[RFT 9/9] Char: moxa, fix ioctl race
From: Jiri Slaby
Date: Thu Feb 07 2008 - 14:17:48 EST
The lock fixes window between board->ready test and its port access.
Signed-off-by: Jiri Slaby <jirislaby@xxxxxxxxx>
---
drivers/char/moxa.c | 12 ++++++++++--
1 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/char/moxa.c b/drivers/char/moxa.c
index fd9c946..6e170a4 100644
--- a/drivers/char/moxa.c
+++ b/drivers/char/moxa.c
@@ -299,6 +299,7 @@ static int moxa_ioctl(struct tty_struct *tty, struct file *file,
struct moxa_port *p;
unsigned int i, j;
+ mutex_lock(&moxa_openlock);
for (i = 0; i < MAX_BOARDS; i++) {
p = moxa_boards[i].ports;
for (j = 0; j < MAX_PORTS_PER_BOARD; j++, p++, argm++) {
@@ -307,10 +308,13 @@ static int moxa_ioctl(struct tty_struct *tty, struct file *file,
tmp.inq = MoxaPortRxQueue(p);
tmp.outq = MoxaPortTxQueue(p);
}
- if (copy_to_user(argm, &tmp, sizeof(tmp)))
+ if (copy_to_user(argm, &tmp, sizeof(tmp))) {
+ mutex_unlock(&moxa_openlock);
return -EFAULT;
+ }
}
}
+ mutex_unlock(&moxa_openlock);
return 0;
} case MOXA_GET_OQUEUE:
status = MoxaPortTxQueue(ch);
@@ -324,6 +328,7 @@ static int moxa_ioctl(struct tty_struct *tty, struct file *file,
struct moxa_port *p;
unsigned int i, j;
+ mutex_lock(&moxa_openlock);
for (i = 0; i < MAX_BOARDS; i++) {
p = moxa_boards[i].ports;
for (j = 0; j < MAX_PORTS_PER_BOARD; j++, p++, argm++) {
@@ -344,10 +349,13 @@ static int moxa_ioctl(struct tty_struct *tty, struct file *file,
else
tmp.cflag = p->tty->termios->c_cflag;
copy:
- if (copy_to_user(argm, &tmp, sizeof(tmp)))
+ if (copy_to_user(argm, &tmp, sizeof(tmp))) {
+ mutex_unlock(&moxa_openlock);
return -EFAULT;
+ }
}
}
+ mutex_unlock(&moxa_openlock);
return 0;
}
case TIOCGSERIAL:
--
1.5.3.8
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/