lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

tun: Fix minor race in TUNSETLINK ioctl handling.

Browse Source 
Noticed by Alan Cox.

The IFF_UP test is a bit racey, because other entities
outside of this driver's ioctl handler can modify that
state, even though this ioctl handler runs under
lock_kernel().

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
2008-04-23 19:37:58 -07:00
parent 8c0469cdd0
commit 48abfe05cd
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
drivers/net/tun.c
View File

@@ -668,16 +668,23 @@ static int tun_chr_ioctl(struct inode *inode, struct file *file,
break; break;
case TUNSETLINK: case TUNSETLINK:
{
int ret;
/* Only allow setting the type when the interface is down */ /* Only allow setting the type when the interface is down */
rtnl_lock();
if (tun->dev->flags & IFF_UP) { if (tun->dev->flags & IFF_UP) {
DBG(KERN_INFO "%s: Linktype set failed because interface is up\n", DBG(KERN_INFO "%s: Linktype set failed because interface is up\n",
tun->dev->name); tun->dev->name);
return -EBUSY; ret = -EBUSY;
} else { } else {
tun->dev->type = (int) arg; tun->dev->type = (int) arg;
DBG(KERN_INFO "%s: linktype set to %d\n", tun->dev->name, tun->dev->type); DBG(KERN_INFO "%s: linktype set to %d\n", tun->dev->name, tun->dev->type);
ret = 0;
}
rtnl_unlock();
return ret;
} }
break;
#ifdef TUN_DEBUG #ifdef TUN_DEBUG
case TUNSETDEBUG: case TUNSETDEBUG: