rtc: Handle errors correctly in rtc_irq_set_state()

In rtc_irq_set_state, the code checks the correctness of the parameters,
but then goes on to unconditionally arms/disarms the hrtimer. Thus a
random task might arm/disarm rtc timer and surprise the real owner by
either generating events or by stopping them.

Cc: stable@kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: John Stultz <john.stultz@linaro.org>

diff --git a/drivers/rtc/interface.c b/drivers/rtc/interface.c
index df68618f6dbb53f60f1f743f1425e2060e104854..b6bf57f25cc9e520ca31d642eea1616b9132f82b 100644 (file)
--- a/drivers/rtc/interface.c
+++ b/drivers/rtc/interface.c
@@ -656,6 +656,8 @@ int rtc_irq_set_state(struct rtc_device *rtc, struct rtc_task *task, int enabled
                err = -EBUSY;
        if (rtc->irq_task != task)
                err = -EACCES;
+       if (err)
+               goto out;
 
        if (enabled) {
                ktime_t period = ktime_set(0, NSEC_PER_SEC/rtc->irq_freq);
@@ -664,6 +666,7 @@ int rtc_irq_set_state(struct rtc_device *rtc, struct rtc_task *task, int enabled
                hrtimer_cancel(&rtc->pie_timer);
        }
        rtc->pie_enabled = enabled;
+out:
        spin_unlock_irqrestore(&rtc->irq_task_lock, flags);
 
        return err;