[PATCH v2 1/1] Staging: lirc, fix lock imbalance

Jiri Slaby <jslaby@xxxxxxx> · Sat, 4 Sep 2010 14:16:26 +0200

[2nd version -- melded all three together]

1) There is a missing return or goto statement in one fail path in
sasem_probe, so that the code contiues its normal execution (and
unlocks a mutex twice). Fix that by jumping to the right place.

Anyway the code is very broken on its fail paths and there are many
leaks. But that's a different story.

2) There is an omitted unlock in one fail path in vfd_write, jump to
the right place to unlock the lock.

3) In the probe function, there is one more error where the lock is
not unlocked. Fix that by jumping to the proper place.

Signed-off-by: Jiri Slaby <jslaby@xxxxxxx>
Cc: Jarod Wilson <jarod@xxxxxxxxxx>
Cc: Mauro Carvalho Chehab <mchehab@xxxxxxxxxx>
---
 drivers/staging/lirc/lirc_sasem.c |   13 ++++++++-----
 1 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/drivers/staging/lirc/lirc_sasem.c b/drivers/staging/lirc/lirc_sasem.c
index 73166c3..ffa3bb4 100644
--- a/drivers/staging/lirc/lirc_sasem.c
+++ b/drivers/staging/lirc/lirc_sasem.c
@@ -386,8 +386,10 @@ static ssize_t vfd_write(struct file *file, const char *buf,
 	}
 
 	data_buf = memdup_user(buf, n_bytes);
-	if (PTR_ERR(data_buf))
-		return PTR_ERR(data_buf);
+	if (PTR_ERR(data_buf)) {
+		retval = PTR_ERR(data_buf);
+		goto exit;
+	}
 
 	memcpy(context->tx.data_buf, data_buf, n_bytes);
 
@@ -803,7 +805,8 @@ static int sasem_probe(struct usb_interface *interface,
 	if (lirc_minor < 0) {
 		err("%s: lirc_register_driver failed", __func__);
 		alloc_status = 7;
-		mutex_unlock(&context->ctx_lock);
+		retval = lirc_minor;
+		goto unlock;
 	} else
 		printk(KERN_INFO "%s: Registered Sasem driver (minor:%d)\n",
 			__func__, lirc_minor);
@@ -828,7 +831,7 @@ alloc_status_switch:
 		context = NULL;
 	case 1:
 		retval = -ENOMEM;
-		goto exit;
+		goto unlock;
 	}
 
 	/* Needed while unregistering! */
@@ -859,7 +862,7 @@ alloc_status_switch:
 
 	printk(KERN_INFO "%s: Sasem device on usb<%d:%d> initialized\n",
 			__func__, dev->bus->busnum, dev->devnum);
-
+unlock:
 	mutex_unlock(&context->ctx_lock);
 exit:
 	return retval;
-- 
1.7.2.2


_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel





