This is a note to let you know that I've just added the patch titled
w1: do not unlock unheld list_mutex in __w1_remove_master_device()
to my char-misc git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git
in the char-misc-next branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will also be merged in the next major kernel release
during the merge window.
If you have any questions about this process, please let me know.
>From a0f104644ec27ce5bbb36e950eb426dba9a3ad44 Mon Sep 17 00:00:00 2001
From: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>
Date: Wed, 7 May 2014 01:26:04 +0400
Subject: w1: do not unlock unheld list_mutex in __w1_remove_master_device()
w1_process_callbacks() expects to be called with dev->list_mutex held,
but it is the fact only in w1_process(). __w1_remove_master_device()
calls w1_process_callbacks() after it releases list_mutex.
The patch fixes __w1_remove_master_device() to acquire list_mutex
for w1_process_callbacks().
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>
Acked-by: David Fries <david@xxxxxxxxx>
Acked-by: Evgeniy Polyakov <zbr@xxxxxxxxxxx>
Cc: stable <stable@xxxxxxxxxxxxxxx> # 3.15
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/w1/w1.c | 2 ++
drivers/w1/w1_int.c | 4 ++++
2 files changed, 6 insertions(+)
diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c
index ff52618cafbe..5d7341520544 100644
--- a/drivers/w1/w1.c
+++ b/drivers/w1/w1.c
@@ -1078,6 +1078,8 @@ static void w1_search_process(struct w1_master *dev, u8 search_type)
* w1_process_callbacks() - execute each dev->async_list callback entry
* @dev: w1_master device
*
+ * The w1 master list_mutex must be held.
+ *
* Return: 1 if there were commands to executed 0 otherwise
*/
int w1_process_callbacks(struct w1_master *dev)
diff --git a/drivers/w1/w1_int.c b/drivers/w1/w1_int.c
index 9b084db739c7..728039d2efe1 100644
--- a/drivers/w1/w1_int.c
+++ b/drivers/w1/w1_int.c
@@ -219,9 +219,13 @@ void __w1_remove_master_device(struct w1_master *dev)
if (msleep_interruptible(1000))
flush_signals(current);
+ mutex_lock(&dev->list_mutex);
w1_process_callbacks(dev);
+ mutex_unlock(&dev->list_mutex);
}
+ mutex_lock(&dev->list_mutex);
w1_process_callbacks(dev);
+ mutex_unlock(&dev->list_mutex);
memset(&msg, 0, sizeof(msg));
msg.id.mst.id = dev->id;
--
1.9.0
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html