ppp->debug is read in the Tx and Rx paths while under protection of ppp_xmit_lock() and ppp_recv_lock() respectively. So ppp_ioctl() must hold both locks before concurrently updating it.
Signed-off-by: Guillaume Nault <g.na...@alphalink.fr> --- Locking is not strictly necessary for PPPIOCGDEBUG, because ppp->debug can only be modified by ioctl(PPPIOCSDEBUG) which is guaranteed not to run concurrently thanks to ppp_mutex. I've added the locking in PPPIOCGDEBUG in order to respect the general locking semantic of ppp->debug and to avoid relying on ppp_mutex. drivers/net/ppp/ppp_generic.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index 4af548b..183d89c 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c @@ -708,12 +708,19 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) case PPPIOCSDEBUG: if (get_user(val, p)) break; + ppp_lock(ppp); ppp->debug = val; + ppp_unlock(ppp); + err = 0; break; case PPPIOCGDEBUG: - if (put_user(ppp->debug, p)) + ppp_lock(ppp); + val = ppp->debug; + ppp_unlock(ppp); + + if (put_user(val, p)) break; err = 0; break; -- 2.7.0