Jiri Slaby wrote:
> set_lock_status omits mutex_unlock in fail path. Add the omitted
> unlock.
>
> As a result a lockup caused by this can be triggered from userspace
> by writing 1 to /sys/bus/pci/slots/.../lock often enough.
>
> Signed-off-by: Jiri Slaby <jirislaby@xxxxxxxxx>
> Cc: Kristen Carlson Accardi <kristen.c.accardi@xxxxxxxxx>
> Cc: Jesse Barnes <jbarnes@xxxxxxxxxxxxxxxx>
> ---
> drivers/pci/hotplug/pciehp_core.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c
> index 5482d4e..c248554 100644
> --- a/drivers/pci/hotplug/pciehp_core.c
> +++ b/drivers/pci/hotplug/pciehp_core.c
> @@ -126,8 +126,10 @@ static int set_lock_status(struct hotplug_slot *hotplug_slot, u8 status)
> mutex_lock(&slot->ctrl->crit_sect);
>
> /* has it been >1 sec since our last toggle? */
> - if ((get_seconds() - slot->last_emi_toggle) < 1)
> + if ((get_seconds() - slot->last_emi_toggle) < 1) {
> + mutex_unlock(&slot->ctrl->crit_sect);
> return -EINVAL;
> + }
>
> /* see what our current state is */
> retval = get_lock_status(hotplug_slot, &value);
Good catch!
Reviewed-by: Kenji Kaneshige <kaneshige.kenji@xxxxxxxxxxxxxx>
Thanks,
Kenji Kaneshige
--
To unsubscribe from this list: send the line "unsubscribe linux-pci" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
