The code checks the correctness of the parameters, but unconditionally
arms/disarms the hrtimer.
The result is that a random task might arm/disarm rtc timer and surprise
the real owner by either generating events or by stopping them.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: John Stultz <john.stultz@linaro.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Ben Greear <greearb@candelatech.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
                err = -EBUSY;
        if (rtc->irq_task != task)
                err = -EACCES;
+       if (err)
+               goto out;
 
        if (enabled) {
                ktime_t period = ktime_set(0, NSEC_PER_SEC/rtc->irq_freq);
                hrtimer_cancel(&rtc->pie_timer);
        }
        rtc->pie_enabled = enabled;
+out:
        spin_unlock_irqrestore(&rtc->irq_task_lock, flags);
 
        return err;