3.9-stable review patch. If anyone has any objections, please let me know.
------------------ From: Guenter Roeck <[email protected]> commit 60403f7a4d9368d187f79cba5e4672d01df37574 upstream. A race condition exists when registering the first watchdog device. Sequence of events: - watchdog_register_device calls watchdog_dev_register - watchdog_dev_register creates the watchdog misc device by calling misc_register. At that time, the matching character device (/dev/watchdog0) does not yet exist, and old_wdd is not set either. - Userspace gets an event and opens /dev/watchdog - watchdog_open is called and sets wdd = old_wdd, which is still NULL, and tries to dereference it. This causes the kernel to panic. Seen with systemd trying to open /dev/watchdog immediately after it was created. Reported-by: Arkadiusz Miskiewicz <[email protected]> Signed-off-by: Guenter Roeck <[email protected]> Tested-by: Arkadiusz Miskiewicz <[email protected]> Signed-off-by: Wim Van Sebroeck <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- drivers/watchdog/watchdog_dev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/watchdog/watchdog_dev.c +++ b/drivers/watchdog/watchdog_dev.c @@ -523,6 +523,7 @@ int watchdog_dev_register(struct watchdo int err, devno; if (watchdog->id == 0) { + old_wdd = watchdog; watchdog_miscdev.parent = watchdog->parent; err = misc_register(&watchdog_miscdev); if (err != 0) { @@ -531,9 +532,9 @@ int watchdog_dev_register(struct watchdo if (err == -EBUSY) pr_err("%s: a legacy watchdog module is probably present.\n", watchdog->info->identity); + old_wdd = NULL; return err; } - old_wdd = watchdog; } /* Fill in the data structures */ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
