[PATCH] staging: go7007: fix mismatch in mutex lock-unlock in [read|write]_reg_fp

From: Alexey Khoroshilov
Date: Mon Feb 13 2012 - 10:27:33 EST

Next message: Don Zickus: "Re: [tip:x86/debug] x86/kdump: No need to disable ioapic/ lapic incrash path"
Previous message: Alan Stern: "Re: [RFC 0/5] scsi, sd, pm, request based runtime PM for scsi disk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If go7007_usb_vendor_request() fails in write_reg_fp()
or in read_reg_fp(), the usb->i2c_lock mutex left locked.

The patch moves mutex_unlock(&usb->i2c_lock) before check
for go7007_usb_vendor_request() returned value.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>
---
drivers/staging/media/go7007/s2250-board.c | 16 ++++++++++------
1 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/drivers/staging/media/go7007/s2250-board.c b/drivers/staging/media/go7007/s2250-board.c
index e7736a9..014d384 100644
--- a/drivers/staging/media/go7007/s2250-board.c
+++ b/drivers/staging/media/go7007/s2250-board.c
@@ -192,6 +192,7 @@ static int write_reg_fp(struct i2c_client *client, u16 addr, u16 val)
{
struct go7007 *go = i2c_get_adapdata(client->adapter);
struct go7007_usb *usb;
+ int rc;
u8 *buf;
struct s2250 *dec = i2c_get_clientdata(client);

@@ -216,12 +217,13 @@ static int write_reg_fp(struct i2c_client *client, u16 addr, u16 val)
kfree(buf);
return -EINTR;
}
- if (go7007_usb_vendor_request(go, 0x57, addr, val, buf, 16, 1) < 0) {
+ rc = go7007_usb_vendor_request(go, 0x57, addr, val, buf, 16, 1);
+ mutex_unlock(&usb->i2c_lock);
+ if (rc < 0) {
kfree(buf);
- return -EFAULT;
+ return rc;
}

- mutex_unlock(&usb->i2c_lock);
if (buf[0] == 0) {
unsigned int subaddr, val_read;

@@ -254,6 +256,7 @@ static int read_reg_fp(struct i2c_client *client, u16 addr, u16 *val)
{
struct go7007 *go = i2c_get_adapdata(client->adapter);
struct go7007_usb *usb;
+ int rc;
u8 *buf;

if (go == NULL)
@@ -276,11 +279,12 @@ static int read_reg_fp(struct i2c_client *client, u16 addr, u16 *val)
kfree(buf);
return -EINTR;
}
- if (go7007_usb_vendor_request(go, 0x58, addr, 0, buf, 16, 1) < 0) {
+ rc = go7007_usb_vendor_request(go, 0x58, addr, 0, buf, 16, 1);
+ mutex_unlock(&usb->i2c_lock);
+ if (rc < 0) {
kfree(buf);
- return -EFAULT;
+ return rc;
}
- mutex_unlock(&usb->i2c_lock);

*val = (buf[0] << 8) | buf[1];
kfree(buf);
--
1.7.4.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Don Zickus: "Re: [tip:x86/debug] x86/kdump: No need to disable ioapic/ lapic incrash path"
Previous message: Alan Stern: "Re: [RFC 0/5] scsi, sd, pm, request based runtime PM for scsi disk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]