last_{xmit,recv} in ppp_ioctl()

Guillaume Nault Mon, 22 Feb 2016 12:51:05 -0800

ppp->last_xmit is witten to by ppp_send_frame() while protected by
ppp_xmit_lock().
Likewise, ppp->last_recv is written to by ppp_receive_nonmp_frame()
while protected by ppp_recv_lock().


Holding both locks is therefore necessary before ppp_ioctl() can safely
read these fields.

Signed-off-by: Guillaume Nault <g.na...@alphalink.fr>
---
 drivers/net/ppp/ppp_generic.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 183d89c..24777f4 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -726,8 +726,11 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, 
unsigned long arg)
                break;
 
        case PPPIOCGIDLE:
+               ppp_lock(ppp);
                idle.xmit_idle = (jiffies - ppp->last_xmit) / HZ;
                idle.recv_idle = (jiffies - ppp->last_recv) / HZ;
+               ppp_unlock(ppp);
+
                if (copy_to_user(argp, &idle, sizeof(idle)))
                        break;
                err = 0;
-- 
2.7.0

[PATCH net 4/5] ppp: protect access to ppp->last_{xmit,recv} in ppp_ioctl()

Reply via email to