Hi Frank,
On Fri, Jul 12, 2024 at 06:19:22PM -0400, Frank Li wrote:
> > + rx_msg = kzalloc(cmd_snd_rcv_rsp_info.rx_buf_sz, GFP_KERNEL);
> > + if (!rx_msg) {
> > + err = -ENOMEM;
> > + goto exit;
> > + }
> > +
> > + tx_msg = memdup_user(cmd_snd_rcv_rsp_info.tx_buf,
> > + cmd_snd_rcv_rsp_info.tx_buf_sz);
> > + if (IS_ERR(tx_msg)) {
> > + err = PTR_ERR(tx_msg);
> > + goto exit;
> > + }
> > +
> > + if (tx_msg->header.tag != priv->cmd_tag) {
> > + err = -EINVAL;
> > + goto exit;
> > + }
> > +
> > + scoped_guard(mutex, &priv->se_if_cmd_lock);
>
> You totally wrong use scoped_guard in whole patch.
>
> fun()
> {
> guard(); //which means lock here
> ...
> return; // unlock here
> }
>
> scoped_guard()
> { // lock here
> ...
> //unlock here
> }
>
> your code scoped_guard(mutex, &priv->se_if_cmd_lock);
> is equal to
>
> mutex_lock();
> mutex_unlock();
>
> Nothing protected by mutex lock at all.
Thanks for bringing this on the table again. I already mourned about
this in v2 of this series, but didn't notice the issue wasn't fixed
then.
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
