releases/3.14.58/ppp-fix-pppoe_dev-deletion-condition-in-pppoe_release.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From foo@baz Sat Dec  5 21:06:41 PST 2015
 From: Guillaume Nault <g.nault@alphalink.fr>
 Date: Thu, 22 Oct 2015 16:57:10 +0200
 Subject: ppp: fix pppoe_dev deletion condition in pppoe_release()

 From: Guillaume Nault <g.nault@alphalink.fr>

 [ Upstream commit 1acea4f6ce1b1c0941438aca75dd2e5c6b09db60 ]

 We can't rely on PPPOX_ZOMBIE to decide whether to clear po->pppoe_dev.
 PPPOX_ZOMBIE can be set by pppoe_disc_rcv() even when po->pppoe_dev is
 NULL. So we have no guarantee that (sk->sk_state & PPPOX_ZOMBIE) implies
 (po->pppoe_dev != NULL).
 Since we're releasing a PPPoE socket, we want to release the pppoe_dev
 if it exists and reset sk_state to PPPOX_DEAD, no matter the previous
 value of sk_state. So we can just check for po->pppoe_dev and avoid any
 assumption on sk->sk_state.

 Fixes: 2b018d57ff18 ("pppoe: drop PPPOX_ZOMBIEs in pppoe_release")
 Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  drivers/net/ppp/pppoe.c |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 --- a/drivers/net/ppp/pppoe.c
 +++ b/drivers/net/ppp/pppoe.c
 @@ -569,7 +569,7 @@ static int pppoe_release(struct socket *

  	po = pppox_sk(sk);

 -	if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE)) {
 +	if (po->pppoe_dev) {
  		dev_put(po->pppoe_dev);
  		po->pppoe_dev = NULL;
  	}
	From foo@baz Sat Dec 5 21:06:41 PST 2015
	From: Guillaume Nault <g.nault@alphalink.fr>
	Date: Thu, 22 Oct 2015 16:57:10 +0200
	Subject: ppp: fix pppoe_dev deletion condition in pppoe_release()

	From: Guillaume Nault <g.nault@alphalink.fr>

	[ Upstream commit 1acea4f6ce1b1c0941438aca75dd2e5c6b09db60 ]

	We can't rely on PPPOX_ZOMBIE to decide whether to clear po->pppoe_dev.
	PPPOX_ZOMBIE can be set by pppoe_disc_rcv() even when po->pppoe_dev is
	NULL. So we have no guarantee that (sk->sk_state & PPPOX_ZOMBIE) implies
	(po->pppoe_dev != NULL).
	Since we're releasing a PPPoE socket, we want to release the pppoe_dev
	if it exists and reset sk_state to PPPOX_DEAD, no matter the previous
	value of sk_state. So we can just check for po->pppoe_dev and avoid any
	assumption on sk->sk_state.

	Fixes: 2b018d57ff18 ("pppoe: drop PPPOX_ZOMBIEs in pppoe_release")
	Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
	Signed-off-by: David S. Miller <davem@davemloft.net>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	drivers/net/ppp/pppoe.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	--- a/drivers/net/ppp/pppoe.c
	+++ b/drivers/net/ppp/pppoe.c
	@@ -569,7 +569,7 @@ static int pppoe_release(struct socket *

	po = pppox_sk(sk);

	- if (sk->sk_state & (PPPOX_CONNECTED \| PPPOX_BOUND \| PPPOX_ZOMBIE)) {
	+ if (po->pppoe_dev) {
	dev_put(po->pppoe_dev);
	po->pppoe_dev = NULL;
	}