In case an open is racing with a debugfs file removal, the corresponding
error path in open_proxy_open() releases its SRCU read side critical
section twice, i.e. it does a double unlock.
Fix that by purging the extra unlock operation.
Signed-off-by: Nicolai Stange <[email protected]>
---
fs/debugfs/file.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c
index 6a4b667..9c1c9a0 100644
--- a/fs/debugfs/file.c
+++ b/fs/debugfs/file.c
@@ -108,7 +108,6 @@ static int open_proxy_open(struct inode *inode, struct file *filp)
r = debugfs_use_file_start(dentry, &srcu_idx);
if (r) {
- debugfs_use_file_finish(srcu_idx);
r = -ENOENT;
goto out;
}
--
2.7.2
Nicolai Stange <[email protected]> writes:
> In case an open is racing with a debugfs file removal, the corresponding
> error path in open_proxy_open() releases its SRCU read side critical
> section twice, i.e. it does a double unlock.
This one has been reported by Rasmus Villemoes:
http://lkml.kernel.org/g/[email protected]
Thank you very much!
Nicolai
Ah and sorry: applicable to the driver-core tree's driver-core-testing branch.
Please drop as this has been fixed in the current v6 of the offending
series to be found here:
http://lkml.kernel.org/g/[email protected]
Thank you!
Nicolai