rtc: Handle errors correctly in rtc_irq_set_state()
Thomas Gleixner [Fri, 22 Jul 2011 09:12:50 +0000 (09:12 +0000)]
In rtc_irq_set_state, the code checks the correctness of the parameters,
but then goes on to unconditionally arms/disarms the hrtimer. Thus a
random task might arm/disarm rtc timer and surprise the real owner by
either generating events or by stopping them.

Cc: stable@kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: John Stultz <john.stultz@linaro.org>

drivers/rtc/interface.c

index df68618..b6bf57f 100644 (file)
@@ -656,6 +656,8 @@ int rtc_irq_set_state(struct rtc_device *rtc, struct rtc_task *task, int enabled
                err = -EBUSY;
        if (rtc->irq_task != task)
                err = -EACCES;
+       if (err)
+               goto out;
 
        if (enabled) {
                ktime_t period = ktime_set(0, NSEC_PER_SEC/rtc->irq_freq);
@@ -664,6 +666,7 @@ int rtc_irq_set_state(struct rtc_device *rtc, struct rtc_task *task, int enabled
                hrtimer_cancel(&rtc->pie_timer);
        }
        rtc->pie_enabled = enabled;
+out:
        spin_unlock_irqrestore(&rtc->irq_task_lock, flags);
 
        return err;