From: Guenter Roeck Date: Sat, 6 Apr 2013 04:22:43 +0000 (-0700) Subject: watchdog: Fix race condition in registration code X-Git-Tag: v3.12-rc1~847^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=60403f7a4d9368d187f79cba5e4672d01df37574;p=kernel%2Fkernel-generic.git watchdog: Fix race condition in registration code A race condition exists when registering the first watchdog device. Sequence of events: - watchdog_register_device calls watchdog_dev_register - watchdog_dev_register creates the watchdog misc device by calling misc_register. At that time, the matching character device (/dev/watchdog0) does not yet exist, and old_wdd is not set either. - Userspace gets an event and opens /dev/watchdog - watchdog_open is called and sets wdd = old_wdd, which is still NULL, and tries to dereference it. This causes the kernel to panic. Seen with systemd trying to open /dev/watchdog immediately after it was created. Reported-by: Arkadiusz Miskiewicz Signed-off-by: Guenter Roeck Tested-by: Arkadiusz Miskiewicz Signed-off-by: Wim Van Sebroeck --- diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c index 08b48bb..faf4e18 100644 --- a/drivers/watchdog/watchdog_dev.c +++ b/drivers/watchdog/watchdog_dev.c @@ -523,6 +523,7 @@ int watchdog_dev_register(struct watchdog_device *watchdog) int err, devno; if (watchdog->id == 0) { + old_wdd = watchdog; watchdog_miscdev.parent = watchdog->parent; err = misc_register(&watchdog_miscdev); if (err != 0) { @@ -531,9 +532,9 @@ int watchdog_dev_register(struct watchdog_device *watchdog) if (err == -EBUSY) pr_err("%s: a legacy watchdog module is probably present.\n", watchdog->info->identity); + old_wdd = NULL; return err; } - old_wdd = watchdog; } /* Fill in the data structures */