linux/drivers/counter
William Breathitt Gray 8ac33b8b68 counter: Fix use-after-free race condition for events_queue_size write
A race condition is possible when writing to events_queue_size where the
events kfifo is freed during the execution of a kfifo_in(), resulting in
a use-after-free. This patch prevents such a scenario by protecting the
events queue in operation with a spinlock and locking before performing
the events queue size adjustment.

The existing events_lock mutex is renamed to events_out_lock to reflect
that it only protects events queue out operations. Because the events
queue in operations can occur in an interrupt context, a new
events_in_lock spinlock is introduced and utilized.

Fixes: feff17a550 ("counter: Implement events_queue_size sysfs attribute")
Cc: David Lechner <david@lechnology.com>
Signed-off-by: William Breathitt Gray <vilhelm.gray@gmail.com>
Link: https://lore.kernel.org/r/20211021103540.955639-1-vilhelm.gray@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-10-21 13:02:47 +02:00
..
104-quad-8.c counter: 104-quad-8: Add IRQ support for the ACCES 104-QUAD-8 2021-10-17 10:55:55 +01:00
counter-chrdev.c counter: Fix use-after-free race condition for events_queue_size write 2021-10-21 13:02:47 +02:00
counter-chrdev.h counter: Add character device interface 2021-10-17 10:53:52 +01:00
counter-core.c counter: Add character device interface 2021-10-17 10:53:52 +01:00
counter-sysfs.c counter: Fix use-after-free race condition for events_queue_size write 2021-10-21 13:02:47 +02:00
counter-sysfs.h counter: Internalize sysfs interface code 2021-10-17 10:52:58 +01:00
ftm-quaddec.c counter: Internalize sysfs interface code 2021-10-17 10:52:58 +01:00
intel-qep.c counter: Internalize sysfs interface code 2021-10-17 10:52:58 +01:00
interrupt-cnt.c counter: Internalize sysfs interface code 2021-10-17 10:52:58 +01:00
Kconfig counter: 104-quad-8: Add IRQ support for the ACCES 104-QUAD-8 2021-10-17 10:55:55 +01:00
Makefile counter: Add character device interface 2021-10-17 10:53:52 +01:00
microchip-tcb-capture.c counter: microchip-tcb-capture: Tidy up a false kernel-doc /** marking. 2021-10-17 10:56:31 +01:00
stm32-lptimer-cnt.c counter: Internalize sysfs interface code 2021-10-17 10:52:58 +01:00
stm32-timer-cnt.c counter: Internalize sysfs interface code 2021-10-17 10:52:58 +01:00
ti-eqep.c counter: Internalize sysfs interface code 2021-10-17 10:52:58 +01:00