d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[evdev] Fix race condition between client's event queue reading and dropping

Browse Source 
Submitted by:	Vladimir Kondratiev <wulf@cicgroup.ru>
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D9320
This commit is contained in:
gonzo 2017-03-12 19:27:44 +00:00
parent 93c079c643
commit 1de7cd4223
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/dev/evdev/cdev.c
View File

@ -162,7 +162,7 @@ static int
evdev_read(struct cdev *dev, struct uio *uio, int ioflag)
{
struct evdev_client *client;
struct input_event *event;
struct input_event event;
int ret = 0;
int remaining;
@ -197,13 +197,14 @@ evdev_read(struct cdev *dev, struct uio *uio, int ioflag)
}
while (ret == 0 && !EVDEV_CLIENT_EMPTYQ(client) && remaining > 0) {
event = &client->ec_buffer[client->ec_buffer_head];
memcpy(&event, &client->ec_buffer[client->ec_buffer_head],
sizeof(struct input_event));
client->ec_buffer_head =
(client->ec_buffer_head + 1) % client->ec_buffer_size;
remaining--;
EVDEV_CLIENT_UNLOCKQ(client);
ret = uiomove(event, sizeof(struct input_event), uio);
ret = uiomove(&event, sizeof(struct input_event), uio);
EVDEV_CLIENT_LOCKQ(client);
}