From: Kevin McKinney Date: Wed, 23 Nov 2011 01:25:57 +0000 (-0500) Subject: Staging: bcm: Fix semaphore locking error when downloading firmware. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d9f26a6689a3e4ae643fca9c2acda3148b717e63;p=GitHub%2Fmt8127%2Fandroid_kernel_alcatel_ttab.git Staging: bcm: Fix semaphore locking error when downloading firmware. This patch releases semaphore locks when an error occurrs while attempting to download firmware for the bcm driver. When downloading firmware for this driver, a process is expected to call the following ioctl's in this order: (1)IOCTL_BCM_BUFFER_DOWNLOAD_START, (2)IOCTL_BCM_BUFFER_DOWNLOAD, and (3) IOCTL_BCM_BUFFER_DOWNLOAD_STOP. Semaphore, “Adapter->fw_download_sema” is expected to be acquired in the first ioctl, IOCTL_BCM_BUFFER_DOWNLOAD_START, and it should block until IOCTL_BCM_BUFFER_DOWNLOAD_STOP is called. In this case, if an error occurred before STOP finished, the semaphore "Adapter->fw_download_sema" was not being released. Signed-off-by: Kevin McKinney Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/bcm/Bcmchar.c b/drivers/staging/bcm/Bcmchar.c index 5a3e7c846a3e..d0a0b10c5d4e 100644 --- a/drivers/staging/bcm/Bcmchar.c +++ b/drivers/staging/bcm/Bcmchar.c @@ -802,27 +802,36 @@ cntrlEnd: } /* Copy Ioctl Buffer structure */ - if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER))) + if (copy_from_user(&IoBuffer, argp, sizeof(IOCTL_BUFFER))) { + up(&Adapter->fw_download_sema); return -EFAULT; + } BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Length for FW DLD is : %lx\n", IoBuffer.InputLength); - if (IoBuffer.InputLength > sizeof(FIRMWARE_INFO)) + if (IoBuffer.InputLength > sizeof(FIRMWARE_INFO)) { + up(&Adapter->fw_download_sema); return -EINVAL; + } psFwInfo = kmalloc(sizeof(*psFwInfo), GFP_KERNEL); - if (!psFwInfo) + if (!psFwInfo) { + up(&Adapter->fw_download_sema); return -ENOMEM; + } - if (copy_from_user(psFwInfo, IoBuffer.InputBuffer, IoBuffer.InputLength)) + if (copy_from_user(psFwInfo, IoBuffer.InputBuffer, IoBuffer.InputLength)) { + up(&Adapter->fw_download_sema); return -EFAULT; + } if (!psFwInfo->pvMappedFirmwareAddress || (psFwInfo->u32FirmwareLength == 0)) { BCM_DEBUG_PRINT(Adapter, DBG_TYPE_PRINTK, 0, 0, "Something else is wrong %lu\n", psFwInfo->u32FirmwareLength); + up(&Adapter->fw_download_sema); Status = -EINVAL; break; }