watchdog: Fix race condition in registration code
A race condition exists when registering the first watchdog device. Sequence of events: - watchdog_register_device calls watchdog_dev_register - watchdog_dev_register creates the watchdog misc device by calling misc_register. At that time, the matching character device (/dev/watchdog0) does not yet exist, and old_wdd is not set either. - Userspace gets an event and opens /dev/watchdog - watchdog_open is called and sets wdd = old_wdd, which is still NULL, and tries to dereference it. This causes the kernel to panic. Seen with systemd trying to open /dev/watchdog immediately after it was created. Reported-by: Arkadiusz Miskiewicz <arekm@maven.pl> Signed-off-by: Guenter Roeck <linux@roeck-us.net> Tested-by: Arkadiusz Miskiewicz <arekm@maven.pl> Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
This commit is contained in:
parent
6330c7070b
commit
60403f7a4d
1 changed files with 2 additions and 1 deletions
|
@ -523,6 +523,7 @@ int watchdog_dev_register(struct watchdog_device *watchdog)
|
||||||
int err, devno;
|
int err, devno;
|
||||||
|
|
||||||
if (watchdog->id == 0) {
|
if (watchdog->id == 0) {
|
||||||
|
old_wdd = watchdog;
|
||||||
watchdog_miscdev.parent = watchdog->parent;
|
watchdog_miscdev.parent = watchdog->parent;
|
||||||
err = misc_register(&watchdog_miscdev);
|
err = misc_register(&watchdog_miscdev);
|
||||||
if (err != 0) {
|
if (err != 0) {
|
||||||
|
@ -531,9 +532,9 @@ int watchdog_dev_register(struct watchdog_device *watchdog)
|
||||||
if (err == -EBUSY)
|
if (err == -EBUSY)
|
||||||
pr_err("%s: a legacy watchdog module is probably present.\n",
|
pr_err("%s: a legacy watchdog module is probably present.\n",
|
||||||
watchdog->info->identity);
|
watchdog->info->identity);
|
||||||
|
old_wdd = NULL;
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
old_wdd = watchdog;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Fill in the data structures */
|
/* Fill in the data structures */
|
||||||
|
|
Loading…
Reference in a new issue