Skip to content

Commit

Permalink
media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
Browse files Browse the repository at this point in the history 
commit 76d8124 upstream.

As warned by smatch:
	drivers/media/dvb-core/dvb_frontend.c:314 dvb_frontend_get_event() warn: inconsistent returns 'sem:&fepriv->sem'.
	  Locked on:   line 288
	               line 295
	               line 306
	               line 314
	  Unlocked on: line 303

The lock implementation for get event is wrong, as, if an
interrupt occurs, down_interruptible() will fail, and the
routine will call up() twice when userspace calls the ioctl
again.

The bad code is there since when Linux migrated to git, in
2005.

Cc: stable@vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  • Loading branch information
Mauro Carvalho Chehab authored and Greg Kroah-Hartman committed Jul 3, 2018
1 parent 098a472 commit ea5c468
Showing 1 changed file with 15 additions and 8 deletions.
23 changes: 15 additions & 8 deletions drivers/media/dvb-core/dvb_frontend.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,8 +224,20 @@ static void dvb_frontend_add_event(struct dvb_frontend *fe, fe_status_t status)
wake_up_interruptible (&events->wait_queue);
}

static int dvb_frontend_test_event(struct dvb_frontend_private *fepriv,
struct dvb_fe_events *events)
{
int ret;

up(&fepriv->sem);
ret = events->eventw != events->eventr;
down(&fepriv->sem);

return ret;
}

static int dvb_frontend_get_event(struct dvb_frontend *fe,
struct dvb_frontend_event *event, int flags)
struct dvb_frontend_event *event, int flags)
{
struct dvb_frontend_private *fepriv = fe->frontend_priv;
struct dvb_fe_events *events = &fepriv->events;
Expand All @@ -243,13 +255,8 @@ static int dvb_frontend_get_event(struct dvb_frontend *fe,
if (flags & O_NONBLOCK)
return -EWOULDBLOCK;

up(&fepriv->sem);

ret = wait_event_interruptible (events->wait_queue,
events->eventw != events->eventr);

if (down_interruptible (&fepriv->sem))
return -ERESTARTSYS;
ret = wait_event_interruptible(events->wait_queue,
dvb_frontend_test_event(fepriv, events));

if (ret < 0)
return ret;
Expand Down

0 comments on commit ea5c468

Please sign in to comment.