All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] staging: wilc1000: fix double mutex_unlock on failure path in wilc_wlan_cleanup()
@ 2015-12-04 22:04 Alexey Khoroshilov
  2015-12-18 22:50 ` Greg Kroah-Hartman
  0 siblings, 1 reply; 7+ messages in thread
From: Alexey Khoroshilov @ 2015-12-04 22:04 UTC (permalink / raw)
  To: Johnny Kim, Austin Shin, Chris Park, Tony Cho, Glen Lee, Leo Kim
  Cc: Alexey Khoroshilov, Greg Kroah-Hartman, linux-wireless, devel,
	linux-kernel, ldv-project

If hif_read_reg() or hif_write_reg() fail in wilc_wlan_cleanup(),
it calls release_bus() and continues execution. But it leads to double
release_bus() call that means double unlock of g_linux_wlan->hif_cs mutex.

The patch adds return in case of failure.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
---
 drivers/staging/wilc1000/wilc_wlan.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/staging/wilc1000/wilc_wlan.c b/drivers/staging/wilc1000/wilc_wlan.c
index c02665747705..cd7f52a51173 100644
--- a/drivers/staging/wilc1000/wilc_wlan.c
+++ b/drivers/staging/wilc1000/wilc_wlan.c
@@ -1703,12 +1703,14 @@ void wilc_wlan_cleanup(struct net_device *dev)
 	if (!ret) {
 		PRINT_ER("Error while reading reg\n");
 		release_bus(RELEASE_ALLOW_SLEEP);
+		return;
 	}
 	PRINT_ER("Writing ABORT reg\n");
 	ret = p->hif_func.hif_write_reg(WILC_GP_REG_0, (reg | ABORT_INT));
 	if (!ret) {
 		PRINT_ER("Error while writing reg\n");
 		release_bus(RELEASE_ALLOW_SLEEP);
+		return;
 	}
 	release_bus(RELEASE_ALLOW_SLEEP);
 	/**
-- 
1.9.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH] staging: wilc1000: fix double mutex_unlock on failure path in wilc_wlan_cleanup()
  2015-12-04 22:04 [PATCH] staging: wilc1000: fix double mutex_unlock on failure path in wilc_wlan_cleanup() Alexey Khoroshilov
@ 2015-12-18 22:50 ` Greg Kroah-Hartman
  2015-12-20 21:46   ` Alexey Khoroshilov
  0 siblings, 1 reply; 7+ messages in thread
From: Greg Kroah-Hartman @ 2015-12-18 22:50 UTC (permalink / raw)
  To: Alexey Khoroshilov
  Cc: Johnny Kim, Austin Shin, Chris Park, Tony Cho, Glen Lee, Leo Kim,
	linux-wireless, devel, linux-kernel, ldv-project

On Sat, Dec 05, 2015 at 01:04:34AM +0300, Alexey Khoroshilov wrote:
> If hif_read_reg() or hif_write_reg() fail in wilc_wlan_cleanup(),
> it calls release_bus() and continues execution. But it leads to double
> release_bus() call that means double unlock of g_linux_wlan->hif_cs mutex.
> 
> The patch adds return in case of failure.
> 
> Found by Linux Driver Verification project (linuxtesting.org).
> 
> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
> ---
>  drivers/staging/wilc1000/wilc_wlan.c | 2 ++
>  1 file changed, 2 insertions(+)

No longer applies to my tree, can you rebase it against staging-testing
and resend?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH] staging: wilc1000: fix double mutex_unlock on failure path in wilc_wlan_cleanup()
  2015-12-18 22:50 ` Greg Kroah-Hartman
@ 2015-12-20 21:46   ` Alexey Khoroshilov
  2015-12-21 21:22     ` Greg Kroah-Hartman
  2015-12-22  8:04     ` [PATCH] " Dan Carpenter
  0 siblings, 2 replies; 7+ messages in thread
From: Alexey Khoroshilov @ 2015-12-20 21:46 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Alexey Khoroshilov, Johnny Kim, Austin Shin, Chris Park,
	Tony Cho, Glen Lee, Leo Kim, linux-wireless, devel, linux-kernel,
	ldv-project

