TTY/n_gsm: potential double lock
authorDan Carpenter <error27@gmail.com>
Tue, 25 May 2010 09:37:17 +0000 (11:37 +0200)
committerGreg Kroah-Hartman <gregkh@suse.de>
Fri, 4 Jun 2010 20:37:17 +0000 (13:37 -0700)
In gsm_dlci_data_kick() we call gsm_dlci_data_sweep() with the
"gsm->tx_lock" held so we can't lock it again inside
gsm_dlci_data_sweep().  I removed that lock from and added one to
gsmld_write_wakeup() instead.  The sweep function is only called from
those two places.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Alan Cox <alan@linux.intel.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/char/n_gsm.c

index c4161d5e053d383c74d79905dfdb8d3fef27868e..e4089c432f15fea5964418cdf8d765e47f39bb50 100644 (file)
@@ -904,9 +904,7 @@ static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
        int len;
        /* Priority ordering: We should do priority with RR of the groups */
        int i = 1;
-       unsigned long flags;
 
-       spin_lock_irqsave(&gsm->tx_lock, flags);
        while (i < NUM_DLCI) {
                struct gsm_dlci *dlci;
 
@@ -927,7 +925,6 @@ static void gsm_dlci_data_sweep(struct gsm_mux *gsm)
                if (len == 0)
                        i++;
        }
-       spin_unlock_irqrestore(&gsm->tx_lock, flags);
 }
 
 /**
@@ -2230,12 +2227,16 @@ static int gsmld_open(struct tty_struct *tty)
 static void gsmld_write_wakeup(struct tty_struct *tty)
 {
        struct gsm_mux *gsm = tty->disc_data;
+       unsigned long flags;
 
        /* Queue poll */
        clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
        gsm_data_kick(gsm);
-       if (gsm->tx_bytes < TX_THRESH_LO)
+       if (gsm->tx_bytes < TX_THRESH_LO) {
+               spin_lock_irqsave(&gsm->tx_lock, flags);
                gsm_dlci_data_sweep(gsm);
+               spin_unlock_irqrestore(&gsm->tx_lock, flags);
+       }
 }
 
 /**