git.baikalelectronics.ru Git - kernel.git/commit

author	Guenter Roeck <linux@roeck-us.net>
	Sat, 6 Apr 2013 04:22:43 +0000 (21:22 -0700)
committer	Wim Van Sebroeck <wim@iguana.be>
	Thu, 9 May 2013 06:13:41 +0000 (08:13 +0200)
commit	26b22411854d73318468bfa3777ccd33b9cf9ef5
tree	c59fab4f8adfbe04244c1fd7bb7ff8073c29f65b	tree \| snapshot
parent	2f249a025afc2a49ec72a34181c81259178a7f1c	commit \| diff

watchdog: Fix race condition in registration code

A race condition exists when registering the first watchdog device.
Sequence of events:

- watchdog_register_device calls watchdog_dev_register
- watchdog_dev_register creates the watchdog misc device by calling
  misc_register.
  At that time, the matching character device (/dev/watchdog0) does not yet
  exist, and old_wdd is not set either.
- Userspace gets an event and opens /dev/watchdog
- watchdog_open is called and sets wdd = old_wdd, which is still NULL,
  and tries to dereference it. This causes the kernel to panic.

Seen with systemd trying to open /dev/watchdog immediately after
it was created.

Reported-by: Arkadiusz Miskiewicz <arekm@maven.pl>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Arkadiusz Miskiewicz <arekm@maven.pl>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>