If hif_read_reg() or hif_write_reg() fail in wilc_wlan_cleanup(),
it calls release_bus() and continues execution. But it leads to double
release_bus() call that means double unlock of g_linux_wlan->hif_cs mutex.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
---
 drivers/staging/wilc1000/wilc_wlan.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/wilc1000/wilc_wlan.c b/drivers/staging/wilc1000/wilc_wlan.c
index a73e99f..4b7c8e9 100644
--- a/drivers/staging/wilc1000/wilc_wlan.c
+++ b/drivers/staging/wilc1000/wilc_wlan.c
@@ -1459,15 +1459,16 @@ void wilc_wlan_cleanup(struct net_device *dev)
 	ret = p->hif_func.hif_read_reg(wilc, WILC_GP_REG_0, &reg);
 	if (!ret) {
 		PRINT_ER("Error while reading reg\n");
-		release_bus(wilc, RELEASE_ALLOW_SLEEP);
+		goto _unlock;
 	}
 	PRINT_ER("Writing ABORT reg\n");
 	ret = p->hif_func.hif_write_reg(wilc, WILC_GP_REG_0,
 					(reg | ABORT_INT));
 	if (!ret) {
 		PRINT_ER("Error while writing reg\n");
-		release_bus(wilc, RELEASE_ALLOW_SLEEP);
+		goto _unlock;
 	}
+_unlock:
 	release_bus(wilc, RELEASE_ALLOW_SLEEP);
 	p->hif_func.hif_deinit(NULL);
 }
-- 
1.9.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH] staging: wilc1000: fix double mutex_unlock on failure path in wilc_wlan_cleanup()
  2015-12-20 21:46   ` Alexey Khoroshilov
@ 2015-12-21 21:22     ` Greg Kroah-Hartman
  2015-12-22 17:39       ` [PATCH v3] " Alexey Khoroshilov
  2015-12-22  8:04     ` [PATCH] " Dan Carpenter
  1 sibling, 1 reply; 7+ messages in thread
From: Greg Kroah-Hartman @ 2015-12-21 21:22 UTC (permalink / raw)
  To: Alexey Khoroshilov
  Cc: devel, ldv-project, Chris Park, Austin Shin, linux-wireless,
	Johnny Kim, linux-kernel, Tony Cho, Leo Kim

On Mon, Dec 21, 2015 at 12:46:51AM +0300, Alexey Khoroshilov wrote:
> If hif_read_reg() or hif_write_reg() fail in wilc_wlan_cleanup(),
> it calls release_bus() and continues execution. But it leads to double
> release_bus() call that means double unlock of g_linux_wlan->hif_cs mutex.
> 
> Found by Linux Driver Verification project (linuxtesting.org).
> 
> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>

Doesn't apply to my tree anymore, can you rebase this on the
staging-testing branch of staging.git?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] staging: wilc1000: fix double mutex_unlock on failure path in wilc_wlan_cleanup()
  2015-12-20 21:46   ` Alexey Khoroshilov
  2015-12-21 21:22     ` Greg Kroah-Hartman
@ 2015-12-22  8:04     ` Dan Carpenter
  1 sibling, 0 replies; 7+ messages in thread
From: Dan Carpenter @ 2015-12-22  8:04 UTC (permalink / raw)
  To: Alexey Khoroshilov
  Cc: Greg Kroah-Hartman, devel, ldv-project, Chris Park, Austin Shin,
	linux-wireless, Johnny Kim, linux-kernel, Tony Cho, Leo Kim

On Mon, Dec 21, 2015 at 12:46:51AM +0300, Alexey Khoroshilov wrote:
> diff --git a/drivers/staging/wilc1000/wilc_wlan.c b/drivers/staging/wilc1000/wilc_wlan.c
> index a73e99f..4b7c8e9 100644
> --- a/drivers/staging/wilc1000/wilc_wlan.c
> +++ b/drivers/staging/wilc1000/wilc_wlan.c
> @@ -1459,15 +1459,16 @@ void wilc_wlan_cleanup(struct net_device *dev)
>  	ret = p->hif_func.hif_read_reg(wilc, WILC_GP_REG_0, &reg);
>  	if (!ret) {
>  		PRINT_ER("Error while reading reg\n");
> -		release_bus(wilc, RELEASE_ALLOW_SLEEP);
> +		goto _unlock;

If you're redoing this anyway, could we get rid of the underscore in the
label name?  Just unlock: is fine.

