lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Tue, 11 Dec 2007 20:53:12 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Daniel Walker <dwalker@...sta.com>
Cc:	matthias.kaehlcke@...il.com, linux-kernel@...r.kernel.org,
	video4linux-list@...hat.com
Subject: Re: [PATCH -mm] media: video: usbvision: add mutex_unlock() to
 error paths

On Tue, 11 Dec 2007 17:56:50 -0800 Daniel Walker <dwalker@...sta.com> wrote:

> There are a few error paths which don't unlock the usbvision->lock.
> 
> So I've added mutex_unlock() calls to fix those paths.
> 
> Signed-off-by: Daniel Walker <dwalker@...sta.com>
> 
> ---
>  drivers/media/video/usbvision/usbvision-video.c |    2 ++
>  1 file changed, 2 insertions(+)
> 
> Index: linux-2.6.23/drivers/media/video/usbvision/usbvision-video.c
> ===================================================================
> --- linux-2.6.23.orig/drivers/media/video/usbvision/usbvision-video.c
> +++ linux-2.6.23/drivers/media/video/usbvision/usbvision-video.c
> @@ -1290,6 +1290,7 @@ static int usbvision_radio_open(struct i
>  		errCode = usbvision_set_alternate(usbvision);
>  		if (errCode < 0) {
>  			usbvision->last_error = errCode;
> +			mutex_unlock(&usbvision->lock);
>  			return -EBUSY;
>  		}
>  
> @@ -1806,6 +1807,7 @@ static int __devinit usbvision_probe(str
>  					      usbvision->num_alt,GFP_KERNEL);
>  	if (usbvision->alt_max_pkt_size == NULL) {
>  		err("usbvision: out of memory!\n");
> +		mutex_unlock(&usbvision->lock);
>  		return -ENOMEM;
>  	}
>  

Well yes.  But the bug which you've found is a *direct* consequence of a
coding mistake in those functions: they have multiple deeply-nested `return'
statements.  This is a common cause of locking errors and resource leaks and
is why we prefer the `goto place-which-unwinds' approach.

We can easily fix that in one case, at least.

One does wonder whether usbvision_radio_open() should be returning the
usbvision_set_alternate() result to the caller here, rather than
overwriting it with -EBUSY.


--- a/drivers/media/video/usbvision/usbvision-video.c~media-video-usbvision-add-mutex_unlock-to-error-paths-fix
+++ a/drivers/media/video/usbvision/usbvision-video.c
@@ -1290,8 +1290,8 @@ static int usbvision_radio_open(struct i
 		errCode = usbvision_set_alternate(usbvision);
 		if (errCode < 0) {
 			usbvision->last_error = errCode;
-			mutex_unlock(&usbvision->lock);
-			return -EBUSY;
+			errCode = -EBUSY;
+			goto out;
 		}
 
 		// If so far no errors then we shall start the radio
@@ -1308,6 +1308,7 @@ static int usbvision_radio_open(struct i
 			usbvision->initialized = 0;
 		}
 	}
+out:
 	mutex_unlock(&usbvision->lock);
 	return errCode;
 }
_

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