If hif_read_reg() or hif_write_reg() fail in wilc_wlan_cleanup(),
it calls release_bus() and continues execution. But it leads to double
release_bus() call that means double unlock of g_linux_wlan->hif_cs mutex.
The patch adds return in case of failure.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <[email protected]>
---
drivers/staging/wilc1000/wilc_wlan.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/staging/wilc1000/wilc_wlan.c b/drivers/staging/wilc1000/wilc_wlan.c
index c02665747705..cd7f52a51173 100644
--- a/drivers/staging/wilc1000/wilc_wlan.c
+++ b/drivers/staging/wilc1000/wilc_wlan.c
@@ -1703,12 +1703,14 @@ void wilc_wlan_cleanup(struct net_device *dev)
if (!ret) {
PRINT_ER("Error while reading reg\n");
release_bus(RELEASE_ALLOW_SLEEP);
+ return;
}
PRINT_ER("Writing ABORT reg\n");
ret = p->hif_func.hif_write_reg(WILC_GP_REG_0, (reg | ABORT_INT));
if (!ret) {
PRINT_ER("Error while writing reg\n");
release_bus(RELEASE_ALLOW_SLEEP);
+ return;
}
release_bus(RELEASE_ALLOW_SLEEP);
/**
--
1.9.1
On Sat, Dec 05, 2015 at 01:04:34AM +0300, Alexey Khoroshilov wrote:
> If hif_read_reg() or hif_write_reg() fail in wilc_wlan_cleanup(),
> it calls release_bus() and continues execution. But it leads to double
> release_bus() call that means double unlock of g_linux_wlan->hif_cs mutex.
>
> The patch adds return in case of failure.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Alexey Khoroshilov <[email protected]>
> ---
> drivers/staging/wilc1000/wilc_wlan.c | 2 ++
> 1 file changed, 2 insertions(+)
No longer applies to my tree, can you rebase it against staging-testing
and resend?
thanks,
greg k-h
If hif_read_reg() or hif_write_reg() fail in wilc_wlan_cleanup(),
it calls release_bus() and continues execution. But it leads to double
release_bus() call that means double unlock of g_linux_wlan->hif_cs mutex.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <[email protected]>
---
drivers/staging/wilc1000/wilc_wlan.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/wilc1000/wilc_wlan.c b/drivers/staging/wilc1000/wilc_wlan.c
index a73e99f..4b7c8e9 100644
--- a/drivers/staging/wilc1000/wilc_wlan.c
+++ b/drivers/staging/wilc1000/wilc_wlan.c
@@ -1459,15 +1459,16 @@ void wilc_wlan_cleanup(struct net_device *dev)
ret = p->hif_func.hif_read_reg(wilc, WILC_GP_REG_0, ®);
if (!ret) {
PRINT_ER("Error while reading reg\n");
- release_bus(wilc, RELEASE_ALLOW_SLEEP);
+ goto _unlock;
}
PRINT_ER("Writing ABORT reg\n");
ret = p->hif_func.hif_write_reg(wilc, WILC_GP_REG_0,
(reg | ABORT_INT));
if (!ret) {
PRINT_ER("Error while writing reg\n");
- release_bus(wilc, RELEASE_ALLOW_SLEEP);
+ goto _unlock;
}
+_unlock:
release_bus(wilc, RELEASE_ALLOW_SLEEP);
p->hif_func.hif_deinit(NULL);
}
--
1.9.1
If hif_read_reg() or hif_write_reg() fail in wilc_wlan_cleanup(),
it calls release_bus() and continues execution. But it leads to double
release_bus() call that means double unlock of g_linux_wlan->hif_cs mutex.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <[email protected]>
---
drivers/staging/wilc1000/wilc_wlan.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/wilc1000/wilc_wlan.c b/drivers/staging/wilc1000/wilc_wlan.c
index 83af51b..b8c4a63 100644
--- a/drivers/staging/wilc1000/wilc_wlan.c
+++ b/drivers/staging/wilc1000/wilc_wlan.c
@@ -1381,15 +1381,16 @@ void wilc_wlan_cleanup(struct net_device *dev)
ret = wilc->hif_func->hif_read_reg(wilc, WILC_GP_REG_0, ®);
if (!ret) {
PRINT_ER("Error while reading reg\n");
- release_bus(wilc, RELEASE_ALLOW_SLEEP);
+ goto unlock;
}
PRINT_ER("Writing ABORT reg\n");
ret = wilc->hif_func->hif_write_reg(wilc, WILC_GP_REG_0,
(reg | ABORT_INT));
if (!ret) {
PRINT_ER("Error while writing reg\n");
- release_bus(wilc, RELEASE_ALLOW_SLEEP);
+ goto unlock;
}
+unlock:
release_bus(wilc, RELEASE_ALLOW_SLEEP);
wilc->hif_func->hif_deinit(NULL);
}
--
1.9.1
On Mon, Dec 21, 2015 at 12:46:51AM +0300, Alexey Khoroshilov wrote:
> If hif_read_reg() or hif_write_reg() fail in wilc_wlan_cleanup(),
> it calls release_bus() and continues execution. But it leads to double
> release_bus() call that means double unlock of g_linux_wlan->hif_cs mutex.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Alexey Khoroshilov <[email protected]>
Doesn't apply to my tree anymore, can you rebase this on the
staging-testing branch of staging.git?
thanks,
greg k-h
On Mon, Dec 21, 2015 at 12:46:51AM +0300, Alexey Khoroshilov wrote:
> diff --git a/drivers/staging/wilc1000/wilc_wlan.c b/drivers/staging/wilc1000/wilc_wlan.c
> index a73e99f..4b7c8e9 100644
> --- a/drivers/staging/wilc1000/wilc_wlan.c
> +++ b/drivers/staging/wilc1000/wilc_wlan.c
> @@ -1459,15 +1459,16 @@ void wilc_wlan_cleanup(struct net_device *dev)
> ret = p->hif_func.hif_read_reg(wilc, WILC_GP_REG_0, ®);
> if (!ret) {
> PRINT_ER("Error while reading reg\n");
> - release_bus(wilc, RELEASE_ALLOW_SLEEP);
> + goto _unlock;
If you're redoing this anyway, could we get rid of the underscore in the
label name? Just unlock: is fine.
regards,
dan carpenter
On Tue, Dec 22, 2015 at 08:39:26PM +0300, Alexey Khoroshilov wrote:
> If hif_read_reg() or hif_write_reg() fail in wilc_wlan_cleanup(),
> it calls release_bus() and continues execution. But it leads to double
> release_bus() call that means double unlock of g_linux_wlan->hif_cs mutex.
>
> Found by Linux Driver Verification project (linuxtesting.org).
>
> Signed-off-by: Alexey Khoroshilov <[email protected]>
> ---
> drivers/staging/wilc1000/wilc_wlan.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
Why is this 'v3'? What changed from the other versions? Please always
document it below the --- line so that we have a chance when reviewing
them.
Please fix up and resend with that information.
thanks,
greg k-h