From 3003d55b59aa98aeaff2773df69732b27c0cbf6a Mon Sep 17 00:00:00 2001 From: Alexander Gordeev Date: Wed, 12 Jan 2011 17:00:50 -0800 Subject: pps: fix race in PPS_FETCH handler There was a race in PPS_FETCH ioctl handler when several processes want to obtain PPS data simultaneously using sleeping PPS_FETCH. They all sleep most of the time in the system call. With the old approach when the first process waiting on the pps queue is waken up it makes new system call right away and zeroes pps->go. So other processes continue to sleep. This is a clear race condition because of the global 'go' variable. With the new approach pps->last_ev holds some value increasing at each PPS event. PPS_FETCH ioctl handler saves current value to the local variable at the very beginning so it can safely check that there is a new event by just comparing both variables. Signed-off-by: Alexander Gordeev Acked-by: Rodolfo Giometti Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/pps/kapi.c | 4 ++-- drivers/pps/pps.c | 10 +++++++--- 2 files changed, 9 insertions(+), 5 deletions(-) (limited to 'drivers/pps') diff --git a/drivers/pps/kapi.c b/drivers/pps/kapi.c index 55f39618261..3f89f5eba81 100644 --- a/drivers/pps/kapi.c +++ b/drivers/pps/kapi.c @@ -326,8 +326,8 @@ void pps_event(int source, struct pps_ktime *ts, int event, void *data) /* Wake up if captured something */ if (captured) { - pps->go = ~0; - wake_up_interruptible(&pps->queue); + pps->last_ev++; + wake_up_interruptible_all(&pps->queue); kill_fasync(&pps->async_queue, SIGIO, POLL_IN); } diff --git a/drivers/pps/pps.c b/drivers/pps/pps.c index c76afb980a9..dc7e66cb276 100644 --- a/drivers/pps/pps.c +++ b/drivers/pps/pps.c @@ -136,6 +136,7 @@ static long pps_cdev_ioctl(struct file *file, case PPS_FETCH: { struct pps_fdata fdata; + unsigned int ev; pr_debug("PPS_FETCH: source %d\n", pps->id); @@ -143,11 +144,12 @@ static long pps_cdev_ioctl(struct file *file, if (err) return -EFAULT; - pps->go = 0; + ev = pps->last_ev; /* Manage the timeout */ if (fdata.timeout.flags & PPS_TIME_INVALID) - err = wait_event_interruptible(pps->queue, pps->go); + err = wait_event_interruptible(pps->queue, + ev != pps->last_ev); else { unsigned long ticks; @@ -159,7 +161,9 @@ static long pps_cdev_ioctl(struct file *file, if (ticks != 0) { err = wait_event_interruptible_timeout( - pps->queue, pps->go, ticks); + pps->queue, + ev != pps->last_ev, + ticks); if (err == 0) return -ETIMEDOUT; } -- cgit v1.2.3-70-g09d2