Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

double unlock in rng_dev_read()

2 views
Skip to first unread message

Dan Carpenter

unread,
Dec 23, 2009, 8:20:01 AM12/23/09
to
It seems like we unlock rng_mutex twice (2.6.33-rc1).

drivers/char/hw_random/core.c
151 mutex_unlock(&rng_mutex);
152
153 if (need_resched())
154 schedule_timeout_interruptible(1);
155
156 if (signal_pending(current)) {
157 err = -ERESTARTSYS;
158 goto out;
159 }
160 }
161 out_unlock:
162 mutex_unlock(&rng_mutex);

regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Herbert Xu

unread,
Dec 23, 2009, 9:40:02 AM12/23/09
to
On Wed, Dec 23, 2009 at 03:15:52PM +0200, Dan Carpenter wrote:
> It seems like we unlock rng_mutex twice (2.6.33-rc1).
>
> drivers/char/hw_random/core.c
> 151 mutex_unlock(&rng_mutex);
> 152
> 153 if (need_resched())
> 154 schedule_timeout_interruptible(1);
> 155
> 156 if (signal_pending(current)) {
> 157 err = -ERESTARTSYS;
> 158 goto out;
> 159 }
> 160 }
> 161 out_unlock:
> 162 mutex_unlock(&rng_mutex);

Hmm, are you sure you didn't mistake out for out_unlock? :)
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <her...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Dan Carpenter

unread,
Dec 23, 2009, 10:00:02 AM12/23/09
to
On Wed, Dec 23, 2009 at 10:36:58PM +0800, Herbert Xu wrote:
> On Wed, Dec 23, 2009 at 03:15:52PM +0200, Dan Carpenter wrote:
> > It seems like we unlock rng_mutex twice (2.6.33-rc1).
> >
> > drivers/char/hw_random/core.c
> > 151 mutex_unlock(&rng_mutex);
> > 152
> > 153 if (need_resched())
> > 154 schedule_timeout_interruptible(1);
> > 155
> > 156 if (signal_pending(current)) {
> > 157 err = -ERESTARTSYS;
> > 158 goto out;
> > 159 }
> > 160 }
> > 161 out_unlock:
> > 162 mutex_unlock(&rng_mutex);
>
> Hmm, are you sure you didn't mistake out for out_unlock? :)

No no. I mean when size hits zero we are rng_mutex is unlocked.

regards,
dan carpenter

Herbert Xu

unread,
Dec 23, 2009, 10:30:02 AM12/23/09
to
On Wed, Dec 23, 2009 at 04:53:36PM +0200, Dan Carpenter wrote:
>
> No no. I mean when size hits zero we are rng_mutex is unlocked.

Good catch! I'll add this patch to the tree. Please take a look
at it. Thanks!

commit f5908267b67917b8cbd98b27fd2be9b5f62ec76f
Author: Herbert Xu <her...@gondor.apana.org.au>
Date: Wed Dec 23 23:22:34 2009 +0800

hwrng: core - Fix double unlock in rng_dev_read

When the loop terminates with size == 0 in rng_dev_read we will
unlock the rng mutex twice.

Reported-by: Dan Carpenter <err...@gmail.com>
Signed-off-by: Herbert Xu <her...@gondor.apana.org.au>

diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c
index e989f67..3d9c61e 100644
--- a/drivers/char/hw_random/core.c
+++ b/drivers/char/hw_random/core.c
@@ -158,10 +158,11 @@ static ssize_t rng_dev_read(struct file *filp, char __user *buf,
goto out;
}
}
-out_unlock:
- mutex_unlock(&rng_mutex);
out:
return ret ? : err;
+out_unlock:
+ mutex_unlock(&rng_mutex);
+ goto out;

Dan Carpenter

unread,
Dec 24, 2009, 6:00:02 AM12/24/09
to
On Wed, Dec 23, 2009 at 11:23:55PM +0800, Herbert Xu wrote:
> On Wed, Dec 23, 2009 at 04:53:36PM +0200, Dan Carpenter wrote:
> >
> > No no. I mean when size hits zero we are rng_mutex is unlocked.
>
> Good catch! I'll add this patch to the tree. Please take a look
> at it. Thanks!
>

Great.

Acked-by: Dan Carpenter <err...@gmail.com>

regards,
dan carpenter

0 new messages