From: Guillaume Nault <[email protected]>
Date: Mon, 14 Mar 2016 21:17:16 +0100
> Locking ppp_mutex must be done before dereferencing file->private_data,
> otherwise it could be modified before ppp_unattached_ioctl() takes the
> lock. This could lead ppp_unattached_ioctl() to override ->private_data,
> thus leaking reference to the ppp_file previously pointed to.
>
> v2: lock all ppp_ioctl() instead of just checking private_data in
> ppp_unattached_ioctl(), to avoid ambiguous behaviour.
>
> Fixes: f3ff8a4d80e8 ("ppp: push BKL down into the driver")
> Signed-off-by: Guillaume Nault <[email protected]>
Applied and queued up for -stable, thanks!
