From: David S. Miller Date: Thu, 24 Apr 2008 02:37:58 +0000 (-0700) Subject: tun: Fix minor race in TUNSETLINK ioctl handling. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=48abfe05cd01279afe27159e98d7c7f932598f42;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git tun: Fix minor race in TUNSETLINK ioctl handling. Noticed by Alan Cox. The IFF_UP test is a bit racey, because other entities outside of this driver's ioctl handler can modify that state, even though this ioctl handler runs under lock_kernel(). Signed-off-by: David S. Miller --- diff --git a/drivers/net/tun.c b/drivers/net/tun.c index d91856b19f6..d8b1ba15aa6 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -668,16 +668,23 @@ static int tun_chr_ioctl(struct inode *inode, struct file *file, break; case TUNSETLINK: + { + int ret; + /* Only allow setting the type when the interface is down */ + rtnl_lock(); if (tun->dev->flags & IFF_UP) { DBG(KERN_INFO "%s: Linktype set failed because interface is up\n", tun->dev->name); - return -EBUSY; + ret = -EBUSY; } else { tun->dev->type = (int) arg; DBG(KERN_INFO "%s: linktype set to %d\n", tun->dev->name, tun->dev->type); + ret = 0; } - break; + rtnl_unlock(); + return ret; + } #ifdef TUN_DEBUG case TUNSETDEBUG: