提交 3003d55b 编写于 作者: A Alexander Gordeev 提交者: Linus Torvalds

pps: fix race in PPS_FETCH handler

There was a race in PPS_FETCH ioctl handler when several processes want to
obtain PPS data simultaneously using sleeping PPS_FETCH.  They all sleep
most of the time in the system call.

With the old approach when the first process waiting on the pps queue is
waken up it makes new system call right away and zeroes pps->go.  So other
processes continue to sleep.  This is a clear race condition because of
the global 'go' variable.

With the new approach pps->last_ev holds some value increasing at each PPS
event.  PPS_FETCH ioctl handler saves current value to the local variable
at the very beginning so it can safely check that there is a new event by
just comparing both variables.
Signed-off-by: NAlexander Gordeev <lasaine@lvk.cs.msu.su>
Acked-by: NRodolfo Giometti <giometti@linux.it>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 86d921f9
...@@ -326,8 +326,8 @@ void pps_event(int source, struct pps_ktime *ts, int event, void *data) ...@@ -326,8 +326,8 @@ void pps_event(int source, struct pps_ktime *ts, int event, void *data)
/* Wake up if captured something */ /* Wake up if captured something */
if (captured) { if (captured) {
pps->go = ~0; pps->last_ev++;
wake_up_interruptible(&pps->queue); wake_up_interruptible_all(&pps->queue);
kill_fasync(&pps->async_queue, SIGIO, POLL_IN); kill_fasync(&pps->async_queue, SIGIO, POLL_IN);
} }
......
...@@ -136,6 +136,7 @@ static long pps_cdev_ioctl(struct file *file, ...@@ -136,6 +136,7 @@ static long pps_cdev_ioctl(struct file *file,
case PPS_FETCH: { case PPS_FETCH: {
struct pps_fdata fdata; struct pps_fdata fdata;
unsigned int ev;
pr_debug("PPS_FETCH: source %d\n", pps->id); pr_debug("PPS_FETCH: source %d\n", pps->id);
...@@ -143,11 +144,12 @@ static long pps_cdev_ioctl(struct file *file, ...@@ -143,11 +144,12 @@ static long pps_cdev_ioctl(struct file *file,
if (err) if (err)
return -EFAULT; return -EFAULT;
pps->go = 0; ev = pps->last_ev;
/* Manage the timeout */ /* Manage the timeout */
if (fdata.timeout.flags & PPS_TIME_INVALID) if (fdata.timeout.flags & PPS_TIME_INVALID)
err = wait_event_interruptible(pps->queue, pps->go); err = wait_event_interruptible(pps->queue,
ev != pps->last_ev);
else { else {
unsigned long ticks; unsigned long ticks;
...@@ -159,7 +161,9 @@ static long pps_cdev_ioctl(struct file *file, ...@@ -159,7 +161,9 @@ static long pps_cdev_ioctl(struct file *file,
if (ticks != 0) { if (ticks != 0) {
err = wait_event_interruptible_timeout( err = wait_event_interruptible_timeout(
pps->queue, pps->go, ticks); pps->queue,
ev != pps->last_ev,
ticks);
if (err == 0) if (err == 0)
return -ETIMEDOUT; return -ETIMEDOUT;
} }
......
...@@ -55,7 +55,7 @@ struct pps_device { ...@@ -55,7 +55,7 @@ struct pps_device {
struct pps_ktime clear_tu; struct pps_ktime clear_tu;
int current_mode; /* PPS mode at event time */ int current_mode; /* PPS mode at event time */
int go; /* PPS event is arrived? */ unsigned int last_ev; /* last PPS event id */
wait_queue_head_t queue; /* PPS event queue */ wait_queue_head_t queue; /* PPS event queue */
unsigned int id; /* PPS source unique ID */ unsigned int id; /* PPS source unique ID */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册