tty: n_gsm: fix race condition in gsmld_write()

author Daniel Starke <daniel.starke@siemens.com>

Fri, 1 Jul 2022 06:16:52 +0000 (08:16 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Wed, 17 Aug 2022 12:24:05 +0000 (14:24 +0200)
author Daniel Starke <daniel.starke@siemens.com>
Fri, 1 Jul 2022 06:16:52 +0000 (08:16 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 17 Aug 2022 12:24:05 +0000 (14:24 +0200)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c

index 3f65990fc959f4e18c4a1d59faad9f4d46844501..23fcb34240accceffe857442d7f39c56ab7b3625 100644 (file)
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -2911,11 +2911,24 @@ static ssize_t gsmld_read(struct tty_struct *tty, struct file *file,
  static ssize_t gsmld_write(struct tty_struct *tty, struct file *file,
                            const unsigned char *buf, size_t nr)
  {
-       int space = tty_write_room(tty);
+       struct gsm_mux *gsm = tty->disc_data;
+       unsigned long flags;
+       int space;
+       int ret;
+
+       if (!gsm)
+               return -ENODEV;
+
+       ret = -ENOBUFS;
+       spin_lock_irqsave(&gsm->tx_lock, flags);
+       space = tty_write_room(tty);
         if (space >= nr)
-               return tty->ops->write(tty, buf, nr);
-       set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
-       return -ENOBUFS;
+               ret = tty->ops->write(tty, buf, nr);
+       else
+               set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
+       spin_unlock_irqrestore(&gsm->tx_lock, flags);
+
+       return ret;
  }
  
  /**
author	Daniel Starke <daniel.starke@siemens.com>
	Fri, 1 Jul 2022 06:16:52 +0000 (08:16 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 17 Aug 2022 12:24:05 +0000 (14:24 +0200)