staging: sep: call to sep_ioctl() may leave driver in unusable state

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If sep_ioctl() is called from a process that does not own
current transaction, it unlocks unheld sep->ioctl_mutex and
returns -EACCES leaving sep->sep_mutex acquired.

The patch fixes the mutex lock-unlock mismatch.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

authored by

Alexey Khoroshilov and committed by

Greg Kroah-Hartman 14 years ago f19885fa 12995706

+3 -3

1 changed file

expand all

drivers

staging

sep

sep_driver.c

+3 -3

drivers/staging/sep/sep_driver.c

··· 2420 2420 (sep->pid_doing_transaction != 0)) { 2421 2421 dev_dbg(&sep->pdev->dev, "ioctl pid is not owner\n"); 2422 2422 error = -EACCES; 2423 - goto end_function; 2424 2423 } 2425 - 2426 2424 mutex_unlock(&sep->sep_mutex); 2425 + 2426 + if (error) 2427 + return error; 2427 2428 2428 2429 if (_IOC_TYPE(cmd) != SEP_IOC_MAGIC_NUMBER) 2429 2430 return -ENOTTY; ··· 2462 2461 break; 2463 2462 } 2464 2463 2465 - end_function: 2466 2464 mutex_unlock(&sep->ioctl_mutex); 2467 2465 return error; 2468 2466 }