fcfcfcfc fcfcfcfc [  376.391747] 7bc0  07305fb0 ffffff88 fffffffb 00000000 3982fc0d ffffffc0 00000000 00000000 [  376.391814] 7be0  00000000 00000000 b982fc03 ffffffc0 0000000a 00000000 00000000 00000000 [  376.391880] 7c00  6e1d9948 00000000 33293c44 00000000 01bd00e0 ffffffc0 3982fb80 ffffffc0 [  376.391947] 7c20  99190e00 ffffffc0 3982fc98 ffffffc0 00000000 00000000 3982fbf0 ffffffc0 [  376.392013] 7c40  3982fca8 ffffffc0 99190ea8 ffffffc0 3982fca0 ffffffc0 00000000 00000000 [  376.392078] 7c60  3982fbf8 ffffffc0 89ea7ca0 ffffffc0 0127bbcc ffffffc0 89ea7ca0 ffffffc0 [  376.392144] 7c80  0127bbd4 ffffffc0 20000145 00000000 3982fc98 ffffffc0 00000000 00000000 [  376.392212] 7ca0  89ea7d10 ffffffc0 0127dc2c ffffffc0 4261c200 ffffffc0 00000000 00000000 [  376.392278] 7cc0  00000000 00000000 00000000 00000000 00000004 00000000 fffffff4 00000000 [  376.392344] 7ce0  4261c230 ffffffc0 00000004 00000000 00000002 00000000 4261c212 ffffffc0 [  376.392410] 7d00  89ea7d10 ffffffc0 00000000 ffffffc0 89ea7e00 ffffffc0 00ffd790 ffffffc0 [  376.392478] 7d20  2aff8400 ffffffc0 00000026 00000000 3cf07980 ffffffc0 01bd0000 ffffffc0 [  376.392544] 7d40  0127d9cc ffffffc0 00000015 00000000 00000119 00000000 000000cb 00000000 [  376.392611] 7d60  01326000 ffffffc0 89ea4000 ffffffc0 01bd0000 ffffffc0 4261c448 ffffffc0 [  376.392680] 7d80  00000003 00000000 99190e00 ffffffc0 ffffffff ffffffff 000cfb30 ffffffc0 [  376.392747] c1  11731 [  376.392765] c1  11731 Process 0 (pid: 11731, stack limit = 0xffffffc089ea4058) [  376.392784] c1  11731 Context switch saved registers(0xffffffc09f582ec0 to 0xffffffc09f582f28) [  376.392804] c1  11731 2ec0: a5f51b00 ffffffc0 9f582880 ffffffc0 89ea4000 ffffffc0 23966c00 ffffffc0 [  376.392824] c1  11731 2ee0: 7345e780 ffffffc0 01c20000 ffffffc0 89ea7ac0 ffffffc0 019fe400 ffffffc0 [  376.392842] c1  11731 2f00: 019fe400 ffffffc0 a5f51b00 ffffffc0 89ea7aa0 ffffffc0 89ea7aa0 ffffffc0 [  376.392857] c1  11731 2f20: 00087574 ffffffc0 [  376.392870] c1  11731 Call trace: [  376.392904] c1  11731 [<ffffffc00127bbd4>] l2tp_session_create+0x39c/0x5b8 [  376.392923] c1  11731 [<ffffffc00127dc2c>] pppol2tp_connect+0x260/0x698 [  376.392952] c1  11731 [<ffffffc000ffd790>] SyS_connect+0xcc/0x144 [  376.392971] c1  11731 Code: 91052280 97bd045b f940a680 9101b000 (885f7c01) [  376.402888] c1  11731 ---[ end trace 7e40566c5e647ab7 ]--- [  376.446227] c1  11731 Kernel panic - not syncing: Fatal exception