gpiolib: cdev: fix minor race in GET_LINEINFO_WATCH
Merge separate usage of test_bit/set_bit into test_and_set_bit to remove
the possibility of a race between the test and set.
Similarly test_bit and clear_bit.
In the existing code it is possible for two threads to race past the
test_bit and then set or clear the watch bit, and neither return EBUSY.
Signed-off-by: Kent Gibson <warthog618@gmail.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c
index fe1b385..b2b26dc 100644
--- a/drivers/gpio/gpiolib-cdev.c
+++ b/drivers/gpio/gpiolib-cdev.c
@@ -887,15 +887,16 @@ static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
hwgpio = gpio_chip_hwgpio(desc);
- if (test_bit(hwgpio, cdev->watched_lines))
+ if (test_and_set_bit(hwgpio, cdev->watched_lines))
return -EBUSY;
gpio_desc_to_lineinfo(desc, &lineinfo);
- if (copy_to_user(ip, &lineinfo, sizeof(lineinfo)))
+ if (copy_to_user(ip, &lineinfo, sizeof(lineinfo))) {
+ clear_bit(hwgpio, cdev->watched_lines);
return -EFAULT;
+ }
- set_bit(hwgpio, cdev->watched_lines);
return 0;
} else if (cmd == GPIO_GET_LINEINFO_UNWATCH_IOCTL) {
if (copy_from_user(&offset, ip, sizeof(offset)))
@@ -907,10 +908,9 @@ static long gpio_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
hwgpio = gpio_chip_hwgpio(desc);
- if (!test_bit(hwgpio, cdev->watched_lines))
+ if (!test_and_clear_bit(hwgpio, cdev->watched_lines))
return -EBUSY;
- clear_bit(hwgpio, cdev->watched_lines);
return 0;
}
return -EINVAL;