* [PATCH] [media] stv090x: do not unlock unheld mutex in stv090x_sleep()
@ 2013-02-19 18:58 Alexey Khoroshilov
2013-02-20 6:58 ` Manu Abraham
0 siblings, 1 reply; 3+ messages in thread
From: Alexey Khoroshilov @ 2013-02-19 18:58 UTC (permalink / raw)
To: Mauro Carvalho Chehab, Manu Abraham
Cc: Alexey Khoroshilov, linux-media, linux-kernel, ldv-project
goto err and goto err_gateoff before mutex_lock(&state->internal->demod_lock)
lead to unlock of unheld mutex in stv090x_sleep().
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
---
drivers/media/dvb-frontends/stv090x.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/drivers/media/dvb-frontends/stv090x.c b/drivers/media/dvb-frontends/stv090x.c
index 13caec0..4f600ac 100644
--- a/drivers/media/dvb-frontends/stv090x.c
+++ b/drivers/media/dvb-frontends/stv090x.c
@@ -3906,12 +3906,12 @@ static int stv090x_sleep(struct dvb_frontend *fe)
reg = stv090x_read_reg(state, STV090x_TSTTNR1);
STV090x_SETFIELD(reg, ADC1_PON_FIELD, 0);
if (stv090x_write_reg(state, STV090x_TSTTNR1, reg) < 0)
- goto err;
+ goto err_unlock;
/* power off DiSEqC 1 */
reg = stv090x_read_reg(state, STV090x_TSTTNR2);
STV090x_SETFIELD(reg, DISEQC1_PON_FIELD, 0);
if (stv090x_write_reg(state, STV090x_TSTTNR2, reg) < 0)
- goto err;
+ goto err_unlock;
/* check whether path 2 is already sleeping, that is when
ADC2 is off */
@@ -3930,7 +3930,7 @@ static int stv090x_sleep(struct dvb_frontend *fe)
if (full_standby)
STV090x_SETFIELD(reg, STOP_CLKFEC_FIELD, 1);
if (stv090x_write_reg(state, STV090x_STOPCLK1, reg) < 0)
- goto err;
+ goto err_unlock;
reg = stv090x_read_reg(state, STV090x_STOPCLK2);
/* sampling 1 clock */
STV090x_SETFIELD(reg, STOP_CLKSAMP1_FIELD, 1);
@@ -3941,7 +3941,7 @@ static int stv090x_sleep(struct dvb_frontend *fe)
if (full_standby)
STV090x_SETFIELD(reg, STOP_CLKTS_FIELD, 1);
if (stv090x_write_reg(state, STV090x_STOPCLK2, reg) < 0)
- goto err;
+ goto err_unlock;
break;
case STV090x_DEMODULATOR_1:
@@ -3949,12 +3949,12 @@ static int stv090x_sleep(struct dvb_frontend *fe)
reg = stv090x_read_reg(state, STV090x_TSTTNR3);
STV090x_SETFIELD(reg, ADC2_PON_FIELD, 0);
if (stv090x_write_reg(state, STV090x_TSTTNR3, reg) < 0)
- goto err;
+ goto err_unlock;
/* power off DiSEqC 2 */
reg = stv090x_read_reg(state, STV090x_TSTTNR4);
STV090x_SETFIELD(reg, DISEQC2_PON_FIELD, 0);
if (stv090x_write_reg(state, STV090x_TSTTNR4, reg) < 0)
- goto err;
+ goto err_unlock;
/* check whether path 1 is already sleeping, that is when
ADC1 is off */
@@ -3973,7 +3973,7 @@ static int stv090x_sleep(struct dvb_frontend *fe)
if (full_standby)
STV090x_SETFIELD(reg, STOP_CLKFEC_FIELD, 1);
if (stv090x_write_reg(state, STV090x_STOPCLK1, reg) < 0)
- goto err;
+ goto err_unlock;
reg = stv090x_read_reg(state, STV090x_STOPCLK2);
/* sampling 2 clock */
STV090x_SETFIELD(reg, STOP_CLKSAMP2_FIELD, 1);
@@ -3984,7 +3984,7 @@ static int stv090x_sleep(struct dvb_frontend *fe)
