gpiolib: cdev: fix minor race in GET_LINEINFO_WATCH

Merge separate usage of test_bit/set_bit into test_and_set_bit to remove
the possibility of a race between the test and set.

Similarly test_bit and clear_bit.

In the existing code it is possible for two threads to race past the
test_bit and then set or clear the watch bit, and neither return EBUSY.

Signed-off-by: Kent Gibson <warthog618@gmail.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>

diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
index fe1b385..b2b26dc 100644 (file)
--- a/drivers/gpio/gpiolib-cdev.c
+++ b/drivers/gpio/gpiolib-cdev.c
@@ -887,15 +887,16 @@ static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 
                hwgpio = gpio_chip_hwgpio(desc);
 
-               if (test_bit(hwgpio, cdev->watched_lines))
+               if (test_and_set_bit(hwgpio, cdev->watched_lines))
                        return -EBUSY;
 
                gpio_desc_to_lineinfo(desc, &lineinfo);
 
-               if (copy_to_user(ip, &lineinfo, sizeof(lineinfo)))
+               if (copy_to_user(ip, &lineinfo, sizeof(lineinfo))) {
+                       clear_bit(hwgpio, cdev->watched_lines);
                        return -EFAULT;
+               }
 
-               set_bit(hwgpio, cdev->watched_lines);
                return 0;
        } else if (cmd == GPIO_GET_LINEINFO_UNWATCH_IOCTL) {
                if (copy_from_user(&offset, ip, sizeof(offset)))
@@ -907,10 +908,9 @@ static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 
                hwgpio = gpio_chip_hwgpio(desc);
 
-               if (!test_bit(hwgpio, cdev->watched_lines))
+               if (!test_and_clear_bit(hwgpio, cdev->watched_lines))
                        return -EBUSY;
 
-               clear_bit(hwgpio, cdev->watched_lines);
                return 0;
        }
        return -EINVAL;