diff options
| author | Hugo Lefeuvre <[email protected]> | 2018-06-13 21:04:38 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <[email protected]> | 2018-06-17 09:05:12 +0200 |
| commit | 6de4ef65a8c6f53ce7eef06666410bc3b6e4b624 (patch) | |
| tree | 9197acae27ad892fe84bd81fcb02a3884c1caa5c /tools/perf/scripts/python/call-graph-from-sql.py | |
| parent | 0d6485282a2eb8839ecb98d4da2dc1c35aab7223 (diff) | |
staging: pi433: fix race condition in pi433_ioctl
In the PI433_IOC_WR_TX_CFG case in pi433_ioctl, instance->tx_cfg is
modified via
copy_from_user(&instance->tx_cfg, argp, sizeof(struct pi433_tx_cfg)))
without any kind of synchronization. In the case where two threads
would execute this same command concurrently the tx_cfg field might
enter in an inconsistent state.
Additionally: if ioctl(PI433_IOC_WR_TX_CFG) and write() execute
concurrently the tx config might be modified while it is being
copied to the fifo, resulting in potential data corruption.
Fix: Get instance->tx_cfg_lock before modifying tx config in the
PI433_IOC_WR_TX_CFG case in pi433_ioctl.
Also, do not copy data directly from user space to instance->tx_cfg.
Instead use a temporary buffer allowing future checks for correctness
of copied data and simpler code.
Signed-off-by: Hugo Lefeuvre <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/call-graph-from-sql.py')
0 files changed, 0 insertions, 0 deletions