Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp4731619imm; Mon, 11 Jun 2018 18:20:39 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLfKgh9imR479sC+Un8Q37Rn6R/KrgqRg5I9i6zUTBTUrxzPPrRmg+xvIgB9ku1msUnueI9 X-Received: by 2002:a63:9a01:: with SMTP id o1-v6mr1252056pge.439.1528766439277; Mon, 11 Jun 2018 18:20:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528766439; cv=none; d=google.com; s=arc-20160816; b=Txilm8l2Cw8RVcuBSv6U1/Qn558v/qCHOMtGddCEzavsmlhoyCHIHgBWpHOXdPJTVD 51oq+nLDNtYU5Em8X8x1xdQWGP0dJ6IczAsf12/UP2hDb+cp5QbLiA89qJhHsPoCMA3T /Fhf1CkWR61KVCnfiuFHxAI16tir91wDX6k2xr6lPc+rkSEGjgNjreTo25qUMkkYi8dX 4rGlzJNvIUlp7EpTsopBJs8Y9eIjkZBJmk3cgw7rWuiHa0Y+l/yHG8kYPxEgl+emFRpC 5I/9f6G4Ts71NyMDsaQFoj8tE2Kg99EAyvtEJYQ6PSBUGnTxuOUKh1vWX+GPpLxk2g+w e3vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date :arc-authentication-results; bh=ywjYioxzU7UZipv1z/kMyO5kwWGPZgWy9yznf/doIE0=; b=mjbSbpYVw7WiZdpeNk0Yo+G2gn/j8RecMfU0rUDnapVAMJvNmLkh1dJQJbz9Rx9Oyk EsD2Uee5Te1+NrDWh9GYCZwdry1tbUJrliJkPdg+RwVJChqXh02uVekBlhlUYhXW88tX MEZlOo6TWpaJlkPzsb1KX8BL3uUoRQIdmzG43Mu8TXa0AiUfOQhfHLkNIDmZvxGhSdEE E5NDwKBcWXSCR6yYPfqB3sXxMH1v484cDXVIL/eVqQyP/Ep5f6GbsmvKUHsttNe1rHQ7 aXka8ePr4Degig3KlM8qchYUtJv1Y4LmSeYm7+NX7rgvBjfvaCrN+lkkxZotkpQP7oUd f4pQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k191-v6si33682821pgd.19.2018.06.11.18.20.25; Mon, 11 Jun 2018 18:20:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934917AbeFLBMJ (ORCPT + 99 others); Mon, 11 Jun 2018 21:12:09 -0400 Received: from relay4-d.mail.gandi.net ([217.70.183.196]:36049 "EHLO relay4-d.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933569AbeFLBMI (ORCPT ); Mon, 11 Jun 2018 21:12:08 -0400 X-Originating-IP: 70.80.172.8 Received: from localhost (modemcable008.172-80-70.mc.videotron.ca [70.80.172.8]) (Authenticated sender: hle@owl.eu.com) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 1F24EE0006; Tue, 12 Jun 2018 01:12:02 +0000 (UTC) Date: Mon, 11 Jun 2018 21:12:00 -0400 From: Hugo Lefeuvre To: Greg Kroah-Hartman Cc: devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, kernelnewbies@kernelnewbies.org Subject: [PATCH] staging: pi433: add mutex fixing race condition when accessing tx_cfg Message-ID: <20180612011200.GB1794@hle-laptop.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.0 (2018-05-17) X-Spam-Level: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In the PI433_IOC_WR_TX_CFG case in pi433_ioctl, instance->tx_cfg is modified using copy_from_user(&instance->tx_cfg, argp, sizeof(struct pi433_tx_cfg))) without any kind of synchronization. In the case where two threads would execute this same command concurrently the tx_cfg field might enter in an inconsistent state. Add a mutex making sure that the PI433_IOC_WR_TX_CFG case will never be run by several threads concurrently. Signed-off-by: Hugo Lefeuvre --- drivers/staging/pi433/pi433_if.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/staging/pi433/pi433_if.c b/drivers/staging/pi433/pi433_if.c index d1e0ddbc79ce..94c9d5482f44 100644 --- a/drivers/staging/pi433/pi433_if.c +++ b/drivers/staging/pi433/pi433_if.c @@ -115,6 +115,7 @@ struct pi433_device { struct pi433_instance { struct pi433_device *device; + struct mutex tx_cfg_lock; /* guards race conditions when updating tx config */ struct pi433_tx_cfg tx_cfg; }; @@ -889,9 +890,13 @@ pi433_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) return -EFAULT; break; case PI433_IOC_WR_TX_CFG: + mutex_lock(&instance->tx_cfg_lock); if (copy_from_user(&instance->tx_cfg, argp, - sizeof(struct pi433_tx_cfg))) + sizeof(struct pi433_tx_cfg))) { + mutex_unlock(&instance->tx_cfg_lock); return -EFAULT; + } + mutex_unlock(&instance->tx_cfg_lock); break; case PI433_IOC_RD_RX_CFG: if (copy_to_user(argp, &device->rx_cfg, @@ -966,6 +971,8 @@ static int pi433_open(struct inode *inode, struct file *filp) instance->tx_cfg.bit_rate = 4711; // TODO: fill instance->tx_cfg; + mutex_init(&instance->tx_cfg_lock); + /* instance data as context */ filp->private_data = instance; nonseekable_open(inode, filp); -- 2.17.1