From: Jiri Slaby Date: Sat, 4 Sep 2010 12:16:26 +0000 (+0200) Subject: Staging: lirc, fix lock imbalance X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ff7d368ed98b27405197a1d3e76d8032ecbe6194;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git Staging: lirc, fix lock imbalance [2nd version -- melded all three together] 1) There is a missing return or goto statement in one fail path in sasem_probe, so that the code contiues its normal execution (and unlocks a mutex twice). Fix that by jumping to the right place. Anyway the code is very broken on its fail paths and there are many leaks. But that's a different story. 2) There is an omitted unlock in one fail path in vfd_write, jump to the right place to unlock the lock. 3) In the probe function, there is one more error where the lock is not unlocked. Fix that by jumping to the proper place. Signed-off-by: Jiri Slaby Cc: Jarod Wilson Cc: Mauro Carvalho Chehab Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/lirc/lirc_sasem.c b/drivers/staging/lirc/lirc_sasem.c index 856487eecd24..d1ac0997f51b 100644 --- a/drivers/staging/lirc/lirc_sasem.c +++ b/drivers/staging/lirc/lirc_sasem.c @@ -386,8 +386,10 @@ static ssize_t vfd_write(struct file *file, const char *buf, } data_buf = memdup_user(buf, n_bytes); - if (PTR_ERR(data_buf)) - return PTR_ERR(data_buf); + if (PTR_ERR(data_buf)) { + retval = PTR_ERR(data_buf); + goto exit; + } memcpy(context->tx.data_buf, data_buf, n_bytes); @@ -803,7 +805,8 @@ static int sasem_probe(struct usb_interface *interface, if (lirc_minor < 0) { err("%s: lirc_register_driver failed", __func__); alloc_status = 7; - mutex_unlock(&context->ctx_lock); + retval = lirc_minor; + goto unlock; } else printk(KERN_INFO "%s: Registered Sasem driver (minor:%d)\n", __func__, lirc_minor); @@ -828,7 +831,7 @@ alloc_status_switch: context = NULL; case 1: retval = -ENOMEM; - goto exit; + goto unlock; } /* Needed while unregistering! */ @@ -859,7 +862,7 @@ alloc_status_switch: printk(KERN_INFO "%s: Sasem device on usb<%d:%d> initialized\n", __func__, dev->bus->busnum, dev->devnum); - +unlock: mutex_unlock(&context->ctx_lock); exit: return retval;