We should take "gsm_mux_lock" when we access gsm_mux[].
Reported-by: Sun Peng <sun_p...@topsec.com.cn>
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index 3b3e1f6632d7..cc7f68814200 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -2898,18 +2898,22 @@ static int gsmtty_install(struct tty_driver *driver,
struct tty_struct *tty)
bool alloc = false;
int ret;
- line = line & 0x3F;
if (mux >= MAX_MUX)
return -ENXIO;
- /* FIXME: we need to lock gsm_mux for lifetimes of ttys eventually */
- if (gsm_mux[mux] == NULL)
- return -EUNATCH;
+
+ line = line & 0x3F;
if (line == 0 || line > 61) /* 62/63 reserved */
return -ECHRNG;
+
+ spin_lock(&gsm_mux_lock);
gsm = gsm_mux[mux];
+ spin_unlock(&gsm_mux_lock);
+ if (!gsm)
+ return -EUNATCH;
if (gsm->dead)
return -EL2HLT;
+
/* If DLCI 0 is not yet fully open return an error.
This is ok from a locking
perspective as we don't have to worry about this
