path: root/net/l2tp
diff options
authorTom Parkin <>2020-07-24 16:31:53 +0100
committerDavid S. Miller <>2020-07-24 17:19:14 -0700
commit1aa646ac71feb987a9571e1d70980d10ff495fbc (patch)
treeadc957c6c656ed86abc5f4dd7655d492db5e9d37 /net/l2tp
parentcd3e29b333cc2571a5875d1b45c460dc948a2f95 (diff)
l2tp: don't BUG_ON session magic checks in l2tp_ppp
checkpatch advises that WARN_ON and recovery code are preferred over BUG_ON which crashes the kernel. l2tp_ppp.c's BUG_ON checks of the l2tp session structure's "magic" field occur in code paths where it's reasonably easy to recover: * In the case of pppol2tp_sock_to_session, we can return NULL and the caller will bail out appropriately. There is no change required to any of the callsites of this function since they already handle pppol2tp_sock_to_session returning NULL. * In the case of pppol2tp_session_destruct we can just avoid decrementing the reference count on the suspect session structure. In the worst case scenario this results in a memory leak, which is preferable to a crash. Convert these uses of BUG_ON to WARN_ON accordingly. Signed-off-by: Tom Parkin <> Signed-off-by: David S. Miller <>
Diffstat (limited to 'net/l2tp')
1 files changed, 7 insertions, 3 deletions
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index 4389df66af35..2aeee648c080 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -163,8 +163,11 @@ static inline struct l2tp_session *pppol2tp_sock_to_session(struct sock *sk)
goto out;
- BUG_ON(session->magic != L2TP_SESSION_MAGIC);
+ if (WARN_ON(session->magic != L2TP_SESSION_MAGIC)) {
+ session = NULL;
+ sock_put(sk);
+ goto out;
+ }
return session;
@@ -419,7 +422,8 @@ static void pppol2tp_session_destruct(struct sock *sk)
if (session) {
sk->sk_user_data = NULL;
- BUG_ON(session->magic != L2TP_SESSION_MAGIC);
+ if (WARN_ON(session->magic != L2TP_SESSION_MAGIC))
+ return;