Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758873AbZD3UXf (ORCPT ); Thu, 30 Apr 2009 16:23:35 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1750736AbZD3UX0 (ORCPT ); Thu, 30 Apr 2009 16:23:26 -0400 Received: from smtp1.linux-foundation.org ([140.211.169.13]:53505 "EHLO smtp1.linux-foundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754539AbZD3UXZ (ORCPT ); Thu, 30 Apr 2009 16:23:25 -0400 Date: Thu, 30 Apr 2009 13:18:18 -0700 From: Andrew Morton To: Simon Arlott Cc: linux-kernel@vger.kernel.org, mchehab@infradead.org, linux-dvb@linuxtv.org Subject: Re: [PATCH] dvb-core: Fix potential mutex_unlock without mutex_lock in dvb_dvr_read Message-Id: <20090430131818.d8aded42.akpm@linux-foundation.org> In-Reply-To: <49F0A61D.1010002@simon.arlott.org.uk> References: <49F0A61D.1010002@simon.arlott.org.uk> X-Mailer: Sylpheed version 2.2.4 (GTK+ 2.8.20; i486-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2587 Lines: 74 On Thu, 23 Apr 2009 18:32:13 +0100 Simon Arlott wrote: > dvb_dvr_read may unlock the dmxdev mutex and return -ENODEV, > except this function is a file op and will never be called > with the mutex held. > > There's existing mutex_lock and mutex_unlock around the actual > read but it's commented out. These should probably be uncommented > but the read blocks and this could block another non-blocking > reader on the mutex instead. > > This change comments out the extra mutex_unlock. > > Signed-off-by: Simon Arlott > --- > This has been on my TODO list for far too long... I did come > up with a mutex_trylock/mutex_lock_interruptible version but > claiming that it'll block when it may not doesn't make sense > (and any blocking read would cause all non-blocking reads to > continually return -EWOULDBLOCK until there is data). > > drivers/media/dvb/dvb-core/dmxdev.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/media/dvb/dvb-core/dmxdev.c b/drivers/media/dvb/dvb-core/dmxdev.c > index c35fbb8..d6d098a 100644 > --- a/drivers/media/dvb/dvb-core/dmxdev.c > +++ b/drivers/media/dvb/dvb-core/dmxdev.c > @@ -247,7 +247,7 @@ static ssize_t dvb_dvr_read(struct file *file, char __user *buf, size_t count, > int ret; > > if (dmxdev->exit) { > - mutex_unlock(&dmxdev->mutex); > + //mutex_unlock(&dmxdev->mutex); > return -ENODEV; > } Is there any value in retaining all the commented-out lock operations, or can we zap 'em? --- a/drivers/media/dvb/dvb-core/dmxdev.c~dvb-core-fix-potential-mutex_unlock-without-mutex_lock-in-dvb_dvr_read-fix +++ a/drivers/media/dvb/dvb-core/dmxdev.c @@ -244,19 +244,13 @@ static ssize_t dvb_dvr_read(struct file { struct dvb_device *dvbdev = file->private_data; struct dmxdev *dmxdev = dvbdev->priv; - int ret; - if (dmxdev->exit) { - //mutex_unlock(&dmxdev->mutex); + if (dmxdev->exit) return -ENODEV; - } - //mutex_lock(&dmxdev->mutex); - ret = dvb_dmxdev_buffer_read(&dmxdev->dvr_buffer, - file->f_flags & O_NONBLOCK, - buf, count, ppos); - //mutex_unlock(&dmxdev->mutex); - return ret; + return dvb_dmxdev_buffer_read(&dmxdev->dvr_buffer, + file->f_flags & O_NONBLOCK, + buf, count, ppos); } static int dvb_dvr_set_buffer_size(struct dmxdev *dmxdev, _ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/