From: Thomas Gleixner Date: Fri, 22 Jul 2011 09:12:50 +0000 (+0000) Subject: rtc: Handle errors correctly in rtc_irq_set_state() X-Git-Tag: firefly_0821_release~3680^2~4629^2~2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=53cc2820acbdbcc768675bfaff321f3a8680a317;p=firefly-linux-kernel-4.4.55.git rtc: Handle errors correctly in rtc_irq_set_state() In rtc_irq_set_state, the code checks the correctness of the parameters, but then goes on to unconditionally arms/disarms the hrtimer. Thus a random task might arm/disarm rtc timer and surprise the real owner by either generating events or by stopping them. Cc: stable@kernel.org Signed-off-by: Thomas Gleixner Signed-off-by: John Stultz --- diff --git a/drivers/rtc/interface.c b/drivers/rtc/interface.c index df68618f6dbb..b6bf57f25cc9 100644 --- a/drivers/rtc/interface.c +++ b/drivers/rtc/interface.c @@ -656,6 +656,8 @@ int rtc_irq_set_state(struct rtc_device *rtc, struct rtc_task *task, int enabled err = -EBUSY; if (rtc->irq_task != task) err = -EACCES; + if (err) + goto out; if (enabled) { ktime_t period = ktime_set(0, NSEC_PER_SEC/rtc->irq_freq); @@ -664,6 +666,7 @@ int rtc_irq_set_state(struct rtc_device *rtc, struct rtc_task *task, int enabled hrtimer_cancel(&rtc->pie_timer); } rtc->pie_enabled = enabled; +out: spin_unlock_irqrestore(&rtc->irq_task_lock, flags); return err;