LinuxLists.cc - [PATCH] [media] lirc_imon: do not leave imon

2015-11-14 18:18:59

Subject: [PATCH] [media] lirc_imon: do not leave imon_probe() with mutex held

Commit af8a819a2513 ("[media] lirc_imon: simplify error handling code")
lost mutex_unlock(&context->ctx_lock), so imon_probe() exits with
the context->ctx_lock mutex acquired.

The patch adds mutex_unlock(&context->ctx_lock) back.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <[email protected]>
Fixes: af8a819a2513 ("[media] lirc_imon: simplify error handling code")
---
drivers/staging/media/lirc/lirc_imon.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/staging/media/lirc/lirc_imon.c b/drivers/staging/media/lirc/lirc_imon.c
index 534b8103ae80..ff1926ca1f96 100644
--- a/drivers/staging/media/lirc/lirc_imon.c
+++ b/drivers/staging/media/lirc/lirc_imon.c
@@ -885,12 +885,14 @@ static int imon_probe(struct usb_interface *interface,
vendor, product, ifnum, usbdev->bus->busnum, usbdev->devnum);

/* Everything went fine. Just unlock and return retval (with is 0) */
+ mutex_unlock(&context->ctx_lock);
goto driver_unlock;

unregister_lirc:
lirc_unregister_driver(driver->minor);

free_tx_urb:
+ mutex_unlock(&context->ctx_lock);
usb_free_urb(tx_urb);

free_rx_urb:
--
1.9.1

2015-11-16 15:05:15

by Dan Carpenter

[permalink] [raw]

Subject: Re: [PATCH] [media] lirc_imon: do not leave imon_probe() with mutex held

On Sat, Nov 14, 2015 at 09:17:56PM +0300, Alexey Khoroshilov wrote:
> Commit af8a819a2513 ("[media] lirc_imon: simplify error handling code")
> lost mutex_unlock(&context->ctx_lock), so imon_probe() exits with
> the context->ctx_lock mutex acquired.
>
> The patch adds mutex_unlock(&context->ctx_lock) back.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Alexey Khoroshilov <[email protected]>
> Fixes: af8a819a2513 ("[media] lirc_imon: simplify error handling code")

Hm... This patch is from June and it totally breaks the driver. It's
dissapointing that no one reported this bug.

> ---
> drivers/staging/media/lirc/lirc_imon.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/staging/media/lirc/lirc_imon.c b/drivers/staging/media/lirc/lirc_imon.c
> index 534b8103ae80..ff1926ca1f96 100644
> --- a/drivers/staging/media/lirc/lirc_imon.c
> +++ b/drivers/staging/media/lirc/lirc_imon.c
> @@ -885,12 +885,14 @@ static int imon_probe(struct usb_interface *interface,
> vendor, product, ifnum, usbdev->bus->busnum, usbdev->devnum);
>
> /* Everything went fine. Just unlock and return retval (with is 0) */
> + mutex_unlock(&context->ctx_lock);
> goto driver_unlock;
>
> unregister_lirc:
> lirc_unregister_driver(driver->minor);
>
> free_tx_urb:
> + mutex_unlock(&context->ctx_lock);
> usb_free_urb(tx_urb);

Now the label name doesn't make sense. Also this unlock isn't needed
because we are just going to free context anyway.

regards,
dan carpenter