uio_mmap has multiple fail paths to set return value to nonzero then
goto out. However, it always returns *0* from the *out* at end, and
this will mislead callers who check the return value of this function.
Fixes: 57c5f4df0a5a0ee ("uio: fix crash after the device is unregistered")
CC: Xiubo Li <[email protected]>
Signed-off-by: Hailong Liu <[email protected]>
Signed-off-by: Jiang Biao <[email protected]>
---
drivers/uio/uio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
index 5d421d7..0ddfda2 100644
--- a/drivers/uio/uio.c
+++ b/drivers/uio/uio.c
@@ -814,7 +814,7 @@ static int uio_mmap(struct file *filep, struct vm_area_struct *vma)
out:
mutex_unlock(&idev->info_lock);
- return 0;
+ return ret;
}
static const struct file_operations uio_fops = {
--
1.8.3.1
On 2018/7/20 8:31, Hailong Liu wrote:
> uio_mmap has multiple fail paths to set return value to nonzero then
> goto out. However, it always returns *0* from the *out* at end, and
> this will mislead callers who check the return value of this function.
>
> Fixes: 57c5f4df0a5a0ee ("uio: fix crash after the device is unregistered")
> CC: Xiubo Li <[email protected]>
> Signed-off-by: Hailong Liu <[email protected]>
> Signed-off-by: Jiang Biao <[email protected]>
> ---
> drivers/uio/uio.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
> index 5d421d7..0ddfda2 100644
> --- a/drivers/uio/uio.c
> +++ b/drivers/uio/uio.c
> @@ -814,7 +814,7 @@ static int uio_mmap(struct file *filep, struct vm_area_struct *vma)
>
> out:
> mutex_unlock(&idev->info_lock);
> - return 0;
> + return ret;
Hi Hailong,
Good catch, Thanks.
BRs
> }
>
> static const struct file_operations uio_fops = {