Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753351AbdGMPnW (ORCPT ); Thu, 13 Jul 2017 11:43:22 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:38562 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753332AbdGMPnV (ORCPT ); Thu, 13 Jul 2017 11:43:21 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Adrian Salido Subject: [PATCH 3.18 01/22] driver core: platform: fix race condition with driver_override Date: Thu, 13 Jul 2017 17:42:41 +0200 Message-Id: <20170713153934.182567528@linuxfoundation.org> X-Mailer: git-send-email 2.13.2 In-Reply-To: <20170713153934.089183081@linuxfoundation.org> References: <20170713153934.089183081@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1806 Lines: 63 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Adrian Salido commit 6265539776a0810b7ce6398c27866ddb9c6bd154 upstream. The driver_override implementation is susceptible to race condition when different threads are reading vs storing a different driver override. Add locking to avoid race condition. Fixes: 3d713e0e382e ("driver core: platform: add device binding path 'driver_override'") Cc: stable@vger.kernel.org Signed-off-by: Adrian Salido Signed-off-by: Greg Kroah-Hartman --- drivers/base/platform.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) --- a/drivers/base/platform.c +++ b/drivers/base/platform.c @@ -727,7 +727,7 @@ static ssize_t driver_override_store(str const char *buf, size_t count) { struct platform_device *pdev = to_platform_device(dev); - char *driver_override, *old = pdev->driver_override, *cp; + char *driver_override, *old, *cp; if (count > PATH_MAX) return -EINVAL; @@ -740,12 +740,15 @@ static ssize_t driver_override_store(str if (cp) *cp = '\0'; + device_lock(dev); + old = pdev->driver_override; if (strlen(driver_override)) { pdev->driver_override = driver_override; } else { kfree(driver_override); pdev->driver_override = NULL; } + device_unlock(dev); kfree(old); @@ -756,8 +759,12 @@ static ssize_t driver_override_show(stru struct device_attribute *attr, char *buf) { struct platform_device *pdev = to_platform_device(dev); + ssize_t len; - return sprintf(buf, "%s\n", pdev->driver_override); + device_lock(dev); + len = sprintf(buf, "%s\n", pdev->driver_override); + device_unlock(dev); + return len; } static DEVICE_ATTR_RW(driver_override);