summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2009-01-20 11:02:28 +0000
committerDavid S. Miller <davem@davemloft.net>2009-01-21 16:00:45 -0800
commit38231b7a8d1b74c920822640d1ce8eb8046377fb (patch)
treefc7f1c3cc8ef34a64a740a2938934dbd598f0d93
parent36b50bab53207daf34be63ca62fb8b0b08dc6e6b (diff)
downloadkernel-crypto-38231b7a8d1b74c920822640d1ce8eb8046377fb.tar.gz
kernel-crypto-38231b7a8d1b74c920822640d1ce8eb8046377fb.tar.xz
kernel-crypto-38231b7a8d1b74c920822640d1ce8eb8046377fb.zip
tun: Make tun_net_xmit atomic wrt tun_attach && tun_detach
Currently this small race allows for a packet to be received when we detach from an tun device and still be enqueued. Not especially important but not what the code is trying to do. Signed-off-by: Eric W. Biederman <ebiederm@aristanetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--drivers/net/tun.c24
1 files changed, 17 insertions, 7 deletions
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index dfbf5865977..fa93160bf52 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -115,25 +115,33 @@ static int tun_attach(struct tun_struct *tun, struct file *file)
{
struct tun_file *tfile = file->private_data;
const struct cred *cred = current_cred();
+ int err;
ASSERT_RTNL();
- if (tfile->tun)
- return -EINVAL;
-
- if (tun->tfile)
- return -EBUSY;
-
/* Check permissions */
if (((tun->owner != -1 && cred->euid != tun->owner) ||
(tun->group != -1 && cred->egid != tun->group)) &&
!capable(CAP_NET_ADMIN))
return -EPERM;
+ netif_tx_lock_bh(tun->dev);
+
+ err = -EINVAL;
+ if (tfile->tun)
+ goto out;
+
+ err = -EBUSY;
+ if (tun->tfile)
+ goto out;
+
+ err = 0;
tfile->tun = tun;
tun->tfile = tfile;
- return 0;
+out:
+ netif_tx_unlock_bh(tun->dev);
+ return err;
}
static void __tun_detach(struct tun_struct *tun)
@@ -141,8 +149,10 @@ static void __tun_detach(struct tun_struct *tun)
struct tun_file *tfile = tun->tfile;
/* Detach from net device */
+ netif_tx_lock_bh(tun->dev);
tfile->tun = NULL;
tun->tfile = NULL;
+ netif_tx_unlock_bh(tun->dev);
/* Drop read queue */
skb_queue_purge(&tun->readq);