Re: double unlock in rng_dev_read()
From: Herbert Xu
Date: Wed Dec 23 2009 - 10:24:16 EST
On Wed, Dec 23, 2009 at 04:53:36PM +0200, Dan Carpenter wrote:
>
> No no. I mean when size hits zero we are rng_mutex is unlocked.
Good catch! I'll add this patch to the tree. Please take a look
at it. Thanks!
commit f5908267b67917b8cbd98b27fd2be9b5f62ec76f
Author: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Wed Dec 23 23:22:34 2009 +0800
hwrng: core - Fix double unlock in rng_dev_read
When the loop terminates with size == 0 in rng_dev_read we will
unlock the rng mutex twice.
Reported-by: Dan Carpenter <error27@xxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c
index e989f67..3d9c61e 100644
--- a/drivers/char/hw_random/core.c
+++ b/drivers/char/hw_random/core.c
@@ -158,10 +158,11 @@ static ssize_t rng_dev_read(struct file *filp, char __user *buf,
goto out;
}
}
-out_unlock:
- mutex_unlock(&rng_mutex);
out:
return ret ? : err;
+out_unlock:
+ mutex_unlock(&rng_mutex);
+ goto out;
}
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/