Re: fix broken locking in x25 ioctl error paths
From: Eric Dumazet <hidden>
Date: 2013-06-28 15:19:29
On Fri, 2013-06-28 at 11:14 -0400, Dave Jones wrote:
quoted hunk ↗ jump to hunk
Two of the x25 ioctl cases have error paths that break out of the function without unlocking the socket, leading to this warning: ================================================ [ BUG: lock held when returning to user space! ] 3.10.0-rc7+ #36 Not tainted ------------------------------------------------ trinity-child2/31407 is leaving the kernel with locks still held! 1 lock held by trinity-child2/31407: #0: (sk_lock-AF_X25){+.+.+.}, at: [<ffffffffa024b6da>] x25_ioctl+0x8a/0x740 [x25] Signed-off-by: Dave Jones <redacted>diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c index 37ca969..2c1e633 100644 --- a/net/x25/af_x25.c +++ b/net/x25/af_x25.c@@ -1584,10 +1584,11 @@ out_cud_release: rc = -EINVAL; lock_sock(sk); if (sk->sk_state != TCP_CLOSE) - break; + goto out_callaccpt_release; clear_bit(X25_ACCPT_APPRV_FLAG, &x25->flags); - release_sock(sk); rc = 0; +out_callaccpt_release: + release_sock(sk); break; }
Or :
lock_sock(sk);
if (sk->sk_state == TCP_CLOSE) {
clear_bit(X25_ACCPT_APPRV_FLAG, &x25->flags);
rc = 0;
}
release_sock(sk);
break;