On 10/18/21 4:14 AM, William Breathitt Gray wrote:
On Sun, Oct 17, 2021 at 01:55:21PM -0500, David Lechner wrote:
diff --git a/drivers/counter/counter-sysfs.c b/drivers/counter/counter-sysfs.c
index 1ccd771da25f..7bf8882ff54d 100644
--- a/drivers/counter/counter-sysfs.c
+++ b/drivers/counter/counter-sysfs.c
@@ -796,25 +796,18 @@ static int counter_events_queue_size_write(struct counter_device *counter,
u64 val)
{
DECLARE_KFIFO_PTR(events, struct counter_event);
- int err = 0;
-
- /* Ensure chrdev is not opened more than 1 at a time */
- if (!atomic_add_unless(&counter->chrdev_lock, 1, 1))
- return -EBUSY;
+ int err;
/* Allocate new events queue */
err = kfifo_alloc(&events, val, GFP_KERNEL);
if (err)
- goto exit_early;
+ return err;
/* Swap in new events queue */
kfifo_free(&counter->events);
counter->events.kfifo = events.kfifo;
Do we need to hold the events_lock mutex here for this swap in case
counter_chrdev_read() is in the middle of reading the kfifo to
userspace, or do the kfifo macros already protect us from a race
condition here?
Another possibility might be to disallow changing the size while
events are enabled. Otherwise, we also need to protect against
write after free.
I considered this:
swap(counter->events.kfifo, events.kfifo);
kfifo_free(&events);
But I'm not sure that would be safe enough.