From ff7d368ed98b27405197a1d3e76d8032ecbe6194 Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Sat, 4 Sep 2010 14:16:26 +0200 Subject: [PATCH] Staging: lirc, fix lock imbalance [2nd version -- melded all three together] 1) There is a missing return or goto statement in one fail path in sasem_probe, so that the code contiues its normal execution (and unlocks a mutex twice). Fix that by jumping to the right place. Anyway the code is very broken on its fail paths and there are many leaks. But that's a different story. 2) There is an omitted unlock in one fail path in vfd_write, jump to the right place to unlock the lock. 3) In the probe function, there is one more error where the lock is not unlocked. Fix that by jumping to the proper place. Signed-off-by: Jiri Slaby Cc: Jarod Wilson Cc: Mauro Carvalho Chehab Signed-off-by: Greg Kroah-Hartman --- drivers/staging/lirc/lirc_sasem.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/staging/lirc/lirc_sasem.c b/drivers/staging/lirc/lirc_sasem.c index 856487eecd24..d1ac0997f51b 100644 --- a/drivers/staging/lirc/lirc_sasem.c +++ b/drivers/staging/lirc/lirc_sasem.c @@ -386,8 +386,10 @@ static ssize_t vfd_write(struct file *file, const char *buf, } data_buf = memdup_user(buf, n_bytes); - if (PTR_ERR(data_buf)) - return PTR_ERR(data_buf); + if (PTR_ERR(data_buf)) { + retval = PTR_ERR(data_buf); + goto exit; + } memcpy(context->tx.data_buf, data_buf, n_bytes); @@ -803,7 +805,8 @@ static int sasem_probe(struct usb_interface *interface, if (lirc_minor < 0) { err("%s: lirc_register_driver failed", __func__); alloc_status = 7; - mutex_unlock(&context->ctx_lock); + retval = lirc_minor; + goto unlock; } else printk(KERN_INFO "%s: Registered Sasem driver (minor:%d)\n", __func__, lirc_minor); @@ -828,7 +831,7 @@ alloc_status_switch: context = NULL; case 1: retval = -ENOMEM; - goto exit; + goto unlock; } /* Needed while unregistering! */ @@ -859,7 +862,7 @@ alloc_status_switch: printk(KERN_INFO "%s: Sasem device on usb<%d:%d> initialized\n", __func__, dev->bus->busnum, dev->devnum); - +unlock: mutex_unlock(&context->ctx_lock); exit: return retval; -- 2.20.1