if (full_standby)
STV090x_SETFIELD(reg, STOP_CLKTS_FIELD, 1);
if (stv090x_write_reg(state, STV090x_STOPCLK2, reg) < 0)
- goto err;
+ goto err_unlock;
break;
default:
@@ -3997,7 +3997,7 @@ static int stv090x_sleep(struct dvb_frontend *fe)
reg = stv090x_read_reg(state, STV090x_SYNTCTRL);
STV090x_SETFIELD(reg, STANDBY_FIELD, 0x01);
if (stv090x_write_reg(state, STV090x_SYNTCTRL, reg) < 0)
- goto err;
+ goto err_unlock;
}
mutex_unlock(&state->internal->demod_lock);
@@ -4005,8 +4005,10 @@ static int stv090x_sleep(struct dvb_frontend *fe)
err_gateoff:
stv090x_i2c_gate_ctrl(state, 0);
-err:
+ goto err;
+err_unlock:
mutex_unlock(&state->internal->demod_lock);
+err:
dprintk(FE_ERROR, 1, "I/O error");
return -1;
}
--
1.7.9.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] [media] stv090x: do not unlock unheld mutex in stv090x_sleep()
2013-02-19 18:58 [PATCH] [media] stv090x: do not unlock unheld mutex in stv090x_sleep() Alexey Khoroshilov
@ 2013-02-20 6:58 ` Manu Abraham
2013-02-20 10:20 ` Alexey Khoroshilov
0 siblings, 1 reply; 3+ messages in thread
From: Manu Abraham @ 2013-02-20 6:58 UTC (permalink / raw)
To: Alexey Khoroshilov
Cc: Mauro Carvalho Chehab, Manu Abraham, linux-media, linux-kernel,
ldv-project
Hi,
On Wed, Feb 20, 2013 at 12:28 AM, Alexey Khoroshilov
<khoroshilov@ispras.ru> wrote:
> goto err and goto err_gateoff before mutex_lock(&state->internal->demod_lock)
> lead to unlock of unheld mutex in stv090x_sleep().
Out of curiosity, what happens when you try to unlock an unlocked mutex ?
Regards,
Manu
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] [media] stv090x: do not unlock unheld mutex in stv090x_sleep()
2013-02-20 6:58 ` Manu Abraham
@ 2013-02-20 10:20 ` Alexey Khoroshilov
0 siblings, 0 replies; 3+ messages in thread
From: Alexey Khoroshilov @ 2013-02-20 10:20 UTC (permalink / raw)
To: Manu Abraham
Cc: Mauro Carvalho Chehab, Manu Abraham, linux-media, linux-kernel,
ldv-project
On 02/20/2013 10:58 AM, Manu Abraham wrote:
> Hi,
>
> On Wed, Feb 20, 2013 at 12:28 AM, Alexey Khoroshilov
> <khoroshilov@ispras.ru> wrote:
>> goto err and goto err_gateoff before mutex_lock(&state->internal->demod_lock)
>> lead to unlock of unheld mutex in stv090x_sleep().
> Out of curiosity, what happens when you try to unlock an unlocked mutex ?
>
> Regards,
> Manu
>
Bad things can happen if someone else holds the mutex and it becomes
unexpectedly unlocked.
Also it can result that the next lock() operation leaves the mutex in
unlocked state.
The both cases can lead to data races with unpredictable consequences.
--
Alexey Khoroshilov
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-02-20 10:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-02-19 18:58 [PATCH] [media] stv090x: do not unlock unheld mutex in stv090x_sleep() Alexey Khoroshilov
2013-02-20 6:58 ` Manu Abraham
2013-02-20 10:20 ` Alexey Khoroshilov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.