kernel: backport all current pppoe kernel fixes to 3.18

[openwrt/svn-archive/archive.git] / target / linux / generic / patches-3.18 / 081-05-ppp-fix-pppoe_dev-deletion-condition-in-pppoe_releas.patch

diff --git a/target/linux/generic/patches-3.18/081-05-ppp-fix-pppoe_dev-deletion-condition-in-pppoe_releas.patch b/target/linux/generic/patches-3.18/081-05-ppp-fix-pppoe_dev-deletion-condition-in-pppoe_releas.patch
new file mode 100644 (file)
index 0000000..b1ae60b
--- /dev/null
+++ b/target/linux/generic/patches-3.18/081-05-ppp-fix-pppoe_dev-deletion-condition-in-pppoe_releas.patch
@@ -0,0 +1,29 @@
+From: Guillaume Nault <g.nault@alphalink.fr>
+Date: Thu, 22 Oct 2015 16:57:10 +0200
+Subject: [PATCH] ppp: fix pppoe_dev deletion condition in pppoe_release()
+
+We can't rely on PPPOX_ZOMBIE to decide whether to clear po->pppoe_dev.
+PPPOX_ZOMBIE can be set by pppoe_disc_rcv() even when po->pppoe_dev is
+NULL. So we have no guarantee that (sk->sk_state & PPPOX_ZOMBIE) implies
+(po->pppoe_dev != NULL).
+Since we're releasing a PPPoE socket, we want to release the pppoe_dev
+if it exists and reset sk_state to PPPOX_DEAD, no matter the previous
+value of sk_state. So we can just check for po->pppoe_dev and avoid any
+assumption on sk->sk_state.
+
+Fixes: 2b018d57ff18 ("pppoe: drop PPPOX_ZOMBIEs in pppoe_release")
+Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+
+--- a/drivers/net/ppp/pppoe.c
++++ b/drivers/net/ppp/pppoe.c
+@@ -589,7 +589,7 @@ static int pppoe_release(struct socket *
+ 
+       po = pppox_sk(sk);
+ 
+-      if (sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE)) {
++      if (po->pppoe_dev) {
+               dev_put(po->pppoe_dev);
+               po->pppoe_dev = NULL;
+       }