watchdog: Fix race condition in registration code
A race condition exists when registering the first watchdog device. Sequence of events: - watchdog_register_device calls watchdog_dev_register - watchdog_dev_register creates the watchdog misc device by calling misc_register. At that time, the matching character device (/dev/watchdog0) does not yet exist, and old_wdd is not set either. - Userspace gets an event and opens /dev/watchdog - watchdog_open is called and sets wdd = old_wdd, which is still NULL, and tries to dereference it. This causes the kernel to panic. Seen with systemd trying to open /dev/watchdog immediately after it was created. Reported-by: Arkadiusz Miskiewicz <arekm@maven.pl> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Arkadiusz Miskiewicz <arekm@maven.pl> Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
This commit is contained in:
Родитель
6330c7070b
Коммит
60403f7a4d
|
@ -523,6 +523,7 @@ int watchdog_dev_register(struct watchdog_device *watchdog)
|
|||
int err, devno;
|
||||
|
||||
if (watchdog->id == 0) {
|
||||
old_wdd = watchdog;
|
||||
watchdog_miscdev.parent = watchdog->parent;
|
||||
err = misc_register(&watchdog_miscdev);
|
||||
if (err != 0) {
|
||||
|
@ -531,9 +532,9 @@ int watchdog_dev_register(struct watchdog_device *watchdog)
|
|||
if (err == -EBUSY)
|
||||
pr_err("%s: a legacy watchdog module is probably present.\n",
|
||||
watchdog->info->identity);
|
||||
old_wdd = NULL;
|
||||
return err;
|
||||
}
|
||||
old_wdd = watchdog;
|
||||
}
|
||||
|
||||
/* Fill in the data structures */
|
||||
|
|
Загрузка…
Ссылка в новой задаче