[PATCH net-next 1/2] ppp: disconnect channel before nullifying pch->chan

Next message: Garg, Shivank: "Re: [RFC PATCH v4 5/6] drivers/migrate_offload: add DMA batch copy driver (dcbm)"
Previous message: Zile Xiong: "[PATCH] staging: axis-fifo: fix indentation"
Next in thread: Qingfang Deng: "[PATCH net-next 2/2] ppp: remove pch-&gt;chan NULL checks from tx path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Qingfang Deng

Date: Thu Mar 12 2026 - 05:38:10 EST

In ppp_unregister_channel(), pch->chan is set to NULL before calling
ppp_disconnect_channel(), which removes the channel from ppp->channels
list using list_del_rcu() + synchronize_net(). This creates an
intermediate state where the channel is still connected (on the list)
but already unregistered (pch->chan == NULL).

Call ppp_disconnect_channel() before setting pch->chan to NULL. After
the synchronize_net(), no new reader on the transmit path will hold a
reference to the channel from the list.

This eliminates the problematic state, and prepares for removing the
pch->chan NULL checks from the transmit path in a subsequent patch.

Signed-off-by: Qingfang Deng <dqfext@xxxxxxxxx>
---
drivers/net/ppp/ppp_generic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 6344c5eb0f98..ad480b584e25 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -3032,12 +3032,12 @@ ppp_unregister_channel(struct ppp_channel *chan)
* This ensures that we have returned from any calls into
* the channel's start_xmit or ioctl routine before we proceed.
*/
+ ppp_disconnect_channel(pch);
down_write(&pch->chan_sem);
spin_lock_bh(&pch->downl);
WRITE_ONCE(pch->chan, NULL);
spin_unlock_bh(&pch->downl);
up_write(&pch->chan_sem);
- ppp_disconnect_channel(pch);

pn = ppp_pernet(pch->chan_net);
spin_lock_bh(&pn->all_channels_lock);
--
2.43.0