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [PATCH v3] staging: wilc1000: fix double mutex_unlock on failure path in wilc_wlan_cleanup()
  2015-12-21 21:22     ` Greg Kroah-Hartman
@ 2015-12-22 17:39       ` Alexey Khoroshilov
  2016-02-03 23:04         ` Greg Kroah-Hartman
  0 siblings, 1 reply; 7+ messages in thread
From: Alexey Khoroshilov @ 2015-12-22 17:39 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Alexey Khoroshilov, Johnny Kim, linux-wireless, devel,
	linux-kernel, ldv-project

If hif_read_reg() or hif_write_reg() fail in wilc_wlan_cleanup(),
it calls release_bus() and continues execution. But it leads to double
release_bus() call that means double unlock of g_linux_wlan->hif_cs mutex.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
---
 drivers/staging/wilc1000/wilc_wlan.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/staging/wilc1000/wilc_wlan.c b/drivers/staging/wilc1000/wilc_wlan.c
index 83af51b..b8c4a63 100644
--- a/drivers/staging/wilc1000/wilc_wlan.c
+++ b/drivers/staging/wilc1000/wilc_wlan.c
@@ -1381,15 +1381,16 @@ void wilc_wlan_cleanup(struct net_device *dev)
 	ret = wilc->hif_func->hif_read_reg(wilc, WILC_GP_REG_0, &reg);
 	if (!ret) {
 		PRINT_ER("Error while reading reg\n");
-		release_bus(wilc, RELEASE_ALLOW_SLEEP);
+		goto unlock;
 	}
 	PRINT_ER("Writing ABORT reg\n");
 	ret = wilc->hif_func->hif_write_reg(wilc, WILC_GP_REG_0,
 					(reg | ABORT_INT));
 	if (!ret) {
 		PRINT_ER("Error while writing reg\n");
-		release_bus(wilc, RELEASE_ALLOW_SLEEP);
+		goto unlock;
 	}
+unlock:
 	release_bus(wilc, RELEASE_ALLOW_SLEEP);
 	wilc->hif_func->hif_deinit(NULL);
 }
-- 
1.9.1


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH v3] staging: wilc1000: fix double mutex_unlock on failure path in wilc_wlan_cleanup()
  2015-12-22 17:39       ` [PATCH v3] " Alexey Khoroshilov
@ 2016-02-03 23:04         ` Greg Kroah-Hartman
  0 siblings, 0 replies; 7+ messages in thread
From: Greg Kroah-Hartman @ 2016-02-03 23:04 UTC (permalink / raw)
  To: Alexey Khoroshilov
  Cc: Johnny Kim, linux-wireless, devel, linux-kernel, ldv-project

On Tue, Dec 22, 2015 at 08:39:26PM +0300, Alexey Khoroshilov wrote:
> If hif_read_reg() or hif_write_reg() fail in wilc_wlan_cleanup(),
> it calls release_bus() and continues execution. But it leads to double
> release_bus() call that means double unlock of g_linux_wlan->hif_cs mutex.
> 
> Found by Linux Driver Verification project (linuxtesting.org).
> 
> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
> ---
>  drivers/staging/wilc1000/wilc_wlan.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)

Why is this 'v3'?  What changed from the other versions?  Please always
document it below the --- line so that we have a chance when reviewing
them.

Please fix up and resend with that information.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2016-02-03 23:04 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-04 22:04 [PATCH] staging: wilc1000: fix double mutex_unlock on failure path in wilc_wlan_cleanup() Alexey Khoroshilov
2015-12-18 22:50 ` Greg Kroah-Hartman
2015-12-20 21:46   ` Alexey Khoroshilov
2015-12-21 21:22     ` Greg Kroah-Hartman
2015-12-22 17:39       ` [PATCH v3] " Alexey Khoroshilov
2016-02-03 23:04         ` Greg Kroah-Hartman
2015-12-22  8:04     ` [PATCH] " Dan Carpenter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.